April 9, 2015
4 min read time

Introducing the Varnish API Engine

Over the last couple of years we’ve seen an explosion in the use of HTTP-based APIs. We’ve seen them go from being a rather slow and useless but interesting technology fifteen years ago to today's current, high performance RESTful interfaces that powers much of the web and most of the app-space.

Varnish Cache has been used for HTTP-based APIs since its inception. The combination of caching, high performance and the flexibility brought by VCL makes it an ideal proxy for APIs. We’ve seen people doing rather complex protocol negotiations in VCL to do interesting things like matching frontend and backend protocols.

A couple of years back we were asked by a customer to expand on their Varnish-based API proxy. They wanted authentication and authorization in the proxy layer in addition to the caching. This wasn’t long after we’d created the Varnish Paywall so we were very confident in Varnish as a security gateway for HTTP. In the time following we’ve gradually added more features, like metering and throttling, to the solutions we’ve built.

At a certain point we realized that we had all the bits for what is called an API management solution so work started on making it into a product. Anyone who’ve taken a codebase from a customer-specific installation to a generic product knows that this is a lot more work than it seems. In The Mythical Man-Month Fredrick P. Brooks talks about it being three times as much work to move a project from being a piece of software to a generic product. My experience is that it is closer to 10 times the work. The world is quite a bit more complex today than what it used to be. Last year we started working on creating an API Management solution based on the components that we’d created.
Today we’re proud to announce that we’ve reached our first major milestone and we have a new product to present to the world.

Introducing the Varnish API Engine

The Varnish API Engine is a high performance API Management solution. Our focus is first and foremost on performance. Our initial release supports the following:
We add an authentication and authorization layer on your API. Authentication happens through API keys and authorization rules can be added to grant access to individual APIs based on the clients identity.
Throttling of API requests is essential to avoid running your API into the ground. The API engine allows you to set quotas on how much clients can access each API. 
The API Engine leverages VCS to gather data on how the API calls flow through the solution. Data on usage of individual keys, API, timing information, error rates etc. is gathered in VCS.
A rather obvious point perhaps, but since this is built on Varnish it naturally offers caching. 

The sorry state of performance in API Management
A lot of the people I’ve talked to that are using market leading products for API management have lamented the complete lack of performance that these solution are exhibiting. If you read the various reports published by the big analyst firms they usually don’t even mention performance at all. So, in order to get into whatever quadrant the analysts operate with all you need is a strong brand and a bunch of features. 

Relying on these solutions to scale your API will be a cumbersome and expensive experience. Some of the bigger API publishers have told me that in order to be able to deliver something like 10.000 managed API calls per second a server farm of up to 50 servers running the management software is required. The licensing and operational costs shoot through the roof.

Performance is concept we’re quite familiar with. The whole reason the Varnish Cache project got started in the first place was due to the complete lack of performance in HTTP caching back in 2005. We know what it takes to write performant software and we’re confident that we’ve built something that you can rely on to help scale your API.

A lot of the API management software out there is licenced in a manner that limits the number of API calls you can do. This more or less disincentives growth of your API or at least, adds a significant cost to it.
We license the Varnish API Engine on a per server basis. Our baseline performance is so good it should eliminate any concerns you have with regards to performance. We will not get in the way of your API delivery. And since quite a bit of your APIs can be cached chances are that your overall performance will increase when the API engine is deployed.

Having spent far too much time debugging classical “enterprise” software, having a solution that is simple to understand and debug is essential for us. Our goal is to have a solution that can be installed in less than an hour. We don’t want to force our customers to spend weeks of configuration time with product consultants.

The API engine comes with two interfaces for administration. One is an API, naturally, and the other is a command line interface. Work on a graphical interface is underway.

We are hosting a webinar in May to take those interested through the features and benefits of our new product. To learn more and ask any questions you may have you can register here.