Take Control of Your APIs in a Microservice Architecture

Agenda

• Services Building Blocks

• Microservices and APIs

• Microservices Use-Case

• API Management Stack for MSA

• Security & Authentication• Rate-limit & Throttling • Reporting & Analytics • Microservice API

documentation

• Demo

The microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. These services are built around business capabilities and independently deployable by fully automated deployment machinery.

James Lewis and Martin Fowler: http://martinfowler.com/microservices/#what

Microservice Definition

Microservices as a lightweight architectural style require a lightweight integration mechanism.MSA inherently require http API based service integration

But: APIs themselves are naked

- No security- No control- No visibility

Microservices and APIs

The Microservices Use Case

The MSA Benefits • Agility and faster software delivery

• Flexibility

• Scalability, Redundancy

• Service Isolation

• Technology Mix

The MSA Challenge • Security, Access Control

• Rate-limit, Throttling

• Reports, Analytics

• Developer Experience

• Flexible Business Model (Monetization)

The need for API Management

The API Use Case

The Internal API Use-Case • Value: huge gain in agility and ability

to deliver new solutions

• Moving to APIs is a process, not a project

• Progress by moving systems over time

• Always focus on the value of the APIs and who will benefit from using them

• Treat your internal APIs as first class citizens (as internal products)

The External API Use-Case • Value: New customer and partner

engagement opportunities

• APIs are a powerful backbone for new products and experiences – But use cases and the audience still needs to be thought through carefully

• Build it and they will come is rarely effective

• Work closely with product teams, customers and partners

• Excellent operations, developer experience pay dividends both in user satisfaction and in lower maintenance costs

Typical API Management Use-Case

All of this should be controlled via API Management

Services Building Blocks

Mobile & IOT Support

Customer Ecosystem

Service Creation Process

• Design• Test• Implemen

t• Publish

• Define• Map• Secure• Report

Service Repository

THE API MANAGEMENT STACK

Security & Access Control

Microservice API Security Different mechanisms for different purposes within the MSA

Multiple authentication mechanisms

Can be combined with IP / Domain referrer whitelisting

Authenticate trafficRestrict by policyDrop unwelcome callsProtect backend servicesGenerate overage alertsImpose rate limits

– API Key – App ID / App Key

– OAuth 2.0

API Contracts, Throttling & Rate Limits

Partner Ecosystem

• Allow/restrict access to microservices via rate limits

• Rate-limit based on apps, users or microservice end-point

API Services

Rate Limits

Pricing

MANAGE GROUPS OF MICROSERVICES INDIVIDUALLY

DIFFERENT QUOTAS FOR DIFFERENT MICROSERVICES

DIFFERENT MODELS

ESPECIALLY FOR EXTERNAL FACING APIS

Application #1

Application #2

Application #3

INTERNAL TEAMS

STRATEGIC PARTNERS

DEVELOPERS

Microservice Usage Reports & Analytics

APIs as a Business

Microservice Catalog and Documentation Via Portals

Wrap-up

APIs as a Business

APIs are an inherent ingredient in every MSA.You better get the management of APIs right.

The benefits? • Security and control over the “glue” between Microservices• Definition of API contracts specific to apps• Automatic logging, alerts, and reporting• Endpoint documentation (internal and external)• Business models and monetization

Contact

Yossi Koren – Director, Sales Engineering yossi@3scale.net

3scale Support Portal: https://support.3cale.net

Find more on: www.3scale.net