Yotpo Technical Overview
Yotpo Technical Overview
Article summary
Did you find this summary helpful?
Thank you for your feedback
This article provides an overview of the Yotpo's information architecture, application security policy, and system backup policy and procedures.
Information Architecture
Yotpo's microservices architecture does the majority of the heavy lifting for Yotpo’s core architecture where every service is responsible for a dedicated component and has its own dedicated database.
Yotpo Admin
Yotpo users manage their implementation via the Yotpo Admin - the main user-interface through which UGC content is collected, moderated, managed, and customized.
Yotpo On-site Presence
Yotpo's offering includes a wide range of on-site widgets which are implemented on merchant storefronts. Yotpo’s widgets populate user-generated content collected via Yotpo's multi-channel review collection methods. All of the above-mentioned projects utilize Yotpo's API services which also serve Yotpo customers and enable them to extend core functionalities towards generic and/or customized integrations and deployments.
Technologies
Real-time Capabilities
Yotpo serves several billion requests every month throughout the entire platform. To cope with such loads, Yotpo heavily invests in caching and static serving infrastructures.
We employ a strong cache layer implemented above Redis at the API level. Additionally, Yotpo utilizes CDNs solutions such as Akamai, Edgecast and Cloudfront to serve both static, and dynamic content.
Infrastructure
Yotpo's information architecture and infrastructure was designed and built for scalability from day one. The key scalable components of the system being the on-site storefront widgets and the Yotpo API.
Those parts of the system should have the ability to serve billions of monthly requests while simultaneously maintaining an fast response time and high SLA. To do this, Yotpo makes use of Akamai and Edgecast dynamic CDN solutions which offer the following benefits:
- Removing stress and bottlenecks from the Yotpo API.
- Improve delivery performance in terms of response time across different geographical regions.
Network Architecture
Yotpo web servers and databases are hosted on Amazon Web Services (AWS) where all our AWS servers and databases are located within Amazon Virtual Private Cloud (VPC).
AWS VPC uses security groups as a firewall to control traffic at the instance level, while it also uses network ACL (Access Control Lists) as a firewall to control traffic at the subnet level.
Yotpo servers are distributed across a wide range of AWS availability zones to ensure a high level of fault tolerance and stability. In each of the availability zones, Yotpo maintains a NAT instance within public subnets to allow internet access from servers located within private subnets.
Elastic Load Balancing
Yotpo uses application load balancers to allow distribution of the data across all instances.
To do this, the Yotpo API utilizes two load balancers:
- Internal load balancer to distribute requests from within all Yotpo web servers.
- External load balancer to distribute direct API requests.
The load balancers send the requests to dedicated Nginx servers which redirects requests to their relevant back-end services.
Relational Database Service (RDS)
Yotpo uses Amazon Web Services (AWS) Relational Database Service (RDS) for some of its main databases. These databases are deployed in a Multi-Availability Zone configuration - meaning that there is a primary database instance which synchronously replicates data to a standby database instance in a different availability zone. In case of an infrastructure failure, a failover to the standby instance is performed.
Caching
Yotpo utilizes Redis key-value database for caching of responses in order to reduce the response time of API and widget requests. To do this, Yotpo utilizes two main levels of caching:
Content Delivery Network (CDN)
Yotpo load balances between Akamai and EdgeCast as our content delivery networks to deliver static on-site assets and widget content to our customers’ websites with minimal latency.
Redis
Yotpo utilizes Redis key-value database for caching of responses in order to reduce the response time of API and widget requests.
Auto-Scaling
All of Yotpo’s servers have auto-scaling configurations. Using this configuration, certain system metrics such as CPU usage and traffic throughput automatically add new instances to safeguard against any potential degradations in system performance.
Additional Databases
Yotpo uses MongoDB, Cassandra DB, and ElasticSearch as part of its system. These databases are hosted within Yotpo’s Amazon EC2 servers in a cluster mode. The clusters have backups and auto-scaling abilities to prevent data loss and maintain the highest degree of availability.
System Security
Authentication
Yotpo offers two authentication methods - API Authentication and Email & Password Authentication.
API Authentication
Each and every Yotpo account possesses two unique keys:
| Key | Description |
|---|---|
| App Key | Public key and unique account identifier e.g. i23elSptdIyrsWX1wDwkgWjEFGtjQit0AgXdCLLz |
| Secret Key | Secret unique identifier key available exclusively to the Yotpo account administrator e.g. Qcca8nS3nhS2WbeN9bnITltBF67ZaHpSlba3Ckdd |
Using the App Key and Secret Key, Yotpo users can generate their uToken (API Token) which is required to perform most actions via the Yotpo API.
- The API Token provides access to a specific account.
- The API Token expires 30 days after its creation unless it re-authenticated.
Need help finding your App Key and Secret Key?
Click here to learn more about Yotpo's unique account identifiers.
Email & Password Authentication
Each Yotpo user must provide an account email address and create a password to be identified within the Yotpo system. Yotpo employs strong password requirements where each password must consist of the following:
- At least 8 characters
- At least 1 uppercase letter
- At least 1 lowercase letter
- At least one numeric digit
Upon creation, login credentials are encrypted and stored within Yotpo’s database to ensure the highest degree of PII security.
Users are required to provide their account email address and password in order to log in to the Yotpo Admin at yap.yotpo.com and each session remains active for XXXXX hours before a timeout and session expiry occurs.
Once logged in to the Yotpo system, end-users may access all accounts (eCommerce stores) associated with their user instance, with the appropriate account privileges as designated by the Yotpo account administrator.
Roles & Permissions
In order to perform different actions in the Yotpo back office require the appropriate roles and permissions must be set.
Yotpo addresses three different user personas:
Account Administrator
Account administrators are usually the account owner and have full access to every part of the Yotpo interface, including billing information and the ability to set different roles and permissions for additional users (seats) affiliated with the same account.
The Account Administrator can log in to the Yotpo system and/or request an authentication token to use with the Yotpo API.
Account User
Yotpo users have limited account access based on roles and permissions set by the account administrator.
Once authenticated by Yotpo using one of the methods described in the Authentication section, a user is authorized to specific actions in relation to the privileges granted per account.
Reviewer
Reviewers are Yotpo end-users who use Yotpo's on-site and in-mail features to submit reviews, upload media, etc. Reviews can only interact with Yotpo's public features and public API calls.
Reviewers cannot log in to the Yotpo Admin or authenticate using the Yotpo API in any way or scenario.
Every non-public action in the Yotpo System requires the account user to have the required set of permissions. For example, an account user without Insights Only permissions will not be able to access Yotpo Insights. Learn more about Roles & Permissions
Communication & Data in Transit
Yotpo supports communication over SSL protocol to ensure encrypted communication over the internet. This connection uses TLS 1.2 with 128-bit encryption.
HTTPS requests can include:
- All activities performed through the Yotpo Admin
- API requests
- All widget requests performed on secure pages
Yotpo protects against CSRF attacks by means of CSRF tokens included in all forms and AJAX requests.
Data Backups
Yotpo follows a strict policy to ensure that customer data is highly secured and backed up to protect against data loss and unauthorized access. This policy includes regularly scheduled data backups as well as diversification and distribution of data across various services.
Yotpo’s data resides within three primary repositories:
RDS
RDS is a Relational Database Service provided by AWS. Yotpo uses AWS RDS as a MySQL and Postgres servers. Yotpo uses these databases to save its business logic data: account data, user data, reviews, etc.
EC2
MongoDB, CassandraDB, and Elasticsearch clusters. Yotpo uses these databases to store logic data and business data like orders, links, etc. along with some analytics data.
Source Code
Yotpo has multiple projects written in various languages and frameworks. Yotpo’s code is a crucial part of its system, containing proprietary and complex algorithms.
Backup Policy & Procedures
RDS
- The MySQL Database is backed up every 3 hours and saved for 35 days. Over time, these backups are purged resulting in backup availability of 3 hours for the two most recent days of this cycle, and a once-daily backup for the remaining 33 days.
- Backups are hosted on AWS S3 and distributed across different services to improve data survivability.
EC2
Daily snapshots - All cluster data is backed up on a daily basis. These backups are maintained in AWS S3 and daily snapshots are saved for a total of 30 days each.
Source Code
All code projects are saved in GIT source control.
Disaster Recovery Plans
Yotpo's disaster recovery plan (DRP) protects against two main types of potential system disasters - Infrastructure Disasters and Data Disasters.
Infrastructure Disasters
Potential infrastructure disasters can include the following:
- Regional AWS outage
- AWS zone outage
- Application outage
- Application infrastructure outage
Expand each section below to learn more about each potential infrastructure DRP.
Regional Outage DRP
Regional Outages are handled by maintaining a running auto-scalable environment in multiple regions:
- Databases are replicated cross-region with a replication lag monitoring and one-minute threshold.
- Hot standby application servers run in each region and are isolated to local DB replicas and cache layers.
- Automated DNS failover based on regional health checks.
Zone Outage DRP
Zone Outages are handled by the AWS infrastructure
- For databases, Yotpo uses RDS in a multi availability zone mode, which utilizes multiple slaves and one master (each slave in a different zone). In the event that the master zone crashes, a slave is promoted and a DNS failover is executed.
- The application layer is spread across multiple zones and serves under a load balancer which has an instance in each zone.
Application Outage DRP
Application servers are measured by traffic and CPU utilization for the auto-scaling mechanism.
In an event of a crash in one application server, the auto-scaling policy spawns a new application server to compensate for the load spike that the crashed server may project on the rest of the system, and to brace for an increased traffic load.
Application Infrastructure Outage DRP
Infrastructure components are monitored around the clock so we can identify any widespread issues. In an event of a crash of one of the application infra components, automatic scripts are executed to raise new infrastructure components and return the system to operational stability with the new component.
Data Disasters
Data disaster type can include Human Error or Data Corruption scenarios.
Data Disaster DRP
As Yotpo's main system databases are backed up every 3 hours, disaster-affected DB layers (whether a product of human error or data corruption) can be restored in the event that there is no other way to resolve the issue.
Was this article helpful?
