Microservices are a new architectural approach to modularize systems into smaller units. The benefits include that services can be adapted more rapidly to changing business demands. Application programming interfaces (APIs) are crucial in every microservice architecture (MSA) as they link up the various microservices. Key challenges of MSA are getting API security, access control and analytics right in an environment that is constantly changing. This workshop talk will show how the features of the 3scale API management platforms in combination with the Red Hat OpenShift PaaS can be leveraged to overcome these challenges.
2. Agenda
• Services Building Blocks
• Microservices and APIs
• Microservices Use-Case
• API Management Stack for MSA
• Security & Authentication
• Rate-limit & Throttling
• Reporting & Analytics
• Microservice API documentation
• Demo
3. The microservice architectural style is an approach to developing a
single application as a suite of small services, each running in its own
process and communicating with lightweight mechanisms, often an
HTTP resource API.
These services are built around business capabilities and
independently deployable by fully automated deployment machinery.
James Lewis and Martin Fowler:
http://martinfowler.com/microservices/#what
Microservice Definition
4. Microservices as a lightweight architectural style require a
lightweight integration mechanism.
MSA inherently require http API based service integration
But:
APIs themselves are naked
- No security
- No control
- No visibility
Microservices and APIs
5. The Microservices Use Case
The MSA Benefits
• Agility and faster software delivery
• Flexibility
• Scalability, Redundancy
• Service Isolation
• Technology Mix
The MSA Challenge
• Security, Access Control
• Rate-limit, Throttling
• Reports, Analytics
• Developer Experience
• Flexible Business Model (Monetization)
The need for API Management
6. The API Use Case
The Internal API Use-Case
• Value: huge gain in agility and ability to
deliver new solutions
• Moving to APIs is a process, not a project
• Progress by moving systems over time
• Always focus on the value of the APIs and
who will benefit from using them
• Treat your internal APIs as first class
citizens (as internal products)
The External API Use-Case
• Value: New customer and partner
engagement opportunities
• APIs are a powerful backbone for new
products and experiences – But use cases
and the audience still needs to be thought
through carefully
• Build it and they will come is rarely effective
• Work closely with product teams, customers
and partners
• Excellent operations, developer experience
pay dividends both in user satisfaction and in
lower maintenance costs
12. Microservice API Security
Different mechanisms for different purposes within the MSA
Multiple authentication mechanisms
Can be combined with IP / Domain referrer whitelisting
Authenticate traffic
Restrict by policy
Drop unwelcome calls
Protect backend services
Generate overage alerts
Impose rate limits
– API Key – App ID / App Key – OAuth 2.0
13. API Contracts, Throttling & Rate Limits
Partner Ecosystem
• Allow/restrict access to
microservices via rate
limits
• Rate-limit based on apps,
users or microservice
end-point
API Services
Rate Limits
Pricing
MANAGE
GROUPS OF
MICROSERVICES
INDIVIDUALLY
DIFFERENT QUOTAS
FOR DIFFERENT
MICROSERVICES
DIFFERENT MODELS
ESPECIALLY FOR
EXTERNAL FACING
APIS
Application #1
Application #2
Application #3
INTERNAL TEAMS
STRATEGIC PARTNERS
DEVELOPERS
16. Wrap-up
APIs as a Business
APIs are an inherent ingredient in every MSA.
You better get the management of APIs right.
The benefits?
• Security and control over the “glue” between Microservices
• Definition of API contracts specific to apps
• Automatic logging, alerts, and reporting
• Endpoint documentation (internal and external)
• Business models and monetization
17. Contact
Yossi Koren – Director, Sales Engineering
yossi@3scale.net
3scale Support Portal: https://support.3cale.net
Find more on: www.3scale.net
Editor's Notes
Can we ditch Industry leading…. And just use “Take control of your APIs with…. “
EVERYBODY says industry leading
This needs work – looks unfinished maybe?
This needs work – looks unfinished maybe?
Make titles bold or bigger …. Maybe even increase bullet size type too? Hard to read
This needs work – looks unfinished maybe?
Make titles bold or bigger …. Maybe even increase bullet size type too? Hard to read
Make titles bold or bigger …. Maybe even increase bullet size type too? Hard to read