Methods and systems for efficient API integrated login in a multi-tenant database environment
First Claim
1. A method in a first datacenter, the method comprising:
- receiving a plurality of Application Programming Interface (API) login requests at a load balancer of the first datacenter, each of the plurality of API login requests specifying a user identifier (userID);
fanning, via the load balancer, the plurality of API login requests across a plurality of redundant instances executing within the first datacenter, assigning each API login request to one of the plurality of redundant instances for authentication; and
for each of the respective plurality of API login requests;
(i) performing a lookup request on the userID specified by the respective API login request via the assigned redundant instance,(ii) proxying the lookup request to one or more recursive redundant instances when the lookup request fails at the assigned redundant instance, and(iii) proxying the lookup request to a remote recursive redundant instance executing in a second datacenter, when the lookup request fails at the one or more recursive redundant instances within the first datacenter; and
wherein the method further comprises injecting into each header of the plurality of API login requests, a proxy flag indicating the respective login request is being proxied across a datacenter boundary geographically separating the first datacenter from the separate and distinct second datacenter when the userID associated with the respective API login request is not locatable within the first datacenter.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for efficient API integrated login in a multi-tenant database environment and for decreasing latency delays during an API login request authentication including receiving a plurality of API login requests at a load balancer of a datacenter, where each of the plurality of API login requests specify a user identifier (userID) and/or an organizational identifier (orgID), fanning the plurality of API login requests across a plurality of redundant instances executing within the datacenter, assigning each API login request to one of the plurality of redundant instances for authentication, and for each of the respective plurality of API login requests, performing a recursive query algorithm at the assigned redundant instance, at one or more recursive redundant instances within the datacenter, and at a remote recursive redundant instance executing in a second datacenter, as necessary, until the login request is authenticated or determined to be invalid.
-
Citations
22 Claims
-
1. A method in a first datacenter, the method comprising:
-
receiving a plurality of Application Programming Interface (API) login requests at a load balancer of the first datacenter, each of the plurality of API login requests specifying a user identifier (userID); fanning, via the load balancer, the plurality of API login requests across a plurality of redundant instances executing within the first datacenter, assigning each API login request to one of the plurality of redundant instances for authentication; and for each of the respective plurality of API login requests; (i) performing a lookup request on the userID specified by the respective API login request via the assigned redundant instance, (ii) proxying the lookup request to one or more recursive redundant instances when the lookup request fails at the assigned redundant instance, and (iii) proxying the lookup request to a remote recursive redundant instance executing in a second datacenter, when the lookup request fails at the one or more recursive redundant instances within the first datacenter; and wherein the method further comprises injecting into each header of the plurality of API login requests, a proxy flag indicating the respective login request is being proxied across a datacenter boundary geographically separating the first datacenter from the separate and distinct second datacenter when the userID associated with the respective API login request is not locatable within the first datacenter. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 17, 18)
-
-
9. A method in a first datacenter, the method comprising:
-
receiving a plurality of Application Programming Interface (API) login requests at a load balancer of the first datacenter, each of the plurality of API login requests specifying a user identifier (userID); fanning, via the load balancer, the plurality of API login requests across a plurality of redundant instances executing within the first datacenter, assigning each API login request to one of the plurality of redundant instances for authentication; and for each of the respective plurality of API login requests; (i) performing a lookup request on the userID specified by the respective API login request via the assigned redundant instance, (ii) proxying the lookup request to one or more recursive redundant instances when the lookup request fails at the assigned redundant instance, and (iii) proxying the lookup request to a remote recursive redundant instance executing in a second datacenter, when the lookup request fails at the one or more recursive redundant instances within the first datacenter; and wherein proxying the lookup request to the remote recursive redundant instance executing in the second datacenter comprises; (i) injecting a proxy flag into the proxied lookup request, the proxy flag indicating to the remote recursive redundant instance receiving the proxied lookup request that the assigned redundant instance is managing a recursive discovery algorithm from the first datacenter and further directing the remote recursive redundant instance to return a reference link to the assigned redundant instance specifying which of a plurality of redundant instances executing within the second datacenter authenticated the corresponding API login request; (ii) sending the proxied lookup request to a second load balancer operating within the second data center having the proxy flag injected therein, wherein the second load balancer fans the proxied lookup request across the plurality of redundant instances executing within the second datacenter along with a plurality of API login requests received at the second load balancer of the second datacenter; and (iii) receiving, from the second datacenter, a response indicating authentication of the corresponding API login request was successful and uniquely identifying one of the plurality of redundant instances within the second datacenter that authenticated the API login request based on the received proxied lookup request.
-
-
16. A method in a first datacenter, the method comprising:
-
receiving a plurality of Application Programming Interface (API) login requests at a load balancer of the first datacenter, each of the plurality of API login requests specifying a user identifier (userID); fanning, via the load balancer, the plurality of API login requests across a plurality of redundant instances executing within the first datacenter, assigning each API login request to one of the plurality of redundant instances for authentication; and for each of the respective plurality of API login requests; (i) performing a lookup request on the userID specified by the respective API login request via the assigned redundant instance, (ii) proxying the lookup request to one or more recursive redundant instances when the lookup request fails at the assigned redundant instance, and (iii) proxying the lookup request to a remote recursive redundant instance executing in a second datacenter, when the lookup request fails at the one or more recursive redundant instances within the first datacenter; entering a new userID for a new account into a datastore within the second datacenter;
wherein the new userID is not synchronized to one or more datastores within the first datacenter when one of the plurality of API login requests are received at the first datacenter specifying the new userID due to a synchronization lag between the datastore within the second datacenter and the one or more datastores within the first datacenter;receiving a response at the assigned redundant instance within the first datacenter after authentication is successful by the remote recursive redundant instance within the second datacenter, the response indicating the API login request specifying the new userID has been authenticated; and returning a reference link to the originator of the API login request specifying the new userID, the reference link directing the originator to direct subsequent requests for services to the one of the plurality of redundant instances having authenticated the corresponding API login request.
-
-
19. A method in a first datacenter, the method comprising:
-
receiving a plurality of Application Programming Interface (API) login requests at a load balancer of the first datacenter, each of the plurality of API login requests specifying a user identifier (userID); fanning, via the load balancer, the plurality of API login requests across a plurality of redundant instances executing within the first datacenter, assigning each API login request to one of the plurality of redundant instances for authentication; and for each of the respective plurality of API login requests; (i) performing a lookup request on the userID specified by the respective API login request via the assigned redundant instance, (ii) proxying the lookup request to one or more recursive redundant instances when the lookup request fails at the assigned redundant instance, and (iii) proxying the lookup request to a remote recursive redundant instance executing in a second datacenter, when the lookup request fails at the one or more recursive redundant instances within the first datacenter; wherein when the userID specified by the respective API login request cannot be located within a datastore accessible via the assigned redundant instance, the assigned redundant instance initiates a recursive discovery algorithm comprising; exhausting, by executing in parallel, the proxied lookup request against all datastores within a plurality of remaining pods operating within the first datacenter, the plurality of remaining pods within the first datacenter each having non-overlapping subsets of the plurality of redundant instances allocated thereto and operating therein; exhausting, by executing the proxied lookup request against the second datacenter, all datastores within a plurality of pods operating within the second datacenter; and repeating the proxied lookup request against any remaining one or more additional datacenters by executing the proxied lookup request against each of the second datacenter and the one or more additional datacenters in serial.
-
-
20. A non-transitory computer readable storage medium having instructions stored thereon that, when executed by a processor in a first datacenter, cause the first datacenter to perform a method comprising:
-
receiving a plurality of Application Programming Interface (API) login requests at a load balancer of the first datacenter, each of the plurality of API login requests specifying a user identifier (userID); fanning the plurality of API login requests across a plurality of redundant instances executing within the first datacenter, assigning each API login request to one of the plurality of redundant instances for authentication; and for each of the respective plurality of API login requests; (i) performing a lookup request on the userID specified by the respective API login request via the assigned redundant instance, (ii) proxying the lookup request to one or more recursive redundant instances when the lookup request fails at the assigned redundant instance, and (iii) proxying the lookup request to a remote recursive redundant instance executing in a second datacenter, when the lookup request fails at the one or more recursive redundant instances within the first datacenter; and wherein the method further comprises injecting into each header of the plurality of API login requests, a proxy flag indicating the respective login request is being proxied across a datacenter boundary geographically separating the first datacenter from the separate and distinct second datacenter when the userID associated with the respective API login request is not locatable within the first datacenter.
-
-
21. A datacenter comprising:
-
a processor and a memory; a login domain to receive a plurality of Application Programming Interface (API) login requests, each specifying a user identifier (userID); a load balancer to implement a fanning algorithm to distribute the plurality of API login requests across a plurality of redundant instances within the datacenter, each API login request to be assigned to one of the plurality of redundant instances for authentication; wherein for each of the respective plurality of API login requests; (i) an assigned redundant instance to execute via the processor and the memory, wherein the assigned redundant instance to perform a lookup request on the userID specified by the respective API login request; (ii) the assigned redundant instance to proxy the lookup request to one or more recursive redundant instances, each to execute via the processor and the memory, when the lookup request fails at the assigned redundant instance; and (iii) the assigned redundant instance to proxy the lookup request to a remote recursive redundant instance at a second datacenter, when the lookup request fails at the one or more recursive redundant instances within the datacenter; and a flag injector to inject into each header of the plurality of API login requests, a proxy flag indicating the respective login request is being proxied across a datacenter boundary geographically separating the first datacenter from the separate and distinct second datacenter when the userID associated with the respective API login request is not locatable within the first datacenter. - View Dependent Claims (22)
-
Specification