Click here to close now.

Welcome!

Microservices Journal Authors: Liz McMillan, Elizabeth White, Carmen Gonzalez, Alena Prokharchyk, XebiaLabs Blog

Related Topics: @ThingsExpo, Java, Microservices Journal, Cloud Expo

@ThingsExpo: Blog Feed Post

Look Beyond The Mobile or Web Client To The Internet of Things

Ten API Commandments for Consumers

Kin Lane, the API Evangelist, has produced a list of the Ten API Commandments for Providers. It's a very good list, including privacy, security, and documentation. I encourage everyone to read it and comment.
What about the corresponding list for API Consumers? Although I don't want to compare myself to a biblical figure (or indeed to Kin Lane :) ), here is my crack at a list of API commandments for consumers:

1. Protect your API Keys. API Keys are often issued to developers through an API Portal to use in their apps. These API Key allow developers to access apps. Sometimes the keys are used in conjunction with OAuth, or sometimes they are used in a pure API Key based authentication scheme. It is natural for developers to use Github as a repository for their code. But, what if the API Key is baked into the code of your API consumer app? Ross Penham recently wrote about the disturbing amount of API Keys which he found in Github. A good solution is to use an API Gateway to manage the API keys, separately from the API consumer application itself.


2. Understand how APIs affect your client app's performance. If an API call is slow, then your app is slow. Users may then understandably complain. What if the problem is not your app itself, but an API it's consuming? How you can isolate the problem, so that you can see how a slow API is affecting your users? The answer is to have Root-Cause Analysis in place for your APIs. Here is an example of how you can track the response times of the SalesForce.com API. Here is another example, this time from the mobile telco 3 in the UK. In this way, you can point your finger at the problem, and apply root-cause analysis.

3. Apply the "Missing SLA". API Providers often do not provide a Service Level Agreement (SLA). Unless you are a very large corporation, spending a lot of money on API calls, you may not be able to force them to put an API in place for you. Again taking the example the SalesForce.com API, here is a walk-through with videos of how you can apply monitoring and an SLA in place for your outbound API calls.

4. Think about the data. When calling an API, it's natural to think about the security of the API call itself. Commandment #1 above is about securing the keys used for the API call. But what about the data being sent to the API? In many cases, you can think of an API as a conduit for data. If this data contains anything private, in terms of what is called PII (Personally Identifiable Information), then it must be encrypted, redacted, tokenized, or removed by an API Gateway.

5. Plan beyond asynchronous request response - think about WebSockets, AMQP, MQTT, and CoAP. HTML WebSockets are an exciting technology which we're seeing customers begin to leverage for their API consumption. WebSockets brings some great capabilities, such as full-duplex communication with the capability for APIs to "push" data to the client. But, it also brings security questions, and a veritable alphabet soup of new protocols beyond HTTP. The good news is that companies like Axway are thinking about the interplay and security of these new protocols. For more reading, I recommend checking out December's AMQP WebSocket Binding (WSB) which was drafted with help from my Axway colleague Dale Moburg.

6. Loose Coupling. Yes, "Loose Coupling" is something that isn't new - in fact it is a dictum of SOA-based integration from ten years ago. However, it is just as relevant now. Don't hard-code your API consumer to a particular version of an API. In fact, by putting an API Gateway in place, you don't even have to hard-code your API to a particular API (e.g. you can switch between different storage services).

7. Don't hate HATEOAS. HATEOAS is something that some API developers struggle to understand (or even pronounce), but it is very valuable because HATEOAS provides a framework for API calls which describe the "flow" of calls which a client can make. Even if you don't plan on using HATEOAS initially, and are just constructing quick-and-dirty API calls using string manipulation, it is still worth understanding.

8. Look beyond the Mobile or Web client to the Internet of Things. Until recently, API clients were assumed to usually be mobile devices. In fact, if you see a diagram on a Powerpoint slide of an API being called, it is usually a mobile app which is doing the calling. Now, we're moving on to the "Internet of Things" (IoT). IoT raises interesting requirements for API Consumers. For example, how can a low-powered device (like a lightbulb) perform the requisite processing required to access an API? What about devices which have intermittent Internet connections (e.g. a Connected Car, which may not always be online). At Axway, we've produced a Webinar and associated White Paper with Gunnar Peterson on the new security requirements when accessing APIs in the Internet of Things. I encourage folks to check this out.

9. Take a broad view of APIs: XML is unfashionable but still exists. If you look at some APIs used in business-to-business contexts, you often see the more heavyweight XML-based standards like AS2 and ebXML used. For example, later this week we are running a Webinar about accessing Australian Government "Superfund" services, and this uses an API which heavily XML-based. You won't find "I AS2" or "I ebXML" written on a sticker on the back of a MacBook Pro anytime soon, but if you are writing API Consumer apps which will access Enterprise APIs, you ignore these older types of APIs at your peril.

10. Spread the word. Here I echo Kin's commandment to spread the word - to evangelize - your API exploits. In the case of API Consumers, this is just as important as API Providers. On our API Workshop tours, we've had API practitioners speaking about how they are using APIs. Watch this space for news on our upcoming API Workshops, and feel free to get in touch if you have any great API Consumer stories, or tips to add to these Ten Commandments :)

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

@MicroservicesExpo Stories
SYS-CON Events announced today that MangoApps will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY., and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides private all-in-one social intranets allowing workers to securely collaborate from anywhere in the world and from any device. Social, mobile, and eas...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immed...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
One of the most frequently requested Rancher features, load balancers are used to distribute traffic between docker containers. Now Rancher users can configure, update and scale up an integrated load balancing service to meet their application needs, using either Rancher's UI or API. To implement our load balancing functionality we decided to use HAproxy, which is deployed as a contianer, and managed by the Rancher orchestration functionality. With Rancher's Load Balancing capability, users ...
There are 182 billion emails sent every day, generating a lot of data about how recipients and ISPs respond. Many marketers take a more-is-better approach to stats, preferring to have the ability to slice and dice their email lists based numerous arbitrary stats. However, fundamentally what really matters is whether or not sending an email to a particular recipient will generate value. Data Scientists can design high-level insights such as engagement prediction models and content clusters that a...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
What’s hot in today’s cloud computing world? Containers are fast becoming a viable alternative to virtualization for the right use cases. But to understand why containers can be a better option, we need to first understand their origins. In basic terms, containers are application-centric environments that help isolate and run workloads far more efficiently than the traditional hypervisor technology found in commodity cloud Infrastructure as a Service. Modern operating systems (Linux, Windows, e...

As a company making software for Continuous Delivery and Devops at scale, at XebiaLabs we’re pretty much always in discussions with users about the benefits and challenges of new development styles, application architectures, and runtime platforms. Unsurprisingly, many of these discussions right now focus on microservices on the application side and containers and related frameworks […]

The post May. 3, 2015 10:00 AM EDT  Reads: 1,725

The cloud has transformed how we think about software quality. Instead of preventing failures, we must focus on automatic recovery from failure. In other words, resilience trumps traditional quality measures. Continuous delivery models further squeeze traditional notions of quality. Remember the venerable project management Iron Triangle? Among time, scope, and cost, you can only fix two or quality will suffer. Only in today's DevOps world, continuous testing, integration, and deployment upend...
Financial services organizations were among the earliest enterprise adopters of cloud computing. The ability to leverage massive compute, storage and networking resources via RESTful APIs and automated tools like Chef and Puppet made it possible for their high-horsepower IT users to develop a whole new array of applications. Companies like Wells Fargo, Fidelity and BBVA are visible, vocal and engaged supporters of the OpenStack community, running production clouds for applications ranging from d...
Chuck Piluso will present a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Speaker Bio: Prior to Data Storage Corporation (DSC), Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of ...
To manage complex web services with lots of calls to the cloud, many businesses have invested in Application Performance Management (APM) and Network Performance Management (NPM) tools. Together APM and NPM tools are essential aids in improving a business's infrastructure required to support an effective web experience... but they are missing a critical component - Internet visibility. Internet connectivity has always played a role in customer access to web presence, but in the past few years u...
Working with Big Data is challenging, especially when decision makers depend on market insights and intelligence from your data but don't have quick access to it or find it unusable. In their session at 6th Big Data Expo, Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia; Zel Bianco, President, CEO and Co-Founder of Interactive Edge of Solgenia; and Ermanno Bonifazi, CEO & Founder at Solgenia, discussed how a revolutionary cloud-based BI along with mobile analytics is already c...
Operationalizing the network continues to be a driving force behind DevOps and SDN. The ability to solve real problems using programmability to automate and orchestrate infrastructure provisioning and configuration across the application release process remains the hope for many interested in one or the other - and often times both. A recent Avaya sponsored, Dynamic Markets survey (reg required) dove deep into the demesne of SDN and found that many of the problems companies have - and expect ...
We just finished the first O’Reilly Software Architecture Conference and the overwhelming most popular topic was microservices. Why all the hype about an architectural style? Microservices are the first post-DevOps revolution architecture. The DevOps revolution highlighted how much inadvertent friction an outdated operations mindset can cause, starting the move towards automating away manual tasks.
This is my first blog post at AppDynamics, and I have to say that it’s great to be aboard. It’s been a hectic first couple of weeks, but the energy, enthusiasm and friendliness of everyone I have met has made me very excited about 2015! AppDynamics has a market leading APM and analytics platform but it also takes great people to make a great company – and AppDynamics has a wealth of talent! So to start my blogging life at AppDynamics I want to focus on something that is a red-hot buzzword in IT...
Cloud computing seems destined to be the way enterprises will use information technology. The drastic cost reductions and impressive operational improvements make the transition an unstoppable trend. The “What is cloud computing?” question now, however, seems to be morphing into “Where is cloud computing going?” While software-as-a-service (SaaS) providers see their market rocketing upward as the easiest and quickest path for cloud adoption, infrastructure-as-a-service providers are suffering...
Software is eating the world. Companies that were not previously in the technology space now find themselves competing with Google and Amazon on speed of innovation. As the innovation cycle accelerates, companies must embrace rapid and constant change to both applications and their infrastructure, and find a way to deliver speed and agility of development without sacrificing reliability or efficiency of operations. In her Day 2 Keynote DevOps Summit, Victoria Livschitz, CEO of Qubell, discussed...
SYS-CON Events announced today that Vicom Computer Services, Inc., a provider of technology and service solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. They are located at booth #427. Vicom Computer Services, Inc. is a progressive leader in the technology industry for over 30 years. Headquartered in the NY Metropolitan area. Vicom provides products and services based on today’s requirements...
SYS-CON Events announced today that Blue Box has been named “Bronze Sponsor” of SYS-CON's DevOps Summit New York, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Blue Box delivers Private Cloud as a Service (PCaaS) to a worldwide customer base. Built on a technology platform leveraging decades of operational expertise in cloud and distributed systems, Blue Box Cloud is a managed private cloud product available in both hosted and on-prem versions. Each Blue Box ...