How to build an app using a serverless architecture? - rest

I'm confused about Firebase and serverless in general, as I was just introduced to this concept recently (note that I'm still studying computer science and I'm just exploring on my own now).
In the past I've been part of a project that had the following structure:
Front End in a Single-page-app
Back End built as a REST API
Now let's say I want to build a product, that might have a website and mobile apps. It also has to have backend logic as there are accounts, objects owned by users, and possible integration with a payment service.
What I initially expected from this, before knowning about serverless, is that you build a backend using something like Go (was my case), where you handle all the database data and third-party integrations, build a front end with something like Vue, and then use the backend's REST API to communicate between both of them.
Is this still the case with serverless? Do you build the whole backend server code, or does it work in another way?
I don't need/want you to explain all of it to me. I just need some insight on what is done and common so I can investigate further.

Related

How to structure API service app architecture

Background:
I'm building an API service app. The app is just like any other, you send an HTTP request and receive a response. This seems simple up until I start thinking about user registration, payments, authentication, logging and so on.
Application:
tl;dr simple app diagram
Endpoints listening for HTTP requests and doing all the request related work. This is the core of the service, what the service user would use this app for. Directly not accessible to the end user (unless somehow it knows the url). Python flask server, deployed on google cloud RUN.
API gateway acting like a proxy and a single access point forwarding the requests to the endpoints. This is the service access point for the end users. This part will also be responsible for authentication, limitations, logging and tracking the use of the API endpoints. Python flask server, deployed on google cloud RUN.
Website including documentation, demo and show off of API calls through API gateway, registration, payment (thinking of Stripe) etc. VueJS app on NodeJS server on google cloud compute VM.
Database storing credentials of registered users, payment information and auth keys. Not implemented yet.
Problems:
Is this architecture proper? What could be done differently or improved? How could I further simplify all the interactions between separate parts of the app? Am I not missing any essential parts?
Haven't yet implemented the database part and I'm not sure what should I
use? There are plenty of options on google cloud. Also I could go with something simple and just install a DB with http/JSON interface on google cloud compute VM. How do I chose the DB? Given such an app, what would be the best choice?
Please recommend literature/blogs/other sources of info on similar app
architecture for new developers not familiar with it?
This is pretty open ended, but here are some general comments:
Think about how your UI will work. Are you setting up a static app served directly from cloud storage or do you need something rendered on the server? Personally I prefer separating UI from API when I can but you need to be aware of things like search engine optimization. Even if you need to render some content dynamically your site can still be static. Take a look at static site generators like Gatsby. I haven't had to implement a server rendered UI in years and that makes me happy.
API gateway might be fine, but you don't really need it for anything. It might be simpler to start without it and concentrate on what actually matters. If your APIs are being called by an external client you can't trust the calls anyways and any API key you might be using will be exposed. I'd say don't worry about it for a single app. That being said, if you definitely want to use a GW then use one, just be aware that it is mostly a glorified proxy and not some core part of your architecture.
Make sure your API implementations don't store any local state so you can rely on Cloud Run scaling your services up and down. Definitely don't ever store state directly inside your containers. If you need state on the server it needs to be in some external data store.
Use JWTs or an external IDM (that will generate JWTs) for authentication. Keep session data on the client side as much as possible and pass the JWT in every API call to authenticate the caller. If you are implementing login on your own the only APIs you need to expose without tokens are for auth and password recovery, which you can separate into their own service.
Database selection depends on how well you understand your processes, how transactional your services are and your existing skillset. Overall I would use what you are comfortable with, you can probably succeed with a lot of things. Certain NoSQL flavors can seem simple on the surface but if you don't have a clear understanding on the types of queries you need to run they can get tedious to work with. Generally you should stick to relational databases for OLAP style implementations and consider NoSQL for OLTP. Personally I like MongoDB and it is very popular, probably because it sort of sits in the middle of the pack which makes it fit a lot of applications. Using MongoDB also makes you cloud agnostic since it is available on every platform. Using platform specific database flavors can lock you down to a specific vendor.
Whatever you do, don't start installing things on VMs. You can be almost 100% sure you are doing it wrong if this comes up. Remember, the services you consume don't all have to be managed by Google or even run on GCP. You can get MongoDB capacity directly from MongoDB who manage it on your behalf on all of the Big3 cloud vendors.
At least think about the long term, even if you don't necessarily need to have it impact your architecture right now. If you are expecting your app to be up for years try to make it more platform agnostic than less. This might mean sticking away from some really platform specific serverless features that will force you to jump a couple of extra hoops. If you are using Cloud Run you are using containers which already makes your app pretty portable, don't lock it to one platform by using a lot of platform specific features. That being said, don't stay away from them either. You should always go for the low hanging fruit, so don't try to avoid using things like secrets manager etc. If your app has a short lifespan and you need really fast time to market then don't worry about it.
Just my 2c, what you are doing is very generic and can be done in a lot of different ways.

Dynamically Change API Environments Google Rollout Track

I'm developing an Ionic(3 / 4)(Angular 4 - 7)-Cordova / Capacitor Cross Platform Application(s). I'm interested in switching API env based on the current rollout track in the Google Play Store. For example, once an application has been successfully tested and recommended to continue staging/production. I would like to have the API env dynamically changed (e.g., using a different URI domain to connect to REST API ) dependent on the Google Play Store Track.
I'm aware that I can use Google Developer Play Store API to identify / list versions and available tracks yet, I'm unaware if there's already an implementation or solution. I'm perfectly willing to design a solution though, I figure I find out if it's been done already rather than reinvent the wheel.
I'm hoping to implement a solution either to the REST API BACKEND or in the ionic framework layer rather than an integration at the native layer for scalability per-project. The purpose of doing this would enable CI rather than rebuilding the project and change the API URI domain for every environment. Any assistance in this matter would be greatly appreciated.
So, if anyone's interested. The approach highlighted above is possible, couldn't get an answer so I just created something. Using Google Play Developer API. The process flow is as follows:
[]
For now it's a working prototype perhaps its not very efficient; I suppose it can be improved if the request was issued from a single server, or microservice. Though, I wanted to make the code recyclable and it's isolated from both the mobile application & Node Server.
If you are interested in learning more or would like to work on project. Please feel free to contact me.

What is the standard way to implement an API sandbox?

so it occurred to me that it would be helpful in the development of my backend to have a managed sandbox, like a development environment without having to set up a separate database. To be more specific I'm using Postgresql and Node.js, but I doubt that makes a difference.
So my question is, how do services such as PayPal commonly implement a "sandbox" for developers who use their API to play with that is separate from their real data? In my case all that I want is a database sandbox that operates separately from the main database for the backend developers. My first idea on this is to tag every row with their specific sandbox or production id, but that seems inefficient. Is there another way to implement this idea?

Fully scalable website with micro-applications

I'm in the process of designing a cloud deployed website for a new solution my company is looking to provide. I have been attempting to answer a few questions and haven't had any luck, so when in rome.
First, I don't want the website to be stuck to any one particular framework. I know there is no way to completely future proof a website, but I would rather not put all of our eggs in one basket.
Secondly, I want to have a separation between the front and back end entirely. I have a list of reasons why I'm looking to do this, don't necessarily want to get into the conversation of what they are. Server Side rendering for the most part is out of the question.
So where does that leave me?
My initial thoughts on the design are to have a REST API that can be accessed for any API calls (this may be turned to GraphQL in the future).
The design decisions that I'm mostly wresting with are for the front end. The website will be a dashboard type system, where tenants can log in and see screens for them.
I was thinking that I would have a sort of shell, that hooks on to the index.html. This would have it's own routing, that would render micro-applications that are completely separate from the shell logic.
So for example, if I load index.html, path being "/"
It has some routes that it's responsible for, lets say
"/todos"
"/account"
If I accessed the /todos route, my shell application would then render that micro app. This application would be completely separate from the shell, except some data that might be loaded via the window. Once this application is rendered via the shell application.
So my todos route, for example, could be a redux application that's independent. It could have it's own routing, etc.
Is this is a common architecture? Are there any examples of this? Is there a better way of going about this?
Thanks for any insight!
Sounds like your well and truly over engineering this beast.
You may take on such an architecture for a HUGE build with many dev teams all working separately. Small agile team, the above would create so much overhead in boilerplate and brain ache in context switching between each "app"
Micro-service architecture is seriously great. Just don't break it up too small, read your use case well and break your services up accordingly.
For example: we are a team of 3. We have a pretty large-ish app devised into:
Php API
Backend management interface (redux)
Frontend website (html, react, php)
Search service (elastic search)
Cache (redis)
Data store (mysql)
All on running in multiple docker containers across multiple hosts. Pull down the backend.. Fine the frontend website is still up and running!

How to maintain app master data at server end?

I'm trying to build an API which can be used to update some master data in my app. It contains various drop-downs for city, country etc. Whenever I add new data in these drop-downs, I need the apps to hit this API once a day and get the latest data. Also, if the API is requested older data (from older apps), it should be able to return such data based on some date query parameter.
What's the best way to create such an API?
Also, the API needs to be RESTful and will be exposed to Android/iOS environments.
API should be able to return so based on some date query parameter.
You can use two columns created_at and updated_at in you tables schema. So how can this will useful for your situation:
Whenever some one hitting api without date parameter, you are return all data which are created before current time.
Whenever some one hitting api with date parameter then you can return data which are created before value of date parameter.
Obviously you have to write complete logic for this at server side
end.
Please explore one of the Mobile Backend as a Service (mBaaS) products for your long term needs.
Here are some players:
BaasBox: Open source backend
Backendless: Allows
developers to have an instant backend without writing server-side
code.
Apigee App Services: provides a lot of free storage, push notification, analytics etc.
Appcelerator: An BaaS targeted at the Enterprise audience.
For the short run you may want to try https://www.webscript.io/ to embed some quick javascript code to return the JSON response for you.
I would put a spin on #Santanu's suggestion of using BaaS. I would recommend using a BaaS during the development phase of your project.
When the iPhone and Android Apps have been developed and tested, replace the Baas-based server components with a in-house built RESTful server.
This approach has a couple of benefits. It lets you divide the effort into two distinct parts: the client changes to your product, and the building of your server component.
I assume your company's current expertise lies in App development, so it should be easier for you all to upgrade your applications to use the BaaS-based APIs.
It will also be much easier to reiterate and refine your data components and models using a mature BaaS server.
With Apps using data requests to populate the drop-downs from a BaaS-based RESTful API, and stable working data models and data sets hosted in the BaaS servers, it will be much faster to start building your own RESTful service.
When you run into issues, you will be confident they are in the server side code. You can run A/B tests with the same Apps against two versions of the server and ensure the client experience is the same.
You could continue to use the BaaS Server for rapid prototyping and developing API extensions.