I am creating a microservice architecture.
Suppose I have three services: alpha, beta, gamma
and suppose the end-user sends a request to alpha and the structure is such that the alpha needs to send a request to beta and beta to gamma.
user <===> alpha <===> beta <===> gamma
I also have a kong API gateway so actually, the user sends the request to kong and kong dispatches it the service requested by the user.
The question is, should the internal requests also go through kong or not?
user <===> kong <===> alpha <===> beta <===> gamma
OR
user <===> kong <===> alpha <===> kong <===> beta <===> kong <===> gamma
Note that one of the benefits of using kong is its plugins. For example, if I want to use the correlation-id or Zipkin plugin and trace requests and latency in all the internal services, I need to reach them through kong. But my concern is, doesn't it add latency to the whole system? Is it a recommended practice in microservices architecture or not?
You should avoid strong coupling. Please invest some time in good API design , not with the backend in mind. For me the architecture idea looks somehow like a workflow with an Api gateway in it. You can also think about a compositioning service where the gateway knows this upstream and "the magic" with calling several other apis happens in this service. In this case you won't use the gateway as an esb. The only plugin you will really need is correlation-id.
Related
I have some questions:
How to send a message to Whatsapp using Spring Boot? Is there an API ready to be used?
Is the traffic of the message, whether for receiving or sending, is paid? If so, how does the payment for this service, charged by characters or bit size of the information?
I found this article: whatsappmate article online, it seems like you can register your phone number with the API gateway but there will be a limitation to the number of messages you can send.
Also, there is a Whatsapp service from Twilio which is not free. You can check out their pricing here. I have used their APIs for SMS and VOICE calls and they were rich. So, I could expect their WHATSAPP API to be richer also.
I am currently learning the microservice architecture with rabbitMQ to communicate between them. I got the idea to manage the communication between different microservices but I don't really find out how does the client can manage to communicate with my microservices.
For example if I create a user via my web app, do I have to send the request to the exchange directly that will send it to the account service (how can I send it to my exchange?) or do I need a sort of API Gateway to get all my request and then transfer to the exchange?
Thanks in advance,
Yes, you need a gateway of some sort. More info here: https://microservices.io/
I'm going to develop a Banking application that will send and receive information to mobile devices of bank account holder. I want to use REST api of Spring framework for this purpose. Is there any bank that uses RESTful api for applications?
Does RESTful api provide enough security for this purpose?
Or should I stick to use SOAP web service?
I know, this question is asked several times. But I want to concentrate on feasibility of REST api for Banking domain.
Most banks still use SOAP for integration, but you could find examples of companies like Visa or Paypal which expose their api in a RESTful way.
There is a key difference between using SOAP with WS-Security and a REST api with SSL, thats WS-Security which offers end-to-end security (offers confidentiality and integrity protection from the source of the message to the receiver).
What we are dealing here is security at two different levels: HTTPS applies at the transport layer (which you could apply to REST or SOAP service) and WS-Security applies at the application layer.
But now you could deal with REST using OAuth2, check on how Paypal uses it here.
Another question related: Secure Web Services: REST over HTTPS vs SOAP + WS-Security. Which is better?
Yes, it is as secure (or insecure) as any other method including SOAP. You still have to follow all best practices while writing your application (using https everywhere, encrypting sensitive data, making sure you don't write sensitive data to logs in plain text, and so on). It is best to discuss with the Security team for your bank/company, they'll usually have a set of requirements that you need to follow to secure your application.
From security perspective REST over HTTPS is good enough unless you need end-to-end security or you have compliance limitations.
If your banking mobile application will communicate through any intermediates (this could be NFC, Bluetooth Low Energy enabled POS e.g.) then I would recommend considering end-to-end security depending on risks and sensitivity of the information you are planning to send. Unfortunately there is no end-to-end security mechanism I can recommend for banking app except WS-Security. I had a look at many solutions like JSON Web Encryption (JWE), Javascript Object Signing and Encryption (JOSE), OAuth 1.0 Signature and others. I've found no solution which provides end-to-end security with respect to Integrity, Confidentiality, Authenticity for RESTful web-services out-of-the-box. The reason is that RESTful web-services are assumed to work always over HTTP and thus they will be protected with HTTPS. So if you need end-to-end security it's a good point to think about SOAP and WS-Security.
Another reason to think on WS-Security could be compliance regulations like PCI DSS. Then you can reduce compliance scope with end-to-end encryption of cardholder data. Good example is what Netflix guys did https://youtu.be/sYFDnGjNVrk. So investigate your compliance regulation if you have such before making a decision.
What's the reason for not seeing even a handful of "useful" and publicly available websocket based services out there?
RESTful services are plenty like the one below which is weather forecast related.
http://api.openweathermap.org/data/2.5/forecast?q=chicago,us&mode=json
However, why aren't there services like
ws://api.openweathermap.org/...
with some documentation about what messages a websocket client can expect to send and receive bi-directionally over a single connection?
What's the reason for not seeing even a handful of "useful" and publicly available websocket based services out there?
Maybe because websockets were not created for that? They came from the HTML5 initiative and were created to replace Ajax interaction between a browser and a web site for real time web applications. No more polling, long-polling, streaming, flash sockets, or any other HTTP hack to make a server push data to the browser. Webocket is the real thing.
Most web services now follow a request/reply pattern while the websocket is still a maturing technology. Give it time and services will appear, services that actually need the capabilities of websockets and not use them just because "there is a new kid in town".
As a final note, here is something for websockets emerging from Microsoft.
I want an SMS service that maps incoming SMS-es to an http request to my server and maps my HTTP response to an SMS reply. Can someone recommend an SMS gateway that provides reasonable service to North America?
Thre are lots of providers out there that can provide this (see google here or here). There are also some guides on the web such as "How to Choose an SMS Gateway Provider".
A couple of examples that look pretty professional (however i have not used them):
Clickatell
CellTrust