sommai - Fotolia


API management for microservices: Why it matters and how to do it

Microservices add their own unique set of challenges when it comes to managing APIs. Twain Taylor takes a look at how microservices change the game and how to prepare.

Managing microservices is way more complex than managing traditional monolithic apps. APIs are not a luxury in...

a microservices world; they're the usual order of business.Without API management for microservices, running apps would be a nightmare.

What's to hate about microservices?

Microservices are the modern approach to software delivery, where every application is broken down by feature type. Each feature or service is built, released and managed independently of others. Where you had a few virtual machines running all of your monolithic applications, you now have hundreds or thousands of containers. Each one of these containers needs to be monitored, secured and provisioned -- both individually and at the cluster level. This is where orchestration tools like Kubernetes come in.

However, one of the hardest parts of API management for microservices is planning how each service communicates with other services, which is essential for the functioning of the app. In monolithic systems, all requests can be easily routed within single-server systems, and troubleshooting latency issues is often easier. With microservices architecture, an HTTP request can be routed across multiple services that are hosted on different hosts. There are many more combinations that can cause latency issues.

For example, a flight search on a travel aggregator website would request data from multiple airline apps. The response needs to be processed so that only data relevant to the flight search is returned. This data is presented on the travel aggregator website to the end user. Through this entire process, there are multiple services, each with their own API, involved in exposing data and combining it to provide the end result -- a list of relevant flights, ordered by priority.

This example is a simple request, and yet, it would be impossible without APIs. Now, imagine complex systems that include multiple device endpoints, like wearables, smart gadgets and sensors. Throw in large, distributed data stores, multiple programming languages and infrastructure that spans private, cloud and hybrid setups -- you have a cocktail of technologies that can't be managed manually. To bring order to this complex process, mature software development teams have always resorted to APIs.

APIs in action

To see the power of API management for microservices apps, you don't need to look too far. Google Maps is the most popular public web API available today. It is used by numerous apps that build services on top of the Google Maps platform. Think Uber, which uses Google Maps to power its entire user experience, both from the driver and the passenger side. Likewise, Airbnb and TripAdvisor utilize Google Maps as an integrated feature within their apps. Similarly, embedded YouTube videos and tweets, marketing programs that involve coupons and QR codes or integrated enterprise applications, like customer relationship management systems -- the list goes on. All of these experiences are powered by APIs.

These modern, web-scale applications are built according to the microservices architecture. They have reached a level of scale that requires them to be managed using APIs for each service they expose. API management for microservices at this scale requires more than an ad hoc approach to APIs; it needs a focused API design strategy.

APIs and the inevitable device explosion

With the unprecedented number of connected devices, APIs will only continue to grow in importance. Gartner estimates that, in 2017, there will be 8.4 billion connected things. This already gigantic number is slated to reach 20 billion by 2020. Those are staggering figures and will call for a scalable, programmatic and API-driven approach to building applications in order to avoid serious security issues.

As you envision the new possibilities and experiences that can be powered by your applications, APIs are the key to making them a reality.

As all these devices and applications interact with each other, they need to be secured individually. OAuth 2 is the current standard for securing APIs in the public internet. It works by generating tokens that are used to access an API for a single session. This token expires as the session ends. This method of accessing APIs is much more secure than the traditional authentication that was based on usernames and passwords that could be easily misused.

You need an API management platform

To implement an API design strategy, you need a platform to help you with managing APIs. There are capable open source tools, like Kong and Tyk, that fit the bill for basic API management -- and then some. But for enterprise-level support, you're looking at some of the leading players in the API management space, like Apigee (recently acquired by Google) or Red Hat's 3scale. Whichever route you take, it starts with realizing the importance of APIs, and setting them up not just for today but for tomorrow's challenges.

Putting the confusion to REST

In simple terms, an API defines how one application can interact with other applications. Previously, SOAP was the preferred API design style. It is a client-server protocol that confines requests within the system or between two approved applications. REST, on the other hand, is an architecture model that uses standard HTTP to expose an application's data either privately or publicly. Today, REST is the default API style of most microservices applications.

As you envision the new possibilities and experiences that can be powered by your applications, APIs are the key to making them a reality. Yet, managing APIs comes with its own challenges of being complex, always evolving and hard to implement in microservices apps. But with a focused API design strategy that puts security front and center and leverages modern technologies, like REST and OAuth, you can be prepared for an exciting future where your APIs give you the edge over your competition.

Next Steps

Discover what a developer learned about API usability in high school English class

Access this essential guide to API management and application integration

Learn three questions you should ask when forming your API business strategy

Dig Deeper on Distributed application architecture