How to develop secure and scalable serverless APIs

Among Google Cloud customers, we see a surge in interest in developing apps on so-called serverless platforms that let you develop scalable, request- or event-driven applications without having to set up your own dedicated infrastructure. A serverless architecture can considerably improve the way you build applications and services, in turn accelerating innovation and increasing agility. Serverless computing is also a key enabler of “composable enterprise” strategies where you modularly reuse and combine data and functionality to create new customer experiences and new business models.  

Adding an API facade to serverless applications is a great way to connect data, integrate systems, and generally build more modern applications. APIs let a business securely share its data and services with developers both inside and outside the enterprise; doing so with serverless makes it easy to scale those APIs securely—without any of the usual technical complexity. 

Benefits of serverless RESTful APIs

As organizations expand their API programs, a key question is how to build comprehensive APIs that are highly scalable and secure. To accomplish this, many organizations have been migrating their business-critical APIs to serverless architectures. For these organizations, serverless APIs provide several benefits:

  • Scalability

  • Reduced hardware and labor costs due to cloud-based payment model

  • Reliability and availability

  • No need for load balancing, infrastructure maintenance, or security patches

  • Operational efficiency 

  • Increase in developer productivity

Designing serverless APIs

Developers use REST APIs to build standalone applications for a mobile device or tablet, with apps running in a browser, or through any other type of app that can make a request to an HTTP endpoint. By building that API on a serverless environment like Cloud Run or Cloud Functions, you can have that code execute in response to requests or events—something you can’t do in a traditional VM or container-based environment. Since building a robust serverless application means designing with services and data in mind, it is important to develop APIs as an abstraction layer for your data and services. As an example, a database activity such as changes to a table’s row could be used as an event trigger that happens via an API call.

Leveraging Google Cloud API Gateway to secure your APIs

Google Cloud API Gateway lets you provide secure access to your backend services through a well-defined REST API, which is consistent across all of your services, regardless of the service implementation. This provides two key benefits: 

Scalability – API Gateway gives you all the operational benefits of serverless, such as flexible deployment and scalability, so that you can focus on building great applications. It can manage APIs for multiple backends including the serverless Cloud Functions, Cloud Run, and App Engine, as well as Compute Engine, and Google Kubernetes Engine.

Security  – Google Cloud’s API Gateway adds additional layers of security, such as authentication and key validation, by configuring security definitions that require all incoming calls to provide a valid API key. It also allows you to set quotas and specify usage limits to protect your APIs from abuse or excessive usage.

Here is a quick demo of Google Cloud API Gateway:

Learn how with Google Cloud’s API Gateway, developers can implement key security and administrative features that are needed to manage the requests that their APIs handle.

Get started now

With API Gateway, you can create, secure, and monitor APIs for Google Cloud serverless back ends, including Cloud Functions, Cloud Run, and App Engine. Built on Envoy, API Gateway gives you high performance, scalability, and the freedom to focus on building great apps. Get started building your APIs for free.

Read More