ITI014En-API management
-
Upload
huibert-aalbers -
Category
Software
-
view
251 -
download
0
Transcript of ITI014En-API management
IT Insight podcast• This podcast belongs to the IT Insight series
• You can subscribe to the podcast through iTunes.
• Additional material such as presentations in PDF format or white papers mentioned in the podcast can be downloaded from the IT insight section of my site at http://www.huibert-aalbers.com
• You can send questions or suggestions regarding this podcast to my personal email, [email protected]
Mobile AppsMost mobile apps are just a presentation layer that interacts through APIs with a service running on the cloud. That is why these applications require Internet access to work
• Weather Apps
• Stock market portfolio Apps
• Siri, etc.
In many cases, different apps, use the same API to obtain the data, the difference lies in the way they present it (UI & UX).
What is an API?• API stands for Application Programming
Interface
• An API is either:
• A single function call to a service (i.e. On Android there is an API to turn the flash on)
• The complete set of function calls that can be used to interact with a service (i.e. Apple’s iOS includes an Apple Maps API)
• Virtually all smart devices currently offer an API that allows developers to find new ways to use these products. This is enabling the Internet of Things (IoT)
Local & Remote APIsThere are two types of APIs
• APIs which are executed locally, usually implemented as class libraries in object oriented languages
• Local libraries include for example all the APIs available for developers to build mobile apps on iOS and Android
• Remote APIs which are invoked over the network, implemented as Web Services
• These employ the same technologies used in Service Oriented Architecture (SOA)
A Service Oriented Architecture refresher• Instead of writing large and complex monolithic applications, smaller reusable components are
developed which are easier to test and maintain
• Applications are built by graphically designing the business processes, which invoke functions (APIs) belonging to the reusable components
• New applications can reuse existing components, which speeds up development
• Another option is to use services built and hosted by third parties
• Components are known as services
• You can learn much more about SOA in previous episodes of IT Insight
• ITI003-SOA I
• ITI005-SOA II
• ITI007-Successful SOA implementation
What is a service?A service is a reusable component that implements a set of related business functions (API calls)
• A bank could for example create a component designed to handle their account management. Such a component would likely implement the following functions
• Open a new account or close an existing account
• Deposit or withdraw money in or from an account
• Transfer funds between accounts
• Check an account’s balance
• Such a service could be used from multiple applications or business processes, such as credit application, front office application, etc.
• Services are invoked using industry standards
• http, XML, JSON, REST, etc.
Why develop web services?
• Modular applications are much easier to update in response to changes to the business landscape
• Building multi-channel applications becomes trivial
• PC, Web, Kiosks, Interactive Voice Response (IVR), SMS, etc.
How are web services developed?• Web services can be developed in most programming languages (Java, C/C++,
C#, Cobol, Perl, Javascript, etc.)
• What’s important is that they can be invoked by using any of the two leading web services standards
• SOAP / XML
• REST / JSON
• Scalability is key to the success of a Web Service / API. Choose a language/technology that is truly elastic.
• Services are not different from other pieces of code. They need to be thoroughly tested and built using a proven development methodology.
The API economy
Definition
Where companies [providers] expose their (internal) digital business assets or services in the form of (Web) APIs to third parties [consumers] with the goal of unlocking additional business value through the creation of new assets.
Example: Breathometer
• Breathometer is a Bluetooth sensor that measures the level of alcohol in our blood
• The app uses APIs from Uber and hotels.com to look for alternatives for those who are not able to drive
• This drives new customers to these companies, who may have used other alternatives otherwise
Mobile Apps require a scalable, secure and robust back-end
By using APIs in the back-end, front-end developers can easily use the data and services exposed by the company
Back-end
Front-end
30% of the total value and effort is visible (User interface or UX)
70% of the total value and effort is below the surface
Business modelsFor those developing an API designed to support mobile applications, the most important business decision they will have to take will be deciding which of the following three business models they will choose to adopt:
• Closed model
• Open model (API only)
• Hybrid model
Closed modelThe app developer also owns and controls the API and doesn’t allow third party apps to use it.
Pros
• Total control of the platform
• No competition
Cons
• No revenue from granting access to the API to other apps
• Less innovation
• No help from third parties to promote the platform
• This gives a strong incentive to others to try to create an alternative API
Open model (API only)The API developer allows any third party to use it and decides not to compete with an app of his own
Pros
• Third parties are more likely to embrace the API if they know that they will not compete against the service or data provider
Cons
• Upgrading the API becomes more complex
• Temptation to close access to the API grows stronger as the service becomes successful
• Monetization options shrink significantly
Hybrid modelThe API ’s developer has its own app, but also allows other apps to use it
Pros
• With many apps showcasing the value of the API, it becomes easier to reach a much larger audience
• Increased competition spurs innovation
Cons
• There is a risk of losing control
• Monetization options shrink significantly
• Trying to change the API’s terms of service can provoke a business partner rebellion
Hybrid model
In this model, what the API developer is really looking for are business partners that will not compete directly and instead will bring additional business opportunities in
• Unfortunately, finding these ideal win-win situations is not always possible
Hybrid modelThe hybrid model generally ends up creating a power struggle between the app developers and the API provider, as all players try to get the largest share of the generated revenue
• The API provider has more power when there are few or no alternative sources to the data/services it offers
• The more customers an application has, the more negotiation power goes to its developer
Mashups
By combining multiple web services, it is possible to obtain results that are much more valuable than the sum of the individual parts
• chicagocrime.org
The value of informationThe previous charts clearly prove that the most valuable natural resource for the XXIst century is information.
That is why there is a raging battle being fought between those who believe that information should be free and made available to everyone (“Open Data”) and those who want to extract the most value out of their information.
The value of informationWhere does the information come from?
• Some organizations have been collecting it for years to support their transactional operations. They just need to transform it and make it available in order to extract the value.
• Others create a platform which allows users to share valuable data, sometimes without even realising they are doing it (Web 2.0)
• Finally, by leveraging crowdsourcing, activists can build high value databases and share them freely
Open DataThere are many organizations that own valuable data but don’t want or cannot (for legal reasons) benefit monetarily from their publication
• Generally these are government or non-profit organizations
• They can choose to share crude data which developers can then process and expose through an API
Open Data - What can go wrong?The quality of the published information has to be very high in order to be really useful. That means that the data has to be:
• Cleansed
• Correct
• Published in a way that is easy to consume
• Regularly updated
Nobody uses my API. Why?• Poor documentation
• Adopting the API is unnecessarily hard
• The registration process to start using the API is too cumbersome
• Writing a simple client application is too complex
• The API doesn’t use the standards developers have come to expect (JSON, OAuth, XML, etc.)
• The terms of use are too restrictive
• The API is not reliable
• The data is not current, has poor quality or is plain wrong
• There is no support, no user community
API monetization• APIs can be monetized in some ways
• Charging by transaction
• Revenue sharing (either from the application or the advertising)
• Including advertising in the results returned by the API
• Indirectly by benefiting from the use of the data
API monetization
Free
Facebook Login API provides free authentication for any Web / mobile app
Example:
Developer pays
▪Business Asset must be of high value to the Developer ▪Original information like
marketing analytics, news, market data, etc. ▪Capabilities such as credit
checks, credit card transactions, etc.
Yelp provides local information
Example:
Developer gets paid
▪Provides incentive for developer to leverage web API ▪Ad placements ▪Percentage of revenue sold
product or services
Google AdSense APIs pay developers who include advertising content into apps
Example:
Indirect
▪Use of API achieves some goal that drives business model. ▪E.g. Increase awareness of
specific content, or offerings
Amazon provides access to their product catalog
Example:
▪Drives Adoptions of APIs ▪Typically low valued assets ▪Drive brand loyalty ▪Enter new channels
How to get developers to use your API?Building an API for a service doesn't guarantee success. Some clever marketing is required to make sure developers learn about it and start to use it. Here are some strategies
• Organizing hackatons
• Contests
• http://www.kaggle.com (predictive analytics)
• List the API on web sites that maintain API directories for developers
• http://www.programmableweb.com
• Press releases
HackathonA hackathon is a short (1 or 2 days) event in which computer programmers and others involved in software development, including graphic designers and interface designers, collaborate intensively on software projects
• In general, a prize is awarded to the best project and a press release is issued to generate some additional buzz around the API and to recognize the winning team
• This is a great opportunity to train a large group of developers on how to use the technology we want to promote
• It is also an opportunity to work with students and young people who are passionate about technology, and are therefore willing to work for free in order to build new apps for fun and to build new skills
APIs are the key to unlock new business opportunities
and growth is exponential
By the end of 2014, 75% of Fortune 1000 companies will offer public APIs.
By 2016, 50% of B2B transactions will be executed through APIs.
Sources: Gartner, Predicts 2012: Application Development, 4Q, 2011; Gartner, Govern Your Services and Manage Your APIs with Application Services Governance, 4Q 2012; Gartner, Open for Business: Learn to Profit by Open Data, 1Q 2012
APIs represent a new route to market that is growing very quickly
The business models are changing
Branch Toll-free number Web APIs
Technical aspects that have to be considered when building an API
• The services need to be scalable
• The API has to be secured
• A portal and collaboration platform is required to promote the use of the API and to provide technical support to the community using it
• Releasing a public API requires a middleware platform to control and manage the access to the API
A robust and scalable platform to support our API
When an organization starts working on a new API, it can only guess how many users it will actually support
• That is why the API needs to be built on an elastic platform that can automatically adapt to any given workload.
• Ideally, that means building our API on a robust and secure Cloud platform, that will charge us based on usage, without requiring a significant initial investment
SecurityWhen our most important asset is information, our duty is to make sure it is well protected
• Control access to the API
• Avoid data theft
• e.g. Data Syphoning
• Avoid cyber attacks
• e.g. Denial of Service (DoS)
Developer Portal• It is quite easy to build a static web site to
document an API, but this can cause several problems
• Inconsistencies between the production code and what is shown in the API’s documentation, specially when managing multiple versions of the code
• It is preferible to have the documentation be generated automatically from the code written by the developers
• The developer portal needs to include collaboration features in order to allow participants to discuss how to use the API, ask for support and request new features
API usage control• Register the apps that are allowed
to use the API
• Unique key generation (that cannot be guessed)
• Define API limits by tiers
• APIs that can be used in each tier
• Usage limits (invocations per hour, day, month or any other period)
• Integration with billing systems
API usage monitoring• In order to fully understand how
customers use your API you need to be able to obtain complete usage reports
• By API
• By application
• By customer,
• Etc.
Contact informationOn Twitter: @huibert (English), @huibert2 (Spanish)
Web site: http://www.huibert-aalbers.com
Blog: http://www.huibert-aalbers.com/blog