API ManagementHuibert Aalbers, Senior Certified Software IT Architect

IT Insight podcast• This podcast belongs to the IT Insight series

• You can subscribe to the podcast through iTunes.

• Additional material such as presentations in PDF format or white papers mentioned in the podcast can be downloaded from the IT insight section of my site at http://www.huibert-aalbers.com

• You can send questions or suggestions regarding this podcast to my personal email, huibert_aalbers@mac.com

Mobile AppsMost mobile apps are just a presentation layer that interacts through APIs with a service running on the cloud. That is why these applications require Internet access to work

• Weather Apps

• Stock market portfolio Apps

• Siri, etc.

In many cases, different apps, use the same API to obtain the data, the difference lies in the way they present it (UI & UX).

What is an API?• API stands for Application Programming

Interface

• An API is either:

• A single function call to a service (i.e. On Android there is an API to turn the flash on)

• The complete set of function calls that can be used to interact with a service (i.e. Apple’s iOS includes an Apple Maps API)

• Virtually all smart devices currently offer an API that allows developers to find new ways to use these products. This is enabling the Internet of Things (IoT)

Local & Remote APIsThere are two types of APIs

• APIs which are executed locally, usually implemented as class libraries in object oriented languages

• Local libraries include for example all the APIs available for developers to build mobile apps on iOS and Android

• Remote APIs which are invoked over the network, implemented as Web Services

• These employ the same technologies used in Service Oriented Architecture (SOA)

A Service Oriented Architecture refresher• Instead of writing large and complex monolithic applications, smaller reusable components are

developed which are easier to test and maintain

• Applications are built by graphically designing the business processes, which invoke functions (APIs) belonging to the reusable components

• New applications can reuse existing components, which speeds up development

• Another option is to use services built and hosted by third parties

• Components are known as services

• You can learn much more about SOA in previous episodes of IT Insight

• ITI003-SOA I

• ITI005-SOA II

• ITI007-Successful SOA implementation

What is a service?A service is a reusable component that implements a set of related business functions (API calls)

• A bank could for example create a component designed to handle their account management. Such a component would likely implement the following functions

• Open a new account or close an existing account

• Deposit or withdraw money in or from an account

• Transfer funds between accounts

• Check an account’s balance

• Such a service could be used from multiple applications or business processes, such as credit application, front office application, etc.

• Services are invoked using industry standards

• http, XML, JSON, REST, etc.

Why develop web services?

• Modular applications are much easier to update in response to changes to the business landscape

• Building multi-channel applications becomes trivial

• PC, Web, Kiosks, Interactive Voice Response (IVR), SMS, etc.

How are web services developed?• Web services can be developed in most programming languages (Java, C/C++,

C#, Cobol, Perl, Javascript, etc.)

• What’s important is that they can be invoked by using any of the two leading web services standards

• SOAP / XML

• REST / JSON

• Scalability is key to the success of a Web Service / API. Choose a language/technology that is truly elastic.

• Services are not different from other pieces of code. They need to be thoroughly tested and built using a proven development methodology.

The API economy

Definition

Where companies [providers] expose their (internal) digital business assets or services in the form of (Web) APIs to third parties [consumers] with the goal of unlocking additional business value through the creation of new assets.

Example: Breathometer

• Breathometer is a Bluetooth sensor that measures the level of alcohol in our blood

• The app uses APIs from Uber and hotels.com to look for alternatives for those who are not able to drive

• This drives new customers to these companies, who may have used other alternatives otherwise

Mobile Apps require a scalable, secure and robust back-end

By using APIs in the back-end, front-end developers can easily use the data and services exposed by the company

Back-end

Front-end

30% of the total value and effort is visible (User interface or UX)

70% of the total value and effort is below the surface

Business modelsFor those developing an API designed to support mobile applications, the most important business decision they will have to take will be deciding which of the following three business models they will choose to adopt:

• Closed model

• Open model (API only)

• Hybrid model

Closed modelThe app developer also owns and controls the API and doesn’t allow third party apps to use it.

Pros

• Total control of the platform

• No competition

Cons

• No revenue from granting access to the API to other apps

• Less innovation

• No help from third parties to promote the platform

• This gives a strong incentive to others to try to create an alternative API

Open model (API only)The API developer allows any third party to use it and decides not to compete with an app of his own

Pros

• Third parties are more likely to embrace the API if they know that they will not compete against the service or data provider

Cons

• Upgrading the API becomes more complex

• Temptation to close access to the API grows stronger as the service becomes successful

• Monetization options shrink significantly

Hybrid modelThe API ’s developer has its own app, but also allows other apps to use it

Pros

• With many apps showcasing the value of the API, it becomes easier to reach a much larger audience

• Increased competition spurs innovation

Cons

• There is a risk of losing control

• Monetization options shrink significantly

• Trying to change the API’s terms of service can provoke a business partner rebellion

Hybrid model

In this model, what the API developer is really looking for are business partners that will not compete directly and instead will bring additional business opportunities in

• Unfortunately, finding these ideal win-win situations is not always possible

Hybrid modelThe hybrid model generally ends up creating a power struggle between the app developers and the API provider, as all players try to get the largest share of the generated revenue

• The API provider has more power when there are few or no alternative sources to the data/services it offers

• The more customers an application has, the more negotiation power goes to its developer

Mashups

By combining multiple web services, it is possible to obtain results that are much more valuable than the sum of the individual parts

• chicagocrime.org

The value of informationThe previous charts clearly prove that the most valuable natural resource for the XXIst century is information.

That is why there is a raging battle being fought between those who believe that information should be free and made available to everyone (“Open Data”) and those who want to extract the most value out of their information.

The value of informationWhere does the information come from?

• Some organizations have been collecting it for years to support their transactional operations. They just need to transform it and make it available in order to extract the value.

• Others create a platform which allows users to share valuable data, sometimes without even realising they are doing it (Web 2.0)

• Finally, by leveraging crowdsourcing, activists can build high value databases and share them freely

Open DataThere are many organizations that own valuable data but don’t want or cannot (for legal reasons) benefit monetarily from their publication

• Generally these are government or non-profit organizations

• They can choose to share crude data which developers can then process and expose through an API

Open Data - What can go wrong?The quality of the published information has to be very high in order to be really useful. That means that the data has to be:

• Cleansed

• Correct

• Published in a way that is easy to consume

• Regularly updated

Nobody uses my API. Why?• Poor documentation

• Adopting the API is unnecessarily hard

• The registration process to start using the API is too cumbersome

• Writing a simple client application is too complex

• The API doesn’t use the standards developers have come to expect (JSON, OAuth, XML, etc.)

• The terms of use are too restrictive

• The API is not reliable

• The data is not current, has poor quality or is plain wrong

• There is no support, no user community

API monetization• APIs can be monetized in some ways

• Charging by transaction

• Revenue sharing (either from the application or the advertising)

• Including advertising in the results returned by the API

• Indirectly by benefiting from the use of the data

API monetization

Free

Facebook Login API provides free authentication for any Web / mobile app

Example:

Developer pays

▪Business Asset must be of high value to the Developer ▪Original information like

marketing analytics, news, market data, etc. ▪Capabilities such as credit

checks, credit card transactions, etc.

Yelp provides local information

Example:

Developer gets paid

▪Provides incentive for developer to leverage web API ▪Ad placements ▪Percentage of revenue sold

product or services

Google AdSense APIs pay developers who include advertising content into apps

Example:

Indirect

▪Use of API achieves some goal that drives business model. ▪E.g. Increase awareness of

specific content, or offerings

Amazon provides access to their product catalog

Example:

▪Drives Adoptions of APIs ▪Typically low valued assets ▪Drive brand loyalty ▪Enter new channels

How to get developers to use your API?Building an API for a service doesn't guarantee success. Some clever marketing is required to make sure developers learn about it and start to use it. Here are some strategies

• Organizing hackatons

• Contests

• http://www.kaggle.com (predictive analytics)

• List the API on web sites that maintain API directories for developers

• http://www.programmableweb.com

• Press releases

HackathonA hackathon is a short (1 or 2 days) event in which computer programmers and others involved in software development, including graphic designers and interface designers, collaborate intensively on software projects

• In general, a prize is awarded to the best project and a press release is issued to generate some additional buzz around the API and to recognize the winning team

• This is a great opportunity to train a large group of developers on how to use the technology we want to promote

• It is also an opportunity to work with students and young people who are passionate about technology, and are therefore willing to work for free in order to build new apps for fun and to build new skills

APIs are the key to unlock new business opportunities

and growth is exponential

By the end of 2014, 75% of Fortune 1000 companies will offer public APIs.

By 2016, 50% of B2B transactions will be executed through APIs.

Sources: Gartner, Predicts 2012: Application Development, 4Q, 2011; Gartner, Govern Your Services and Manage Your APIs with Application Services Governance, 4Q 2012; Gartner, Open for Business: Learn to Profit by Open Data, 1Q 2012

APIs represent a new route to market that is growing very quickly

The business models are changing

Branch Toll-free number Web APIs

Technical aspects that have to be considered when building an API

• The services need to be scalable

• The API has to be secured

• A portal and collaboration platform is required to promote the use of the API and to provide technical support to the community using it

• Releasing a public API requires a middleware platform to control and manage the access to the API

A robust and scalable platform to support our API

When an organization starts working on a new API, it can only guess how many users it will actually support

• That is why the API needs to be built on an elastic platform that can automatically adapt to any given workload.

• Ideally, that means building our API on a robust and secure Cloud platform, that will charge us based on usage, without requiring a significant initial investment

SecurityWhen our most important asset is information, our duty is to make sure it is well protected

• Control access to the API

• Avoid data theft

• e.g. Data Syphoning

• Avoid cyber attacks

• e.g. Denial of Service (DoS)

Developer Portal• It is quite easy to build a static web site to

document an API, but this can cause several problems

• Inconsistencies between the production code and what is shown in the API’s documentation, specially when managing multiple versions of the code

• It is preferible to have the documentation be generated automatically from the code written by the developers

• The developer portal needs to include collaboration features in order to allow participants to discuss how to use the API, ask for support and request new features

API usage control• Register the apps that are allowed

to use the API

• Unique key generation (that cannot be guessed)

• Define API limits by tiers

• APIs that can be used in each tier

• Usage limits (invocations per hour, day, month or any other period)

• Integration with billing systems

API usage monitoring• In order to fully understand how

customers use your API you need to be able to obtain complete usage reports

• By API

• By application

• By customer,

• Etc.

Contact informationOn Twitter: @huibert (English), @huibert2 (Spanish)

Web site: http://www.huibert-aalbers.com

Blog: http://www.huibert-aalbers.com/blog