In today’s data-driven world, it is essential for businesses to manage their application programming interfaces (APIs) to make business capabilities more consumable by users in an easier way. Companies must also think beyond the ease of delivering capabilities via API to customers, and focus on designing and building APIs that are secure, particularly as data breaches increase. Keith Wilson, technical architect principal at USAA, says, “Although the API concept has existed for decades, the exciting thing about the latest generation is that it is all about access to the functions behind them across all platforms. It’s a must in this mobile- and cloud-centric world we live in.”
Bruce Armstrong, IBM Z offering manager, adds, “APIs are the ‘image’ of their enterprise to world-wide developers, and how those APIs are designed, managed, perform, etc., is the latest way for companies to grow (or hinder) their brand.”
APIs can use different architectures to transfer data from the server to the client. SOAP (which previously stood for Simple Object Access Protocol, until the acronym was eventually dropped) is a messaging protocol used by many web services, and some enterprise users still prefer it. SOAP is built upon web standards maintained by the World Wide Web Consortium. It sends messages via protocols like Hypertext Transfer Protocol (HTTP), and often has strict rules and advanced security features. However, as the need for lightweight web and mobile applications increases, developers are relying on the more flexible Representational State Transfer (REST) architecture, which allows APIs to transfer data in the JavaScript Object Notation (JSON) data-interchange format.
At USAA, Wilson says APIs were built with COBOL copybooks or PL/I %INCLUDEs to map the request and response, using TCP/IP with JSON as the means of describing input and output. They publish an OpenAPI Specification, based on Swagger, to describe the API discoverable from an API management framework. This puts the firm in a better position to deliver and consume business capabilities. USAA uses this process to quickly determine which APIs satisfy new client application needs, while ensuring access to resources remains secure, Wilson says.
Sujay Solomon, global product manager at Broadcom, explains that APIs of old did not provide the separation needed between front-end and back-end code. When GUI applications were rebuilt for the web, this often left no choice but to rebuild the back-end code at great expense and risk. Today, APIs can be designed with the future in mind, reducing the need to rebuild back-end code because they are separated and can be updated more regularly and quickly. He explains, “Microservices are taking this to another level; they are their own modular entities, kept as small as possible, and run as individual services that other back-end server applications can call.”
Alan Glickenhouse, API business strategist at IBM, says in this blog entry that microservices are often considered to be the same as APIs, but they actually contain business logic (i.e., code), and are not a user interface. Microservices break up the application into component parts that each have a particular capability that when working together implement the functionality desired in the application. “This approach increases agility and scalability, and improves DevOps,” he adds.
Solomon says that APIs were originally built for the purpose of a single user, like a web-based GUI, but now APIs provide more value. “Imagine building a web page that allows users to access some information. With this approach, you are dictating how they are consuming the information. However, with an API-centric approach you are unleashing the ability for your consumers to use the data in whatever way they want, that you might never have imagined,” Solomon says. “Think about the concept as being similar to books or movies that have an open-ended conclusion—many times these have more impact than the ones that spoon-feed the user or the reader.”
Advice on API Management
Executive buy-in is critical to API management as it enables companies to build APIs to surround existing assets. Wilson advises that perceptions need to change, and that API management is key to business strategy as companies become cloud-ready. He adds that programmers should select a mixture of simple and complex applications to turn into APIs as a proof-of-concept exercise. Moreover, never forget security and use an API security solution as a guiding framework for building them. “Do not implement without an API security process in place,” Wilson says.
Solomon adds that “it becomes doubly important to lay out some ground rules and have constant visibility over the information you’re exposing as APIs, who has access to the APIs, and how you can handle the increasing load on your API servers.” APIs are expected to grow exponentially, he says. According to Zion Market Research, the global API management market will experience a compound annual growth rate (CAGR) of 33.4 percent between 2017 and 2022.[1] The global cloud API market is expected to have a CAGR of 19.6 percent between 2016 and 2026, reports Research Report Insights.[2]
At an IBM Think conference last year, Citibank described their experiences with APIs; after API-enabling their legacy business logic on the mainframe and exposing it on the enterprise API catalog, they found that the underlying transaction processors’ workload on the mainframe had tripled in just a few months. Solomon explains that businesses need to be strategic thinkers about API management and be able to adapt to that growth through the “use of tools like API gateways, catalogs, and security credential microservices before it becomes the ‘wild, wild west.’”
Glickenhouse says that part of API management is establishing a lifecycle and a set of governance standards to enforce that lifecycle. “Ongoing testing and monitoring is part of the API lifecycle to ensure our first notification of a problem is not a contact from an angry API consumer,” he says.
API management should not be an afterthought for businesses, especially as demand for APIs increases and the threat of data breaches rises across all industries. Integral to API management is the need for security, whether through machine learning or the adoption of security protocols during API development. APIs ensure business capabilities are accessible across multiple platforms and allow for more efficient and secure use of data, especially at a time when businesses are facing an increased demand for such data in real time.
Interested in learning more about APIs? Check out sessions at SHARE Phoenix (March 11-15) under the API Economy hot topic in the technical agenda.