π‘How Rely.io works
In this page, weβll do a deep dive over how we built Rely.ioβs internal developer portal that helps software companies with distributed architectures deliver high-quality software at scale.
Rely.ioβs developer portal is designed for the most complex enterprise environments, therefore it was built with security, scale, and consistency in mind. With features like role-based access control (RBAC), open-source agents that can be self-hosted to integrate with your stack and run self-service actions, encrypted data handling, audit logs, and seamless integration with identity providers like Okta via SAML/SCIM, Rely.io provides everything modern enterprises need.
Below we'll break down how Rely.io works behind the scenes, detailing the data and communication flows between its components and customer environments
Some context
Every year, companies waste more than $1 trillion because developers spend up to 40% of their time working on mundane, non-code-producing work.
At Rely.io, our goal is to change that. Our mission is to empower engineering organizations in fostering a service ownership and engineering excellence culture.
Weβre building the next generation of intelligent tools and automation to supercharge developer productivity and reduce developer toil.
To achieve this goal, Rely.io is starting by building an Internal Developer Portal that empowers engineering organizations to enhance visibility and engineering standards across their software ecosystem.
Our goal is to simplify the developer experience while maintaining strong standards of security, autonomy, and flexibility. Our Software Catalog gives developers a holistic understanding of your development lifecycle and underlying architecture. Our Scorecards helps teams define, promote and track the adoption of engineering standards. And, our Self-service Hub empowers developers to move faster while staying in the golden path - baking best practices into developer routines and automating work away with project templates, boilerplate code and automation workflows to provision resources, deploy services or any action they want to standardize across the Software Delivery Lifecycle (SDLC).
Our Architecture
To create a unified and secure platform, we built Rely.io using a mix of managed services and open-source components. This gives users the flexibility to either self-host parts of the system or rely on our managed services.
We have four main components:
SaaS Web Application β Available at https://webapp.rely.io, this user interface allows customers to manage their catalog, scorecards, and self-service actions. It also provides tools for configuring RBAC (role-based access control) and access management tools.
Public API β A REST API that gives programmatic access to all the key features in Rely.io β catalog management, automations, scorecards, and more.
Galaxy Integration Framework β An open-source framework that users can install within their cloud environment, keeping all data within their network and avoiding the need to expose APIsy publicly. You can find it at https://github.com/Rely-io/galaxy-oss
Self-service Agent β An open-source agent that users can deploy via Helm or Docker. It runs within their environment, checking for and executing pending actions triggered through Rely.ioβs UI or API, without requiring Rely.io to have direct write access to their platforms. You can find it at https://gitlab.com/relyio/backend/self-service-agent.
Below is a simplistic illustration of how these components interact with each other and with the customer environments:
The core data flows
Populating your software catalog with plugins
To get started, you need to install plugins for the core tools in your engineering stack, ensuring that Rely.io integrates smoothly and becomes the single source of truth for your software ecosystems.
We recognize that in regulated industries (like finance), exposing APIs or cloud services to the public can raise compliance concerns. Thatβs why we created the Galaxy Integration Framework β an open-source framework that runs entirely within your cloud environment.
Galaxy integrates with your tools (e.g., Git, CI/CD, monitoring) by performing periodic requests to gather information, pushing it to Rely.io via secure APIs.
You have two options for installing plugins:
Self-hosted plugins β with the Galaxy framework, you can deploy plugins using Docker or Helm in your environment. The Galaxy integration agent runs within your network (e.g., within your VPC) and periodically communicates with your toolsβ APIs, transforming and securely transmitting data to Rely.ioβs control plane. This approach keeps everything within your infrastructure, with no need to expose anything externally.
Managed plugins β if you prefer not to self-host, Rely.io also offers managed plugins hosted within our cloud infrastructure. These plugins authenticate with your tools' APIs (e.g., Datadog) and periodically fetch data over HTTPS to update your software catalog. When possible, Rely.io also sets up webhooks to ensure immediate updates as they happen, minimizing API requests and keeping data available in near real time.
Running self-service actions
Rely.ioβs Self-Service Agent is another key component, built with the same principle of security by design. Self-service actions enable developers to automate routine tasks, such as resource provisioning or service deployment, through either the UI or code definition files.
The agent runs in your environment, giving you full control without needing to grant Rely.io direct access to your tools or infrastructure. Every minute, the agent checks Rely.ioβs API for new tasks. When it finds a task, it starts executing it in your environment and continuously reports on the status and progress of the workflow. This keeps you updated in real-time throughout the entire execution process.
Self-service actions can be initiated through the web UI or an API request. Whether self-hosted or managed by Rely.io, the agent handles these actions, interacting with tools like Kubernetes, GitLab, or Jenkins to carry out each step. As the workflow progresses, the agent keeps sending updates back to Rely.io, which are reflected in the portal and notifications.
Just like the Galaxy framework, the Self-Service Agent can be self-hosted or managed by Rely.io, depending on your needs.
Interacting with the developer portal through the web app
The Rely.io web app is the central hub where platform engineers, SRE teams, and product engineering teams can manage all aspects of their environment. The app provides a user-friendly interface for:
Managing the software catalog
Defining and tracking scorecards
Running, reviewing, and approving self-service actions
Managing user access and role-based access control (RBAC)
This interface simplifies the experience of interacting with live data, configurations, and actions across the entire software ecosystem.
GitOps with Rely.io β Entity and configuration definition files
Rely.io is designed to integrate tightly with your existing developer workflows. We introduced entity and code definition files to let you manage everything via code β whether itβs blueprints for services, scorecards for monitoring, or self-service actions.
Today, the way to set this up is to configure a job (provided by Rely.io) in your CI/CD pipeline to push the changes in the entity and configuration code definition files in those repos to our Public API to ensure the changes are reflected in Rely.io when those files are changed in your repo.
Soon, we will release a new capability that will allow Rely.io to continuously scrape the repositories you define in your git provider integration, detecting changes to any definition files and updating the system automatically. This ensures that your catalog, scorecards, and workflows are always up-to-date with the latest configurations.
Extending information and managing configurations with the Public API
Every action available through the web interface can also be accessed programmatically through our REST API. Teams can integrate Rely.ioβs functionality directly into their existing workflows.
The Rely.io Public API allows you to programmatically push data into the platform, whether to update your catalog or automate workflows.
You can execute all the CRUD operations (Create, read, update, and delete) of all the different entities, blueprints, scorecards and self-service actions configurations within your developer portal.
You generate an API key from Rely.ioβs web interface and authenticate your requests using a Bearer token in the API headers.
Your system sends data (e.g., entities, scorecards) via the API, and it is immediately ingested into Rely.ioβs backend.
You can also define granularly which assets can suffer changes through the UI, or simply programmatically. For example, in your software catalog, you can define that a given property (e.g. the owner of a service) canβt be changed through the UI, only programmatically. This ensures that Rely only accepts changes to that property through the GitOps workflow or through the Public API.
Then every change in the product is recorded in the audit logs so that you can always audit who changed what, when and you can revert changes if needed.
Last updated
