Welcome!

Linux Containers Authors: Liz McMillan, Elizabeth White, Yeshim Deniz, Pat Romanski, Jyoti Bansal

Related Topics: @CloudExpo, Java IoT, Microservices Expo, Linux Containers, Containers Expo Blog, @BigDataExpo

@CloudExpo: Article

APIs: A Soup to Nuts Analysis

Your APIs are doorways into your business systems

APIs are transforming businesses to extend the reach of their information systems and data. In technical terms, APIs are rather finite, allowing two software applications to exchange data and execute procedures. Yet their business impact is so great that API management requires a far from finite thought process. A "soup to nuts" approach is needed to help companies determine how to achieve the most business success with APIs.

An API enables applications to access back-end systems using lightweight, standards-based protocols such as REST and JSON. For example, if you were in food distribution, the actual business of soup and nuts, you could develop an API that lets mobile app developers tap directly into your ERP system. They could build consumer apps for recipes that showed ingredients that you had in stock. Grocery stores could build apps that gave their shoppers bulk discounts on large orders and so forth. The API extends your food distribution business into customer realms where you've never played before. This is fantastic. But it also presents a number of challenges to the management of the business.

An API Is a Product
Whether you like it or not, your API is basically a software product. It should be managed like one. As external parties connect with your API, they will reasonably expect the kind of professional communication and seamless updates that they would find with any web-based software business. If you are a mobile app developer who is accustomed to tapping into Amazon.com's API or any number of comparable interfaces, you will expect the same kind of experience when you connect with a corporate API.

Perhaps more significantly, the API represents an investment of resources. As such, it should serve a well-thought-out and thorough business strategy just like any software product. This means managing its lifecycle. The software lifecycle starts with planning, continues through development and operation, and ends with retirement and replacement. Ideally each phase of the lifecycle should be managed and monitored for optimal results. Certainly better API lifecycle management will foster more satisfied developers and partner communities.

Planning and Building Your APIs
Sometimes an API just is. Someone in the IT department created it for some reason that has since been forgotten, and there it is. It may or may not be great, but you have it. Should you use it "as is" or wait? This is more common than you might imagine. If you are approaching your APIs as if they were products, you would wait and work through a plan first. You have to get together with business and technology stakeholders and determine the business purpose of the APIs that you will be building. Now, this begs the question: Who exactly is this "you" we are referring to? That is one of your first planning challenges. Who is going to own the API business products that will extend the business into new spheres? So first you have to figure out who owns the API, and often it will be a collection of people that represent different parts of a business. Then the next planning task is to understand the cost/benefit outcomes for the business and intended users.

Chances are there will be more than one API developed and within each API there will be a host of different features to be developed. You will have to devise a priority for the rollout of new features. For instance, with the recipe app, the first release of the API might include simple searching and browsing. The second release might enable users to order products for delivery. The third release could let users pay for orders with credits cards and so forth. Not all of these features can be perfected at once.

Once the API is up, the organization has to be in place to support it. It is necessary to think through the empty seats that might need to be filled so that users of your API will feel as if they are connected to a responsive, living business. For example, if you are planning to invite developers from Europe to connect with your API, you need to have a technical point of contact for them as well as documentation that will be meaningful to them, perhaps translated into different languages. You will have to structure your business to support and manage the API.

Running the API: Protect, Secure, Manage
Your APIs are doorways into your business systems. That's great, but it is also a bit scary. APIs need strong, coherent security and management. If you have a handful of APIs, you will be able to stay on top of their availability, security and provisioning by hand. As your API program grows and it will if you are doing it right, you will likely find that using an API platform becomes a best practice - simply because it can take care of the serious work of API management. Effectively running an API through a platform involves the following:

  • Support non-functional requirements - These include message protocol handling, security policy, authentication and authorization, etc.
  • Manage provisioning and access control for apps - This means the selective provisioning of API access. Corporate APIs are not like their consumer counterparts where you want millions of users. With a corporate API, controlled access is where the users are the most valuable, not the most numerous. The API platform should enable selective provisioning that is still highly automated and light in terms of administrative load. Unfettered usage can bring a host of problems. Traffic and load management can get strained. Worse is the possible need to add extra server instances of costly business software just to satisfy API-driven demand. If the increased load is not generating revenue, satisfying it with more instances will be a waste of money.
  • Monetization and control - An API might be a profit center itself. For example, a food distribution company API could be monetized from selling access to data about sales trends in the food industry. This scenario requires the ability to license access to the API.
  • Provide API monitoring - APIs are just like any other piece of enterprise IT that is monitored for its system health, response times, and availability. In some cases, uptime may not be a big issue. However when your customers and partners are connecting to an API, you will want to know whether it is up, down, or running slowly. The API platform should provide monitoring functionality as well as failover for APIs that go down.

Sharing Your APIs: Publish, Support, Syndicate
APIs succeed when they are shared. The API platform can help create a marketplace where developers can discover your APIs and request permission to use them. The marketplace can be internal to your company or set up for external relationships. Whether it is a developer portal or something comparable, the platform should provide the below sharing functionality:

  • Enable you to interact with and recognize your API developers. In some cases, this process can be set up on a self-service basis to allow it to scale without a major resource investment on your part.
  • Facilitate the creation of great documentation about your API and how to use it.
  • Make testing against your API as easy as possible.
  • Monetize your API to assist in future cost benefit analysis.

Analyze Your API Program: Measure, Report, Iterate
Measurement of program results is in the DNA of most good IT managers. The API platform can help make this process as simple as possible. You will likely want to measure and report on the success of your program across the whole API lifecycle. Lifecycle and results are usually linked. For instance, if you see adoption of the recipe API rise as new features are added and new versions are introduced, that is an important finding to determine the payoff of earlier investments in the program and guide future direction. The right API measuring tools can help you drive improvement back into the planning stage. It is a never-ending cycle.

The Platform Approach to API Lifecycle Management
The execution of an API program that manages APIs like products across their full lifecycles requires a combination of organization and technology. The technology alone cannot make it happen. The organization cannot do it alone without the proper tools. In our experience working with many large enterprises, the best practice is to match the API owners with a platform approach to lifecycle management. The platform can be a complete offering, such as our own SOA Software API Management Solution, or it can be built in a variety of other ways. What's important is to recognize that the people, process and platform need to work together to effect comprehensive API lifecycle management. This will ensure the success of the API program.

Lifecycle Management
Ideally lifecycle management will be baked into the structure of the platform tooling, allowing for automated approvals and workflow for each stage of the API lifecycle. This means having the ability to align work streams related to API lifecycle, such as costing, product management, documentation and legal. People involved in running the API program can thus work together efficiently. The API development capability itself should have API modeling, templates, versioning and change management, and impact analysis. These features serve the goal of managing the full API lifecycle without an untenable resource investment.

Gateway
API management typically works using a proxy that can be managed and monitored more easily than the API itself. For multiple APIs, the best approach is a "gateway" or collective proxy with added integration and mediation capabilities including:

  • Process Composition/Orchestration.
  • Security, including AU/AZ, attack prevention, and protecting your systems from abuse.
  • Caching and paging.
  • Supporting multiple mobile app platforms.
  • Managing quality of service (QoS).

Community
Exposing APIs to your systems involves building a community. Developers whom you don't know will be writing code to access your data through APIs. For the process to work, they need to feel as if they are connecting with real people. This can be achieved in part with self-service and automation and actual human involvement. A developer portal is essential for the following functions:

  • Self-service community to promote innovation and lower support costs.
  • Interactive documentation to increase adoption and encourage experimentation with your APIs.
  • App provisioning so you can gain visibility and control over the apps that are hitting your APIs.
  • Integrated testing to speed up learning.
  • Analytics to provide feedback and measure success.

Getting There
You have your soup. You want the nuts. There is a path to dessert. However all this requires a mature and profitable API program. Our recommendation is to think about what you want to accomplish with APIs from the vantage points of productization and lifecycle. Building APIs puts you into the business of creating software products. While you may not see the API as a product, it is one. And, like any software product, it needs to be managed across its entire lifecycle. From planning through running and sharing, the API has to be monitored and secured. The work of managing it needs to be handled efficiently so that the program can be financially and strategically beneficial to the business. The best practice to ensure all of these outcomes is to use an API management platform to automate the handling of all of your APIs as they progress across their lifecycles. That will get you the nuts. The alternative is to go nuts, and that's not what anyone wants.

More Stories By Alistair Farquharson, CTO, SOA Software

Alistair Farquharson is a visionary industry veteran focused on using disruptive technologies to drive business growth and improve efficiency and agility within organizations. As the CTO of SOA Software Alistair is helping to shape and mature the enterprise API and SOA industry. Alistair is responsible for product strategy and development for this leading Enterprise API and SOA Governance company. He spends a great deal of time and energy shaping customer and industry direction with regular conference keynote appearances, discussions with customers, and even the occasional foray into writing code. Alistair has been at the forefront of many technology waves from enterprise web architecture, through web services and SOA, and now into APIs. His expertise spans a wide range of technologies and businesses, and he brings a unique global focus to everything he does.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@ThingsExpo Stories
SYS-CON Events announced today that Interoute has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Interoute is the owner operator of Europe's largest network and a global cloud services platform, which encompasses over 70,000 km of lit fiber, 15 data centers, 17 virtual data centers and 33 colocation centers, with connections to 195 additional partner data centers. Our full-service Unifie...
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry’s single source for the cloud. Fusion’s advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including cloud...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
Detecting internal user threats in the Big Data eco-system is challenging and cumbersome. Many organizations monitor internal usage of the Big Data eco-system using a set of alerts. This is not a scalable process given the increase in the number of alerts with the accelerating growth in data volume and user base. Organizations are increasingly leveraging machine learning to monitor only those data elements that are sensitive and critical, autonomously establish monitoring policies, and to detect...
SYS-CON Events announced today that WineSOFT will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Based in Seoul and Irvine, WineSOFT is an innovative software house focusing on internet infrastructure solutions. The venture started as a bootstrap start-up in 2010 by focusing on making the internet faster and more powerful. WineSOFT’s knowledge is based on the expertise of TCP/IP, VPN, SSL, peer-to-peer, mob...
SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in rea...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
SYS-CON Events announced today that Systena America will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Systena Group has been in business for various software development and verification in Japan, US, ASEAN, and China by utilizing the knowledge we gained from all types of device development for various industries including smartphones (Android/iOS), wireless communication, security technology and IoT serv...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that A&I Solutions named "Bronze Sponsor" of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded over 15 years ago in 1999, A&I Solutions continues to provide companies with premier integrated enterprise solutions. By partnering with the trusted and proven solutions of leading technology companies, our customers are assured high performance levels across all IT environments including:...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...
SYS-CON Events announced today that Cloud Academy will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud computing technologies. Ge...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive ad...
The hot topics in the industry today seem to center around Digital Transformation and Mobile Apps. While a digital transformation strategy is crucial to keep up with the chaos in your industry, customer demands, and other disruptions, the need to create mobile apps to remain relevant in your market and to your customers is equally a no-brainer. Regardless of the approach, the next question always seems to pop up: What architecture should I chose? Native? Hybrid? Managed? Hosted?
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search and...