AWS Serverless Cloud API Gateway Helps Logistics Customer Provide Timely and Accurate Rating and Tracking Information to Clients
A transportation management system (TMS) is like the nervous system for a leading logistics company. It provides the ability to plan, optimize, and execute the movement of freight around the world. It can also provide shipment rating and tracking information, which are a couple of the key pieces of a shipment’s lifecycle.
Our logistics client needed the means to provide that rating and tracking information in a controlled and cost-effective way that didn’t overload the TMS with requests. The solution needed to be secure but available to the clients that required the information. Additionally, our client wanted to be able to parse each API response to determine the result of each request, and the format of those requests needed to be standardized for reuse.
Scalability, cost, security of the API, and flexibility were key considerations for the implementation of the APIs. Also, the ability to quickly onboard clients to use the API was at the forefront of the design, so the solution was created agnostic to any one specific use case.
Big Compass tackled both the rating and tracking API solutions in a very similar way, using AWS API Gateway and AWS Lambda for the API’s implementation, and S3, SQS, and RDS for persistence and logging. This allowed the client to use the API Gateway and Lamba as the control point in front of the TMS, S3 for persisting payloads, and SQS and RDS for a robust and asynchronous logging system.
For obvious reasons, the solution created for rating and tracking needed to have special attention paid to security while still providing a public endpoint for requests.
Both the tracking endpoint and the rating endpoint use an API key to authenticate the incoming requests. To avoid limit rates with the TMS, the API key also throttles requests based on a tiered approach through a usage plan implementation.
Tracking and rating data is frequently changing, so requests and responses aren’t cached. However, the request logs are sent to CloudWatch and an RDS table to provide a common access point for log data.
For rating inquiries, an HTTP API Gateway was created with a public POST endpoint to absorb over 250,000 requests per day. The endpoint accepts rating data from clients and uses AWS Lambda behind API Gateway to log and handle any errors that occur, and the messages are parsed, transformed, and then forwarded to the TMS. The Lambda instance then examines the response from the TMS to determine whether or not it was successful. The result is saved to S3 while also responding to the client with the appropriate information.
Similar to the rating solution, the implemented HTTP API Gateway and POST endpoint proxies the roughly 15,000 daily requests through AWS Lambda for transformation and parsing, and saves the result to S3.
With a standardized and secure means of requesting information from the TMS, setting up requests for tracking and shipping rate information was simplified. The new solution was highly reliable and resilient, with no errors in processing since deployment despite handling a high volume of requests per day. With a centralized control point for handling requests to the TMS, the client now has unprecedented visibility into those requests. Also, the client can now easily onboard consumers by provisioning access to the API and allowing the consumer to use the API to its specific needs. The logging and API control point will enable the client to quickly analyze the traffic coming through the APIs to determine which consumers are using the API the most/least and in what ways.
ADOPTION & EXPANSION
+ Number of APIs
+ Business coverage
+ Number of contracted apps
+ API usage
+ API reuse
EFFICIENCY & COST SAVINGS
+ Number of APIs in each SDLC stage
+ Time spent in each SDLC stage
+ Cost and time to build an API
+ App development velocity
+ Number of launches per year
+ Number of defects
SECURITY & VULNERABILITIES
+ Security violation
+ Policy enforcement
+ Time since the last version was published
+ Number of throttling issues
+ Time to onboard
+ Number of deployments
+ Number of incidents
+ Percentage of customers impacted. per incident
+ Time to resolve incidents