Enterprise architect's guide to API best practices and trends
A comprehensive collection of articles, videos and more, hand-picked by our editors
Application program interfaces (APIs) have been around for years, but their importance and usage have soared as Web, mobile, cloud and machine-to-machine technologies have matured and become widely used. Those new ways of computing and businesses' need to exploit them for commercial gain require an easy way to get applications to talk to each other. That's what an API does.
Connected businesses need APIs to share information and do business with resellers, suppliers, end users and more, but using them effectively calls for careful decision making. In this article, software industry experts answer frequently asked questions about key API issues.
Who does what in planning, developing and deploying APIs?
Enterprise architects are usually the lead managers of an API strategy, according to Forrester Research analyst John Hammond. They plan and oversee design, architecture creation and modification, development, and integration of APIs with back-end systems.
Other team members may include:
- Systems administrators and/or operations directors, who maintain the API infrastructure once it is deployed and starts being part of the core infrastructure.
- Business and product managers, who handle API strategy, and are liaisons between the developer ecosystem and business users and customers. For example, a product manager works with the developers to define the requirements for an API.
- Developers and engineers, testers, stakeholders, the product management group, enterprise architecture group, and maybe an administrative group, who together make up the development team.
What is the most common challenge in managing and developing an API strategy?
The main challenge, most experts say, is that APIs are used in multiple environments for a mix of reasons. "Understand that you are going to be solving multiple problems," Hammond said. For example, API developers and managers could encounter mobile access roadblocks in network connectivity and security. Consider that once an API is in place, access rights for every single type of user, including third-party outsourcers, have to be specified. The connected product component presents control problems. For example, once an API is made available, it offers a developer ecosystem for other companies to innovate around your creation. The API could be applied to uses it wasn't meant to handle, leading to customer dissatisfaction, poor performance or use of intellectual property to create competing technologies.
Why is API version control important?
One problem with APIs is that they are simple to put out. "If you're not careful, that can turn into a negative," said Mike O'Neill, vice president of innovation at Axway, an API server vendor. "Before you know it, developers are developing against that API." Right away, developers will send feedback and even make changes themselves. Hack attacks will show where tighter security is needed, for example. The need for changes could outstrip the provider's ability to make them.
Before releasing an API, plan a version roadmap; also plan a way to retire old APIs, to release security updates and to accommodate more and new uses, O'Neill said. Be sure to set up monitoring and tracking for an API to determine usage patterns, such as what time of day it's being used, which clients are using it more than others, on which platform it's used most often, and so on.
How are APIs changing enterprise architecture and application integration ecosystems?
The API wave is upending enterprise architectures, experts say. Commonly, enterprise architectures have been three-tiered, including a Web server, app server and database layer. Now, new layers have been added, including API and data services layers.
Companies with a good strategy for service-oriented architecture are often at a good starting point to plug in API management on top.
John Hammond, Forrester Research
Now, integration challenges concern more than software, hardware and internal networking. An API facilitates interaction with outside customers, suppliers, partners and organizations. "The integration problem has moved from inside the organization out to the edge," O'Neill said. So, all the companies involved need an API layer for developers to program against.
Once an API layer is in place, a data services layer is needed behind it. This could be a traditional database, but in-memory and highly distributed databases could come into play as well, experts say.
Today's enterprise architecture has to encompass messaging systems, transactional or nontransactional systems, and real time-processing engines, said Les Hazlewood, chief technology officer at user management API vendor Stormpath. "The architecture and the tools in our toolbox have changed," he said. "It's no longer just an app server on top of a relational database."
How does widespread usage of APIs impact software development?
In order to leverage APIs, software should be built in a pluggable manner, making it easy, for example, to plug in service A and service B and service C, Hazlewood said. "Using messaging as a communications infrastructure for a platform to build applications on top of is a different, nontraditional way of thinking about building software," he said.
With APIs at work 24/7, failure and fault tolerance become top issues. Traditionally, most applications were in a big, fat, monolithic bundle that would just run on one computer. Developers didn't have to worry about distributed networks, architectures and data centers and customer access to systems, Hazlewood said. Now, APIs have to be online all the time, so applications have to have high availability and fault tolerance, properties that make applications reliable every hour of the day.
Using messaging as a communications infrastructure for a platform to build your applications on top of is a different way of thinking about building software and presents new problems. Hazlewood gives this example: "If Twilio is not available because my network is down, and I still want to make a phone call, what do I do? How do I react to that particular failure? Do I retry? Do I send an error back to the user to let them know they should try the phone call later?" Such scenarios weren't in the picture before the cloud, mobile and Web application era, he said.
What role does SOA play in API development and management?
Companies with a good strategy for service-oriented architecture are often at a good starting point to plug API management on top of that existing SOA strategy effort, Forrester's Hammond said. The SOA layer works well in handling API requests, and APIs can extend SOA processes beyond internal IT. Also, API management and SOA governance processes blend well, as APIs can push governance past common roadblocks like service consumption tracking and customer involvement.
The biggest challenge in blending SOA and APIs is understanding that in addition to supporting services using Simple Object Access Protocol, things that are function based, one also needs to start thinking about designing resources and asynchronous RESTful services as well. "As long as the companies have invested in that SOA solution and make that mind shift, they usually do pretty well," Hammond said.
About the author:
Jan Stafford plans and oversees strategy and operations for TechTarget's Application Development Media Group. She has covered the computer industry for the last 20-plus years, writing about everything from personal computers to operating systems to server virtualization to application development.