search

RFC 012: API Architecture

This RFC proposes a solution for serving Wellcome Collection APIs from a single domain, api.wellcomecollection.org, using AWS API Gateway and CloudFront.

Last modified: 2019-01-25T15:26:28+00:00

hashtag
Background

Wellcome Collection provides multiple APIs to interact with our data. A single API can be made up of multiple services, providing responses at different endpoints.

Some API endpoints require authentication, while others are public and would benefit from rate limiting.

hashtag
Problem statement

In order to provide a consistent location for Wellcome Collection APIs we'd like to serve all APIs from api.wellcomecollection.orgarrow-up-right.

As of 09/01/2019 we are focusing on serving the storage and catalogue APIs from api.wellcomecollection.org. The storage API requires authentication, the catalogue API does not.

We are using AWS API Gatewayarrow-up-right to host our REST APIs and making use of a private integrationarrow-up-right to serve requests via an AWS ECS Servicearrow-up-right.

We wish to segregate infrastructure projects into different AWS accounts for simplicity and security. See RFC: 009-aws_account_layout.

Currently it is not possible to point a Custom Domainarrow-up-right from one account to another account using API Gateway.

hashtag
Proposed Solution

The recommended solution is to use an AWS CloudFront Distributionarrow-up-right to field requests to api.wellcomecollection.org and then use Custom Originsarrow-up-right to serve requests from API Gateway in other accounts using their own Custom Domains.

See:

PreviousRFC 011: Network ArchitectureNextRFC 013: Release & Deployment tracking

Last updated