Balancing the Scales of API Networks with MuleSoft and CloudHub
In a previous blog post, Aaron Shook broke down how MuleSoft as the platform for your API network can be the key to modernizing the legacy systems driving critical areas of your business. In this post, I want to take that explanation a step further and break down how MuleSoft can be a fulcrum in the balance between your business’s needs and the methods and speed of technology to address those needs.
The Current State of Enterprise Application Networks
There’s always a balancing act that must be maintained when developing enterprise application networks. Often, the balance is focused on size, though not of any one monolithic application or complex microservice. Instead, it’s the size of the business application network.
More and more businesses are relying on building new applications that communicate with older, existing applications developed over the years internally, and from third-party sources. New microservices and APIs are built to bring all of this information together to fulfill an internal business need or build out a more robust offering for their clients. Even more APIs and data flow systems are then required for financial reporting and trends analysis.
The Problems as API Networks Evolve
At some point, an architect or CTO comes to the realization that the evolution of business needs over time has resulted in a number of disparate mainframe systems, web applications, financial systems, CRMs, and so on and so forth. The ability to manage user access, security, and overall maintenance and operations begins to accrue not only technical debt but administrative and project management debt. Even attempting to discuss and agree on a single API design often leads to scattered internal wiki pages, email chains, and often multiple conflicting API design documents.
Now everything slows down – development, the ability to orchestrate multiple layers of APIs, or just trying to find a single source of truth for the company’s API offerings. Progress begins to grind to a halt. As an architect or CTO, one must find a balance that allows for autonomous changes, updates, and new offerings to be made, all the while coordinating the overall flow, access, operation, and maintenance of this living, breathing system.
MuleSoft and their CloudHub iPaaS offering provide that balance, as I’ll detail below.
API Design With MuleSoft
Having a centralized source of truth for an API spec that reflects previous, current, and future versions of an API, and that can be shared amongst departments and units is very important in an enterprise setting.
MuleSoft’s Design View and Exchange allow architects and API designers to develop API specs that are automatically backed by mock implementations and include basic validation declarations of fields and more. These specs can be shared and viewed by those within the company, acting as both documentation and testing platforms before the implementation is ever touched.
On top of that, the implementations can be automatically “discovered” or associated with a particular specification, allowing for multiple concurrent versions to be running, and historical implementations to be viewable by the internal team and others.
As more APIs are added, individual data types can be aggregated into common API data type libraries and shared across APIs. This improves both consistencies of data and models across APIs but also standardizes the languages used by architects, developers, and product managers across the enterprise.
API design provides the foundation from which implementation, changes, and discussions spring. This ethos is ever-present in MuleSoft’s infrastructure and has saved Green Irony a vast amount of time in working with clients and keeping all of product and software development on the same page.
Application Network Security Within MuleSoft’s CloudHub
Security policies, SLA tiers, and access management can all be handled within MuleSoft’s CloudHub platform. It comes built with hooks and supporting modules for Oauth, SAML, basic authentication, client id/secret access, and more. The interesting thing is that policies themselves are associated with a combination of a particular API and consumer – not with the API’s implementation or code. This is important since it allows you to associate a particular policy with many different APIs and manage access across your API network without having to be concerned with how a particular API itself is implemented.
API consumers can request access to a particular API that abides by their associated credentials and CloudHub itself will handle disseminating the request to admins, who themselves have an interface for approving or rejecting individual requests.
On the other side of things, HTTP requests allow for the inclusion of TLS trust and keystores, so there’s no need to sacrifice on the security of outgoing communications.
Banks, insurance companies, and various other financial institutions are using MuleSoft as a bedrock foundation for their application networks. One of the main reasons for that use is MuleSoft’s focus on security. The ease with which we can implement and configure TLS and other security protocols further solidify their focus on protecting data and network traffic.
Developing APIs With MuleSoft’s Anypoint Studio
Since the API design and implementation are entirely separate, the roles of architects, API managers, and implementation developers are kept separate. This separation allows architects to work with product development teams to create, update, and improve the design of an API without impacting developers. Once an API has been designed, developers can import the new or updated API spec into Anypoint Studio and begin working on implementation and changes.
Unlike most frameworks and platforms, MuleSoft’s Anypoint Studio will automatically generate the basic plumbing and connectors for an API based on the spec itself. When an API design is published to Exchange, that connector can then be imported and used by any other API with access.
This aforementioned handling of plumbing gives developers input validation, automatically generates MUnit tests for each endpoint, and provides other assorted freebies.
The ease with which development teams can pull API designs into new projects and update existing projects with changes to the API design cannot be overstated. Additionally, these changes to the API are reflected in the automatically generated connectors by API version, which greatly simplifies updating other APIs and interfacing with them.
There’s also a significant depth to errors, allowing for the continuation of processing if an error is reached, or allowing it to bubble up to the response. All of these errors are wrapped by intuitive namespace/identifier combos that let a developer easily categorize and reclassify errors.
These features all come together to provide developers with more time to focus on the implementation itself. Once development is complete, the API implementation can be deployed to CloudHub where it will be automatically associated with the API specification.
Of course, no API is perfect or complete out of the gate. The spec will change over time. When an API designer updates the specification, developers can import the changes into their Anypoint Studio project, where top-level endpoint updates will be handled automatically.
DevOps for Application Networks With MuleSoft
After development has been completed, it must be deployed, monitored, and maintained. MuleSoft’s CloudHub offering provides for common DevOps needs, from CI/CD, application network monitoring, to VPC management, and more.
Many development teams attempt to wrangle their various technology stacks into some semblance of a CI/CD flow. Understanding this need, MuleSoft has a variety of APIs that can be used to handle deployment, monitoring, and various others needs. Whether it’s Jenkins, Azure, or any other automation setup, the combination of MuleSoft’s maven plugin and REST APIs lets you run and publish test results, as well as deploy full applications, their updates, and associated SLA policies, and more.
Provisioning VPCs, region management, clusters, high availability settings, load balancing – all are actually really easy to do with the Runtime Manager admin interface. It’s also easy to integrate your SLA policy infrastructure and manage those in the API Manager section of CloudHub, and how those APIs are tied to the actual worker applications in Runtime Manager. Runtime Manager admins can also build their dashboards to track their applications, or if already using Splunk, configure their CloudHub workers to interact with and send log data to Splunk.
As applications are running, there will be inevitable issues that need to be tracked down across an application network. Usually, these are associated with individual requests that are failing. MuleSoft comes with a built-in feature called “correlation ID”, that will let external clients communicate with MuleSoft, and especially requests between MuleSoft APIs, to log errors and anything else and have them associated with that particular ID.
As with API design, security, and development, the suite of features presented to DevOps personnel simplifies the provisioning, management, and maintenance of APIs.
There is no single feature in the MuleSoft family that causes it to dominate the API industry. Instead, it’s the culmination of all the helpful features and abilities across every aspect of API network design, development, and implementation.
MuleSoft and CloudHub give enterprise companies a holistic view and insight into all of their APIs on the application network. Everything from having built-in API documentation and source of truth, to full-feature operations support – these are all extremely helpful and useful for businesses trying to get a hold of all of their APIs. Sure, keep the APIs on other systems, but have MuleSoft provide its own tiny API microservice interface to them, and bring them into the fold of everything else in your business.
Everything in IT is a balance. MuleSoft attempts to be a fulcrum in the balance between a business’s needs and the methods and speed of technology to implement them. It goes out of its way to provide a suite of features, all customizable, to remove the boilerplate and solved problems in building and maintaining application networks. This allows developers, business analysts, and operational teams the freedom and time to focus on the actual business problem and not on recreating the wheel around API design, implementation, and management.