The document outlines the importance of API management within a microservices architecture, emphasizing the need for security, control, and visibility as microservices communicate through lightweight APIs. It discusses the benefits and challenges of adopting microservices, including agility, scalability, and the value of treating APIs as first-class citizens for both internal and external use. Key strategies for effective API management, such as authentication, rate limiting, and comprehensive documentation, are also highlighted.

1. Take Control of Your APIs
in a Microservice Architecture

2. Agenda
• Services Building Blocks
• Microservices and APIs
• Microservices Use-Case
• API Management Stack for MSA
• Security & Authentication
• Rate-limit & Throttling
• Reporting & Analytics
• Microservice API documentation
• Demo

3. The microservice architectural style is an approach to developing a
single application as a suite of small services, each running in its own
process and communicating with lightweight mechanisms, often an
HTTP resource API.
These services are built around business capabilities and
independently deployable by fully automated deployment machinery.
James Lewis and Martin Fowler:
http://martinfowler.com/microservices/#what
Microservice Definition

4. Microservices as a lightweight architectural style require a
lightweight integration mechanism.
MSA inherently require http API based service integration
But:
APIs themselves are naked
- No security
- No control
- No visibility
Microservices and APIs

5. The Microservices Use Case
The MSA Benefits
• Agility and faster software delivery
• Flexibility
• Scalability, Redundancy
• Service Isolation
• Technology Mix
The MSA Challenge
• Security, Access Control
• Rate-limit, Throttling
• Reports, Analytics
• Developer Experience
• Flexible Business Model (Monetization)
 The need for API Management

6. The API Use Case
The Internal API Use-Case
• Value: huge gain in agility and ability to
deliver new solutions
• Moving to APIs is a process, not a project
• Progress by moving systems over time
• Always focus on the value of the APIs and
who will benefit from using them
• Treat your internal APIs as first class
citizens (as internal products)
The External API Use-Case
• Value: New customer and partner
engagement opportunities
• APIs are a powerful backbone for new
products and experiences – But use cases
and the audience still needs to be thought
through carefully
• Build it and they will come is rarely effective
• Work closely with product teams, customers
and partners
• Excellent operations, developer experience
pay dividends both in user satisfaction and in
lower maintenance costs

7. Typical API Management Use-Case
All of this should be controlled via API Management

8. Services Building Blocks

9. Mobile & IOT Support
Customer Ecosystem
Service Creation Process
• Design
• Test
• Implement
• Publish
• Define
• Map
• Secure
• Report
ServiceRepository

10. THE API MANAGEMENT STACK

11. Security & Access Control

12. Microservice API Security
Different mechanisms for different purposes within the MSA
Multiple authentication mechanisms
Can be combined with IP / Domain referrer whitelisting
Authenticate traffic
Restrict by policy
Drop unwelcome calls
Protect backend services
Generate overage alerts
Impose rate limits
– API Key – App ID / App Key – OAuth 2.0

13. API Contracts, Throttling & Rate Limits
Partner Ecosystem
• Allow/restrict access to
microservices via rate
limits
• Rate-limit based on apps,
users or microservice
end-point
API Services
Rate Limits
Pricing
 MANAGE
GROUPS OF
MICROSERVICES
INDIVIDUALLY
 DIFFERENT QUOTAS
FOR DIFFERENT
MICROSERVICES
 DIFFERENT MODELS
 ESPECIALLY FOR
EXTERNAL FACING
APIS
Application #1
Application #2
Application #3
INTERNAL TEAMS
STRATEGIC PARTNERS
DEVELOPERS

14. Microservice Usage Reports & Analytics
APIs as a Business

15. Microservice Catalog and Documentation
Via Portals

16. Wrap-up
APIs as a Business
APIs are an inherent ingredient in every MSA.
You better get the management of APIs right.
The benefits?
• Security and control over the “glue” between Microservices
• Definition of API contracts specific to apps
• Automatic logging, alerts, and reporting
• Endpoint documentation (internal and external)
• Business models and monetization

17. Contact
Yossi Koren – Director, Sales Engineering
yossi@3scale.net
3scale Support Portal: https://support.3cale.net
Find more on: www.3scale.net