Executive Summary
The Byggmax IT Development team is responsible for an important collection of APIs that are used internally in their service backend to connect different backend systems. Over time, there has been an increased need to be able to expose these APIs to external parties outside of Byggmax. With this, it was clear that there was a need for a solution to manage the external exposure of APIs in a smooth and safe way.
About Byggmax
Byggmax offers high-quality building materials and DIY products at the best price, in a simple and neat way. With 180 stores in Sweden, Norway and Finland and a popular e-commerce, they are one of the Nordics’ leading retail chains in construction and DIY products.
Customer challenge
Byggmax’s Service Backend is the glue that ties together the different Byggmax system environments. This is done partly through various internally developed APIs that allow information sharing between different services. Historically these have mostly been internal systems but since more and more of the systems has transitioned to external SasS services, Byggmax saw the need for a solution where they in a smooth and safe way also can expose their APIs externally.
They wanted a solution that should be able to handle authentication and authorization mechanisms, as well as the possibility to set usage limits and throttle incoming requests.
Why AWS
Since Byggmax to a large extent, already was using AWS as a platform for their service backend. It was natural to look into what possible AWS services could be used to accomplish this solution. AWS has a broad range of application Integration services. For this use case “Amazon API Gateway”, a fully managed service for creating, publishing, maintaining, monitoring, and securing APIs was considered a good fit.
Why Byggmax Chose TIQQE
TIQQE was already Byggmax’s AWS Operations partner, helping Byggmax in managing their AWS platform. This includes day-to-day workload management as well as networking, security monitoring and optimization activities. This means that TIQQE has unique insights into Byggmax’s AWS environments and existing services.
TIQQE also has a proven ability to handle complex system integration solutions for several other customers.
Partner solution
The desire was to have a mechanism that allows a subset of internal APIs to be exposed as public APIs. For these APIs there should be security and controls in place that include authentication and authorization mechanisms, as well as the possibility to set usage limits and throttle incoming requests, if needed.
The initial implemented solution uses Amazon API Gateway and its REST API feature to expose APIs (paths and methods). API Gateway configuration contains the explicit routes. It uses client specific API keys to define usage plans and throttling for each client, as well as which specific APIs they have access to.
Amazon’s identity and access management platform “Amazon Cognito”, is used as an identity provider. Each client is registered with an app client identifier and secret. The identifier and secret data are used to fetch an authorization token to be used in the API calls, using Oauth2 mechanism.
Oauth2 also allows setting specific scopes for which the authorization token is for.
Results and Benefits
Byggmax is operating in a highly competitive market and is always looking for ways to streamline the business. With the new API management solution in place Byggmax achieves several benefits. They can now easily and quickly adapt to changes in their integration needs.
Setting up a new integration will be faster and will automatically use predefined security and control mechanisms such as authorization, protection against ddos attacks, caching and monitoring.
The solution is set up with “Infrastructure as code” which means it will also be easy to deploy different versions, helping with API lifecycle management.
Since API Gateway is a pay-as-you-go, fully managed service, Byggmax can scale up or down as needs change, without thinking about capacity issues.
About TIQQE
TIQQE are a strong team of experts focusing on Amazon Web Services. We provide cloud services ranging from management consulting and developers to managed services and everything in between.
TIQQE is one of the highest certified AWS partners in the Nordic. We’re an AWS Advanced Consulting Partner. Our teams are built around our client’s unique business challenges and bring multidisciplinary thinking to every stage of the engagement.