Brief results of the collaboration:
- By migrating to microservices, the company ensured high availability, scalability, and ease of maintenance for its platform serving 6.4 million users. With the obtained expertise around microservices-based development, the provider can now move on with further platform expansion.
- Thanks to the security improvements in place, the customer prevented unauthorized access, impersonalization attacks, data leaks, etc., across more than 1.5 million paid content subscriptions.
The company is a U.S. provider of a fitness web platform, a suite of mobile apps, and connected workout equipment. 6.4+ million members are using the web platform in 120 countries. During initial product offering in Q4 2021, the company expects to reach a $6-billion stock valuation.
In 2019, the web platform, offering online fitness classes and wellness programs, featured 330,000 paid subscriptions daily. By 2021, paid subscriptions has grown exponentially up to 1.5+ million. To sustain the loads, the provider needed to scale—however, the platform represented a monolith hard to maintain and expand. On top of that, the system was exposed to security breaches across multiple API endpoints.
Relying on Altoros, the customer wanted to achieve high availability, scalability, and ease of maintenance by migrating to microservices, as well as improve security and extend functionality.
Under the project, the team at Altoros had to address the following issues:
- There were numerous security vulnerabilities across 20 API endpoints—cross-site scripting, insecure direct object references, cross-site request forgery, lack of proper authentication, etc.—which could lead to personal data leak, unauthorized malicious access, and other grave consequences.
- As the fitness platform was running in production, it was important to ensure zero downtime during migration to microservices.
Stage 1. After evaluating the existing architecture, the team at Altoros outlined a migration roadmap, identifying which workloads had to be transferred first and how to avoid downtime. Using AWS Lambda and Amazon SQS, the developers delivered 4 microservices—built around 3 workloads (listing top fitness content based on user favorites, tracking a subscription status, and processing user preferences) and 15+ background jobs (e.g., subscription expiration alerts). In addition, engineers at Altoros introduced the in-house team to the Twelve-Factor App methodology and cloud-native best practices, so they could further move on with migrating the rest of the services and building new ones.
Stage 2. The developers implemented a bunch of measures to mitigate security risks across 20 API endpoints. For instance, engineers at Altoros configured a JSON web token and tweaked the existing authentication system to prevent unauthorized access. Then, the team wrote a number of scripts that automated security checks.
Stage 3. Using Prisma, developers at Altoros built a module that made it possible to rank the most popular content based on user preferences.
Stage 4. Finally, the QA engineers ensured full coverage of the solution with integration and unit tests using Mocha and Jest.
paid content subscribers
total platform members
Partnering with Altoros, the customer migrated its platform—providing virtual fitness classes and wellness programs to 6.4 million users—to microservices, enabling high availability, scalability, and ease of maintenance. Thanks to the obtained expertise around microservices-based development, the provider can now move on with further platform expansion.
With the security improvements in place, the company prevented unauthorized access, impersonalization attacks, data leaks, etc., across 1.5+ million paid content subscriptions.
Amazon Web Services
Frameworks and tools
AWS Lambda, Amazon SQS, Node.js, Express, Prisma, Swagger, Mocha, Jest
Amazon RDS, MongoDB