Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Take Control of your APIs in a Microservice Architecture


Published on

Microservices are a new architectural approach to modularize systems into smaller units. The benefits include that services can be adapted more rapidly to changing business demands. Application programming interfaces (APIs) are crucial in every microservice architecture (MSA) as they link up the various microservices. Key challenges of MSA are getting API security, access control and analytics right in an environment that is constantly changing. This workshop talk will show how the features of the 3scale API management platforms in combination with the Red Hat OpenShift PaaS can be leveraged to overcome these challenges.

Published in: Technology
  • Be the first to comment

Take Control of your APIs in a Microservice Architecture

  1. 1. Take Control of Your APIs in a Microservice Architecture
  2. 2. Agenda • Services Building Blocks • Microservices and APIs • Microservices Use-Case • API Management Stack for MSA • Security & Authentication • Rate-limit & Throttling • Reporting & Analytics • Microservice API documentation • Demo
  3. 3. The microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. These services are built around business capabilities and independently deployable by fully automated deployment machinery. James Lewis and Martin Fowler: Microservice Definition
  4. 4. Microservices as a lightweight architectural style require a lightweight integration mechanism. MSA inherently require http API based service integration But: APIs themselves are naked - No security - No control - No visibility Microservices and APIs
  5. 5. The Microservices Use Case The MSA Benefits • Agility and faster software delivery • Flexibility • Scalability, Redundancy • Service Isolation • Technology Mix The MSA Challenge • Security, Access Control • Rate-limit, Throttling • Reports, Analytics • Developer Experience • Flexible Business Model (Monetization)  The need for API Management
  6. 6. The API Use Case The Internal API Use-Case • Value: huge gain in agility and ability to deliver new solutions • Moving to APIs is a process, not a project • Progress by moving systems over time • Always focus on the value of the APIs and who will benefit from using them • Treat your internal APIs as first class citizens (as internal products) The External API Use-Case • Value: New customer and partner engagement opportunities • APIs are a powerful backbone for new products and experiences – But use cases and the audience still needs to be thought through carefully • Build it and they will come is rarely effective • Work closely with product teams, customers and partners • Excellent operations, developer experience pay dividends both in user satisfaction and in lower maintenance costs
  7. 7. Typical API Management Use-Case All of this should be controlled via API Management
  8. 8. Services Building Blocks
  9. 9. Mobile & IOT Support Customer Ecosystem Service Creation Process • Design • Test • Implement • Publish • Define • Map • Secure • Report ServiceRepository
  11. 11. Security & Access Control
  12. 12. Microservice API Security Different mechanisms for different purposes within the MSA Multiple authentication mechanisms Can be combined with IP / Domain referrer whitelisting Authenticate traffic Restrict by policy Drop unwelcome calls Protect backend services Generate overage alerts Impose rate limits – API Key – App ID / App Key – OAuth 2.0
  13. 13. API Contracts, Throttling & Rate Limits Partner Ecosystem • Allow/restrict access to microservices via rate limits • Rate-limit based on apps, users or microservice end-point API Services Rate Limits Pricing  MANAGE GROUPS OF MICROSERVICES INDIVIDUALLY  DIFFERENT QUOTAS FOR DIFFERENT MICROSERVICES  DIFFERENT MODELS  ESPECIALLY FOR EXTERNAL FACING APIS Application #1 Application #2 Application #3 INTERNAL TEAMS STRATEGIC PARTNERS DEVELOPERS
  14. 14. Microservice Usage Reports & Analytics APIs as a Business
  15. 15. Microservice Catalog and Documentation Via Portals
  16. 16. Wrap-up APIs as a Business APIs are an inherent ingredient in every MSA. You better get the management of APIs right. The benefits? • Security and control over the “glue” between Microservices • Definition of API contracts specific to apps • Automatic logging, alerts, and reporting • Endpoint documentation (internal and external) • Business models and monetization
  17. 17. Contact Yossi Koren – Director, Sales Engineering 3scale Support Portal: Find more on: