Microservices & API Management

How to plan API management with MSA

What is Microservices Architecture?

Microservices Architecture is an architectural style that complements "loosely coupled" multiple services. In this definition, the term "Service" means the smallest unit of implementing business requirements. 

<Microservices architecture style from Microsoft Azure page>

With the Microservices Architecture approach, distributed Web-based systems can perform small continuous integration (CI) and continuous delivery (CD) by the independent engineering teams to build and maintain large, complex systems. This is similar to the philosophy of DevOps.

History

A very traditional way of building system or application is Monolithic Architecture.
Its design concept is building all the functions at once. It is designed to self contained, interconnected, and strongly coupled services in the modular based application.

For example, There can be a Web server, WAS, Message Queuing system and database in a physical system. This is a simple concept that software engineers design and implement. But there are some problems with it.

Each component has a single point of failure (SPOF) 

Strongly coupled functionality makes updating and deployment difficult. 

Each team must understand all the components and services

<Picture by Brandon Kang: Monolithic Architecture>

There is another scheme for distributed systems called SOA(Service Oriented Architecture) that structures an application as a group of loosely coupled services. It is commonly built using web services standards like SOAP(communication), UDDI(service discovery) and WSDL(service description).

Microservices Architecture is often said to be a specialization of the SOA implementation model these days. The microservices approach is an easy model of the DevOps and is becoming more popular for building continuously deployed systems.

<Picture by Brandon Kang: Monolithic Architecture, SOA to MSA>

MSA Benefits

Disassembling a system into smaller services means a loosely coupled, modular system.

This makes it easy to design, understand, deploy, and maintain applications. Individual service architectures can also emerge through ongoing refactoring.

Each service team can develop and deploy their services without too much effort of integrating with other services because they are loosely coupled. This enables DevOps style team structuring.

Technologies

Microservices can be implemented in different programming languages and different infrastructures. For example, some services are written in Java and some services are written in Node.js. The persistent layer(data store) can be an RDBMS or NoSQL. But their communication use the common protocol and technologies such as REST API and API Gateway.

Components
Based on its architecture philosophy, MSA needs to include various backend systems and,

Implemented microservices in the backend server (API Server)

Routing services (using API Gateway) to each service component 

Standardized common HTTP based protocol (commonly using REST API or, GraphQL). 

Note that API Gateway and REST API is not mandatory but common patterns of MSA.

<Picture by Brandon Kang: A general pattern of Microservices Architecture>

MSA & API Gateway

<Edited pic from Netflix: MSA in Nexflix architecture. Zuul is the open sourced  Gateway of Netflix>

Typically, the MSA has a REST API structure (HTTP or RPC) and an API gateway. You can take advantage from API gateway for API service routing, API security (authentication, authorization) and API performance (load balancing, caching, proxying).

Here are some key points. 

API Routing:
API Gateway routes HTTP(S) traffic (usually REST API) to each API endpoint with reading service host name and URI paths. 

Availability / Scalability / Load Balancing (including Fail-Over):

API gateways are often located at the front of the service and therefore become Single Point Of Failure (SPOF). To avoid this, you should  have a load balancer on the front-end system or the DNS-based HA system.

Security (Authentication and Authorization):
API keys, API Tokens and JSON Web Token (JWT) are provided for API security. Simple web application firewall features such as IP ACLs, Rate limits, etc. is a bonus.

Performance:
Some API gateways have CDN features such as caching, GZIP compression, CORS setting and TCP/IP acceleration when the product is on at the top of their CDN servers. 

Other API Management Features:
Key Quote management controls the API consumption level per the given time unit. If the product suports OAuth 2.0, GraphQL caching and OAS 3.0, You can flexibly integrate the latest API technologies.

- END -