Building an API often means adding user authentication, rate limiting, logging, caching, or other such functions. In a world of microservices, that can mean a lot of unneeded reinvention.
That's the philosophy taken by Mashape, providers of a new MIT-licensed open source API management system called Kong, previously used to power Mashape's own API marketplace.
"There's a lot going on under the microservices layer with CoreOS, Docker, and all this new infrastructure," said Augusto Marietti, CEO of Mashape, in a phone call. "But there's really nothing much going on top of microservices to manage them."
Image courtesy Mashape Kong provides common services for APIs that would normally need to be implemented manually for each, such as authentication, logging, rate-limiting, or caching.
Kong allows common API logic like those mentioned above to be processed by a single unified front end, eliminating the need to reimplement the same functionality across multiple microservices. Kong's services are themselves addressable by REST APIs, so the microservices that they sit in front of can in turn talk to them as needed. The system is also extendable via plug-ins.
The system has already been in use with a number of partners for three years now. Marietti wasn't able to name names, but he noted that most of those companies were using Kong to implement authentication, logging, rate limiting, and billing. With logging, logs generated by a microservice can be piped by Kong to most anything, including log-analysis systems like Splunk.
Kong is built on top of Nginx, the open source Web server with expanding market share among highly trafficked websites. The latest versions of Nginx expand the product beyond Web server functions by adding deeply integrated language support and a plug-in architecture. Kong was built to leverage the first iterations of these new features, as Mashape and Nginx worked closely together when creating Kong. (Nginx is one of the first companies to build a Kong plug-in, Nginx Plus Live Monitoring, which provides activity monitoring for the commercial version of Nginx. )
The long-term ambition, said Marietti, is to turn Kong into a full-blown platform. There, third-party companies can build on top of it by way of commercial-grade plug-ins and add-ons. Mashape plans to monetize the system by selling commercial plug-ins of its own for enterprise-level features (such as API analytics), along with enterprise support.