twobee - Fotolia


Build cloud computing APIs for app portability

Well-designed APIs are key for cloud platform portability. And documentation, release stability and security also all play roles in maintaining a cloud API.

As cloud adoption grows, more organizations look to use multiple providers. The need to compensate for outages, a desire to use different services and the ability to select those services based on cost all underscore the need for data and application portability. Application programming interfaces are the key to interfacing with cloud services, but can vary wildly between providers -- making portability difficult.

Here's a look at the potential challenges surrounding cloud portability, and the role APIs play.

What are the big issues with app portability in the cloud?

In all cases, APIs are used to access data and services. There are no concrete rules that define how cloud computing APIs should work or the capabilities they provide. However, problems arise when multiple providers offer competing or similar services and use distinctly different APIs to access those services.

For software developers, this can become a nightmare. They might have to rewrite software to use the API for one particular service, which often results in multiple versions of the software. In some cases, developers can design software to detect a particular service and use the corresponding API, but this can bloat the overall size of the application and complicate testing. Either way, creating an application for a divergent set of cloud computing APIs is a costly and time-consuming.

What kinds of public cloud computing APIs are there?

There are three general types of APIs in the public cloud: infrastructure, service and application.

Infrastructure or infrastructure-as-a-service (IaaS) APIs are intended to exercise control over low-level resources, such as virtual machine (VM) images, scalability groupings and load balancing. Developers and IT teams use infrastructure APIs to provision, manage and remove public cloud resources. For example, a developer would use the Amazon Web Services (AWS) Elastic Compute Cloud API to create, remove and work with images in EC2 instances.

Service or platform-as-a-service APIs support access to well-defined services or functionality like databases, management and reporting tools, messaging systems, portals and storage instances. Service APIs are frequently used in conjunction with infrastructure APIs to construct complex work environments. For example, a developer may use infrastructure APIs to provision a VM, and then service APIs to attach a storage instance to the VM.

Cross-cloud APIs

There are also cross-cloud APIs, such as Apache jclouds, that allow cloud developers to create software that can access resources from a primary cloud provider as well as other cloud providers as-needed. This is still a work-in-progress, though, because there is still no clear delineation of what common services a cloud provider should offer.

Application or software-as-a-service APIs are usually the highest-level APIs, offering complete applications as replacements or extensions to local IT environments. For example, a business may choose to use customer relationship management software as a hosted service rather than install it in-house. Tools that interact with that software will use an API designed to exchange data securely and make queries. For example, a business that wants to integrate Microsoft Office 365 functionality into its own software can employ the Microsoft Graph API.

What cloud computing APIs are out there now?

There are numerous cloud computing APIs developers can employ to create user-facing software. For example, AWS provides APIs to operate its EC2 and Simple Storage Service (S3) services, as well as an API Gateway service that allows users to create their own custom APIs to orchestrate some AWS services. Other major public cloud providers, such as Google and Microsoft Azure, also provide APIs to connect cloud services to outside software.

There are other APIs that can be used for cloud initiatives. For example, private clouds might adopt platforms such as Apache CloudStack to support an IaaS-type cloud with native support for the Amazon EC2 and S3 APIs.

API standardization

To help users deploy an application on any cloud platform -- without making software changes -- there is increasing interest in standardizing public cloud providers' APIs. Unfortunately, we're still a long way from this standardization, especially as competition continues to heat up between the major public cloud providers. 

Other cloud computing APIs promise more general, cross-platform capabilities. For example, Simple Cloud API is an effort led by a consortium of vendors that allows developers to create code that interoperates with multiple cloud vendors.

What general guidelines are there for API creation?

Whether you're developing your own cloud computing APIs, or evaluating those of potential providers, there are some general considerations that might help.

Consider API efficiency. APIs should be simple and efficient in their implementation. Don't try to reinvent the wheel with underlying technologies like SOAP, REST, JSON and so on -- use the enormous body of standardized work that's already been accomplished. Also, don't try to accomplish everything in one API. Developers tend to use a limited number of languages, so create API versions that cater to each major language, such as C++, Java, Python, PHP, Ruby, Perl, Haskell, C#, JavaScript, Node.js, OCaml and Delphi.

Ensure good API documentation. Poor documentation hinders your adoption of a provider's API, as well as the adoption of your APIs by others. Documentation must be current, accurate and contain a healthy dose of usage examples or tutorials. Validate the documentation through peer-review, or solicit feedback from API users.

An API should be flexible. Developers might try to use cloud computing APIs in a variety of ways, so they should be flexible, particularly around how they handle inputs and outputs. For example, a flexible API might support varied formats like JSON, YAML and extensible markup language, and employ a case-insensitive format.

Look for API release stability. The speed and consistency with which API changes occur will affect adoption. Developers have an easier time working with APIs that don't change often. Release cycles should reflect well-planned, well-tested and well-documented efforts with plenty of time for developers to experiment with the beta releases.

Look for API security. Solid authentication and security are critical for modern services and the cloud computing APIs that access them. In most cases, this involves passing an SHA-1 or other encrypted token to the service through the API. In other cases, security is facilitated through OAuth2 and SSL. API owners should always implement several types of security.

Next Steps

Design APIs that will boost performance

Build a strong API management strategy

Find answers to common API questions

Dig Deeper on Cloud APIs and integration