Today, if you want to be competitive within the technology industry, you need to be able to move fast and you need to be adaptable. Unfortunately, large monolithic systems, where the entire source code is built into a single deployment unit and a single change to the app requires a full version update, don’t lend themselves to that. Instead, more and more, teams are relying on microservices within their apps — and connecting the dots with APIs that share information.
To give a clearer picture of the role of microservices and APIs in modern software development, this piece takes a closer look at each concept and shares insights on how they work together, securely.
What are microservices?
Whereas a monolithic application is built as one central unit, with all functions sharing the same runtime environment, an app built with microservices breaks down the environment according to function. In other words, a microservice is a simple piece of functional code that conducts one or more specific actions. This could be anything from a calendar component to a map or even a payment function.
Working together, all of these microservices form the app that is then delivered to the end user. Take a ridesharing app as an example. The app has a lot of different functions, each one filled by a different microservice:
- Passenger management
- Passenger web UI
- Driver management
- Driver web UI
- Trip management
- Trip history
These microservices tend to communicate with each other through APIs, which facilitate a seamless flow of information from one to another, optimizing the user experience as they navigate through the application.
The benefits of microservices
Beyond facilitating agility, the benefits of microservices include:
- Scalability: Each service can be scaled independently, which makes it easier to focus on the services that are projected to see a higher return on investment.
- Flexibility: Since each microservice solves a specific problem, there doesn’t have to be a standard for how it’s developed — which gives developers more options and choice.
- Ease of deployment: Microservices are modular and support continuous integration and delivery. This makes them easy to deploy, release new features, and rollback updates if something goes wrong.
What are APIs?
APIs can be seen as doorways that allow internal and external developers to access the data within a microservice — or to use its functionality. Often, they offer a standardized approach for a system to access other applications, microservices, or data that’s outside the code’s direct environment.
One thing to know about APIs is that there isn’t a set standard or format for how they’re built and used. In fact, the API landscape is always evolving, and this can pose challenges in terms of integration, communication, and security.
The benefits of APIs
Software companies that use APIs see a number of different benefits:
- More time to focus on your strengths: Using APIs to reuse software features means that developers don’t have to duplicate their efforts. Rather, they can spend time thinking about new tools and features that reflect their company’s unique capabilities and provide additional value.
- Ability to outsource complexity: Similarly, APIs allow developers to rely on other people’s expertise — whether they’re in a different department or another industry altogether — rather than risk doing complex things (like security or authentication) wrong.
- Faster speed to market: APIs provide a uniform set of protocols for how apps interact. This helps to streamline the way a company’s developers work, so they can seamlessly test features and functionality — and validate value props faster.
- Improved user experiences: With APIs, teams can more quickly develop on features that users have become accustomed to in other applications.
How do microservices and APIs work together?
As part of the API economy, leading organizations are making their services available for other brands to use their technology — rather than reinvent the wheel every time. As such, companies that are building a new application can focus on leveraging their own expertise, rely on others for the collateral systems, and move faster. This is a key example of how microservices and APIs work together.
Let’s go back to the ridesharing app example for a moment. Rather than build their own map, they could use an API to leverage the Google Maps map instead. In the same vein, they could use Stripe APIs for payments, or Twilio for sending text messages to their users.
Since APIs aren’t all built the same, many developer teams will have an API gateway that acts as a central point of communication between microservices, translates requests from differently formatted APIs, and monitors the availability of a microservice. API gateways also aggregate the various microservices required to fulfill each API call and return the appropriate result.
Another important consideration in these multifaceted environments is security. Today, APIs are the preferred attack vector for cyber criminals, and standard security mechanisms don’t factor in all the nuances required to keep APIs secure. A recent report has shown that 95% of companies had an API security incident in the last 12 months. To reduce the risk of these attacks, companies need to employ best practices for API security at each stage of the development and production lifecycles, and keep a thorough inventory of their APIs and microservices.
About the Author: Ali Cameron is a content marketer that specializes in the cybersecurity and B2B SaaS space. Besides writing for Tripwire’s State of Security blog, she’s also written for brands including Okta, Salesforce, and Microsoft. Taking an unusual route into the world of content, Ali started her career as a management consultant at PwC where she sparked her interest in making complex concepts easy to understand. She blends this interest with a passion for storytelling, a combination that’s well suited for writing in the cybersecurity space. She is also a regular writer for Bora.