API Framework

How to Setup a Middle Layer for a Client that Serves a Million Users Monthly Without Disturbing Them

Challenge

Our client serves a million customers
monthly. Over the years they have
worked with multiple vendors who
have built apps on top of the legacy
code system, which overtime has made
it extremely complex and unstable. All
the services in the client’s portfolio
were developed by different vendors/
teams who had various architectures
and patterns. Every service had it’s
own login and monitoring, plus they all
were mutually dependant.
Serving hundreds of thousand
customers daily escalated the
problem even further, making it
unscalable, vulnerable and without
a centralized login and monitoring.
On top of that, the resources needed
for the maintenance of the code
skyrocketed. Therefore the addition
of new apps would endanger the
work of the system as a whole.

How it looked like in practice

The system worked by one app calling
another app, who then called another
app and all without the possibility to
turn off select parts of the system.
This made it virtually impossible to
implement new services by other
vendors.

Solution

Our solution was to introduce a new
layer to the system – API Framework.
First we had to separate various
services/apps and unify them in
terms of architecture. We needed to
increase the level of security since
the client hosted private data from
the users, so we made a standard
external API access point with a high
level of security.

benefits

The solution we developed is one of
the three core systems our client has
on which everything else rests: the
core system, the business process
modelling system and now the API
framework.

Additionally, we set up dev templates
for future vendors by establishing a
service for developing new apps and
refactoring of the existing modules.
This way we could guarantee the
security of apps and services built on
top of the API framework in the future.
Since the client’s internal IT team was
not familiar with the API framework,
we held a series of workshops for
their developers and delivered 11
documents with instructions and
explanations on how to use and
develop this configuration portal further.