Designing and building APIs can be a complex task. Data is often distributed into many different services. There could be some old legacy SOAP services, a MySQL database somewhere and a MongoDB somewhere else. Aggregating and designing a single API to be the main interface for all these services can be painful. In this blog post, I want to cover how you can combine JustAPIs and 3scale API management to build APIs and set up security, rate limits, and analytics.
I discovered JustAPIs, a new product launched by AnyPresence, while attending APIStrat Austin in November of last year. It seems like a great fit for people who are dealing with complex infrastructures. Once your API is built using JustAPIs, the only thing left to do is add a management layer so you have 100% control and visibility over who is accessing your API – exactly what we provide with 3scale. We can use the 3scale sandbox proxy to deploy API management on top of our API built with JustAPIs. This adds features like authentication, rate-limiting and analytics to the API.
If you aren’t familiar with JustAPIs, I recommend you jump into their getting started guide, which will show you how to easily create connect different services and endpoints and create one single API to expose these integrations. Once you have all your endpoints defined, you’re ready to add the 3scale management layer. If you don’t want to create your own API, you can use the one that I created and continue the integration with 3scale:
You will need a 3scale account to continue the tutorial, create one here.
In your 3scale Dashboard go to APIs > Integration.
You should now see something like this:
There you will replace the private base URL with the host URL provided by JustAPIs (usually it looks like SOMETHING.justapis.io). Or you can use the one that I provided above for testing purposes.
3scale requires you add the port, so your private base URL should be now https://SOMETHING.justapis.io:443. This indicates where your API sits, but this URL will never be shared publicly.
At the bottom of the page, under “API test GET request”, insert a valid endpoint. In our case using the sample API from JustAPIs, we used /events.
You can now click on the “Update & Test” button. The sandbox proxy will then be updated and re-deployed.
At this point, everything should be green, and you should see a curl call. This is a call to your newly deployed API with security using the 3scale sandbox proxy. Your API should work the same as it did before with the same endpoints. The only difference is that the .apicast.io URL is now your public URL and you need a user_key to get access to the endpoints.
Give it a try. Use any HTTP client like Postman, cURL or simply a browser to make call to
https://api-2445581402632.staging.apicast.io:443/events?user_key=2d4cfbedfdbc9563c692ba2e9cd338a8 (my example one)
Now change or get rid of the key, and you’ll receive an “authentication failed” response.
Your API is now secure – a developer without an API key could not access it.
Rate limits and segmentation
Now that the sandbox proxy is in place, you can do a bunch of other cool stuff. How about putting some rate limits in place?
Rate limits will help you segment your audience and differentiate between hackers playing with your API for fun — at hackathons for example — and other API consumers who aim to build real businesses around your API.
To get some rate limits set up, first look at the “applications plans” panel on the left-hand side.
Applications plans are how to differentiate between different categories of developers in 3scale. Two plans should already be there by default: “Basic” and “Unlimited”. You can, for example, restrict developers on Basic plan to 50 calls per day.
For a detailed description about how to configure more fine-grained application plans, please refer to this tutorial.
Want to see how your API is being used? Go to the “analytics” tab on your 3scale dashboard.
You should see some cool graphs based on number of hits. That’s the global amount of traffic hitting all your API endpoints combined. To get more granular information, including the amount of traffic per endpoint, follow this analytics tutorial.
That’s it. Nice and simple. You’ve used JustAPIs to design and build an API and are set up to control and analyze its usage through the 3scale API Management Platform. For questions or feedback, feel free to get in touch with me on Twitter: @picsoung