How to develop secure and scalable serverless APIs

Among Google Cloud customers, we see a surge in interest in developing apps on so-called serverless platforms that let you develop scalable, request- or event-driven applications without having to set up your own dedicated infrastructure. A serverless architecture can considerably improve the way you build applications and services, in turn accelerating innovation and increasing agility. Serverless computing is also a key enabler of “composable enterprise” strategies where you modularly reuse and combine data and functionality to create new customer experiences and new business models.  Adding an API facade to serverless applications is a great way to connect data, integrate systems, and generally build more modern applications. APIs let a business securely share its data and services with developers both inside and outside the enterprise; doing so with serverless makes it easy to scale those APIs securely—without any of the usual technical complexity. Benefits of serverless RESTful APIsAs organizations expand their API programs, a key question is how to build comprehensive APIs that are highly scalable and secure. To accomplish this, many organizations have been migrating their business-critical APIs to serverless architectures. For these organizations, serverless APIs provide several benefits:ScalabilityReduced hardware and labor costs due to cloud-based payment modelReliability and availabilityNo need for load balancing, infrastructure maintenance, or security patchesOperational efficiency Increase in developer productivityDesigning serverless APIsDevelopers use REST APIs to build standalone applications for a mobile device or tablet, with apps running in a browser, or through any other type of app that can make a request to an HTTP endpoint. By building that API on a serverless environment like Cloud Run or Cloud Functions, you can have that code execute in response to requests or events—something you can’t do in a traditional VM or container-based environment. Since building a robust serverless application means designing with services and data in mind, it is important to develop APIs as an abstraction layer for your data and services. As an example, a database activity such as changes to a table’s row could be used as an event trigger that happens via an API call.Leveraging Google Cloud API Gateway to secure your APIsGoogle Cloud API Gateway lets you provide secure access to your backend services through a well-defined REST API, which is consistent across all of your services, regardless of the service implementation. This provides two key benefits: Scalability – API Gateway gives you all the operational benefits of serverless, such as flexible deployment and scalability, so that you can focus on building great applications. It can manage APIs for multiple backends including the serverless Cloud Functions, Cloud Run, and App Engine, as well as Compute Engine, and Google Kubernetes Engine.Security  – Google Cloud’s API Gateway adds additional layers of security, such as authentication and key validation, by configuring security definitions that require all incoming calls to provide a valid API key. It also allows you to set quotas and specify usage limits to protect your APIs from abuse or excessive usage.Here is a quick demo of Google Cloud API Gateway:Get started nowWith API Gateway, you can create, secure, and monitor APIs for Google Cloud serverless back ends, including Cloud Functions, Cloud Run, and App Engine. Built on Envoy, API Gateway gives you high performance, scalability, and the freedom to focus on building great apps. Get started building your APIs for free.Related ArticleGoogle Cloud API Gateway is now available in public betaGoogle Cloud API Gateway makes it easy to securely share and manage serverless APIsRead Article
Quelle: Google Cloud Platform