The rise of application programming interfaces (APIs) have created new and immediate challenges to enterprises, and managing them is no longer a technological imperative, but a strategic one.
“The rise of APIs has created some new and immediate challenges,” said Scott Morrison, senior VP and distinguished Engineer at CA Technologies in a recent webcast. “iPhones come and go,” he said, alluding to the big Apple launch the same day, “but APIs are really something significant.”
Morrison hails from Layer 7 Technologies, recently acquired by CA, where he served as CTO, and led the company’s efforts to develop a security infrastructure for mobile systems, cloud computing and APIs. He said smartphones put the Internet in everyone’s pockets and created a connectedness that did not exist previously. “The really connected smartphone was a watershed moment because it jacked us into the Internet.”
But it wasn’t just the increased connectivity that was significant, said Morrison. It also heralded a move to simplicity. The startups popping up in Silicon Valley selling services all have the same message: “Look how easy this is.”
Whether it’s integrating the new technology or using it as a foundation to build apps and services, complexity is no longer cool, said Morrison, and that’s where IT departments must prepare enterprises to move toward. “Complexity created job security and confidence because people had to come to us,” he said. “The younger generation don’t think complexity is cool at all.”
Building apps for the cloud, for example, is about simplicity, said Morrison, although there are legacy systems enterprises want to connect. “APIs are really about trying to pull things together,” he said. “This is really a new paradigm shift of how we integrate things together.”
For the past 30 years, different protocols and models, such as SOAP and XML, were used to connect computers but were not ideal and also complex, and it was the rise of the web followed by smartphones that have propelled the use of APIs. “APIs are really a culmination of those failures,” he said. “APIs went back to basics. They are simple, like the web. And the simpler we can make it, the better. In the end, it’s about getting the apps out.”
APIs may be a simpler way to connect devices and services, but Morrison said the challenge is there is a giant explosion of connected devices worldwide, including mobile and IoT devices, as well as apps and downloads. “Hence, APIs are growing exponentially,” he said, “and this provides a view as to where is enterprise IT is going.”
Morrison said the executive suite are beginning to wonder why IT departments can’t run the way mobile phones run. “That’s the new thing we have to achieve.”
But no enterprise has just one or two APIs, and different systems have different approaches to security and identity, as well as other constraints such as how many hits per second they can handle. And historically, the challenge has been to get developers thinking about security up front. Morrison said that instead of changing how developers work, the answer is to go with the flow, and leverage API gateways, which solve a great deal of problems. “Gateways have policy language to articulate what you want to do.”
Any API gateway supports following: authorization and authentication; confidentiality and integrity; treat detection; rate limiting, traffic shaping and SLA; audits; orchestration; and, integration with existing infrastructure. API gateways are typically deployed at the network edge, said Morrison, but can be sprinkled throughout the network to create zones of trust.
“A gateway is like a border guard,” he said. “It’s not there to help the developer consuming the API.” That can be achieved with an API management portal, where APIs can be registered and easy to consume. “It supports the simplicity model.”