How Mashape Manages Over 15,000 APIs & Microservices

14,214

Editor's note: By Ahmad Nassri, ‎Head of Engineering at Mashape


Background

Mashape powers API-driven software. Hundreds of thousands of developers use our tools to manage, monitor, consume and provide APIs to their partners, apps, customers and employees. In fact, billions of API requests are processed through Mashape's Marketplace every month.

I'm Ahmad Nassri, Head of Engineering at Mashape. Prior to Mashape I was the Development Manager at The Canadian Broadcasting Corporation (CBC ) and spent many years building Web, Mobile & API products across many startups and businesses.

Engineering Team

The Mashape engineering team is one of the most highly skilled teams I've had the pleasure to work with. While we operate as a single team, our responsibilities are split and organized per project. Currently we have three main projects:

As our team is spread out among San Francisco, Toronto, Montreal, Paris and London, we have faced a number of challenges in scheduling, communications and syncing. To overcome these issues, we follow the open source model of building software and collaborating; ensuring that all communication is clear and verbose, assuming asynchronousity, and keeping a communication channel open at all times on Flowdock, while regularly jumping on Google Hangouts whenever further discussion is needed.

Despite having a focus of responsibilities, the engineering team members are not isolated in silos. We encourage everyone to work and touch different parts of the codebase, across all projects; in fact, most of us will end up working on Mashape Analytics, Marketplace and Mashape ID all in the same week.

Mashape's design team interacts with the engineers on a daily basis. By compiling engineer comments and gathering feedback from users, we're able to design the best Developer Experience (DX) by focusing on our users first. It also helps that we are engineers and developers!

We have regular one hour conference calls every Monday where the previous week's work is reviewed, and new objectives for the coming week are established.


Engineering Team (API marketplace team meeting, mid 2014)


General Architecture

Once upon a time, Mashape's architecture consisted of around 150K lines of Java, a true Monolith! But it's now split into 400 different microservices built with a variety of languages including: Node.js, Lua, Ruby, Java, Python, and OCaml. Everything is an API.

Mashape ID, as an example, is an identity authentication platform operating entirely as an API. Any time a new product is created, we simply plug it into Mashape ID; which provides out of the box account & email management with a companion billing microservice of its own.

One of our new projects is powered by a Ruby API, while the frontend app is built in Ember.js. Conversely, Mashape's marketplace has Java-powered internal APIs which in turn are consumed by a number of Express.js microservices serving as the web frontend; all our applications & APIs follow The 12-factor methodology.

In front of all of our applications and APIs is Kong. We use ElasticSearch for search while also storing data in a number of databases including: MongoDB, PostgreSQL, Redis and Cassandra (each solving a different problem domain). All of our products run on AWS, though on occasion we use Heroku and DigitalOcean for smaller projects to experiment with prototypes or test environments. Splunk is our centralized logging system, Datadog as a unified monitoring dashboard, and PagerDuty for alerts.

Mashape pushes business intelligence metrics from all our products directly into Chart.io. Additionally, we dogfood quite a lot by running Mashape Analytics to monitor and visualize API traffic for the APIs managed by our platforms. TravisCI is utilized for testing, CodeClimate for quality control, while using Chef for deploys. All our code is on Github. For code snippet generation we use our own HTTPsnippet and Mockbin for mocking & testing API prototypes.

All of these applications and systems, alongside all the deployment, monitoring & metrics tools may seem like a lot, but the microservices approach coupled with the 12-factor methodology allows for zen & simplicity in a sea of chaos!

During the course of a slow week we have ~400 internal services running over a cluster of hundreds of EC2 machines (consisting of mainly large instances). Having a microservice architecture allowed us to move much faster and independently, we clearly saw the benefits of the transition. But it's probably helpful to understand why we made the transition.

Scaling challenges

Sometime around 2013, we experienced scaling issues with the dozens of standalone third-party APIs added to Mashape's Marketplace.

Between July 2012 and July 2013 our volume in API transactions grew 50X.


Scaling Problems


Not only was the volume of requests passing through our proxy taking off, Mashape was starting to manage more APIs than anyone else in the market. At that time, the Marketplace had 3,500 public APIs under its belt.

The Marketplace needed to scale fast. Our API proxy had been built in Node.js, with a heavy Java backend. It was a monolithic architecture, and our Node.js proxy could not handle large traffic spikes.

Overtime it became unpredictable and resulted in consuming larger amounts of AWS resources. Our bank account suffered as a consequence and our CEO lost some hair.

We had to find a solution that satisfied not only the massive amount of traffic, but also be best in class in reliability and security. We wanted to move away from a monolithic architecture towards something much more flexible.


Architecture


We've always had a desire to create our own API gateway; targeting the following attributes:

  1. Predictable stability over months and years, not days.
  2. Efficient and easy to scale across multiple geographic regions with little overhead.
  3. Modular and extensible via simple plugins.
  4. Independent: environment, framework & language agnostic.
  5. Easily configurable via a RESTful API.

Basically an "ElasticSearch" for API management. Our CTO began his search and eventually met an engineer at CloudFlare, who introduced us to the amazing world of OpenResty. Built on top of Nginx it allows a developer to extend Nginx functionalities with Lua, an embedded scripting language used by many heavy traffic websites.

CloudFlare built Lua scripts around security and caching. We thought we could do the same but with a focus on API and microservice management. Nginx was already proven worldwide as a stable and trustworthy HTTP server, and was perfect for our base requirements. In combination with OpenResty, we started building Kong.

Kong is born (the API Gateway)

In 2013, Mashape adopted Nginx / OpenResty to implement features on the Marketplace's published APIs. Billing, authentication, throttling and rate-limiting became custom OpenResty plugins written in Lua. We called it Kong (yes, like "King Kong", after our own namesake: MashAPE).


King Kong


Today Kong efficiently manages over 15,000 APIs. Serving both our internal microservices and our Marketplace clients' APIs, all while handling spikes, high concurrent scenarios, and billions of successful API calls per month.

We created our own "ElasticSearch" for API management; much like Elastic's approach to wrapping Lucene in a RESTful interface with some sugar on top, Kong was a wrapper around Nginx.

Below are some examples of Kong's operations within the Marketplace.

Once an API is added to the Mashape platform from the GUI, it sends a POST request to Kong:

curl -i -X POST \
  --url http://localhost:8001/apis/ \
  --data 'name=mockbin' \
  --data 'upstream_url=http://mockbin.com/' \
  --data 'request_host=mockbin.com'

Then, based on the API provider's needs, a collection of various plugins are added on top of it. As an example, if the user needs Key Authentication:

curl -i -X POST \
  --url http://localhost:8001/apis/mockbin/plugins/ \
  --data 'name=key-auth'

User management is a breeze; the Consumer object allows for an abstract entity that can represent Users, Applications, Clients, or any system accessing the API. They are easily created and managed through the RESTful interface.

curl -i -X POST \
  --url http://localhost:8001/consumers/ \
  --data "username=Jason"

Kong's RESTful API allows us to manage thousands of APIs in the Marketplace. With simple and single-focused codebases, we keep our Microservices and individual systems completely independent. Kong itself, by its pluggable nature, can be described as a paragon of microservice architecture. At its core, it consists of no more than a couple thousands lines of code, which handle database abstraction, routing and plugin management. Plugins can live in different code bases and inject themselves anywhere into the lifecycle of a proxied request in a few lines of code. We are very proud of this approach which is quite unique in API management gateways today.

Kong was released to the public in April 2015 - after being partly rewritten for the occasion - and has built a strong community of users and contributors since then. We are very grateful for the contributions brought by developers all around the world, and feel rewarded for our decision to open-source Kong, all the while contributing back to the community by improving many Lua packages used in OpenResty.

We generate Kong packages for many Linux distributions and cloud providers to allow ease of installation and deployment. The most successful distribution so far is Kong on Docker with over 180,000 downloads since it's release.

The Road Ahead

Every month, we release more pieces of Kong to the open-source realm as part of our commitment to drive and grow the open-source API developer community. We are working hard to make Kong reach the 1.0 public milestone so that everybody can enjoy what this internal tool brought to our company and our community.

We are also working on a number of other products that complete the family of services we offer to API developers, and we can't wait for you to hear all the exciting announcements we are going to make over the course of the next few months!

Our Vision

Inside our office we have giant pictures of the first Ford Assembly Line, serving as our inspiration.

Over 100 years ago the second Industrial Revolution happened. Among many new inventions came two in particular: Electricity and The Assembly Line (thanks to electricity). This combination allowed Mass Production for the first time. The result was a dramatic decrease in the cost and time required to bring a product to market. Mass production quickly became a worldwide phenomenon, building companies worth billions. It changed the world.

We see a huge correlation in the software industry today: electricity is cloud computing, while the assembly line is APIs, where you pick up the components / services you need to build your product. This is history repeating itself and we want to be the pioneers of the next revolution, to change the world, yet again.


Assembly Line


If you have questions about the transition we have made and the lessons learned, or about Kong and our open source projects, please drop me a line at: ahmad@mashape.com - always happy to chat!

Tools mentioned in article
Open jobs at Kong
Frontend Engineer at Mashape (San Fra...

About Mashape:

We are the company behind Kong, the most widely adopted open-source API gateway. We have a world-class Enterprise platform and our mission is to facilitate a new revolution in software production by serving as the backbone of the distribution and consumption of data and services through APIs.

Our vision is to enable developers to build more and manage less. We've built one of the most popular pieces of open-source software in the world and in the process grown an extremely engaged and active community. We're looking for a few great people who want to be part of a fun, highly-collaborative team.

Our ideal candidate is someone who will thrive in our environment of really smart, driven people, who get to work with many new, leading-edge technologies that solve large customer challenges. We're looking for people who want to make a huge impact and have real ownership for the work they do. This opportunity is ideal for someone who wants to be in on the ground floor of our fully-funded and very special startup.


Benefits


  • Competitive salaries and benefits
  • Discretionary time-off policy and a flexible working environment
  • The right tools to do your work, and really cool technology in our day to day work
  • We feed our team well, including Italian Food cooked by the founders, free lunch a couple of times a week
  • We are your second family -- whatever the joys and challenges outside of the work, well be there
  • As an early employee you will get a true stake in the company
OCTO Engineer
San Francisco, CA
Are you ready to join the API revolution? OCTO (Office of the CTO) is a team at Kong working directly with the CTO that has the privilege to build features and products that keep Kong relevant in the years to come without being bound to the engineering and customer roadmaps. As an OCTO engineer you will be working on forward-thinking and exciting features with a strong focus on innovation. You will be responsible for keeping Kong relevant in the future, discovering and producing cutting edge industry trends and use-cases. Since working in uncharted territories requires constant feedback, you will work with early users and customers to gather that feedback and iterate on solutions. Whenever something OCTO builds becomes very successful we know it’s time to hand it off to the engineering team to make it part of the roadmap. As such, you will get to work with other teams at Kong in order to integrate your work into the public product offering.
  • Work on innovative, cutting edge, features and products
  • Show passion and determination to always be up to date with the latest industry trends
  • Extend Kong to support the latest industry trends
  • Introduce new features and functionality to Kong and its underlying stack
  • Build new innovative products that extend Kong’s offering, and take a hands-on approach at every stage of the process, including architecture, design and implementation
  • Collect feedback from early adopters of the products/features OCTO is building to improve our work
  • When needed, make yourself available to other functions at Kong - like marketing, sales and customer success - in order to enable them to market, sell and support the features and products we are building
  • Fill the gaps between Kong and third-party deployment platforms and tooling (ie, CI/CD platforms, and so on).
  • 3+ years of experience developing, packaging and delivering applications
  • 3+ years programming server-side applications and components (extra points if in C, Go, or Lua)
  • Experience designing, prototyping, building and debugging applications that are highly scalable, distributed, reliable and resilient
  • Deep understanding of the Linux networking stack, distributed and decoupled architectures, and eventual consistency models. Kong works with APIs on both L7 and L4 transports and protocols, so this expertise and knowledge is required.
  • As such, deep knowledge of HTTP(s) and TLS stacks are very desirable
  • Experience working with Docker containers and orchestration platforms like Kubernetes
  • Comfortable with git and Github workflows
  • Comfortable with working with users and customers to gather feedback and make them successful
  • Comfortable working with a remote distributed team
  • Excellent verbal and written communication skills -- engineers at Kong write the documentation for their products
  • Hands on experience with Nginx/OpenResty/Lua
  • Hands on experience with Envoy or Istio
  • Developer Advocate
    San Francisco, CA
    Are you ready to join the API revolution? Kong is an open-source project with a global developer adoption around the world. Developers and architects are adopting Kong in production among a large variety of use-cases, and actively help making Kong a better product with their feedback and contributions. In addition to that, the community creates and maintains an ecosystem of tooling and functionality around Kong that significantly extends the value of the product. As a developer advocate you connect and empathize with developers in order to nurture the community and increase Kong’s adoption in the world, creating momentum and improving the experience of adopting Kong and sharing knowledge that will ultimately improve the end-user experience in every stage of the process such as discovering, learning, installing, deploying Kong and leverage its ecosystem.
  • Connect and work with the developer community to remove gaps in the adoption of Kong and its ecosystem
  • Create and nurture community momentum by working with developers and technical communities
  • Define developer narratives and do both online and in-person outreach for Kong
  • Build and foster an external community of influencers, meet-ups and experts that amplify our messages and extend our reach
  • Create content and transfer knowledge to the community in order to increase Kong’s adoption and collect feedback to improve the end-user experience
  • Experience working with one or more of the following languages and runtimes: Lua, JavaScript, CSS, HTML, and/or Java, PHP, Python, Ruby, Node.js, Go, or .NET
  • Experience speaking at technology conferences, blogging/writing technical articles with an existing follower base, or contributing to a popular open source project
  • Experience creating and/or consuming network APIs (HTTP and/or RPC based)
  • Strong verbal and written communication skills to share technical knowledge with developers online, in-person, and on stage
  • Interest in advocating on behalf of the Kong community and working with the community to solve their challenges.
  • Experience with Kong
  • Experience with Docker and Kubernetes
  • Solutions Engineer - Japan
    Japan
    Are you ready to join the API revolution? About the role: Kong is looking for a seasoned, customer facing Sales Engineer who is motivated to help drive new business, evangelize our technology, onboard and train new customers, and establish revenue potential with existing customers. Ideally this candidate should have experience working with open source technology and strong knowledge of NGINX, Docker, HTTP, AWS, Postgres and Cassandra What you'll be doing: Support field sales in helping customers understand the value of the Kong API Management platformUnderstand and help establish customer requirements and grow trusted client relationships throughout the entire sales lifecycle, from initial product reviews to productionSupport PoCs throughout the entire evaluation processEnsure 100% customer satisfaction across assigned set of accounts Prioritize customer needs and coordinate with support, product, and engineering teams to help support customer needsCreate technical documentation for DevOps, implementations, and services engagements What you bring: 5+ years software engineer and/or sales engineer management experience at SAAS, Open Source or Enterprise Software company. Solid understanding of cloud computing trends and open source business models. You are a strong listener and communicator. You can confidently lead a discussion with a group of Product Managers, Engineers, and Executives. Enthusiasm for working in a high profile, fast-paced startup culture. Bonus points: Experience with Docker Fluent working on Linux OSed. Familiarity with CD/CI pipeline. Any knowledge on Kubernetes, DCOS/Mesos and Docker Swarm is a plus.
    You may also like