Welcome!

Microservices Expo Authors: Pat Romanski, Liz McMillan, Derek Weeks, Jason Bloomberg, AppDynamics Blog

Related Topics: Microservices Expo, Java IoT, Industrial IoT, IoT User Interface, Agile Computing, SDN Journal

Microservices Expo: Blog Feed Post

Categorizing APIs

Quick: name some APIs! Which ones come to mind? Amazon? Twitter? Google Maps?

Quick: name some APIs! Which ones come to mind? Amazon? Twitter? Google Maps? Chances are, the APIs which came to mind are APIs which are open to any developer to use. But are these the only kinds of APIs that exist? What about Enterprise APIs?

In order to answer this question, let's look at how APIs can be categorized.

First of all, let's look at API Exposure. The two categories are:

  • External : Able to be used outside the organization.
  • Internal : Used only inside the organization

Second, let's look at API Protection. It may be one of three categories:

  • Open: Anybody can use the API, anonymously with no controls
  • Requiring Registration: Developers are identified with API Keys and usage is monitored accordingly
  • Enterprise: Goes beyond just developer registration, adding tight controls on sensitive data, integration with enterprise systems such as Identity Management and event monitoring (SIEM, Splunk, etc).

These axes are orthogonal. Using these axes, APIs divide into six categories. Let's look at the categories:

External APIs

Open External APIs
These are APIs which are open to anybody to access. Usually they take the form of read-only public data feeds.

An example is the Nobel Prize API, which allows a developer to query information about Nobel Prize winners. Another example is the Massachusetts Roadway Events API, which provides developers with access to the (many) roadworks projects happening in Massachusetts at any given moment.

External APIs requiring Registration
These are APIs which are open to any developer to use, but require registration. Once a developer registers, they typically get an API Key. It's important to note that the API Key is not necessarily used for authentication, but instead it is used for identification of the app developer. In this way, the API publisher can apply limits to the usage of their API, and track the usage also.

An example is the US Postal Service's Shipping API. Any developer can use this, but they must register first. The Google Maps API is another good example of a Managed External API. API Keys are required in order to use this API, but any developer can sign up for it. Another example is the Staples API which allows the Staples catalog to be queried. The data is not sensitive, but the developer access is controlled with API Keys.

External Enterprise APIs
These APIs are used to conduct business, or to access sensitive data such as health records. Documentation and information about the API is sometimes public, as in the case of some payments APIs. In many cases though, developer access to the API is by invitation only,  and the documentation may be private. An example is a large HMO in the US which provides an API to retrieve patient prescription information. Access to this API is tightly controlled. Another example, in the B2B space, is a large 401.K provider which allows its corporate customers to provision their new employees with 401.K plans via an API. Access to this API is also tightly controlled.

Other examples of Enterprise External APIs come from the "Internet of Things" where devices such as electricity meters transmit sensitive information via APIs, and this data must be tightly protected.

Enterprise External APIs are typically linked to other enterprise systems such as enterprise Identity Management (IdM).

Internal APIs
Just like on the Internet, lightweight REST APIs are taking over from heavyweight SOAP services inside the organization. However, SOAP and XML are still a fact of life, which means that Internal APIs typically span both XML and JSON.


Open Internal APIs
An example is a company directory API. It is open to all access.

Internal APIs requiring Registration
In some large organizations, as part of an initiative to allow internal developers to develop apps to be used by company employees, some functionality may be exposed as APIs. Access to these APIs is managed, so that developers can sign up, and usage of the APIs can be monitored. An example is an inventory lookup API, which checks the inventory of a particular item in a warehouse. This may be used to develop internal apps for personnel in the field. Internal developers sign up to use this API, get their API keys, and the API usage is monitored in order to prevent data-mining or excessive usage. However, data sensitivity itself is low.

Internal Enterprise APIs
These include APIs used to access private customer data, which may be subject to regulatory controls. Enterprise-class controls are required for these APIs. Even though its exposure is just internal to the organization, its data sensitivity is high. Remember that many privacy breaches come from inside the organization.

In the financial services sector, these include APIs to perform fund management operations such as buying and selling stock. For example, in one large Mutual Fund company, fund managers required the ability to manage their funds via iPad apps. This required access to Internal Enterprise APIs from iPads. This was delivered using tightly-controlled Internal Enterprise APIs.

In the healthcare sector, this category includes APIs which access patient data from inside hospitals and health insurer systems.

On top of simply registering developers, Internal Enterprise APIs require rules to be in place for sensitive data protection, and for a signed audit trail, to prove which user has accessed the API. Internal Enterprise APIs also must integrate with enterprise Identity Management, such as directories and single sign-on.

Conclusion
It is useful to categorize APIs into different axes, because it allows decisions to be made about how to manage them. It is a fact that the most well-known APIs are open APIs on the Internet, or APIs such as Google Maps for which any developer can obtain API Keys. However, although many people are not aware of them, Enterprise APIs are common and perform vital functions for businesses. They are exposed outside the organization and inside the organization also. By categorizing APIs, we can see their requirements clearly, and manage our APIs accordingly.

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

@MicroservicesExpo Stories
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus inter...
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, will show how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningfu...
In the world of DevOps there are ‘known good practices’ – aka ‘patterns’ – and ‘known bad practices’ – aka ‘anti-patterns.' Many of these patterns and anti-patterns have been developed from real world experience, especially by the early adopters of DevOps theory; but many are more feasible in theory than in practice, especially for more recent entrants to the DevOps scene. In this power panel at @DevOpsSummit at 18th Cloud Expo, moderated by DevOps Conference Chair Andi Mann, panelists will dis...
Wow, if you ever wanted to learn about Rugged DevOps (some call it DevSecOps), sit down for a spell with Shannon Lietz, Ian Allison and Scott Kennedy from Intuit. We discussed a number of important topics including internal war games, culture hacking, gamification of Rugged DevOps and starting as a small team. There are 100 gold nuggets in this conversation for novices and experts alike.
Many private cloud projects were built to deliver self-service access to development and test resources. While those clouds delivered faster access to resources, they lacked visibility, control and security needed for production deployments. In their session at 18th Cloud Expo, Steve Anderson, Product Manager at BMC Software, and Rick Lefort, Principal Technical Marketing Consultant at BMC Software, will discuss how a cloud designed for production operations not only helps accelerate developer...
The notion of customer journeys, of course, are central to the digital marketer’s playbook. Clearly, enterprises should focus their digital efforts on such journeys, as they represent customer interactions over time. But making customer journeys the centerpiece of the enterprise architecture, however, leaves more questions than answers. The challenge arises when EAs consider the context of the customer journey in the overall architecture as well as the architectural elements that make up each...
In a crowded world of popular computer languages, platforms and ecosystems, Node.js is one of the hottest. According to w3techs.com, Node.js usage has gone up 241 percent in the last year alone. Retailers have taken notice and are implementing it on many levels. I am going to share the basics of Node.js, and discuss why retailers are using it to reduce page load times and improve server efficiency. I’ll talk about similar developments such as Docker and microservices, and look at several compani...
From the conception of Docker containers to the unfolding microservices revolution we see today, here is a brief history of what I like to call 'containerology'. In 2013, we were solidly in the monolithic application era. I had noticed that a growing amount of effort was going into deploying and configuring applications. As applications had grown in complexity and interdependency over the years, the effort to install and configure them was becoming significant. But the road did not end with a ...
In 2006, Martin Fowler posted his now famous essay on Continuous Integration. Looking back, what seemed revolutionary, radical or just plain crazy is now common, pedestrian and "just what you do." I love it. Back then, building and releasing software was a real pain. Integration was something you did at the end, after code complete, and we didn't know how long it would take. Some people may recall how we, as an industry, spent a massive amount of time integrating code from one team with another...
Admittedly, two years ago I was a bulk contributor to the DevOps noise with conversations rooted in the movement around culture, principles, and goals. And while all of these elements of DevOps environments are important, I’ve found that the biggest challenge now is a lack of understanding as to why DevOps is beneficial. It’s getting the wheels going, or just taking the next step. The best way to start on the road to change is to take a look at the companies that have already made great headway ...
Struggling to keep up with increasing application demand? Learn how Platform as a Service (PaaS) can streamline application development processes and make resource management easy.
As the software delivery industry continues to evolve and mature, the challenge of managing the growing list of the tools and processes becomes more daunting every day. Today, Application Lifecycle Management (ALM) platforms are proving most valuable by providing the governance, management and coordination for every stage of development, deployment and release. Recently, I spoke with Madison Moore at SD Times about the changing market and where ALM is headed.
If there is anything we have learned by now, is that every business paves their own unique path for releasing software- every pipeline, implementation and practices are a bit different, and DevOps comes in all shapes and sizes. Software delivery practices are often comprised of set of several complementing (or even competing) methodologies – such as leveraging Agile, DevOps and even a mix of ITIL, to create the combination that’s most suitable for your organization and that maximize your busines...
The goal of any tech business worth its salt is to provide the best product or service to its clients in the most efficient and cost-effective way possible. This is just as true in the development of software products as it is in other product design services. Microservices, an app architecture style that leans mostly on independent, self-contained programs, are quickly becoming the new norm, so to speak. With this change comes a declining reliance on older SOAs like COBRA, a push toward more s...
I have an article in the recently released “DZone Guide to Building and Deploying Applications on the Cloud” entitled “Fullstack Engineering in the Age of Hybrid Cloud”. In this article I discuss the need and skills of a Fullstack Engineer with relation to troubleshooting and repairing complex, distributed hybrid cloud applications. My recent experiences with troubleshooting issues with my Docker WordPress container only reinforce the details I wrote about in this piece. Without my comprehensive...
Digital means customer preferences and behavior are driving enterprise technology decisions to be sure, but let’s not forget our employees. After all, when we say customer, we mean customer writ large, including partners, supply chain participants, and yes, those salaried denizens whose daily labor forms the cornerstone of the enterprise. While your customers bask in the warm rays of your digital efforts, are your employees toiling away in the dark recesses of your enterprise, pecking data into...
Small teams are more effective. The general agreement is that anything from 5 to 12 is the 'right' small. But of course small teams will also have 'small' throughput - relatively speaking. So if your demand is X and the throughput of a small team is X/10, you probably need 10 teams to meet that demand. But more teams also mean more effort to coordinate and align their efforts in the same direction. So, the challenge is how to harness the power of small teams and yet orchestrate multiples of them...
You deployed your app with the Bluemix PaaS and it's gaining some serious traction, so it's time to make some tweaks. Did you design your application in a way that it can scale in the cloud? Were you even thinking about the cloud when you built the app? If not, chances are your app is going to break. Check out this webcast to learn various techniques for designing applications that will scale successfully in Bluemix, for the confidence you need to take your apps to the next level and beyond.
With DevOps becoming more well-known and established practice in nearly every industry that delivers software, it is important to continually reassess its efficacy. This week’s top 10 includes a discussion on how the quick uptake of DevOps adoption in the enterprise has posed some serious challenges. Additionally, organizations who have taken the DevOps plunge must find ways to find, hire and keep their DevOps talent in order to keep the machine running smoothly.
Much of the discussion around cloud DevOps focuses on the speed with which companies need to get new code into production. This focus is important – because in an increasingly digital marketplace, new code enables new value propositions. New code is also often essential for maintaining competitive parity with market innovators. But new code doesn’t just have to deliver the functionality the business requires. It also has to behave well because the behavior of code in the cloud affects performan...