Does your API management plan translate to simply "providing access to consumer-facing APIs that third parties can use or write to" -- for example, if you're a retailer, exposing access to inventory via an API that allows a customer to purchase through a third party? If so, you need to do more. With mobile apps, it's not just about access to consumer-facing APIs. You must control how and by whom these APIs are accessed while maximizing reuse and the ability to tap all data sources.
As mobile projects multiply and business demands an increasing volume of data from back-end systems and services, the number of APIs needed to handle those integration points will also increase, perhaps dramatically. Most of these APIs will hook to internal (behind the firewall) systems that will be accessed by mobile devices on public networks. And that's not all -- as the number of APIs increases, management also plays an important role in how these APIs can be "discovered" by app developers, thus maximizing internal reuse of expensive enterprise integration work.
Speaking of reuse, a great way to justify an API management initiative is that it will help you take older, clunky APIs and transform them to be more accessible. That could mean making SOAP XML or even mainframe data accessible via a mobile-optimized API with compact payloads by, for example, transforming XML to JSON data and stripping out anything that is not essential. This allows new mobile apps to pull from back-end systems that may have been previously locked -- essentially setting data free.
[InformationWeek's Age of the API digital issue lays out a plan for a sophisticated API strategy, reveals 3 critical API techs and 6 best practices, and more.]
I recently worked on a project to support a workforce management application for a construction group with more than 11,000 field workers. The company needed multiple workforce apps to help execute contracts effectively and efficiently, but it needed the app to draw from several complex back-end systems, including scheduling and work-order management databases holding confidential contract and asset information. By creating, managing, and extending APIs and adding a proxy layer that exposed data from these legacy systems, the company was able to securely integrate the apps, without having to invest in an expensive architecture and back-end upgrade.
The mission statement for a modern API management program is: "Allow the organization to create, publish, and manage application programming interfaces at volume in a secure, scalable, and controlled environment. Empower developers (both in-house and third party) to create useful Web and mobile apps that interface with back-end systems."
Here are five key considerations for such an API management program:
1. Open technologies. Any platform an enterprise uses for API management must takes an open approach. This means using standard technologies developers are familiar with and avoiding the lock-in of proprietary approaches. Open stacks based on Node.js, MongoDB, Redis, and Linux are taking the world by storm for this very reason.
2. Security. It is critically important to design a way to expose back-end systems to public IP access in a secure way, but without sacrificing flexibility. This can be accomplished by using https and API keys from the device and a secure VPN connection.
3. Reuse. This should be table stakes. Sharing APIs across multiple projects can significantly trim development time and get apps to market ensure faster. Look for the ability for integrations, exposed as APIs, to be invoked from any new platform. To aid this process, existing APIs can be "auto-discovered" as they are exposed in the UI of the platform, and can be dynamically queried there to see results returned from queries. Exposed APIs may be implemented as Node.js server-side components, which can be called by individual apps.
RESTful APIs have supplanted SOAP as the de facto standard for how software services are accessed, and their adoption has made it less costly and easier to build loosely coupled integrations between new apps and enterprise systems. REST APIs also facilitate reuse by separating the API providing the data from the Web or mobile app that consumes or produces it, allowing multiple apps to consume the information provided by the API. Use of RESTful APIs returning JSON makes a lot of sense in the mobile world, as they can provide data in an easily consumable format for the mobile app client-side (avoiding the need to pass more verbose XML and/or parse XML client-side).
4. Performance management. Another challenge is the burden that mobile can put on back-end systems. Apps now serve anywhere from thousands to millions of users, all of whom may need access to mission-critical applications simultaneously. This creates heavy demand on, and traffic to, these systems, which often must communicate with the mobile app before work can be completed.
An API-based, mobile-back-end-as-a-service approach handles the caching and performance management and responds to these myriad requests. As a Node.js application, the server side of any app can do simple, or more complex, caching in either Redis (best-effort, not persistent) or MongoDB (persistent). A typical pattern here is to do multiple back-end queries, combine the results into a JSON object, push that onto the cache or persist it in the MongoDB, and then return the same result anytime the same query is made.
5. Cost. As with any major undertaking across business units, cost and efficiency go hand-in-hand. It's important to consider a range of options, but SaaS-based API management provides simplicity, speed, and scalability so IT can develop, deploy, and manage apps quickly and efficiently, with the advantage of utility-based pricing. An on-premises deployment is also feasible.
API management -- when executed as part of an overall strategic mobile development plan that harnesses the right mobile application platform for your business -- eliminates the need to re-architect your systems from the ground up to meet demand for mobile as your organization scales.
Cloud Connect (Sept. 29 to Oct. 2, 2014) brings its "cloud-as–business–enabler" programming to Interop New York for the first time in 2014. The two-day Cloud Connect Summit will give Interop attendees an intensive immersion in how to leverage the cloud to drive innovation and growth for their business. In addition to the Summit, Interop will feature five cloud workshops programmed by Cloud Connect. The Interop Expo will also feature a Cloud Connect Zone showcasing cloud companies' technology solutions. Register with Discount Code MPIWK or $200 off Total Access or Cloud Connect Summit Passes.