3scale’s infrastructure is cloud based and easy to set up – allowing you to focus on delivering your content and services you need to while we take care of the rest.
Our architecture means you can deploy plugins wherever you’d like your API traffic flow to be controlled and we don’t redirect your traffic through our machines – you remain in full control (read more about our no proxy architecture).
3scale works using a plugin agents which can be deployed anywhere you’d like API control to be enforced. Plugins are available in multiple application languages (Java, .NET, PHP, Ruby and many others) for deployment in the application stack, for popular open source caches such as Varnish (http://www.varnish-cache.org) for deployment in front of your application and also as filters for Popular CDNs.
Once installed, agents authorize transactions on the API for valid keys, enforce rate limits and report traffic back to the management system.
There are a wide range of plugin/agent configuration options to meet different architectural needs and you can also roll your own by calling our traffic management APIs directly.
Once the plugins are set up then communicated with 3scale backend servers to make authentication and reporting calls for incoming traffic. Backend systems begin tracking traffic and enforcing rate limits in our SAAS infrastructure. The systems allow you to configure:
Once the API is up and running you’ll see a operations dashboard to track all events happening on the API and administer the developer user base.
Once set up, you can begin issue working API credentials directly from the management console or from your new Developer portal.
Our systems are Amazon EC2 and Rackspace hosted with multiple entry points for failover and can handle 10’s and 100’s of Millions of transactions per day per API. Once you have your API set up you let us know what you approximate traffic needs are and we make sure it’s there on tap.
For your peace of mind, for enterprise contracts we guarantee our servers will handle 5x the traffic you project as a minimum, and most likely beyond. So should you have unplanned spikes you’re covered and in control.
See more about scalability.
3scale systems provide a control center for the APIs you hook into the system using Agents, CDN connections or our API. However it does this is in an out of band manner – plugins/agents that you deploy and control handle traffic and communicate back to your 3scale control system but API traffic itself never passes through 3scale’s servers. This means:
See more about the architecture in the architecture section.
The 3scale platform is delivered as Software As A Service (SAAS) in the cloud with resources at multiple locations on both Amazon and Rackspace infrastructure. As API usage grows this means we take care of scaling our systems so you don’t have to.
Integration with the infrastructure is carried out using a plugin (aslo known as an “agent”) deployment. We provide agents for a wide variety of environments – all of which are open source and customizable – which can be deployed at any of the API endpoints you would like to cover with management services.
3scale’s global architecture connects API endpoints to infrastructure using a plugin deployment at any of the locations which will be serving API traffic.
Traffic to the API still comes direct to your data centers and does not need to be re-directed through third party machines. The plugins / agents act as policy managers which track API keys and other credentials as well as assigned usage rights in order to both control who has access to your API endpoints and track how much traffic is being generated.
The architecture supports:
Handling 10’s or 100’s of millions of API calls per day? – No problem. We scale 3scale’s management systems so you don’t have to – our infrastructure is highly distributed and scalable on demand for your needs.
Our systems are optimized to handle traffic processing and management at high speed and in a highly fault tolerant way:
In addition to everything we do server side, 3scale’s architecture also means traffic interactions between an API under management and our systems is highly efficient -
3scale systems are accessible in a variety of different ways by deploying control points (also known as agents) in locations where they can enforce traffic policies. There are four different deployment patterns which are commonly used – three are shown in the figure below and the fourth (deployment by API) is a variant of the plugin method.
In general only one method is chosen per deployment – but for complex installation with different APIs or unusual needs deployment methods can be mixed and used together in combination.
The four deployment methods are:
In addition, deployment may be synchronous or asynchronous in nature – giving you full control of how 3scale infrastructure is invoked for your API.
3scale provides code plugins in multiple languages which can be deployed in any application to add API control. The installation pattern for each library depends on the specific programming language in use (instructions are available in each bundle). However, as an overview – each plugin implements:
A second way to add control to your API is using a proxy deployment in front of your application to filter traffic as it arrives. 3scale recommends using Nginx for this purpose. In order to set up API control with Nginx only three simple steps are needed:
If you have multiple physical locations which serve traffic then you can also set up Nginx instances at each locations – 3scale’s systems will act as synchronization points for key management and rate limits between all these locations.
3scale also supports using the Varnish caching proxy as an alternative to Nginx. More information about that option is available in the Varnish as an API Proxy tutorial.
3scale supports connection to a number of different CDN infrastructures including Akamai. This architecture enables you to serve all API traffic via CDN edge nodes without the need for calls back to origin servers when caching is enabled. Hence API traffic can be served directly from caches closest to your API users and still enforce all the normall API access controls.
Setup for CDN integration varies by CDN but the overall architecture follows the pattern shown in the figure below.
For help with CDN setup contact us by email.
Each of the methods above is effectively a wrapper of 3scale’s own Service Management API. For more flexibility, the API can also be called directly from anywhere. See the documentation for details.
3scale’s architecture supports both synchronous and asynchronous traffic management approaches:
Synchronous mode is easy to set up and effective at low and medium volumes. For high volumes, asynchronous approaches afford more control to the agent and reduce latency in API responses.
The majority of software plugins provide synchronous integration by default but can be modified for asynchronous operation. Proxy integration is by default asynchronous with either Nginx or Varnish keeping a local cache of keys and policies.
3scale places no restrictions on how many traffic agents are deployed or their physical locations. Hence if API traffic is served from multiple physical locations, agents would be deployed at each location in the appropriate manner. Access keys issued to developers are equally valid at all locations.
In general you will only need one of the deployment methods for a given API (or set of APIs) but there are no constraints on adopting several if the needs of different APIs or customers vary. For example – traffic may arrive at your system from various ingress points based on type with some entering via a CDN and some coming direct. In these cases agents can be placed at all relevant entry points and use the same 3scale account seamlessly.
The primary thing to avoid in such scenarios is to ensure that a particular traffic call only passes through one reporting step (that control points are not cascaded).