Click here to close now.

Welcome!

Cloud Expo Authors: Carmen Gonzalez, Blue Box Blog, Elizabeth White, Pat Romanski, Lori MacVittie

Related Topics: @ThingsExpo, Java, Microservices Journal, Cloud Expo

@ThingsExpo: Blog Feed Post

Look Beyond The Mobile or Web Client To The Internet of Things

Ten API Commandments for Consumers

Kin Lane, the API Evangelist, has produced a list of the Ten API Commandments for Providers. It's a very good list, including privacy, security, and documentation. I encourage everyone to read it and comment.
What about the corresponding list for API Consumers? Although I don't want to compare myself to a biblical figure (or indeed to Kin Lane :) ), here is my crack at a list of API commandments for consumers:

1. Protect your API Keys. API Keys are often issued to developers through an API Portal to use in their apps. These API Key allow developers to access apps. Sometimes the keys are used in conjunction with OAuth, or sometimes they are used in a pure API Key based authentication scheme. It is natural for developers to use Github as a repository for their code. But, what if the API Key is baked into the code of your API consumer app? Ross Penham recently wrote about the disturbing amount of API Keys which he found in Github. A good solution is to use an API Gateway to manage the API keys, separately from the API consumer application itself.


2. Understand how APIs affect your client app's performance. If an API call is slow, then your app is slow. Users may then understandably complain. What if the problem is not your app itself, but an API it's consuming? How you can isolate the problem, so that you can see how a slow API is affecting your users? The answer is to have Root-Cause Analysis in place for your APIs. Here is an example of how you can track the response times of the SalesForce.com API. Here is another example, this time from the mobile telco 3 in the UK. In this way, you can point your finger at the problem, and apply root-cause analysis.

3. Apply the "Missing SLA". API Providers often do not provide a Service Level Agreement (SLA). Unless you are a very large corporation, spending a lot of money on API calls, you may not be able to force them to put an API in place for you. Again taking the example the SalesForce.com API, here is a walk-through with videos of how you can apply monitoring and an SLA in place for your outbound API calls.

4. Think about the data. When calling an API, it's natural to think about the security of the API call itself. Commandment #1 above is about securing the keys used for the API call. But what about the data being sent to the API? In many cases, you can think of an API as a conduit for data. If this data contains anything private, in terms of what is called PII (Personally Identifiable Information), then it must be encrypted, redacted, tokenized, or removed by an API Gateway.

5. Plan beyond asynchronous request response - think about WebSockets, AMQP, MQTT, and CoAP. HTML WebSockets are an exciting technology which we're seeing customers begin to leverage for their API consumption. WebSockets brings some great capabilities, such as full-duplex communication with the capability for APIs to "push" data to the client. But, it also brings security questions, and a veritable alphabet soup of new protocols beyond HTTP. The good news is that companies like Axway are thinking about the interplay and security of these new protocols. For more reading, I recommend checking out December's AMQP WebSocket Binding (WSB) which was drafted with help from my Axway colleague Dale Moburg.

6. Loose Coupling. Yes, "Loose Coupling" is something that isn't new - in fact it is a dictum of SOA-based integration from ten years ago. However, it is just as relevant now. Don't hard-code your API consumer to a particular version of an API. In fact, by putting an API Gateway in place, you don't even have to hard-code your API to a particular API (e.g. you can switch between different storage services).

7. Don't hate HATEOAS. HATEOAS is something that some API developers struggle to understand (or even pronounce), but it is very valuable because HATEOAS provides a framework for API calls which describe the "flow" of calls which a client can make. Even if you don't plan on using HATEOAS initially, and are just constructing quick-and-dirty API calls using string manipulation, it is still worth understanding.

8. Look beyond the Mobile or Web client to the Internet of Things. Until recently, API clients were assumed to usually be mobile devices. In fact, if you see a diagram on a Powerpoint slide of an API being called, it is usually a mobile app which is doing the calling. Now, we're moving on to the "Internet of Things" (IoT). IoT raises interesting requirements for API Consumers. For example, how can a low-powered device (like a lightbulb) perform the requisite processing required to access an API? What about devices which have intermittent Internet connections (e.g. a Connected Car, which may not always be online). At Axway, we've produced a Webinar and associated White Paper with Gunnar Peterson on the new security requirements when accessing APIs in the Internet of Things. I encourage folks to check this out.

9. Take a broad view of APIs: XML is unfashionable but still exists. If you look at some APIs used in business-to-business contexts, you often see the more heavyweight XML-based standards like AS2 and ebXML used. For example, later this week we are running a Webinar about accessing Australian Government "Superfund" services, and this uses an API which heavily XML-based. You won't find "I AS2" or "I ebXML" written on a sticker on the back of a MacBook Pro anytime soon, but if you are writing API Consumer apps which will access Enterprise APIs, you ignore these older types of APIs at your peril.

10. Spread the word. Here I echo Kin's commandment to spread the word - to evangelize - your API exploits. In the case of API Consumers, this is just as important as API Providers. On our API Workshop tours, we've had API practitioners speaking about how they are using APIs. Watch this space for news on our upcoming API Workshops, and feel free to get in touch if you have any great API Consumer stories, or tips to add to these Ten Commandments :)

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

@CloudExpo Stories
The best mobile applications are augmented by dedicated servers, the Internet and Cloud services. Mobile developers should focus on one thing: writing the next socially disruptive viral app. Thanks to the cloud, they can focus on the overall solution, not the underlying plumbing. From iOS to Android and Windows, developers can leverage cloud services to create a common cross-platform backend to persist user settings, app data, broadcast notifications, run jobs, etc. This session provide...
Health care systems across the globe are under enormous strain, as facilities reach capacity and costs continue to rise. M2M and the Internet of Things have the potential to transform the industry through connected health solutions that can make care more efficient while reducing costs. In fact, Vodafone's annual M2M Barometer Report forecasts M2M applications rising to 57 percent in health care and life sciences by 2016. Lively is one of Vodafone's health care partners, whose solutions enable o...
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the...
Modern Systems announced completion of a successful project with its new Rapid Program Modernization (eavRPMa"c) software. The eavRPMa"c technology architecturally transforms legacy applications, enabling faster feature development and reducing time-to-market for critical software updates. Working with Modern Systems, the University of California at Santa Barbara (UCSB) leveraged eavRPMa"c to transform its Student Information System from Software AG's Natural syntax to a modern application lev...
Public Cloud IaaS started it's life in the developer and startup communities and has grown rapidly to a $20B+ industry, but it still pales in comparison to how much is spent worldwide on IT: $3.6 trillion. In fact, there are 8.6 million data centers worldwide, the reality is many small and medium sized business have server closets and colocation footprints filled with servers and storage gear. While on-premise environment virtualization may have peaked at 75%, the Public Cloud has lagged in ado...
Dave will share his insights on how Internet of Things for Enterprises are transforming and making more productive and efficient operations and maintenance (O&M) procedures in the cleantech industry and beyond. Speaker Bio: Dave Landa is chief operating officer of Cybozu Corp (kintone US). Based in the San Francisco Bay Area, Dave has been on the forefront of the Cloud revolution driving strategic business development on the executive teams of multiple leading Software as a Services (SaaS) ap...
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY, and the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed services provider of cloud computing solutions for the IBM Power Systems market. The company...
SYS-CON Events announced today that CenturyLink, Inc., a leader in the network services market, has been named “Platinum Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. CenturyLink is the third largest telecommunications company in the United States and is recognized as a leader in the network services market by technology industry analyst firms. The company is a global leader in cloud infrastructure and ...
Docker, Inc., has been included in the list of "Cool Vendors" in the April 21, 2015 report by Gartner, Inc, Cool Vendors in DevOps, 2015. In the report, Gartner notes, “As virtualization and cloud applications grow beyond being single images run on premise to being comprised of multiple tiers that can be run and scaled in a hybrid cloud, new approaches are needed to reduce complexity.” “Docker has gained great traction within the developer community for how efficient it makes the individual de...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding bu...
From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for real time calls and messaging. In his session at @ThingsExpo, Ivelin Ivanov, CEO and Co-Founder of Telestax, shared some of the new revenue sources that IoT created for Restcomm – the open source telephony platform from Telestax. Ivelin Ivanov is a technology entrepreneur who founded Mobicents, an Open Source VoIP Platform, to help create, de...
SYS-CON Events announced today that B2Cloud, a provider of enterprise resource planning software, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. B2cloud develops the software you need. They have the ideal tools to help you work with your clients. B2Cloud’s main solutions include AGIS – ERP, CLOHC, AGIS – Invoice, and IZUM
ProfitBricks has launched its new DevOps Central and REST API, along with support for three multi-cloud libraries and a Python SDK. This, combined with its already existing SOAP API and its new RESTful API, moves ProfitBricks into a position to better serve the DevOps community and provide the ability to automate cloud infrastructure in a multi-cloud world. Following this momentum, ProfitBricks has also introduced several libraries that enable developers to use their favorite language to code ...
The IoT Bootcamp is coming to Cloud Expo | @ThingsExpo on June 9-10 at the Javits Center in New York. Instructor. Registration is now available at http://iotbootcamp.sys-con.com/ Instructor Janakiram MSV previously taught the famously successful Multi-Cloud Bootcamp at Cloud Expo | @ThingsExpo in November in Santa Clara. Now he is expanding the focus to Janakiram is the founder and CTO of Get Cloud Ready Consulting, a niche Cloud Migration and Cloud Operations firm that recently got acquir...
Many of the well-known examples of DevOps success we read in blogs on the Internet paint an idyllic picture of DevOps productivity. A team was facing a stodgy, slow-moving operations department, teams weren’t delivering software on time. Those teams moved to DevOps, became proactive about infrastructure and deployment automation, and an overnight transition to productivity ensues. People are promoted, projects are successful, and developers and system administrators dance hand-in-hand in a final...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch ...
The world's leading Cloud event, Cloud Expo has launched Microservices Journal on the SYS-CON.com portal, featuring over 19,000 original articles, news stories, features, and blog entries. DevOps Journal is focused on this critical enterprise IT topic in the world of cloud computing. Microservices Journal offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. Follow new article posts on T...
SYS-CON Events announced today that Litmus Automation will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Litmus Automation’s vision is to provide a solution for companies that are in a rush to embrace the disruptive Internet of Things technology and leverage it for real business challenges. Litmus Automation simplifies the complexity of connected devices applications with Loop, a secure and scalable clou...
In 2015, 4.9 billion connected "things" will be in use. By 2020, Gartner forecasts this amount to be 25 billion, a 410 percent increase in just five years. How will businesses handle this rapid growth of data? Hadoop will continue to improve its technology to meet business demands, by enabling businesses to access/analyze data in real time, when and where they need it. Cloudera's Chief Technologist, Eli Collins, will discuss how Big Data is keeping up with today's data demands and how in t...
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.