3scale’s infrastructure is cloud based and easy to set up - allowing you to focus on delivering your content and services you need to while we take care of the rest.

Our architecture means you can deploy plugins wherever you’d like your API traffic flow to be controlled and we don’t redirect your traffic through our machines – you remain in full control (read more about our no proxy architecture).

Step 1: Deploy 3scale API Plugins

3scale works using a plugin agents which can be deployed anywhere you’d like API control to be enforced. Plugins are available in multiple application languages (Java, .NET, PHP, Ruby and many others) for deployment in the application stack, for popular open source caches such as Varnish (http://www.varnish-cache.org) for deployment in front of your application and also as filters for Popular CDNs.

Once installed, agents authorize transactions on the API for valid keys, enforce rate limits and report traffic back to the management system.

There are a wide range of plugin/agent configuration options to meet different architectural needs and you can also roll your own by calling our traffic management APIs directly.

Step 2: Configure SAAS Hosted Systems

Once the plugins are set up then communicated with 3scale backend servers to make authentication and reporting calls for incoming traffic. Backend systems begin tracking traffic and enforcing rate limits in our SAAS infrastructure. The systems allow you to configure:

  • Authentication Patterns
  • Rate Limits
  • Accessible / In-accessible methods
  • Metrics to track for Analytics
  • Signup policies for developers
  • Alert levels
  • Public facing content of all types for your developer portal.

Once the API is up and running you’ll see a operations dashboard to track all events happening on the API and administer the developer user base.

Step 3: Issue Developer Keys and Accept Traffic

Once set up, you can begin issue working API credentials directly from the management console or from your new Developer portal.

Our systems are Amazon EC2 and Rackspace hosted with multiple entry points for failover and can handle 10’s and 100’s of Millions of transactions per day per API. Once you have your API set up you let us know what you approximate traffic needs are and we make sure it’s there on tap.

For your peace of mind, for enterprise contracts we guarantee our servers will handle 5x the traffic you project as a minimum, and most likely beyond. So should you have unplanned spikes you’re covered and in control.

See more about scalability.

Step 4: Scale with No proxies or redirects

3scale systems provide a control center for the APIs you hook into the system using Agents, CDN connections or our API. However it does this is in an out of band manner – plugins/agents that you deploy and control handle traffic and communicate back to your 3scale control system but API traffic itself never passes through 3scale’s servers. This means:

  • Deployment is quick and easy
  • There are no privacy issues with a third party seeing your data
  • There is no unknown “black box” which your traffic is running through and you don’t control as there is with other vendors.
  • Last but not least you don’t pay twice for bandwidth.

See more about the architecture in the architecture section.

The 3scale platform is delivered as Software As A Service (SAAS) in the cloud with resources at multiple locations on both Amazon and Rackspace infrastructure. As API usage grows this means we take care of scaling our systems so you don’t have to.

Integration with the infrastructure is carried out using a plugin (aslo known as an “agent”) deployment. We provide agents for a wide variety of environments – all of which are open source and customizable – which can be deployed at any of the API endpoints you would like to cover with management services.

3scale’s global architecture connects API endpoints to infrastructure using a plugin deployment at any of the locations which will be serving API traffic.

Traffic to the API still comes direct to your data centers and does not need to be re-directed through third party machines. The plugins / agents act as policy managers which track API keys and other credentials as well as assigned usage rights in order to both control who has access to your API endpoints and track how much traffic is being generated.

The architecture supports:

  • Deployment in multiple languages and frameworks.
  • Deployment to multiple different data centers and APIs – all of which can then be managed from a single location.
  • Synchronous and Asynchronous communication with 3scale backends – to put you in full control how quickly or slowly agents synchronise access and tracking data.
  • Multiple different authentication patterns including API Keys and openAuth.

Handling 10’s or 100’s of millions of API calls per day? – No problem. We scale 3scale’s management systems so you don’t have to – our infrastructure is highly distributed and scalable on demand for your needs.

Our systems are optimized to handle traffic processing and management at high speed and in a highly fault tolerant way:

  • Backend entry points are located in multiple physical and virtual regions within Amazon AWS and Rackspace cloud. This includes coverage for both the United States and Europe. We’re also continually adding to infrastructure to meet more demand.
  • Failover and load-balancing between entry points uses DynDNS’s ultra-fast DNS infrastructure so you’ll always be reaching live endpoints.
  • backend traffic processing runs on a highly optimized architecture with REDIS at its core and a variety of levels of scalability.

In addition to everything we do server side, 3scale’s architecture also means traffic interactions between an API under management and our systems is highly efficient -

  • API calls to your API are made to your servers directly – wherever they may be – and don’t need to pass through 3scale, ensuring 3scale never becomes a bottleneck for your traffic.
  • Interaction between the 3scale plugins that enforce traffic policies on your API and 3scale’s backend systems can be either synchronous or asynchronous. In asynchronous mode plugins locally cache policies for each key and hence can manage traffic without the need for inline rountrips to 3scale’s servers.
  • You can also deliver your API over a CDN such as Akamai for even higher performance – pushing content out to CDN edge-nodes worldwide to speed access to API consumers. API edge-nodes then operate by call backs to the closest 3scale nodes for policy enforcement and reporting.


3scale systems are accessible in a variety of different ways by deploying control points (also known as agents) in locations where they can enforce traffic policies. There are four different deployment patterns which are commonly used – three are shown in the figure below and the fourth (deployment by API) is a variant of the plugin method.

In general only one method is chosen per deployment – but for complex installation with different APIs or unusual needs deployment methods can be mixed and used together in combination.

The four deployment methods are:

  • Proxy Deployments : in this mode, instead of deploying the control elements in the API application stack, they are deployed in supported open source proxies which can be set up in front of the API and act as a traffic filter gateway for API calls. The recommended proxy is Nginx, for which 3scale will automatically generate the necessary configuration. Nginx offers a high performance solution that does not require any change to your API code. This solution also provides a caching mechanism that optimizes the performance of the integration with the 3scale platform.
  • Plugins : the simplest deployment mode is to use one of the numerous native language plugins 3scale provides. These libraries are added to API application code to enforce traffic policies at the point of traffic entry. Libraries are available in languages such as Ruby, Python. .Net, Java and PHP. Libraries call 3scale APIs in either synchronous or asynchronous mode.
  • CDN Deployments : for media and content heavy APIs, 3scale integrates with global CDNs such as AKAMAI in such a way that all API traffic can be directed at CDN edge nodes and still have API access control, policies and rate limits enforced as well as collecting API Analytics.
  • API Deployments each of the methods above is effectively a wrapper of 3scale’s own Service Management API designed for easy deployment. However, custom and bespoke deployments can integrate with the API directly – allowing you to integrate 3scale services in whatever manner suits you best.

In addition, deployment may be synchronous or asynchronous in nature – giving you full control of how 3scale infrastructure is invoked for your API.

Proxy based deployment

Using our API proxy in front of your application to filter traffic as it arrives is one of the best ways to integrate your API with 3scale. This is an Nginx-based proxy and uses the configuration that is generated for your API by 3scale. There are several ways you can use this proxy:

  • hosted by 3scale, through the APICast Cloud Gateway, available both in staging and production environment
  • deployed on-premise, with the configuration that 3scale generates for the Nginx Gateway for your API
  • deployed on AWS, using our AMI that you can find in the AWS Marketplace

In high load environments, multiple instances of these proxies can easily be deployed in parallel to handle the incoming API traffic. If you have multiple physical locations which serve traffic then you can also set up Nginx instances at each locations – 3scale’s systems will act as synchronization points for key management and rate limits between all these locations.

3scale also supports using the Varnish caching proxy as an alternative to Nginx. More information about that option is available in the Varnish Gateway tutorial.

Plugin based deployment

3scale provides code plugins in multiple languages which can be deployed in any application to add API control. The installation pattern for each library depends on the specific programming language in use (instructions are available in each bundle). However, as an overview – each plugin implements:

  • Authentication calls to check only issued and non-suspended keys can access the API.
  • Verification that rate limits are not exceeded.
  • Traffic reporting to provide usage information into the 3scale analytics and rate limit components.

If you’re working in a framework which isn’t currently supported let us know (via the forum or email and we’ll let you know if there’s anybody actively working on support.

CDN based deployment

3scale supports connection to a number of different CDN infrastructures including Akamai. This architecture enables you to serve all API traffic via CDN edge nodes without the need for calls back to origin servers when caching is enabled. Hence API traffic can be served directly from caches closest to your API users and still enforce all the normall API access controls.

Setup for CDN integration varies by CDN but the overall architecture follows the pattern shown in the figure below.

For help with CDN setup contact us by email.

API based deployment

Each of the methods above is effectively a wrapper of 3scale’s own Service Management API. For more flexibility, the API can also be called directly from anywhere. See the documentation for details.

Synchronous vs Asynchronous Deployment

3scale’s architecture supports both synchronous and asynchronous traffic management approaches:

  • In synchronous mode, plugins or agents make calls to 3scale for each API call that reaches them in order to validate API Keys and report traffic.
  • In asynchronous mode, plugins or agents retain a local cache of currently live API keys and serve traffic based on the content of this cache. This caches is the update asynchronously in the background to keep policy and usage rate information current.

Synchronous mode is easy to set up and effective at low and medium volumes. For high volumes, asynchronous approaches afford more control to the agent and reduce latency in API responses.

The majority of software plugins provide synchronous integration by default but can be modified for asynchronous operation. Proxy integration is by default asynchronous with either Nginx or Varnish keeping a local cache of keys and policies.

Multiple Locations

3scale places no restrictions on how many traffic agents are deployed or their physical locations. Hence if API traffic is served from multiple physical locations, agents would be deployed at each location in the appropriate manner. Access keys issued to developers are equally valid at all locations.

Mixing Deployment modes

In general you will only need one of the deployment methods for a given API (or set of APIs) but there are no constraints on adopting several if the needs of different APIs or customers vary. For example – traffic may arrive at your system from various ingress points based on type with some entering via a CDN and some coming direct. In these cases agents can be placed at all relevant entry points and use the same 3scale account seamlessly.

The primary thing to avoid in such scenarios is to ensure that a particular traffic call only passes through one reporting step (that control points are not cascaded).