Microservices - API Management

Consumers of Microservices API

Microservices API are consumed by 3 types of consumers, these being private or internal API consumer, public or external consumers, partner API. So depending on the consumer of the API and API is marked as private, public or partner API.

Private or Internal API consumer

The Private or Internal API consumer are microservices that are built by team(s), which are in similar organization.

Public or External consumers

These are the independent developers outside the organization. These developers invoke the publicly exposed APIs.

Partner API

It may be the resellers or the affiliate.

What is API Management

From the developer’s / implementation perspective, there is no difference between the three types of APIs. The difference is in how these apps are managed.

For example, the private API consumer may be able to invoke the API 5000 times per second, whereas the public API consumers will be allowed to invoke the same API five times per second.

Another example is where the private API consumer may be allowed to access all of the API features, whereas the public API consumer will be restricted only to certain get calls on the API.

The above aspects of an API are managed outside of the micro services implementation by way of API management platform. API management platform is a technology that is used for addressing the Common API concerns, like access and authorization of APIs, logging and analytics, Quotas (consumer is allowed to access the API 5000 times per second or five times per second), and API documentation which provides information to the consumers on how to use the apps.

How does API Management Work

Micro services expose their APIs by way of these API management platforms. The API management platform exposes the APIs by way of a proxy point. The consumers of the API invoke the API by way of the proxy endpoint. They never connect directly to the API exposed by the micro service where the consumer invokes the API. The API management platform applies the management control and based on the outcome of those controls, the EPA management platform either allows the invocation of the EPA on the micro servers or it denies the request for invocation.

API management control

Most API management platform offers are declarative or policy based management features. What that means is that the developer of the micro servers doesn’t have to code any of these management controls. They can simply put together policies for defining these controls. For example, a policy may be defined for the internal or private consumer to be such that maximum flexibility is provided to the consumer. So in other words, most of their calls will go through.

For the public domain developers, yhe policy may be extremely restricted for the partnerships. The policy may be such that it define some kind of SLA.

Now, if you’re wondering how these policies are defined, these policy definition mechanism is totally dependent on the API management product. JSON is commonly used for defining these policies. So if you’re interested in knowing more about how these policies are defined, you’ll have to pick up one of the API management products, such as apigee, Mulesoft, WSO2 to understand the nature of these policy documents.

Most cloud vendors today also offer API management services like the Amazon API Gateway and the Azure API management. If you’re not using an API management platform, I highly recommend that you look at the possibility of adopting an API management solution.

Although there are multiple benefits of using an API management platform from the micro services development team perspective. The biggest benefit is that the team can focus on the domain or the business logic rather than spending time on common concerns such as security, logging, etc..

As a result, the micro services source code is cleaner. Last but not the least, since the consumers of the EPA do not connect directly to the Microsoft service, change management become easier. So what that means is that the microservices development team can make the changes to the API and adjust the proxy on the API management platform to insulate the end consumer from those changes.