How Mashape Manages Over 15,000 APIs & Microservices

15,072

Editor's note: By Ahmad Nassri, ‎Head of Engineering at Mashape


Background

Mashape powers API-driven software. Hundreds of thousands of developers use our tools to manage, monitor, consume and provide APIs to their partners, apps, customers and employees. In fact, billions of API requests are processed through Mashape's Marketplace every month.

I'm Ahmad Nassri, Head of Engineering at Mashape. Prior to Mashape I was the Development Manager at The Canadian Broadcasting Corporation (CBC ) and spent many years building Web, Mobile & API products across many startups and businesses.

Engineering Team

The Mashape engineering team is one of the most highly skilled teams I've had the pleasure to work with. While we operate as a single team, our responsibilities are split and organized per project. Currently we have three main projects:

As our team is spread out among San Francisco, Toronto, Montreal, Paris and London, we have faced a number of challenges in scheduling, communications and syncing. To overcome these issues, we follow the open source model of building software and collaborating; ensuring that all communication is clear and verbose, assuming asynchronousity, and keeping a communication channel open at all times on Flowdock, while regularly jumping on Google Hangouts whenever further discussion is needed.

Despite having a focus of responsibilities, the engineering team members are not isolated in silos. We encourage everyone to work and touch different parts of the codebase, across all projects; in fact, most of us will end up working on Mashape Analytics, Marketplace and Mashape ID all in the same week.

Mashape's design team interacts with the engineers on a daily basis. By compiling engineer comments and gathering feedback from users, we're able to design the best Developer Experience (DX) by focusing on our users first. It also helps that we are engineers and developers!

We have regular one hour conference calls every Monday where the previous week's work is reviewed, and new objectives for the coming week are established.


Engineering Team (API marketplace team meeting, mid 2014)


General Architecture

Once upon a time, Mashape's architecture consisted of around 150K lines of Java, a true Monolith! But it's now split into 400 different microservices built with a variety of languages including: Node.js, Lua, Ruby, Java, Python, and OCaml. Everything is an API.

Mashape ID, as an example, is an identity authentication platform operating entirely as an API. Any time a new product is created, we simply plug it into Mashape ID; which provides out of the box account & email management with a companion billing microservice of its own.

One of our new projects is powered by a Ruby API, while the frontend app is built in Ember.js. Conversely, Mashape's marketplace has Java-powered internal APIs which in turn are consumed by a number of Express.js microservices serving as the web frontend; all our applications & APIs follow The 12-factor methodology.

In front of all of our applications and APIs is Kong. We use ElasticSearch for search while also storing data in a number of databases including: MongoDB, PostgreSQL, Redis and Cassandra (each solving a different problem domain). All of our products run on AWS, though on occasion we use Heroku and DigitalOcean for smaller projects to experiment with prototypes or test environments. Splunk is our centralized logging system, Datadog as a unified monitoring dashboard, and PagerDuty for alerts.

Mashape pushes business intelligence metrics from all our products directly into Chart.io. Additionally, we dogfood quite a lot by running Mashape Analytics to monitor and visualize API traffic for the APIs managed by our platforms. TravisCI is utilized for testing, CodeClimate for quality control, while using Chef for deploys. All our code is on Github. For code snippet generation we use our own HTTPsnippet and Mockbin for mocking & testing API prototypes.

All of these applications and systems, alongside all the deployment, monitoring & metrics tools may seem like a lot, but the microservices approach coupled with the 12-factor methodology allows for zen & simplicity in a sea of chaos!

During the course of a slow week we have ~400 internal services running over a cluster of hundreds of EC2 machines (consisting of mainly large instances). Having a microservice architecture allowed us to move much faster and independently, we clearly saw the benefits of the transition. But it's probably helpful to understand why we made the transition.

Scaling challenges

Sometime around 2013, we experienced scaling issues with the dozens of standalone third-party APIs added to Mashape's Marketplace.

Between July 2012 and July 2013 our volume in API transactions grew 50X.


Scaling Problems


Not only was the volume of requests passing through our proxy taking off, Mashape was starting to manage more APIs than anyone else in the market. At that time, the Marketplace had 3,500 public APIs under its belt.

The Marketplace needed to scale fast. Our API proxy had been built in Node.js, with a heavy Java backend. It was a monolithic architecture, and our Node.js proxy could not handle large traffic spikes.

Overtime it became unpredictable and resulted in consuming larger amounts of AWS resources. Our bank account suffered as a consequence and our CEO lost some hair.

We had to find a solution that satisfied not only the massive amount of traffic, but also be best in class in reliability and security. We wanted to move away from a monolithic architecture towards something much more flexible.


Architecture


We've always had a desire to create our own API gateway; targeting the following attributes:

  1. Predictable stability over months and years, not days.
  2. Efficient and easy to scale across multiple geographic regions with little overhead.
  3. Modular and extensible via simple plugins.
  4. Independent: environment, framework & language agnostic.
  5. Easily configurable via a RESTful API.

Basically an "ElasticSearch" for API management. Our CTO began his search and eventually met an engineer at CloudFlare, who introduced us to the amazing world of OpenResty. Built on top of Nginx it allows a developer to extend Nginx functionalities with Lua, an embedded scripting language used by many heavy traffic websites.

CloudFlare built Lua scripts around security and caching. We thought we could do the same but with a focus on API and microservice management. Nginx was already proven worldwide as a stable and trustworthy HTTP server, and was perfect for our base requirements. In combination with OpenResty, we started building Kong.

Kong is born (the API Gateway)

In 2013, Mashape adopted Nginx / OpenResty to implement features on the Marketplace's published APIs. Billing, authentication, throttling and rate-limiting became custom OpenResty plugins written in Lua. We called it Kong (yes, like "King Kong", after our own namesake: MashAPE).


King Kong


Today Kong efficiently manages over 15,000 APIs. Serving both our internal microservices and our Marketplace clients' APIs, all while handling spikes, high concurrent scenarios, and billions of successful API calls per month.

We created our own "ElasticSearch" for API management; much like Elastic's approach to wrapping Lucene in a RESTful interface with some sugar on top, Kong was a wrapper around Nginx.

Below are some examples of Kong's operations within the Marketplace.

Once an API is added to the Mashape platform from the GUI, it sends a POST request to Kong:

curl -i -X POST \
  --url http://localhost:8001/apis/ \
  --data 'name=mockbin' \
  --data 'upstream_url=http://mockbin.com/' \
  --data 'request_host=mockbin.com'

Then, based on the API provider's needs, a collection of various plugins are added on top of it. As an example, if the user needs Key Authentication:

curl -i -X POST \
  --url http://localhost:8001/apis/mockbin/plugins/ \
  --data 'name=key-auth'

User management is a breeze; the Consumer object allows for an abstract entity that can represent Users, Applications, Clients, or any system accessing the API. They are easily created and managed through the RESTful interface.

curl -i -X POST \
  --url http://localhost:8001/consumers/ \
  --data "username=Jason"

Kong's RESTful API allows us to manage thousands of APIs in the Marketplace. With simple and single-focused codebases, we keep our Microservices and individual systems completely independent. Kong itself, by its pluggable nature, can be described as a paragon of microservice architecture. At its core, it consists of no more than a couple thousands lines of code, which handle database abstraction, routing and plugin management. Plugins can live in different code bases and inject themselves anywhere into the lifecycle of a proxied request in a few lines of code. We are very proud of this approach which is quite unique in API management gateways today.

Kong was released to the public in April 2015 - after being partly rewritten for the occasion - and has built a strong community of users and contributors since then. We are very grateful for the contributions brought by developers all around the world, and feel rewarded for our decision to open-source Kong, all the while contributing back to the community by improving many Lua packages used in OpenResty.

We generate Kong packages for many Linux distributions and cloud providers to allow ease of installation and deployment. The most successful distribution so far is Kong on Docker with over 180,000 downloads since it's release.

The Road Ahead

Every month, we release more pieces of Kong to the open-source realm as part of our commitment to drive and grow the open-source API developer community. We are working hard to make Kong reach the 1.0 public milestone so that everybody can enjoy what this internal tool brought to our company and our community.

We are also working on a number of other products that complete the family of services we offer to API developers, and we can't wait for you to hear all the exciting announcements we are going to make over the course of the next few months!

Our Vision

Inside our office we have giant pictures of the first Ford Assembly Line, serving as our inspiration.

Over 100 years ago the second Industrial Revolution happened. Among many new inventions came two in particular: Electricity and The Assembly Line (thanks to electricity). This combination allowed Mass Production for the first time. The result was a dramatic decrease in the cost and time required to bring a product to market. Mass production quickly became a worldwide phenomenon, building companies worth billions. It changed the world.

We see a huge correlation in the software industry today: electricity is cloud computing, while the assembly line is APIs, where you pick up the components / services you need to build your product. This is history repeating itself and we want to be the pioneers of the next revolution, to change the world, yet again.


Assembly Line


If you have questions about the transition we have made and the lessons learned, or about Kong and our open source projects, please drop me a line at: ahmad@mashape.com - always happy to chat!

Tools mentioned in article
Open jobs at Kong
Sr. Field Engineer - Germany/Nordics
Germany
Are you ready to power the World's connections? You will be working at a hectic and fast paced Startup as a member of the Field Engineering team. This team is responsible for interfacing with our customers on billable projects as well as producing tooling, white papers and other marketing content. As a member of the Field Engineering team you will act as a pathfinder for our largest and most critical customers. Helping establish, implement and customize API Connectivity platforms that process hundreds of billions of transactions globally. In this role you will have the opportunity to interface with everyone in the customer environment from Developers to Executives and represent Kong culture and values everyday. This is one of the most technically challenging roles in the industry, and working at Kong presents a unique opportunity to combine that challenge with helping to modernize enterprise software and learn about how businesses run in the digital age.  Above all you’ll be acting as a stellar teammate for the rest of Kong.
  • Working with a diverse team of people from all over the world
  • Work on innovative and cutting edge customer projects
  • Help innovate our tooling and processes to make you and your team more efficient 
  • Learning our products and technologies, taking that knowledge and applying it to real world usage
  • Collaborating with other peers, business partners and groups.
  • Representing not only yourself and the rest of your team but all of Kong
  • Defining what ‘good’ looks like in terms of production deployments, what is recommended and why
  • Working with Sales and Product teams to ensure our customers are getting the most out of the solutionYou will be leading customer discussions and small scale projects
  • And any additional tasks required by manager
  • Show passion and determination about technology 
  • Enjoy working with others and collaborating
  • Self awareness and strong communication skills are a must8+ years of relevant technical experience required
  • Prior Enterprise Application transformation and modernization experience
  • Proficient in Linux environments including Cloud and Development tooling
  • Experience writing, governing and modernizing API’s
  • Experience designing microservices architectures and decoupling monolithic applications including reading and writing enterprise application code (eg Java, Python, C or other languages)
  • Experience in Go language highly preferred
  • Experience working in Kubernetes and Cloud Native environments, particularly with application deployments and connectivity is highly preferred
  • Ability to travel to customer and Kong locations as-needed (post COVID)
  • Customer Reliability Engineer - APAC
    Singapore
    Are you ready to power the World's connections? About Kong: Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong’s service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications. For more information about Kong, please visit konghq.com or follow @thekonginc on Twitter. About the Role: You will be working at a hectic and fast paced Startup as an engineer in the Customer Reliability Engineering (CRE) team. This team is responsible for assisting Kong customers in resolving complex technical issues in production and pre-production environments.  You will have the opportunity to work with your teammates and our customers to support many new, leading-edge technologies that solve real challenges. You will work to provide robust feedback and guidance to our Product and Engineering teams while being a voice for our customers, community, partners and the broader Customer Experience (CX) team. You want to make our customers and partners successful while strengthening their relationship with Kong. You can make a huge impact and have real ownership for the work you do.
  • Working with top developers from around the world; helping to implement Kong Products and Technologies including our API Gateway and ServiceMesh solutions
  • Leading the investigation of complex technical puzzles and working collaboratively to understand and resolve customer issues
  • Creating knowledge articles to compliment our documentation and  enable customers to better understand product use cases
  • Be a driver of innovation within the support team, the company and with our customers, by looking for better ways to do the work we do, improve the tools we use and the how we raise the bar on the service we deliver to our Global 5000 customers
  • And any additional tasks required by manager
  • You are a voracious learner, who loves to dig into technical mysteries and have the creativity to solve complex technical problems
  • You can build relationships with like-minded teammates, smart customers, and global partners
  • Some of the skills that you will regularly use include:REST and RESTful APIsCoding skills-  (at a minimum read and troubleshoot code), Containers, cluster deployment and management tools like Docker, Docker Swarm, Kubernetes and others
  • You know your way around web architectures including HTTP5+ years of experience in a customer facing technical role
  • Familiarity with DNS, Linux/Unix type systems and/or databases
  • Senior Software Engineer - Konnect - ...
    Distributed or Flexible
    Are you ready to power the World's connections? About Kong: Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong’s service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications. For more information about Kong, please visit konghq.com or follow @thekonginc on Twitter.  Follow us on LinkedIn for more “Life at Kong” nuggets!   2020 Kong Summit Highlight Video About the role: Powering connections to build a reliable digital world - Kong Enterprise is deployed in companies around the world that need performant, reliable, and scalable services in front of their APIs. Key applications in this offering include Kong Manager, for configuring and monitoring the proxy, and Kong Developer Portal, for publishing API documentation and managing developer experience. 
  • Design, implement and maintain our Fullstack web applications, as well as related services, including but not limited to authorization, search, and various persistence services.
  • Design, implement and maintain the APIs for those services as well as the user-facing APIs for Konnect applications.
  • Write automated tests to ensure code quality.
  • Work as an integral part of an agile software development team to build features end-to-end.
  • Support those features in the Konnect production environment by participating in an on-call rotation.
  • And any additional tasks required by manager
  • 5+ years experience building Fullstack enterprise web applications
  • Expertise working with JavaScript frameworks (we use Vue.js, Node.js, TypeScript, Nest.js).
  • Experience designing and developing microservices and APIs.
  • Experience in data modeling and usage of relational and NoSQL databases.
  • Experience designing and implementing distributed systems.
  • Proficiency with git and Github workflows.
  • Experience with test-driven development and automated testing.
  • Bachelors degree in Computer Science or equivalent work experience
  • You have built SaaS, enterprise software, or developer tools
  • You are familiar with supporting large-scale applications
  • You have built or collaborated on a component library
  • Solutions Engineer - Germany
    Germany
    Are you ready to power the World's connections? About Kong: Kong creates software and managed services that connect APIs and microservices natively across and within clouds, Kubernetes, data centers and more using intelligent automation. Built on an open source core, Kong’s service connectivity platform enables digital innovation by allowing organizations to reliably and securely manage the full lifecycle of APIs and services for modern architectures, including microservices, serverless and service mesh. By providing developer teams with unprecedented architectural freedom, Kong accelerates innovation cycles, increases productivity, and seamlessly bridges legacy and modern systems and applications. For more information about Kong, please visit konghq.com or follow @thekonginc on Twitter. About the role: Kong is looking for a seasoned, customer facing Sales Engineer who is motivated to help drive new business, evangelize our technology, onboard and train new customers, and establish revenue potential with existing customers. Ideally this candidate should have experience working with open source technology and strong knowledge of NGINX, Docker, HTTP, AWS, Postgres and Cassandra.
  • Support field sales in helping customers understand the value of the Kong API Management platform
  • Understand and help establish customer requirements and grow trusted client relationships throughout the entire sales lifecycle, from initial product reviews to production
  • Support PoCs throughout the entire evaluation process
  • Ensure 100% customer satisfaction across assigned set of accounts
  • Prioritize customer needs and coordinate with support, product, and engineering teams to help support customer needs
  • Create technical documentation for DevOps, implementations, and services engagements
  • And any additional tasks required by manager
  • 5+ years software engineer and/or sales engineer management experience at SAAS, Open Source or Enterprise Software company.
  • Solid understanding of cloud computing trends and open source business models.
  • You are a strong listener and communicator.
  • You can confidently lead a discussion with a group of Product Managers, Engineers, and Executives.
  • Enthusiasm for working in a high profile, fast-paced startup culture.

  • Experience with Docker.
  • Fluent working on Linux OSes.
  • Familiarity with CD/CI pipeline.
  • Any knowledge on Kubernetes, DCOS/Mesos and Docker Swarm is a plus.
  • You may also like