Blueprint for Modern Application Architecture

... with APIs, OpenID, and Microservices, Daria Mayorova and Mark Cheshire from Red Hat 3Scale shared their presentation on how to construct microservice-based applications with the benefits of API management.

Some general characteristics of microservices include:

  • componentization via service
  • organized around business capabilities
  • smart endpoints
  • design for failure
  • decoupling of components

Typically, microservices are divided into to two general architectural buckets:

Inner Architecture

Any service communication with other microservices within a larger service boundary (think intra-application communication).

Outer Architecture

Border boundary where API consumers will hit these endpoints, typically exposed outside of the application.  API management should be considered here in order to provide a better developer experience while maintaining API security.

API Management

API Management Key Benefits

  • Standard API keys
  • Application ID and key pair
  • Different microservice consumer segments
  • Rate limiting
  • Flexible per-time-period limits
  • Usage analytics
  • API documentation
  • Possible monetization of API service

Red Hat's take on API management is 3Scale.

Adapting API Management to your endpoint typically means adding the API gateway in front of your outer architecture boundary.  These can be somewhat squishy concepts, but it is important to take a middle-of-the-road approach.  That is, apply API management where it makes sense from a business and service perspective. You don't typically need API gateways within your inner architecture APIs unless those too are exposed to a wider audience.

API Security

API security has evolved over the last few years, building on previous iterations to provide more flexible and enterprise-ready solutions.  This security moved from naked APIs to simple API keys, now to federated access control.

API federated access control is usually based on OAuth and OpenID Connect protocols. These bring in another layer to the microservice architecture, which is the identity provider.

Placing OAuth and/or OpenID Connect around your API gives you a robust, standards-based method to authenticate your users without having to mess with API keys.  Red Hat Single Sign On can provide SAML, OAuth and OpenID Connect identity services for your application.

Putting it all together

Combining Red Hat 3Scale and Red Hat Single Sign On gives you a robust and scalable solution to provide API management for your microservices.  If building exposed API endpoints, consider using an API management platform and a federated identity solution.

You can download Red Hat 3scale API Management Platform's technical overview.

Last updated: September 3, 2019