API Gateway case study
About UC Berkeley
The University of California, Berkeley is a public research university in Berkeley, California. It was founded in 1868 and serves as the flagship campus of the ten campuses of the University of California. Berkeley has since grown to instruct over 40,000 students in approximately 350 undergraduate and graduate degree programs covering numerous disciplines.
The objective of the customers’ project was to sustain and extend the development of the Process Informatics Model cyber-infrastructure (CI) for practical use by the Combustion community. The primary goals of the project are collecting and storing data, validating the data, quantifying uncertainties, and assembling the data into predictive models that include quantified uncertainties that meet user requirements. The principal element of the Process Informatics Model contains a responsive, web-based application that gives its users the ability to engage with the model assets across different systems. The architectural goal of the project is to allow users to find the appropriate mixture of content from an aggregated search facility. The aggregated search will serve as a central API that will allow users to search and retrieve disparate content relating to their search terms with the use of the host system ReST APIs. As there are multiple backend applications which serve HTTP web requests, it is required to develop a unified layer to serve API requests for Web and Mobile applications and third-party developers with the following characteristics:
- Unified authentication mechanism
- Support multiple environments
- Easy deployment and drift management
- Support swagger-based documentation/code
- Ability to throttle requests based on the usage plan
- Secure traffic between layer and backend endpoints
This is where Amazon Web Services (AWS) and especially such services like Amazon API Gateway, AWS Elastic Beanstalk, AWS CloudWatch, and AWS Lambda were the right choice.
Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Based on the project requirements it was selected as the best solution. Especially its ability to scale helps to process as many API calls as requested. Using API stages and versions helps to support multiple environments – development, test, and production as well as roll back to the previous stage when a serious issue is found. Integration with Swagger makes it easy to expose existing API to Amazon API Gateway for better consumption and security, quickly and automatically.
In terms of security, several Amazon API gateway features were used. Custom Lambda Authoriser uses AWS Lambda with connection to Auth0, API Keys for Third-Party Developers to provide fine-grained access permissions, client-side SSL certificates for HTTP backend authentication.
All AWS services used in solution provide the appropriate metrics and logs to Amazon CloudWatch. For instance, performance metrics and information on API calls, data latency, and error rates from the API Gateway, logs from Lambda Authoriser. The special filters were created to leverage the alarm functionality to provide fast reaction on happened on possible issues.
The proposed and implemented solution resulted in several benefits for UC Berkeley department:
- Developers focus on value adding features over running manual processes.
Using AWS Elastic Beanstalk lets developers launch their own environments at the click of a button rather than waiting for others to manually create an environment, This enables developers to test and fix their code at an accelerated pace since they are no longer burdened by any internal resource constraints. By getting environments on-demand, developers focus on adding new functionalities for their users rather than fiddling with manual processes.
- Higher levels of security
AWS helps customers to maintain a high level of security by using services such as IAM users and roles, EC2 security groups and VPC, AWS Certification Manager and Amazon API gateway’s features like Lambda custom Authorizer and API Keys. Lastly, Amazon CloudFront is a highly-secure CDN keeps their AWS resources protected to the outside world.
- Serverless and Elasticity reduces cost and idle resources
Project architecture required support for scaling infrastructure resources up and down based on demand. With Amazon API Gateway and AWS Lambda has got this functionality as a service, with no need to set up any infrastructure.
pi5.cloud is a global technology consulting company at the forefront of cloud computing. Through collaboration with Amazon Web Services, we help customers embrace a broad spectrum of innovative solutions. From a migration strategy to operational excellence, cloud-native development, and immersive transformation, pi5.cloud is a full spectrum integrator.
Tell us about your project. Get a free consultation and estimate.