Not many people love to run servers. Let alone ordinary businesses. It’s a classic no-win proposition: if it runs smoothly and securely, everybody takes it for granted, but if there is a failure, or worse, a breach, everyone gets disgruntled. No wonder serverless computing is gaining steam. It completely takes away the burden of running your own (virtual) servers and is in many situations cost-competitive.
The Serverless Appeal
Cost-wise, serverless computing gets invoiced per use. The fixed base cost is zero or at least close to zero. The way it works is with every call, a micro virtual machine (VM) gets booted, which generates the response. Then it enters a dormant state, waiting for the next call. After a period of idle time, the micro VM is automatically stopped.
For operators, this is the way to make maximum use of their resources. If it’s busy, idle times are shortened, if not, subsequent calls can be handled efficiently. For consumers, it’s a different operating mode to get used to. It gets slower when it’s quiet and more responsive when busy. That’s not necessarily bad, but it’s different. From an architectural point of view, caching at the application level is no longer useful, and direct thread-to-thread communication is impossible. Those kinds of changes require a different design. Again, not necessarily negative, but it takes a certain mind-shift.
Impact of serverless
If it’s just about a redesign of your own website, perhaps sharing functions across web and mobile apps, then this is mainly a matter of application architecture. But what if you want to use those functions across multiple domains? Or what if you want to provide functions as a service to third-party developers? What if you want to monetize those functions as APIs?
API Management is of course the enterprise-grade solution to manage your APIs. For each endpoint, you can decide who can subscribe to it, under which conditions, and at what level of service. Your APIs can be free to use, payed, or you can opt for a freemium model. In a freemium model, an API is free at a basic service level, whereas a premium service is offered at a price. At any point in time, you have an actual overview of which APIs are used in what applications, which versions are in use, and how frequently they are used. You can automatically detect malicious use and counteract instantly. It is fair to say that if you do not use API Management to secure and manage your APIs, you’re in control of your digital resources.
Up until recently, the worlds of serverless computing and API Management were not perfectly integrated. Sure, you could use an API Gateway offered by your cloud provider. But in that case, you would create a pretty serious lock-in, especially when opening up to third party developers. Now you could argue that you can simply put your own API Gateway in front of your Cloud API Gateway, and you would be completely right. But in terms of complexity, you add an additional layer of control, not to mention the additional latency you introduce.
Alternatively, you could also consider building a RESTful adapter fronting your serverless functions, but then you’re back to running servers. If you were using WSO2 API Manager, you could also implement a custom handler or a mediation step to implement an adapter. It does the job, but it’s still additional work and additional maintenance.
With API Manager 3.1, WSO2 completely takes away the complexities of exposing AWS Lambda functions as a managed API. In the latest version, AWS Lambda functions have become an additional type of endpoints for RESTful APIs. So now, next to GraphQL and WebSocket APIs, we’ve RESTful APIs with REST endpoints, SOAP endpoints and AWS Lambda endpoints. Consequently, the digital world has become a better place for it.
Exposing serverless functions as managed APIs has never before been so effortless. It’s literally as easy as defining your API and connecting it to the Lambda endpoint with the proper AWS credentials. The gateway will do all the magic to authenticate your consumers and, if authorized, connect them to your function. You can add throttling policies as you see fit. You can use the monetization features. You can use the community features. And you get analytics for free. It’s awesome.
Functions are meant to do a single thing. Often a small thing. Think of the AJAX calls we used to embed in dynamic web pages. APIs, on the contrary, are more geared towards the usage context. Be it a customer application, a long-running process, or a typical product, an API is the easiest to adopt if you need only one for your purpose as developer. WSO2 API Manager has a feature to create a consolidated API from resources defined in primary APIs. You can use it to filter extensive APIs for limited use, to merge smaller APIs into meaningful ones, and of course a mix of the two. Needless to say, that you can use it to upgrade your serverless functions to really useful APIs. And you can reuse your functions in multiple APIs aimed at different purposes. There’s so much to love.
But it doesn’t end here.
If you’re new to the world of APIs, perhaps as startup, serverless functions may be everything you want to expose. For everyone else, API Management has become a mixture of SOAP, ReST, and GraphQL services, it comes as a relief that the entire portfolio can now be managed as an integrated suite. Think about it. Your consumers only need to go to one API store to discover everything you offer. There is just one process to subscribe to your APIs. With one set of credentials, they can access all your APIs. No harmonization needed, it’s unified by design. And yes, you can mix and match different endpoint types in your consolidated APIs too.
WSO2 is successfully building towards their overarching vision of APIs everywhere. APIs as the single point of entry to all your backend systems, be it legacy systems exposed as services over an ESB, 3-tier applications, virtual data lakes as GraphQL sources, or Docker containers running in Kubernetes. APIs as the single point of administration for your owners and consumers, regardless of technology. APIs as the universal point of monitoring for monetization and analytics.
Today, we welcome AWS Lambda to our extended family. You can be sure there’s more to come.