Resource
BlogTopic
Edge ComputeDate
Jun 18, 2020Recently, I started using Algolia as a managed search provider. Algolia hosts your index across a distributed network of nodes so that searches are fast no matter where the user is currently located. Typically, it takes less than 100ms to get results from Algolia’s API, but if you want to limit a user’s search results based on their permissions level you have to issue them a Secured API Key from your server.
The problem here is that the user’s first call will be significantly slower than subsequent calls, especially if your server is hosted in a data center far from your end user. Fortunately, there’s a solution to this problem: edge computing Workloads.
In this post, you’ll see how to improve the speed of API key generation using edge computing. While I’ll demonstrate this using Algolia’s Secured API Key endpoint, you can use the same pattern for any server-side key generation or API key validation requests.
API keys are a form of authentication used in server-to-server requests. When your server needs data from another service, it must provide proof of identity and one common method is an API key. The problem with API keys is that they must be kept secret, so they must be stored on your server and should not be passed to the client.
When using a service like Algolia where speed is important, you need a way to give clients direct access to the API without sharing your primary API key with them. That’s where secured API keys come in.
Secured API keys are generated on your server using your main API key and then passed back to the client. The client can then use the secured API key to make requests directly to Algolia’s servers. Usually a secured API key has a short lifetime so that if it’s stolen, the attacker can only access data for a short period of time. Algolia also allows you to attach filters to each secured API key, which restrict the user’s access to certain resources.
To demonstrate the use of a secured API key, you can download this Github repository. This Node app uses an Algolia index of Nobel prize winners as its data source, and the Algolia API to generate a secured API key that limits a user’s results to Physics prize winners. It uses the same Dockerfile and Express server outlined in this guide, so if you’re new to Docker or Node, you may want to start by reading through that tutorial.
The only difference in the Github repository above is the addition of the following code in ./server.js that handles secured key generation:
...
Date.prototype.addHours = function(h) {
this.setTime(this.getTime() + (h*60*60*1000));
return this;
};
app.get('/key', (req, res) => {
// Set to expire in 1 hour
const expirationTime = new Date().addHours(1).getTime();
// Create a temporary secured key
const securedKey = client.generateSecuredApiKey(
process.env.ALGOLIA_SECRET,
{
filters: `discipline:physics`,
validUntil: expirationTime,
}
);
res.json({
securedKey,
expirationTime,
});
});
...The generateSecuredApiKey method from the Algolia client uses a secret (which you will choose) and an options object to create a secured key. In the code above, you’re limiting search results for this key to the disclipline:physics and adding an expiration time so the key can only be used for the next hour.
In order to use the application key, you’ll need to create a search index in Algolia. Start by importing this CSV file of Nobel prize winners into a new Algolia index.
Next, go to the Configuration tab in Algolia and add “discipline” as a facet. This allows you to filter results by this field using Algolia’s API.
At this point, your Algolia index should be ready, but you might want to leave that tab open to get your API key and App ID for the next step.
Open your terminal and navigate to the Github repository you just downloaded. Build the Dockerfile using your DockerHub username:
docker build -t /stackpath-algolia . Next, push the image to Docker Hub:
docker push /stackpath-algolia:latest Now your image is publicly available. In the next step, you’ll deploy the application to the edge using StackPath.
StackPath Workloads can run any container on any number of nodes around the world. This distributed model greatly increases the performance of applications like ours that generates API keys.
First, create a new Workload and direct it to use the Docker image you just created.
Next, add the following Secret Environment Variables in the “Workload Settings” page:
ALGOLIA_APP_KEY – Your admin API key for AlgoliaALGOLIA_APP_ID – Your Algolia application IDALGOLIA_SECRET – A random string used to encrypt your secured API keysCheck the box for “Add Anycast IP Address” so that you can access your Workload from a single IP address.
Enter 80 in the “Public Ports” field. This will ensure that your Workload is available on Port 80.
Finally, choose the PoPs (points of presence) where you want your application to be hosted. For my benchmarks below, I wanted to spread my hosts across the world, but you may adjust these locations according to your needs. I used:
After a minute or two, your StackPath application should be running, and you’ll be able to access it from the Anycast IP address shown on your Workload’s Overview.
Traditional hosting solutions run your application from a single node in a fixed location. When a client makes a call to your server to generate a secured API key, it must go to the one instance regardless of how far the server is from the client. As you might expect, edge hosting is typically much faster than traditional hosting for this kind of API key generation.
I used DigitalOcean for my benchmark. To make the test fair, I used comparable resources (a 2GB, 1vCPU droplet) and ran Ubuntu 18.04 with Docker.
In order to reduce the effect of my local network connection speed, I tested the secure key generation app from five different locations using Pingdom. On average, StackPath’s edge hosting was 2.4x faster than traditional hosting.
The only location where DigitalOcean beat StackPath was San Francisco, where the DigitalOcean droplet was hosted.
While hosting in a single location might work well when your users are concentrated nearby, this is rarely true of modern web applications. Users increasingly expect fast search results, so using edge computing to help them start searching faster will result in a better user experience. Hosting API key generation scripts on the edge is a great option because it significantly reduces load time for users while keeping your underlying API secure.