Almost three years back, my email@example.com brought a solution to the team around API management. At the time I ran our certificaiton and production deployment for our Vantiv Solution Builder (VSB) platform. VSB was a SOAP, REST-XML, REST-Json gateway solution used to process payments to the Vantiv backend Tandem 610 and RAFT (ISO 8583). To me an API management strategy seemed like just another hop and hence another failure point in the life of a transaction. It took a few months to finally shift my paradigm and understand this natural evolution of API's and what it could mean to Vantiv.
What's API Management
I've helped partners integrate to API's or variant of API's for over 11 years now. I've worked with flat files, XML, comma separated, SOAP, REST-XML, REST-Json and I'm sure others that I no longer recall. What was missing is the concept of why an API management strategy is different than just an API. Here are a few references regarding the difference between API management versus an API Gateway.
"Full life cycle API management is about the planning, design, implementation, publication, operation, consumption, maintenance and retirement of APIs."
"API management software tools typically provide the following functions:
- Automate and control connections between an API and the applications that use it.
- Ensure consistency between multiple API implementations and versions.
- Monitor traffic from individual apps.
- Provide memory management and caching mechanisms to improve application performance.
- Protect the API from misuse by wrapping it in security procedures and policies."
"Although APIs (Application Programming Interface) and SOA (Services Oriented Architecture) share similarities, they were created for very different uses. SOA no longer matches the preferred design of today's mobile apps and does not allow for the ability to gain helpful customer insight. APIs and apps create agile, flexible and robust networking configurations that engage the customer and enrich the experience. API management has become a necessary component to build, manage, and scale apps for the digital economy.
With the help of an API tier to connect your systems of record to your systems of engagement, you can extend your SOA capabilities to match the data requirements of a digital economy.
- API gateway
- Developer portal
- Monetization capabilities
- Analytics and API performance
- Flexible Deployment"
Recently Google purchased Apigee which is an API Management solution. The key question is why and what does Google plan to do with it?
"An increasing number of companies are shifting towards communicating programmatically through APIs via the internet, augmenting or even supplanting traditional communications via phones.
Apigee’s comprehensive API platform works as an enabler for this sort of communication, offering secure, stable, multi-language, dev, test, publish and analytics capabilities. This acquisition is an indication of Google’s increased focus on corporate clients and its enterprise services offerings. According to Google’s management, its corporate customers believe that getting the API strategy functioning is a key step for their business and with Apigee’s strong reputation in this space, the acquisition will strengthen Google’s enterprise offerings."
The transition toward cloud, mobile and digital interaction with customers and partners via APIs is happening, and fast. It’s happening because customers of every stripe — in the consumer realm and in the enterprise — are demanding it, and because it translates to engaging and valuable businesses.
How does IoT and mPos benifit from an API Management solution?
Two areas in payments that is receiving a lot of attention lately is IoT and mPos. Below are a few items to consider regarding API management.
"API management is an umbrella under which are grouped a collection of solutions — such as gateways, security, and access management — each with its own potential disaster scenario if we get things wrong. "
"APIs are not only thing-facing. Part of what makes IoT so important is the ability to connect applications to devices, either singly or in aggregate. A connected car has an app that can unlock the doors. The Fitbit API might allow a sports drink vendor to send promotions to an athlete. Developers on the device and data sides of the equation are different entities, with different rights, different APIs, and different API management security requirements."
"So, APIs are a fundamental enabler of the Internet of Things; but without API management, the unique characteristics of IoT can easily lead to catastrophe, especially when it comes to:
- Versioning and support for ancient things;
- Developer and device registration and security;
- Visibility and analytics;
- Performance and scalability."
Natural question is how did we get here? I found the following a pretty good summary.
The future or vision is most likely a "it depends" conversation. Here are a few articles to consider.
"... it's safe to say that the average company is fully aware of APIs and uses them, but not strategically. API divisions or API departments are still a novel feature of leading technology organizations or startups."
"Every company should be using their own dog food and be the first customer of their own APIs, which means that most APIs should be internal first anyway. And certainly it's how companies develop organizational maturity with APIs by learning how to produce and consume them inside the organization.
But, as what's outside moves inside and inside moves outside, we are seeing that APIs need to be ready for anything, and can be used in any way, as services are remixed and digital experiences are created out of many formerly disparate feeds and APIs."
"REST and microservices offer easy component integration and the potential for greater scalability and resiliency in cloud and virtualized applications. While they do this in part by loosening the tight rules for component binding that SOAP introduced, application planners and developers can augment security and compliance support in other ways. In any event, REST and microservices seem to be gaining support quickly, so it's wise to prepare to use them in your own applications."
Make sure you eat your own dog food
Throughout the years I've always made it a point to write an application that consumes the API I manage and help partners consume. Since I'm no longer a developer and my skills have withered a bit, I gauge an API on how easy is it for me to consume. How fast can I build something. How efficient is the documentation without burying me with too much information too quickly. At the present, I'm a fan of a REST-Json interface with a swagger type documentation along with a business requirement overview document (not too big).
So now the big question, what does the community look for?
- What matters in an API.
- How up to date does an API need to be? Are XML based API's or ISO spec's cool?
- Should a company have an API management strategy?
- What do you feel is the future of API's and how they'll leverage emerging technologies like mPos or IoT?
- What other emerging technologies do you see shaping the future of API's?
- How do Vantiv API's stack up against others in the industry?
- What's beyond RESTful Json API's?