kentoh - Fotolia
IT operations teams that consider an API strategy to be the "wonkish" purview of developers will be surprised to learn how far APIs have come in their overall strategic importance to a corporation.
Application program interfaces (API) are linkages that offer a set of tools and protocols to describe how one program should talk to another. But more recently, the definition has broadened to refer to not just the specifics of the API itself, but to networked collaborative services as well.
Amazon provided one of the earliest strategic uses of external APIs when it offered up its e-commerce engine to booksellers and other retailers wishing to sell on Amazon's site. "Amazon became not just a retailer, but a facilitator of an ecosystem in which they get a cut," said Randy Heffner, an analyst at Forrester Research, in Cambridge, Mass. "This was all due to API enablement."
Large public API programs, such as those offered by Amazon, Twitter and Google, were the first externally facing APIs. Now, many enterprises develop their own API strategy, using APIs to link their apps to partners, as well as APIs that link internal departments in creation of microservices. Developers and IT shops receive requests from within the organization to expose some aspects of their data to the outside world. In some cases, it may even create an opportunity to monetize that data.
"We've moved from a world where APIs were [a Silicon Valley thing] to where almost everyone in the general economy is doing something with them," said Steve Willmott, a former researcher and developer and current CEO at 3scale, an API management company he founded.
These lightweight development techniques helped one utility company move from traditional XML data to API gateways. Essent, which is the largest energy company in the Netherlands, developed an API strategy that uses externally facing APIs to communicate with electric car charging stations and other third party vendors.
What are the attributes of a good API?
• Documentation should be public. Public docs get seen by more people for the maximum amount of review, and should be in good order to be consumed.
• Clients should be language- and OS-agnostic -- REST accomplishes this. An API must be accessible to Windows as well as Linux developers. C# and REST-based APIs accomplish this, as they are based on hyperlinks.
• An external API is in use by the team that created it. If there are deficiencies in your API, your developers will be the first to find them.
• Example clients are publicly available. You need to provide APIs with samples on how to use it.
• The API must be secure. APIs should be protected by the same authorization and authentication as other interfaces (GUI, WUI, and/or command-line).
• New versions of an API should present minimal changes and they should be backwards compatible.
• The API should be scalable. An API should be able to withstand significant traffic.
- Bernard Sanders, CTO, CloudBolt
At Essent, customers can see which charging station is available via a Web app that receives real-time
Essent started funneling data through APIs about four years ago to give more flexibility to customers and partners. This has made life easier for IT pros and developers -- the biggest benefits are having a central place to take on a potential security threat and to allow multiple different protocol types on the same information flow.
"It's why we use a specific gateway," Wolf said. "You can set rules for all [API] calls at the same time. If we get attacked, we have a good location to fend off and offer flexibility at the same time."
Editor's note: This article is part 1 of a two-part feature on API management. Click here to read the next part.
Target the difficult user to elicit great API usability requirements
Leanr how to tame the API jumble
- CLOUD API SECURITY RISKS: HOW TO ASSESS CLOUD SERVICE PROVIDER APIS –SearchSecurity.com
- The Cloud Risk Framework –ComputerWeekly.com
- Service-Oriented Cloud Computing Infrastructure (SOCCI) Framework –ComputerWeekly.com