The Internet of Things (IoT) is giving rise to a whole new set of protocols for API access
Aug. 3, 2014 10:00 PM
Here are some predictions for the API space for 2014:Rise of the Client
It's generally agreed that an API is only as good as the clients which use it. An unused API is a failure. So that's why it's odd that so much attention has focused on the server side of APIs, with comparatively little attention paid to the client side (there are exceptions though, like Runscope's handy Request Editor
, to help developer API clients).
If you ask an API provider about how their API is going to be called by clients, often you are met with a hand-wavy answer along the lines of "It's REST, so it's easy". While it may be true that it's easy to hack together a client to call the API that "just works", the problem is that that's all it does. It "just works", but doesn't provide the high-level benefits such as:
- Ensuring the API is responding according to your expected service level
- A broker layer so that you're not locked into any particular API provider, or:
- API orchestration
At Axway we've seen that our API Gateway
is frequently used at the Client Side, adding a layer of visibility and control to API usage from the client's point of view, as well as providing an independent audit log of API usage, separate from the logs provided by the API provider. All of this points to the rise of the client.
Another major factor involving the rise of the important of the API client is raft of new protocols associated with Machine-to-Machine API access, used in smart-meter or "connected car" environments for example. Which leads us nicely on to the next prediction...Rise of the Thing
(hat-tip to Zahid Ghadialy from EE for this title, taken from his excellent recent presentation
In the world of SOA, we saw that each Web Service could be associated with metadata expressed using WS-PolicyAttachment with WSDL. The mention of any WS-* specification is enough to make anyone cringe, but in the case of SOA, at least there were standards for attaching meta-data to services.
In the case of APIs, we have sites such as ProgrammableWeb
which provide human-readable information about APIs. But this is not the same as machine-readable information which a client can consume, conveying information how to call the API, security tokens (e.g. OAuth 2.0 Access Token) required, and expected response times.
Ole Lensmar wrote a great round-up of the API metadata options
, back in the summer (now you would add RAML to this list). For Enterprise APIs, with security and quality-of-service requirements, I expect API metadata to grow in importance in 2014.Traditional and API-based Integration continue to converge
Axway got a jump on this trend back in late 2012, with the acquisition of Vordel. In fact, at the time of the Vordel acquisition, Kin Lane foretold that
"I predict in 2013-2015 we are going to see more of these types of acquisitions occurring. Large software companies are going to need a robust set of API tools to bring legacy systems into the modern, API driven economy
." And how right he was! 2013 saw a slew of further acquisitions. I would hope that my predictions could be as accurate as Kin's.
There is clearly a need to take advantage of API-based integration, but in tandem with more traditional integration technologies. It's not a case of "either/or". Here at Axway, with API-based integration incorporated into our portfolio, we provide customers with a single suite solution covering B2B, APIs, managed file transfer, and even email security. In 2014, APIs will not be an isolated "new new thing", but will be working in tandem with traditional integration technologies.SOA and APIs no longer adversarial
Paolo Malinverno from Gartner likes to say that "When people talk about APIs and Services, 99% of the time they are talking about the same thing". One of the big take-aways of the recent Gartner AADI conference was that we've gotten over the adversarial talk of "SOA versus APIs" and now there is a realization that they are linked. The linkage goes both ways. For example, APIs can be built on SOA principles (loosely-coupled, abstracting underlying implementation details), and SOA architecture itself can be used to manage APIs. Ideas from SOA, such as management of service meta-data in a repository, find new life in API Management with customizable API Catalogs in API Developer Portals
In 2014, I expect to see more healthy realization that SOA principles are complimentary to API Management,More API Breaches
Finally, on a less positive note, I believe we will see more successful attacks on APIs. In 2013 we had the attack on Buffer's API
and, just last week, the attack on Snapchat's API
. Earlier in the year we saw DoS attacks on banking websites which also brought down Web APIs (resulting in some banking mobile apps becoming unusable). One of the key things which API Gateway
s do is to protect APIs from attack. Of course, they also provide more positive advantages like API Quota Management, caching, and REST-SOAP transformation. But, with growing awareness of API breaches, the security factor will grow in 2014.
Happy 2014 everyone!