How Imburse Payments Ships High-Quality APIs Faster
Imburse Payments is a payment middleware connecting large enterprises to the payments ecosystem, with a single connection, regardless of their existing IT infrastructure.
The TL;DR:#
- Challenge: The Imburse Payments team didn’t feel consistent or confident in how they built complex API features like rate limiting, authentication, and observability—a real worry, considering that each API is essential middleware between their customer, their payments, and the global financial ecosystem. James World, Imburse Payments’ systems architect, also sought ways to improve the developer experience to elevate their practices while maintaining agile processes that are core to their culture.
- Solution: Imburse Payments replaced its existing Kubernetes-based native routing with Zuplo’s API management platform, which is edge-based in over 300 data-centers around the world. Developers quickly added support for multiple legacy authentication flows and custom rate-limiting logic while establishing a consistent, Git- and IaC-controlled foundation for the entire API program. Zuplo’s log and metrics plugins also gave the team all the telemetry it needed to build a holistic view of its API “estate,” setting the stage for tomorrow’s optimizations.
- Results: Imburse Payments now uses its trusted developer workflows with Zuplo to reduce the time it takes to launch prototypes to seconds and deploy changes to production to minutes. With a consistent foundation for authentication, security, and observability across its APIs, Imburse Payments can refocus on the developer experience to remain as flexible and responsible as the fast-moving financial services requires.
The challenge: flexibility and responsiveness for financial APIs#
As a systems architect, James World must have strong opinions about technical implementations and be willing to fully commit to them. Especially when you’re in the financial services and payments industry, where security and reliability are paramount, and connecting to the entire global payment ecosystem.
Imburse Payments was already running a modern microservices-based infrastructure on Azure. They had taken on their Kubernetes journey and came out on top, using embedded features to handle routing. They have also been an API-first organization from Day 1, which means APIs are essential to their core business, which makes them care deeply about the design and implementation of their APIs.
But when your job is to package complex financial transaction integrations into a common abstraction and make using it as simple as querying an API, complexity and growing pains are a given.
“We very much needed to up our game,” James said, “to provide features like throttling, as we were growing and getting more customers. We needed a cleaner and transparent approach to security, and it’s also been really important to us that we have a great developer experience—that means having a good product lifecycle around the development of our APIs.”
James and his colleagues, like Andrew Weathers, an SRE at Imburse Payments, were looking to elevate their APIs on all fronts. This included delivering better documentation for their customers, maintaining backward compatibility for legacy payment systems, and keeping the GitOps workflows they knew and loved. Any new API management must sit comfortably alongside the automated deployment pipeline they had already built.
“Our goal is to get changes into production ideally within minutes. It gives us maximum flexibility. Maximum responsiveness. So if the tool can’t support that goal, then we don’t like it.” - James said.
The Imburse Payments team felt burned by API management platforms in the past—notably Azure API Management—due to cumbersome technology, slow and manual deployments, and prohibitive costs. Could a new alternative to Azure APIM, truly activate their product lifecycle, let them iterate faster, and help them deliver new must-have features?
For James and Andrew, they would only commit to building new APIs around a platform that would help them overcome three critical challenges:
- Sync seamlessly with an existing (and efficient!) development culture
- Let developers quickly prototype enterprise-grade APIs
- Enable consistent end-to-end observability
Maximum flexibility, maximum responsiveness… or bust.
1. Sync seamlessly with their DevOps culture#
The Imburse Payments team was happy with their developer-friendly API GitOps workflows, which they already used for the rest of their applications. They were simply not willing to cede the flexibility and responsiveness they found in that development culture.
James said, “We all have all of our APIs specified as OpenAPI, and all our configuration across the entire platform is in configuration files. They are accepted by our pipeline. It’s really important for us to have an automated, repeatable configuration—it was absolutely vital to us that whatever platform we chose supported that.”
Andrew tried other API gateways, including Azure API Management, but none worked well with their existing Infrastructure as Code (IaC) or easily automated CI/CD pipeline.
“It was important for us to have a single source of truth,” he said. “When we saw how Zuplo worked and how clean it would be, it was a bit of a blessing.”
With Zuplo’s support for popular (GitHub, notably) and custom CI/CD pipelines, Andrew integrated API gateway deployment with the existing pipeline while having complete control over additional requirements, like automated testing.
Even after giving their CI/CD another job, they could still push changes to production within minutes. “Of everything we looked at, Zuplo was by far the easiest way to achieve that solution.” - James said,
2. Let developers quickly prototype enterprise-grade APIs#
Any team looking to maximize flexibility and responsiveness must be willing to try, test, and either discard or promote new technologies all the time. That was exactly how Andrew first came upon Zuplo—a quick prototyping project to test Zuplo’s rate limiting functionality.
“I was able to very quickly knock together some early prototypes and have rate-limiting policies in literally minutes,” Andrew said, thanks to Zuplo’s native support of TypeScript. “It was just an absolute breath of fresh air.”
“I was able to very quickly knock together some early prototypes and have rate-limiting policies in literally minutes.” - Andrew
He quickly developed a custom TypeScript plugin to extend Zuplo’s default rate-limiting options, establishing three protocols:
- A default for users with an identifiable organization.
- A fallback for all authenticated users.
- An IP-based limiter to control the rest.
“Even our anonymous methods are all being rate-limited,” he said.
Imburse Payments deployed many environments all to edge data-centers (in over 300 cities), such as staging, sandboxes, QA, and production, but also supported their fast prototyping demands through Zuplo’s native Git integration, deploying production APIs in under 20s.
3. Enable consistent end-to-end observability#
Imburse Payments already used Datadog as their core observability platform for their backend structure, but API instrumentation and telemetry was a thorn in Andrew’s side. Getting relevant metrics directly from Kubernetes components or ingress services was no simple task.
“We wanted a holistic view of our estates, and we didn’t, at that time, have that,” said Andrew. “If we wanted to look at how many calls were coming into different parts of the system, we would have to go into individual services and actually query them individually.”
He approached the observability angle with one critical mission: Create a holistic view of all requests across all APIs. After enabling Zuplo’s metrics and logs plugins to pipe data (like request latency) into the existing Datadog instance, he built new views for pinpointing errors as they were happening, plus tracking the requests per customer and user to optimize their rate limiting logic.
Some observability insights were completely unexpected, too.
Andrew said, “Observability also allows us to get some insights into the API design decisions that have been made over the years, so we’re starting to see patterns that we wouldn’t have spotted before. It helps us revisit areas of the APIs that are not as consistent as we’d like.”
James also strongly believes in the value of OpenTelemetry and end-to-end tracing. With Zuplo, the team can examine the individual components and stages of any API call. “It’s an absolutely invaluable monitoring and troubleshooting tool, " he says.
How Imburse Payments builds financial-grade APIs delightfully fast#
- Imburse Payments’ developers use an OpenAPI definition, their source of truth, to create a new API on Zuplo’s edge. Zuplo automatically (and natively) builds routes based on the OpenAPI spec for proxying traffic to their backend services.
- They add sophisticated policies and features, like rate limiting or API key authentication, with a few clicks, or use Zuplo’s programmability to write custom implementations quickly in a developer-friendly GitOps workflow.
- Zuplo deploys the new Imburse Payments API to its Cloudflare-powered edge data-centers in more than 300 cities, giving customers low latency and highly reliable API experiences, with every request logged and shared to their holistic observability platform. New enterprise-grade API… done!
The results: maximum everything#
Adopting Zuplo has given Imburse Payments the perfect mix of flexibility and features—meeting James perfectly at his requirement for maximum flexibility and maximum responsiveness.
James said, “Zuplo has really delivered. With the whole experience of an API-based product, it’s absolutely vital that our customers understand how our product works.”
Ultimately, James maintained his high bar of fast and automated deployments while future-proofing Imburse Payments’ API lifecycle with rate-limiting, authentication, observability, and security—all through a common abstraction: Zuplo.
“We’re able to tie our documentation, our specifications, and how we do deployment all together,” James said. “Now we can really nail that consistency.”
“We have great performance. We have great observability. It fits with our platform.”
James and Andrew’s favorite Zuplo tips:
- Embrace the TypeScript logic—it’s easy to pick up and write new policies, like rate limiting, even if you’re new to the language. Andrew says it’s a “breath of fresh air” compared to alternatives like XML.
- Leverage Zuplo’s programmability to continue supporting legacy requirements, like authentication flows, while still embracing new best practices, like API keys. Imburse Payments supports four different types of JWTs and many authentication flows in Zuplo!
- Because Zuplo deploys your APIs to Cloudflare’s global edge, you can leverage secure tunnels to expose less of your infrastructure, and have more options for deploying to multiple cloud providers without constraints.