In this article, we explore how Maya, a prominent fintech company and digital bank in the Philippines, transformed its API management using Amazon Web Services (AWS). Facing increasing complexities in managing various APIs hosted on Amazon API Gateway—a fully managed service designed for creating RESTful and WebSocket APIs—Maya sought a more effective solution.
Maya’s different teams were responsible for building APIs to provide their services to merchants. However, as the number of applications expanded, the challenge of managing these APIs grew. To tackle this, Maya developed an API platform, which standardizes and simplifies API management across various concerns such as security, governance, automated deployments, observability, and integration with multiple AWS accounts. This centralization allowed application teams to concentrate on feature development while delegating management responsibilities to the API platform.
Initial Challenges
Before the new API platform was established, Maya employed a decentralized approach to API management, which led to significant hurdles:
- Lack of Standardization: Maintaining consistent API standards across the organization was a challenge. Each team followed its own practices and configurations, resulting in discrepancies in security and documentation.
- Maintaining Security Posture: Despite Maya’s commitment to strong security measures, the decentralized model made it unsustainable to apply uniform security policies across multiple independent gateways. The burden of managing these policies was becoming increasingly heavy.
- Inconsistent Operational Visibility: Observability was not inherently absent but was applied inconsistently. The presence of multiple varied gateways complicated the enforcement of a unified observability strategy and hindered the ability to correlate data across the entire API ecosystem.
Proposed Solution
To mitigate these challenges, Maya rolled out a centralized API management platform, termed Unified API Gateway. This new structure enforces consistent standards while enhancing security and observability. The architecture of the Unified API Gateway, which integrates with backend services managed by various teams across different AWS accounts, is illustrated below.
API Platform Architecture
Maya centralized its API hosting in a dedicated API account to streamline governance, overseen by a specialized shared services cloud team. Amazon CloudFront, in conjunction with AWS WAF and AWS Shield Advanced, provides perimeter security. An AWS Lambda authorizer manages authentication, authorization, and session management, effectively addressing the OWASP top 10 API security risks.
Backend service integration is facilitated through API Gateway’s private integration and AWS Transit Gateway. In a decentralized deployment strategy where APIs are co-hosted with services in their respective AWS accounts, integration becomes simplified, removing the need for cross-account network connectivity while still leveraging the API management techniques discussed here.
Standardization through Structured Onboarding
Using OpenAPI Specification (OAS) provides a structured format for defining APIs. As depicted in the following figure, service teams create the API OAS specification, which is integrated into Terraform infrastructure-as-code templates for API Gateway. These templates are stored in a source code repository and deployed via GitLab CI.
A configuration file, serving as a Terraform template, specifies parameters for solution components like backend integration, Lambda authorizer details, and headers for auditing. Below are snippets exemplifying this integration:
Integration with the backend service x-amazon-apigateway-integration:
type: "http_proxy"
connectionId: "${vpc_link_id}"
httpMethod: "GET"
uri: "http://$${stageVariables.url}:11620/v1/api/endpoint/{id}"
The API Gateway supports most of the OpenAPI 2.0 and 3.0 specifications, with some exceptions. Maya has implemented a custom plugin in the pipeline to enforce necessary limiting rules to ensure compatibility with the API Gateway.
For a more seamless deployment process for development teams, Maya has created a custom Terraform module that abstracts the complexities of the API Gateway implementation.
In addition, to learn more about effective API management, check out this insightful blog post and visit this authoritative source on the topic. For a visual guide, this video resource is excellent.
SEO Metadata
Leave a Reply