An Integration Platform in Luxury Fashion – How Farfetch Delivers Value to Partners and Customers

Photo by John Schnobrich on Unsplash

E-commerce platforms in the luxury fashion industry occupy a small portion in the wider online fashion e-commerce industry. Established in 2007, Farfetch offers a leading online platform in the luxury retail industry, connecting brands, boutiques, partners, and the end customer. When looking at the numbers, currently over 1,000 boutiques and brands sell products using the Farfetch platform. Farfetch serves over 2 million users in 190 countries (plus, the Spring/Summer 2018 season alone had 5.7 million units of items stocked in the platform). Their online business operations are driven by an integration platform, built by using WSO2 Enterprise Integrator.

A scalable integration platform for a growing business

On a day to day basis, Farfetch communicates stock information between their partners and customers, manages orders and returns, and handles the logistics on behalf of their partners. Several years ago, Farfetch requested their partners to integrate with their architecture and built a SOAP API to facilitate this integration. However, with time, the partner network grew and integration became even more important, and Farfetch realized the solution at the time was not scalable in the long term due to the lack of a relevant platform.

Therefore, in 2016, Farfetch built their own integration platform named FFLink using WSO2 Enterprise Integrator, an agile integration platform that helps enterprises to build and scale integration solutions. FFLink is based on 2 components. The first component is universal plug-in, where Farfetch built a plug-in for a system that is used by multiple partners whilst ensuring scalability of the system. The second component targets their top partners, with whom Farfetch embarks on custom projects depending on the business case. In this instance too, scalability is important. In theory, Farfetch prefers to provide out-of-the-box integration options for their partners although in practice, this is not always possible as some of the bigger brands have custom API layers on top of their system, rendering it difficult to use with other partners. With FFLink, partners now integrate using the same API as Farfetch and the plug-ins.

Building the architecture to overcome challenges

In recent years, Farfetch has been nearly doubling their growth rate every year (sometimes more). One of the challenges now is no longer the integration platform – but managing and scaling this platform, along with the partners. Furthermore, Farfetch is also looking at discontinuing the use of their API which they introduced at the start but some partners continue to use it. This discontinuation process cannot be abrupt and they’ve introduced a process by which these partners will graduate start using FFLink. To do this, Farfetch has exposed one API to their partners, which they will then connect to their new and modern REST API internally. This ensures that Farfetch continues to support all their partners (including the ones using the original API) and simultaneously ensure their internal architecture continues to evolve and deploy new APIs.

The challenges don’t end there. Although Farfetch is satisfied with the way in which they were able to create FFLink and deliver value to their partners, they experienced some difficulty in supporting and maintaining all their partners. As such, they began to look at ways in which they can modify FFLink further, taking into account issues of scale, business growth, partner management, and support. They then introduced the second version of FFLink – which is an event driven architecture. Every transaction received by FFLink is transformed into an event. All orders that are synchronized between Farfetch and partners are transmitted through a central event service, regardless of the source system or the target system. This has eased the monitoring and scaling functions for the team at Farfetch. The main role of this architecture is to discover events. For example, when the system receives a new order, APIs are pooled by Farfetch and their partners to find this new order after which an event is created. However, not all partners use APIs and some of them still use files – leading to problems. In order to deal with this, Farfetch has built storage services in the system whose function is to discover and manage events that are triggered using files. Partners who use APIs are able to create events via the API gateway in the integration platform, through the exposed APIs.

Once an event is created, synchronous ones are published on the messaging, overseen by the orchestration layer. Asynchronous events trigger the orchestration layer, which turns it into a message and transforms it as needed. This is where WSO2 Enterprise Integrator plays a key role, helping Farfetch to scale this platform and build the orchestration layer. WSO2 Enterprise Integrator has integration runtimes, message brokering, business process modeling, analytics, and visual tooling capabilities.


The new architecture has allowed Farfetch to set up a central back office, helping them to configure, manage, and monitor the system. This has helped them to anticipate and communicate any problem that they encounter to their partners, thereby ensuring the smooth day-to-day management of their functions – something which the team at Farfetch values greatly, given the continued growth of their business.

To learn more about FFLink, watch this presentation by Vasco Rocha, head of engineering, platform services at Farfetch.

Find out more about WSO2 Enterprise Integrator here.

AI-Powered Cyber-Attack Protection for APIs with WSO2 and PingIntelligence

The exponential increase in API adoption has made it a prime target for hackers who are hijacking tokens, cookies and keys, as well as targeting weaknesses in individual APIs. Because of the complexity of these attacks and the different access patterns and users of an API, static security controls alone cannot prevent a breach. That’s why we partnered with Ping Identity to protect APIs against cyber-attacks by combining the artificial intelligence (AI) powered API cybersecurity of PingIntelligence for APIs with the robust policy-based controls in the open source WSO2 API Manager.

WSO2 API Manager is a unique open source approach to addressing the full API lifecycle. It offers various static policy-based options for security and access control. These include:

  • OAuth 2.0 authentication and authorization for API access
  • Request and response validation against the most common request based attacks such as SQL injection, parsing attacks, and schema poisoning
  • API policy creation and enforcement based on specific parser properties and regular expressions
  • Support for many types of rate limiting capabilities including rate limits by request counts and network bandwidth usage
  • The ability to assign quotas to users, applications, IP addresses, devices, and regions among other things

PingIntelligence for APIs is the leading solution for AI-powered API cybersecurity. They help enterprises augment their static controls and extend their security capabilities with continuous, proactive API threat monitoring and detecting that automatically discovers anomalous API traffic behavior. Because bad actors are well versed in circumventing static security policies, PingIntelligence for APIs was purpose-built to recognize and respond to attacks which fly under the radar of foundational API security measures, and target API vulnerabilities—without policies, rules or code. These include:

  • Credential stuffing and brute-force attacks on login systems
  • Layer 7 DDoS attacks that scrape data and disrupt API services
  • Taking over accounts using stolen cookies, tokens or API keys
  • Rogue insiders exfiltrating data in small amounts over extended periods of time

WSO2 has developed an open source extension to communicate with the PingIntelligence API Security Enforcer (ASE), which can be deployed in the WSO2 API Gateway. This means that WSO2 API Manager users can apply AI-based security analysis for their APIs along with static policy-based security controls. Meanwhile, PingIntelligence users can utilize AI-based analytics when they externally expose their services as APIs.

To learn more about how the extension works and what attacks it can detect, read WSO2 Associate Director and Architect Sanjeewa Malalgoda’s article or register for our webinar. Download the extension for WSO2 API Manager here.

Women in Open Source Tech Roundup: April and May 2019

We launched a campaign to celebrate the intelligent, awesome, and interesting personalities behind our technology earlier in the year. In April and May, we spoke to female software engineers, a technical writer, an enterprise architect, and a research engineer to find out how they found themselves where they are today and why they want more girls to join this industry.

This roundup gives you the chance to get to know them better.

Dakshitha Ratnayake

We started April by featuring Dakshitha, an enterprise architect at WSO2’s CTO office. Dakshitha defines success in life as being the ability to juggle both motherhood and career development to the best of her ability. “Keep learning” is her mantra, because change is constant and it’s never too late to learn, adapt, and improve yourself in the long run. When she’s not at work, she loves to run, play basketball, sing, bake, and cook – Dakshitha has a lot going on always!

Some interesting facts about Dakshitha…

  • Pet peeve: Cantankerous keyboard warriors
  • Childhood ambition: To become an astronaut
  • If she weren’t an enterprise architect, she’s be a writer, a chef, or a teacher.

Anupama Pathirage

As a teenager, Anupama wanted to be a hacker. But she became a software engineer instead and is currently a technical lead for Ballerina, a cloud native programming language. Anupama first came across a programming language as a teenager, and she never thought that one day, she’ll be working on developing a new programming language from scratch. Success for Anupama is the ability to be satisfied with whatever we choose to do in life.

Some interesting facts about Anupama…

  • Pet peeve: People who constantly talk about doing something but never take action or follow through
  • Childhood ambition: To become a computer system hacker (of course!)
  • If she weren’t a software engineer, she’d be an entrepreneur.

Sinthuja Rajendran

Sinthuja is a senior technical lead at WSO2. She loves her job as it involves conducting research about current and emerging trends in technology, and advising others in her team. Although she studied telecommunications engineering at university, her true career passion lies in computer science and software engineering. For Sinthuja, success is inner happiness – whether it’s following your dreams or you’re delighted that you performed a simple task better than you initially anticipated.

Some interesting facts about Sinthuja…

  • Pet peeve: Expecting great results sans the effort
  • Childhood ambition: To become a pilot
  • If she weren’t a software engineer, she’s be an interior designer.

Yvonne Wickramasinghe

Yvonne loves animals, helping to rescue stray animals wherever she can. She’s passionate about nature, raising awareness on issues such as deforestation and environmental damage. Yvonne is also a technical writer at WSO2. She believes in being true to one’s self to achieve success and advises others to not be afraid of failure. Yvonne thinks that women have a remarkable ability to thrive in fast-paced environments – and sometimes, this can lead to misinterpretations.

Some interesting facts about Yvonne…

  • Pet peeves: Cruelty to animals, deforestation, and destroying nature
  • Childhood ambition: To become a medical practitioner
  • If she weren’t a technical writer, she’d be a business analyst or product manager.

Nayantara Jeyaraj

Nayantara (or Taro as she’s more commonly known as) loves music, Instagramming, and pop culture. When she was at university, she learnt about the digital divide in today’s world. Eventually, this is what spurred her to become a research engineer so that she can contribute to bridging this gap – in whichever way she can through her work. She encourages others to move out of their comfort zones, keep learning, and introduce new ideas.

Some interesting facts about Taro…

  • Pet peeve: When someone says that they don’t like k-pop, even worse, BTS
  • Childhood ambition: To be an adventure-fiction writer
  • If she weren’t a research engineer, she’d be a pop-culture content producer at BuzzFeed.

Keep a lookout on our LinkedIn and Twitter pages because we’ll be featuring more of these videos in June. Kudos to Ishara and Vidyas for being a part of this project with me behind the scenes. We’d love to hear from more women who work in open source technology to learn more about your experiences. Drop us an email on and to be a part of this campaign.

Enterprise Integrator 6.5.0 Focuses on Integration Developer Productivity

We are pleased to announce the release of WSO2 Enterprise Integrator 6.5.0. Our latest release includes unified integration and a data integration runtime (Integrator) as well as a micro integration runtime (Micro Integrator) and a comprehensive tooling distribution (Integration Studio) to support both runtimes.

This release aims at addressing developer productivity and cloud native integration requirements more comprehensively than ever. This has been one of the most anticipated WSO2 Enterprise Integrator releases, as it brings new product components and features specifically targeted at improving integration developers’ productivity as well as helping developers easily build and deploy container-native integration solutions. Following are the major highlights.

WSO2 Integration Studio

The integration team invested significant time and effort with the objective of improving the user experience and developer productivity of WSO2 Enterprise Integrator tooling. Some implementation targets for the new tooling included adding runtime validation of code, improving the look and feel of the tool palette and development canvas, improving the utilization of screen space, providing selection options for every possible configuration option, reducing the clicks and configuration steps, and adding Docker and WSO2 Integration Cloud support. In addition to the Integration Studio, we have improved the integration and micro integrator runtime with feature additions as well.

Some major capability enhancements are listed below:

  • New design for a superior graphical developer experience
  • Built-in micro runtime to support improved testing and debugging of integration artifacts
  • Capability to build Docker images from the development tool itself using runtime artifacts
  • Seamless experience to deploy integration artifacts into WSO2 Integration Cloud
  • Built-in project templates for faster initiation of new integration projects and artifacts
  • Artifact validation and error detection during the development stage of integration projects

WSO2 Micro Integrator

WSO2 Micro Integrator runtime is a lightweight product based on the same technology as that of WSO2 Integrator. Hence, artifacts developed for WSO2 Integrator (ESB) are fully compatible with WSO2 Micro Integrator. The reduced size and rapid startup time make this the ideal solution for enterprises that are planning to move into microservices and container deployable solutions. WSO2 Micro Integrator has been streamlined for developing composite microservices by orchestrating several services within a microservice implementation.

Key capabilities of WSO2 Micro Integrator runtime include:

  • Reduced startup time (< 5s)
  • Seamless deployment of integration artifacts from WSO2 Integration Studio
  • Reduced distribution size (< 150 MB)
  • Ability to generate micro integrator Docker images from WSO2 Integration Studio with integration artifacts
  • REST API to monitor and manage micro integrator runtime
  • CLI tool to inspect artifacts of micro integrator
  • Built-in monitoring capabilities with Prometheus, ELK, and WSO2 Integration Analytics

WSO2 Integrator Runtime

WSO2 Integrator runtime is the most common deployment environment used by a majority of WSO2 Integration platform customers. In this new release, we are introducing the following key capabilities to enhance integration development.

  • A new mediator named Property Group that enhances the usability by providing the ability to configure multiple properties inside a single mediator
  • Native JSON support for Iterate, Aggregate, and Enrich mediators
  • Message Processor improvements to handle poison messages
  • Enhanced REST support for Data Service JSON payloads
  • OData Support for MongoDB
  • Support to monitor statistics with Prometheus
  • Security fixes and bug fixes implemented since the previous release

Other Runtimes Packaged with WSO2 Enterprise Integrator

Bug fixes and security fixes that were done since the previous WSO2 Enterprise Integrator release are incorporated into WSO2 Business Process and WSO2 Message Broker runtimes.

Furthermore, in this release, we are announcing the deprecation of WSO2 Microservices for Java (MSF4J) runtime packaged within WSO2 Enterprise Integrator. The compelling reason for this is because we see more value added to users from the WSO2 MSF4J GitHub project and its artifacts since many microservice developers will use it as a dependency rather than a server runtime. Hence, we believe MSF4J is more useful for developers in its GitHub-based release cycle, so it won’t be packaged with WSO2 Enterprise Integrator in future releases.

To learn more about the latest release, features, and what it means for your experience, join our webinar on June 6, 2019.

We have also organized a webinar series with comprehensive discussions on WSO2 Integration Studio and how it can be used for integration efforts in your enterprise.