Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Real-Time APIs for Serverless and Beyond

Real-Time APIs for Serverless and Beyond

Mercure is a protocol allowing to push data updates to web browsers and other HTTP clients in a convenient, fast, reliable and battery-efficient way. It is especially useful to publish real-time updates of resources served through web APIs, to reactive web and mobile apps. The protocol is designed for serverless, HTTP/2+, hypermedia and GraphQL, and is fully-featured: auto-discoverable, authorization, re-connection, state reconciliation...

Kévin Dunglas

July 16, 2019
Tweet

More Decks by Kévin Dunglas

Other Decks in Programming

Transcript

  1. @dunglas - mercure.rocks
    Real-Time APIs for Serverless and Beyond

    View full-size slide

  2. @dunglas - mercure.rocks
    Kévin Dunglas
    ❏ Founder of Les-Tilleuls.coop
    ❏ Creator of Mercure, API Platform…
    ❏ Symfony Core Team
    @dunglas

    View full-size slide

  3. @dunglas - mercure.rocks
    API and cloud experts
    ✊ Self-managed, 100% employee-owned
    40 people, 1,000% growth in 6 years
    [email protected]
    Les-Tilleuls.coop

    View full-size slide

  4. @dunglas - mercure.rocks
    Real-Time APIs?!

    View full-size slide

  5. @dunglas - mercure.rocks
    Mercure: Push from Server to Clients
    ❏ Push notifications
    ❏ Synchronize connected devices in real-time
    ❏ Collaborative editing (Google Docs-like)
    ❏ Notify users when an async task has finished
    Modern and high level alternative to WebSocket

    View full-size slide

  6. @dunglas - mercure.rocks

    View full-size slide

  7. @dunglas - mercure.rocks
    Why a New Protocol?

    View full-size slide

  8. © Ilya Grigorik
    High Performance Browser Networking (O'Reilly)

    View full-size slide

  9. @dunglas - mercure.rocks
    WebSocket (RFC 6455)
    Benefits over SSE:
    ❏ Full-duplex
    communication
    ❏ Low level: full control
    Drawbacks over SSE:
    ❏ Low level: no native
    ❏ auth
    ❏ re-connection
    ❏ state reconciliation
    ❏ events history
    ❏ Obsoleted by HTTP/2 & 3
    ❏ Hard to secure

    View full-size slide

  10. @dunglas - mercure.rocks
    The Persistent Connections Problem
    ❏ WebSocket and SSE rely on persistent connections
    ❏ Serverless platforms (AWS Lambda, Cloud Run, Azure
    functions…), PHP, FastCGI…

    are designed for short-lived connections
    ❏ Persistent, long-lived, concurrent connections are better
    handled by

    dedicated and optimized software and hardware

    View full-size slide

  11. @dunglas - mercure.rocks
    The Mercure Protocol

    View full-size slide

  12. @dunglas - mercure.rocks

    View full-size slide

  13. @dunglas - mercure.rocks
    Mercure, at a Glance
    ❏ Full-duplex, but plain old HTTP
    ❏ Publish: HTTP POST
    ❏ Subscribe: SSE
    ❏ Built-in: reconnection, retrieving of lost messages, history
    ❏ Auto-discoverable: designed for REST and GraphQL
    ❏ JWT-based authorization mechanism (private updates)
    ❏ Designed for serverless, PHP, FastCGI…
    ❏ End-2-End encryption support

    View full-size slide

  14. @dunglas - mercure.rocks
    Stream Events to Clients

    View full-size slide

  15. @dunglas - mercure.rocks
    Internet Draft: draft-dunglas-mercure

    View full-size slide

  16. @dunglas - mercure.rocks
    Mercure and HTTP/2+

    View full-size slide

  17. @dunglas - mercure.rocks
    © Narayan Prusty
    What is Multiplexing in HTTP/2?
    HTTP/2 Multiplexing

    View full-size slide

  18. @dunglas - mercure.rocks
    HTTP/2 support: 92% of all users
    ...and SSEs also work with HTTP/1.x

    View full-size slide

  19. @dunglas - mercure.rocks
    SSE support: 93% of all users
    and there is a polyfill for IE 5.5+

    View full-size slide

  20. @dunglas - mercure.rocks
    Publishing

    View full-size slide

  21. @dunglas - mercure.rocks
    Publishing

    View full-size slide

  22. @dunglas - mercure.rocks
    Subscribing

    View full-size slide

  23. @dunglas - mercure.rocks
    Subscribing: Basic Usage

    View full-size slide

  24. @dunglas - mercure.rocks
    Subscribing: Several Topics

    View full-size slide

  25. @dunglas - mercure.rocks
    Subscribing: URI Templates

    View full-size slide

  26. @dunglas - mercure.rocks
    The Discovery Mechanism

    View full-size slide

  27. @dunglas - mercure.rocks
    Discovery Mechanism
    Web Linking: RFC 5988

    View full-size slide

  28. @dunglas - mercure.rocks
    Authorization

    View full-size slide

  29. @dunglas - mercure.rocks
    Authorization
    ❏ Uses JSON Web Token (JWT - RFC 7519)
    ❏ An update can be intended for one or several targets
    ❏ Publisher: must be authenticated
    ❏ Subscriber:
    ❏ Can be anonymous (if allowed by the config)
    ❏ Must be authenticated to receive private updates
    ❏ Two transports: cookie and Authorization header

    View full-size slide

  30. @dunglas - mercure.rocks

    View full-size slide

  31. @dunglas - mercure.rocks
    The Mercure Hub

    View full-size slide

  32. @dunglas - mercure.rocks
    Reference Implementation
    ❏ Implements 100% of the Mercure protocol
    ❏ Fast, written in Go
    ❏ Works everywhere: static binaries and Docker
    ❏ Automatic HTTP/2 and HTTPS (Let’s Encrypt)
    ❏ CORS support, CSRF protection
    ❏ Cloud Native (12Factor App)
    ❏ Open source (AGPL)
    ❏ Optional: a server can implement directly the protocol

    View full-size slide

  33. @dunglas - mercure.rocks
    Reference Implementation
    https://mercure.rocks

    View full-size slide

  34. @dunglas - mercure.rocks
    Starting the Hub
    https://mercure.rocks

    View full-size slide

  35. @dunglas - mercure.rocks
    On a Kubernetes Cluster

    View full-size slide

  36. @dunglas - mercure.rocks
    Alternative Implementations
    ❏ No hubs: the hub is optional
    ❏ Go library (AGPL)
    ❏ Node.js library (GPL)
    ❏ HA version (managed and on premise)

    in private beta: [email protected]

    View full-size slide

  37. @dunglas - mercure.rocks
    iGraal / Glory4Gamers Benchmarks
    ❏ Open Source version (EC2 t3.micro)
    ❏ 40k concurrent connections
    ❏ HA version (on premise)
    ❏ 200k concurrent connections

    View full-size slide

  38. @dunglas - mercure.rocks
    Integrations

    View full-size slide

  39. @dunglas - mercure.rocks
    Integrations
    ❏ Official integrations:
    ❏ Symfony, API Platform
    ❏ Community integrations:
    ❏ Laravel
    ❏ Official examples:
    ❏ JS, Python, Go, Ruby, PHP

    View full-size slide

  40. @dunglas - mercure.rocks
    Example using

    API Platform & React

    View full-size slide

  41. @dunglas - mercure.rocks
    Create a Mercure-enabled Web API
    api-platform.com

    View full-size slide

  42. You get a fully-featured API supporting:
    ❏ JSON-LD + Hydra + schema.org
    ❏ GraphQL, JSON:API, HAL
    ❏ OpenAPI
    ❏ auth, pagination, filters, validation,
    HTTP/2 push, test framework…
    ❏ and Mercure support!
    MIT license

    View full-size slide

  43. @dunglas - mercure.rocks
    Scaffold Mercure-Enabled Clients
    api-platform.com

    View full-size slide

  44. @dunglas - mercure.rocks
    Try it!
    bit.ly/2H17hN3

    View full-size slide

  45. @dunglas - mercure.rocks

    View full-size slide

  46. @dunglas les-tilleuls.coop
    .rocks

    View full-size slide