Take Control of your APIs in a Microservice Architecture
-
Upload
3scale -
Category
Technology
-
view
684 -
download
4
Transcript of Take Control of your APIs in a Microservice Architecture
Take Control of Your APIs in a Microservice Architecture
Agenda
• Services Building Blocks
• Microservices and APIs
• Microservices Use-Case
• API Management Stack for MSA
• Security & Authentication• Rate-limit & Throttling • Reporting & Analytics • Microservice API
documentation
• Demo
The microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. These services are built around business capabilities and independently deployable by fully automated deployment machinery.
James Lewis and Martin Fowler: http://martinfowler.com/microservices/#what
Microservice Definition
Microservices as a lightweight architectural style require a lightweight integration mechanism.MSA inherently require http API based service integration
But: APIs themselves are naked
- No security- No control- No visibility
Microservices and APIs
The Microservices Use Case
The MSA Benefits • Agility and faster software delivery
• Flexibility
• Scalability, Redundancy
• Service Isolation
• Technology Mix
The MSA Challenge • Security, Access Control
• Rate-limit, Throttling
• Reports, Analytics
• Developer Experience
• Flexible Business Model (Monetization)
The need for API Management
The API Use Case
The Internal API Use-Case • Value: huge gain in agility and ability
to deliver new solutions
• Moving to APIs is a process, not a project
• Progress by moving systems over time
• Always focus on the value of the APIs and who will benefit from using them
• Treat your internal APIs as first class citizens (as internal products)
The External API Use-Case • Value: New customer and partner
engagement opportunities
• APIs are a powerful backbone for new products and experiences – But use cases and the audience still needs to be thought through carefully
• Build it and they will come is rarely effective
• Work closely with product teams, customers and partners
• Excellent operations, developer experience pay dividends both in user satisfaction and in lower maintenance costs
Typical API Management Use-Case
All of this should be controlled via API Management
Services Building Blocks
Mobile & IOT Support
Customer Ecosystem
Service Creation Process
• Design• Test• Implemen
t• Publish
• Define• Map• Secure• Report
Service Repository
THE API MANAGEMENT STACK
Security & Access Control
Microservice API Security Different mechanisms for different purposes within the MSA
Multiple authentication mechanisms
Can be combined with IP / Domain referrer whitelisting
Authenticate trafficRestrict by policyDrop unwelcome callsProtect backend servicesGenerate overage alertsImpose rate limits
– API Key – App ID / App Key
– OAuth 2.0
API Contracts, Throttling & Rate Limits
Partner Ecosystem
• Allow/restrict access to microservices via rate limits
• Rate-limit based on apps, users or microservice end-point
API Services
Rate Limits
Pricing
MANAGE GROUPS OF MICROSERVICES INDIVIDUALLY
DIFFERENT QUOTAS FOR DIFFERENT MICROSERVICES
DIFFERENT MODELS
ESPECIALLY FOR EXTERNAL FACING APIS
Application #1
Application #2
Application #3
INTERNAL TEAMS
STRATEGIC PARTNERS
DEVELOPERS
Microservice Usage Reports & Analytics
APIs as a Business
Microservice Catalog and Documentation Via Portals
Wrap-up
APIs as a Business
APIs are an inherent ingredient in every MSA.You better get the management of APIs right.
The benefits? • Security and control over the “glue” between Microservices• Definition of API contracts specific to apps• Automatic logging, alerts, and reporting• Endpoint documentation (internal and external)• Business models and monetization
Contact
Yossi Koren – Director, Sales Engineering [email protected]
3scale Support Portal: https://support.3cale.net
Find more on: www.3scale.net