Microservices and custom plugins

Industry

Technology

AWS Fargate Cluster AWS S3 AWS SNS Document DB Gravitee AM Gravitee APIM Java 11 JOOQ MySQL Database Spring Security

Introduction

Our team worked to get rid of the traditional approach and applied microservice architecture in our application. We separated the client’s business functionality into multiple independent modules that are responsible for performing specific and standalone tasks independently.

About Tide

Tide is a business financial platform and the leading provider of digital business banking services in the UK, with a 6 percent market share. We’re the leading provider of digital business banking services in the UK and one of the UK’s fastest-growing fintech. We would be providing similar services in India.

Tide currently offers a savings bank account provided by RBL Bank, which is regulated by the Reserve Bank of India (RBI). With over 1 in 20 small business owners in the UK banking with us, we’re ready to go global and empower entrepreneurs just like you. We believe that this model allows us to provide a wider range of products and services to our members, helping them save time (and money) on their financial admin.

Impact

A new bank account journey can be completed in as little as 10 minutes on a mobile device. This saves businesses valuable time in getting their company and/or account set up to operate efficiently, rather than having to visit a branch.
No credit check is required to open an account, therefore there is no risk in members trying out Tide alongside an existing account.
Free sign-up, with no annual or monthly fees. This saves members money that can be invested into their business instead.
Access to all Tide Platform product features to manage their business admin such as GST Registration, Receipt Importer, Expense Management, Expense Team Cards, Accountancy Software Integrations, Invoicing Tool, Invoice Protection, and Payroll Management*.
Upon successful account set-up, you would be eligible for Tide benefits as well.

The challenge

To communicate with the other services like User-Rest-Service, Gravitee-Client, etc with the help of Microservices.

The solution

Modules are able to communicate with each other through simple and easily accessible APIs (Application Programming Interfaces) globally. And we have implemented the feign client to overcome our challenge.

Feign Client: is a web service developed by Netflix. It is used to bind HTTP client binder and HTTP API, clients. It also provides pluggable annotation support and Feign annotations. It helps to create REST API clients, which makes web service clients easier. We can use declarative annotations to call the REST services instead of writing boilerplate code.

Architecture

For Tide, we have maintained custom plugins used in the API gateway given below:-

gravitee-policy-tide-auth

This handles all our auth concerns: mobile client auth, web client auth, partner auth and staff auth are either all handled or soon to be handled.
The plugin is applied in the gateway to all v3 routes. v1 and v2 auth is still handled by the JBE.

gravitee-reporter-tide

This handles asynchronous logging of HTTP requests and responses to the HTTP log table.

gravitee-policy-nr-transaction-naming

This handles the custom grouping of NewRelic transaction names. In general, NewRelic does a good job of aggregating calls in the metrics, however, some of our sub-paths do not follow number or UUID convention and NewRelic does not group those calls out of the box.

gravitee-policy-secure-headers

This adds default security headers to our API responses.

This plugin list could grow further if Gravitee’s Access Management solution does not provide all the necessary features out of the box for us regarding multi-user authentication.

These are Maven-based instead of Gradle, as Gravitee currently only supports plugins produced via their Maven archetype. If you check out the repositories, you’ll see that they have an aggregate parent module and child modules. This structure was chosen because each child module effectively communicates to the other at runtime.

The Maven install phase will use the Maven assembly plugin to produce a zip file. This zip file can be found in the .m2 folder locally e.g. /home/USERPROFILE/.m2/repository/co/tide/gravitee-reporter-tide/1.0.0-SNAPSHOT (or in s3 Maven repository when deploy phase run in Bitbucket).

This zip file is used by APIM to integrate the custom functionality.

Creating a Team Member Flow:

The Tide sends a request from the existing mobile application for the addition of a new team member to their company.
Distributed locks are established based on the company and team member email. This ensures that another tide member cannot add/assign the team member at the same moment, nor can the limit of team members per company be executed.
We retrieve the details of the Tide member in order to confirm the account holder is authorized to add team members to their company.
Depending on if the Team Member already exists, we either create them from scratch or update them and assign them access to the company in both cases.
The permissions are assigned to the users which are allowed by their roles assigned. These permissions are stored in the database and are distinguished as active or inactive on the basis of to_date.
If updating the permissions failed into the database, the changes made on the gravitee are rolled back.
The UMS triggers a company membership update event, which is currently only consumed by the KYC Flows Service.
The operation is audited and the distributed locks are released.
The UMS triggers a send email command, handled by the Notification Service, which sends either an invitation email containing a sign-up completion link or an access update email explaining their new access and providing a login link.
The response is sent back to the Tide Member.

Revoking a Team Member:

The Tide Member sends a request from the existing mobile app for the revocation of an existing Team Member from their company.
A distributed lock is established based on the Team Member email, in order to ensure another Tide Member cannot update the team member at the same moment.
We retrieve the details of the Tide member in order to confirm the account holder is authorized to add team members to their company.
The permissions are removed which were assigned to the users.
If deleting the permissions from the database fails, the changes made on the gravitee are rolled back.
All team member consents are revoked, which effectively forces a logout for all active sessions of the Team Member. Ideally, we’d revoke only the active sessions for the company being revoked from but the API does not allow for this.
We do a soft delete of the Team members by updating their status to revoked.
An event is sent via SQS/SNS to the KYC Flows Service notifying it of the company membership revocation.
The operation is audited and the distributed lock is released.
The response is sent back to the Tide Member.

The outcome

Isolates a faulty module

All modules are independent of each other in case the service of the project fails, others would continue to work without facing any downtime. The developer would just have taken out the faulty module and rewritten the code for the module.

Increases the business agility

Microservices are relatively small and simple in size. The failure of one module would not affect the whole operation of the application. Developers get the freedom to experiment with new processes, business logic, and algorithms.

Easy to maintain and debug

All the modules of the Microservices are independent in nature. This allows the developers to maintain the project in a better way so that the faulty code is easily identified and debugged efficiently.