# The Twelve-Factor App
- https://12factor.net/


| #    | Factor              | Description                                                      |
| ---- | ------------------- | ---------------------------------------------------------------- |
| I    | Codebase            | One codebase tracked in revision control, many deploys           |
| II   | Dependencies        | Explicitly declare and isolate dependencies                      |
| III  | Config              | Store config in the environment                                  |
| IV   | Backing services    | Treat backing services as attached resources                     |
| V    | Build, release, run | Strictly separate build and run stages                           |
| VI   | Processes           | Execute the app as one or more stateless processes               |
| VII  | Port binding        | Export services via port binding                                 |
| VIII | Concurrency         | Scale out via the process model                                  |
| IX   | Disposability       | Maximize robustness with fast startup and graceful shutdown      |
| X    | Dev/prod parity     | Keep development, staging, and production as similar as possible |
| XI   | Logs                | Treat logs as event streams                                      |
| XII  | Admin processes     | Run admin/management tasks as one-off processes                  |


> [The Fifteen-Factor App](https://domenicoluciani.com/2021/10/30/15-factor-app.html)
>
>- [Beyond the Twelve-Factor App](https://www.oreilly.com/library/view/beyond-the-twelve-factor/9781492042631/) by Kevin Hoffman
>
>13. API First 
    - We should define the service contract first to help our consumers understand what to send and receive, defining a common contract.  
    - This approach enables consumers and service developers to work in parallel. 
    - It helps avoid bottlenecks and facilitates the virtualization of the APIs so the consumers can run the tests against the mocks.
>14. Telemetry 
    - Monitoring our microservices, containers, and env help us to scale, self-heal and manage alerts for end-users and platform operators. 
    - We can use machine learning towards those metrics to derive future business strategies. 
    - We can observe the application’s performance, stream of events and data, health checks, when the application starts, scales, and so on.
>15. Authentication 
    - Make sure all security policies are in place. Developers tend to underestimate the importance that security has. 
    - APIs should be secured using OAuth, RBAC, etc. 
    - Web content should be exposed externally on HTTPS 
    - MFA 
    - Database protection


## Mentioned Resources


- Tornado: [https://www.tornadoweb.org/en/stable/](https://www.tornadoweb.org/en/stable/)

[Tornado](https://www.tornadoweb.org/) is a Python web framework and asynchronous networking library, originally developed at [FriendFeed](https://en.wikipedia.org/wiki/FriendFeed). By using non-blocking network I/O, Tornado can scale to tens of thousands of open connections, making it ideal for [long polling](https://en.wikipedia.org/wiki/Push_technology#Long_polling), [WebSockets](https://en.wikipedia.org/wiki/WebSocket), and other applications that require a long-lived connection to each user.

- Jetty: [https://eclipse.dev/jetty/](https://eclipse.dev/jetty/)

Jetty provides a web server and servlet container, additionally providing support for HTTP/2, WebSocket, OSGi, JMX, JNDI, JAAS and many other integrations. These components are open source and are freely available for commercial use and distribution.

Jetty is used in a wide variety of projects and products, both in development and production. Jetty has long been loved by developers due to its long history of being easily embedded in devices, tools, frameworks, application servers, and modern cloud services.