SMS Gateways as Microservices with AWS Lambda
Modern web applications consist of many integrations to 3rd party API’s. From small scale applications to enterprise applications we consume dozens of private and public API’s. Out of all SMS gateway integrations are the most common. Today in the market you find several SMS service providers independent of the Telco providers. For example AWS SNS, Twilio, Hoiio, Clickatell etc These services excel at providing a decent API that enables you to push out One way /Two-way SMS communications, Shortcodes etc
This article, I will focus on one very common use case. Most current applications have Two-factor authentication. Generally powered by an additional E-Mail and/or Mobile SMS based OTP. For most web applications/mobiles apps OTP service will be a result of actions like Password Reset, Login from a different Geo Location, Registration etc The OTP gets triggered via the backend Mobile receives the message , and calls another endpoint for verification. This process is fine, it works and has very limited flaws. One major flaw is sometimes processed halt if an internal failure doesn’t send the OTP. Each time a person re-requests the OTP it hits the server. And gets processed. Imagine if you have a very viral application and when a million users start requesting for OTP (and re-requesting when the service goes down), the server might get hit with an unpredictable load.
There are several solutions to this :
Throttling the requests by a single user after a few hits
Offloading to a Messaging queue and process them separately — ( SQS + Worker )
Opting for SNS and AWS Lambda
I find the 3rd approach the most exciting. SNS with Lambda gives you an event driven approach to call these SMS services on demand in a very asynchronous manner. Also lets you trigger these actions on demand without having to go trough the service api’s
The solution will consist of a few components :
SNS topic ( This can be per SMS Driver or Generic topic with a fan out mechanism )
Lambda Function per driver
So if you have a single SMS service being used through out or if you provide the option of choosing from multiple SMS drivers you can implement each of them as an individual Lambda function.
The Lambda functions will send the SMS to the mobile and the verification will also be done via SNS and AWS Lambda.Advantages are pretty straight forward. We decouple the OTP notification system completely from the main application. This lets us add/remove functionality easily to this service. Ie. Multiple channel OTP can be achieved with SNS notification fanout. Offload the request initiate to the client cuts down round trips with a server end application that would pick up the message and initiate a process since its already provided by SNS + Lambda integration.