Welcome!

Microservices Expo Authors: Liz McMillan, Gregor Petri, Elizabeth White, Pat Romanski, AppDynamics Blog

Related Topics: Microservices Expo, Java IoT, Industrial IoT, IoT User Interface, Agile Computing, SDN Journal

Microservices Expo: Blog Feed Post

Categorizing APIs

Quick: name some APIs! Which ones come to mind? Amazon? Twitter? Google Maps?

Quick: name some APIs! Which ones come to mind? Amazon? Twitter? Google Maps? Chances are, the APIs which came to mind are APIs which are open to any developer to use. But are these the only kinds of APIs that exist? What about Enterprise APIs?

In order to answer this question, let's look at how APIs can be categorized.

First of all, let's look at API Exposure. The two categories are:

  • External : Able to be used outside the organization.
  • Internal : Used only inside the organization

Second, let's look at API Protection. It may be one of three categories:

  • Open: Anybody can use the API, anonymously with no controls
  • Requiring Registration: Developers are identified with API Keys and usage is monitored accordingly
  • Enterprise: Goes beyond just developer registration, adding tight controls on sensitive data, integration with enterprise systems such as Identity Management and event monitoring (SIEM, Splunk, etc).

These axes are orthogonal. Using these axes, APIs divide into six categories. Let's look at the categories:

External APIs

Open External APIs
These are APIs which are open to anybody to access. Usually they take the form of read-only public data feeds.

An example is the Nobel Prize API, which allows a developer to query information about Nobel Prize winners. Another example is the Massachusetts Roadway Events API, which provides developers with access to the (many) roadworks projects happening in Massachusetts at any given moment.

External APIs requiring Registration
These are APIs which are open to any developer to use, but require registration. Once a developer registers, they typically get an API Key. It's important to note that the API Key is not necessarily used for authentication, but instead it is used for identification of the app developer. In this way, the API publisher can apply limits to the usage of their API, and track the usage also.

An example is the US Postal Service's Shipping API. Any developer can use this, but they must register first. The Google Maps API is another good example of a Managed External API. API Keys are required in order to use this API, but any developer can sign up for it. Another example is the Staples API which allows the Staples catalog to be queried. The data is not sensitive, but the developer access is controlled with API Keys.

External Enterprise APIs
These APIs are used to conduct business, or to access sensitive data such as health records. Documentation and information about the API is sometimes public, as in the case of some payments APIs. In many cases though, developer access to the API is by invitation only,  and the documentation may be private. An example is a large HMO in the US which provides an API to retrieve patient prescription information. Access to this API is tightly controlled. Another example, in the B2B space, is a large 401.K provider which allows its corporate customers to provision their new employees with 401.K plans via an API. Access to this API is also tightly controlled.

Other examples of Enterprise External APIs come from the "Internet of Things" where devices such as electricity meters transmit sensitive information via APIs, and this data must be tightly protected.

Enterprise External APIs are typically linked to other enterprise systems such as enterprise Identity Management (IdM).

Internal APIs
Just like on the Internet, lightweight REST APIs are taking over from heavyweight SOAP services inside the organization. However, SOAP and XML are still a fact of life, which means that Internal APIs typically span both XML and JSON.


Open Internal APIs
An example is a company directory API. It is open to all access.

Internal APIs requiring Registration
In some large organizations, as part of an initiative to allow internal developers to develop apps to be used by company employees, some functionality may be exposed as APIs. Access to these APIs is managed, so that developers can sign up, and usage of the APIs can be monitored. An example is an inventory lookup API, which checks the inventory of a particular item in a warehouse. This may be used to develop internal apps for personnel in the field. Internal developers sign up to use this API, get their API keys, and the API usage is monitored in order to prevent data-mining or excessive usage. However, data sensitivity itself is low.

Internal Enterprise APIs
These include APIs used to access private customer data, which may be subject to regulatory controls. Enterprise-class controls are required for these APIs. Even though its exposure is just internal to the organization, its data sensitivity is high. Remember that many privacy breaches come from inside the organization.

In the financial services sector, these include APIs to perform fund management operations such as buying and selling stock. For example, in one large Mutual Fund company, fund managers required the ability to manage their funds via iPad apps. This required access to Internal Enterprise APIs from iPads. This was delivered using tightly-controlled Internal Enterprise APIs.

In the healthcare sector, this category includes APIs which access patient data from inside hospitals and health insurer systems.

On top of simply registering developers, Internal Enterprise APIs require rules to be in place for sensitive data protection, and for a signed audit trail, to prove which user has accessed the API. Internal Enterprise APIs also must integrate with enterprise Identity Management, such as directories and single sign-on.

Conclusion
It is useful to categorize APIs into different axes, because it allows decisions to be made about how to manage them. It is a fact that the most well-known APIs are open APIs on the Internet, or APIs such as Google Maps for which any developer can obtain API Keys. However, although many people are not aware of them, Enterprise APIs are common and perform vital functions for businesses. They are exposed outside the organization and inside the organization also. By categorizing APIs, we can see their requirements clearly, and manage our APIs accordingly.

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

@MicroservicesExpo Stories
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
Much of the value of DevOps comes from a (renewed) focus on measurement, sharing, and continuous feedback loops. In increasingly complex DevOps workflows and environments, and especially in larger, regulated, or more crystallized organizations, these core concepts become even more critical. In his session at @DevOpsSummit at 18th Cloud Expo, Andi Mann, Chief Technology Advocate at Splunk, showed how, by focusing on 'metrics that matter,' you can provide objective, transparent, and meaningful f...
About a year ago we tuned into “the need for speed” and how a concept like "serverless computing” was increasingly catering to this. We are now a year further and the term “serverless” is taking on unexpected proportions. With some even seeing it as the successor to cloud in general or at least as a successor to the clouds’ poorer cousin in terms of revenue, hype and adoption: PaaS. The question we need to ask is whether this constitutes an example of Hype Hopping: to effortlessly pivot to the ...
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes ho...
SYS-CON Events announced today that Tintri Inc., a leading producer of VM-aware storage (VAS) for virtualization and cloud environments, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Tintri VM-aware storage is the simplest for virtualized applications and cloud. Organizations including GE, Toyota, United Healthcare, NASA and 6 of the Fortune 15 have said “No to LUNs.” With Tintri they mana...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
Digitization is driving a fundamental change in society that is transforming the way businesses work with their customers, their supply chains and their people. Digital transformation leverages DevOps best practices, such as Agile Parallel Development, Continuous Delivery and Agile Operations to capitalize on opportunities and create competitive differentiation in the application economy. However, information security has been notably absent from the DevOps movement. Speed doesn’t have to negat...
With the rise of Docker, Kubernetes, and other container technologies, the growth of microservices has skyrocketed among dev teams looking to innovate on a faster release cycle. This has enabled teams to finally realize their DevOps goals to ship and iterate quickly in a continuous delivery model. Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. However, without the right foresight, DevOps and IT teams may lo...
Your business relies on your applications and your employees to stay in business. Whether you develop apps or manage business critical apps that help fuel your business, what happens when users experience sluggish performance? You and all technical teams across the organization – application, network, operations, among others, as well as, those outside the organization, like ISPs and third-party providers – are called in to solve the problem.
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, will compare the Jevons Paradox to modern-day enterprise IT, e...
As applications are promoted from the development environment to the CI or the QA environment and then into the production environment, it is very common for the configuration settings to be changed as the code is promoted. For example, the settings for the database connection pools are typically lower in development environment than the QA/Load Testing environment. The primary reason for the existence of the configuration setting differences is to enhance application performance. However, occas...
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation. In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
When scaling agile / Scrum, we invariable run into the alignment vs autonomy problem. In short: you cannot have autonomous self directing teams if they have no clue in what direction they should go, or even shorter: Alignment breeds autonomy. But how do we create alignment? and what tools can we use to quickly evaluate if what we want to do is part of the mission or better left out? Niel Nickolaisen created the Purpose Alignment model and I use it with innovation labs in large enterprises to de...
SYS-CON Events announced today that Numerex Corp, a leading provider of managed enterprise solutions enabling the Internet of Things (IoT), will exhibit at the 19th International Cloud Expo | @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Numerex Corp. (NASDAQ:NMRX) is a leading provider of managed enterprise solutions enabling the Internet of Things (IoT). The Company's solutions produce new revenue streams or create operating...
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Analysis of 25,000 applications reveals 6.8% of packages/components used included known defects. Organizations standardizing on components between 2 - 3 years of age can decrease defect rates substantially. Open source and third-party packages/components live at the heart of high velocity software development organizations. Today, an average of 106 packages/components comprise 80 - 90% of a modern application, yet few organizations have visibility into what components are used where.
Throughout history, various leaders have risen up and tried to unify the world by conquest. Fortunately, none of their plans have succeeded. The world goes on just fine with each country ruling itself; no single ruler is necessary. That’s how it is with the container platform ecosystem, as well. There’s no need for one all-powerful, all-encompassing container platform. Think about any other technology sector out there – there are always multiple solutions in every space. The same goes for conta...