Poll Finds APIs Continue to Surge; Half of IT Architects Eye APIs for On-Premise, Mobile, Cloud
In another sign of a robust and growing API sector, a poll this summer finds half of IT architects using or planning to use APIs to expose on-premise applications for mobile, cloud or partner access. The poll was conducted by Axway, which acquired API and identity management firm Vordel. IDN speaks with Axway vice president and Vordel co-founder Mark O’Neill.
by Vance McCarthy
vice president, innovation
"The need to increase productivity, reduce costs by accelerating the time to integrate applications [are] key drivers for APIs."
In another sign of a robust and growing API sector, a poll this summer finds half of IT architects using or planning to use APIs to expose on-premise applications for mobile, cloud or partner access.
The poll was conducted by Axway, which acquired API and identity management firm Vordel. In specific, the Axway poll found:
* 30% use APIs to expose on-premise apps to third parties
* 29% use APIs to build new mobile apps
* 22% use APIs to connect internal applications to cloud services
IDN spoke about the results with Axway vice president for innovation and Vordel co-founder Mark O’Neill. He told IDN they also identified some “key drivers” spurring API adoption – both inside and outside the enterprise firewall.
“The need to increase productivity, reduce costs by accelerating the time to integrate applications and to on-board new third parties, [both] customer/suppliers,” are all key API adoption drivers, O’Neill said. “Within the enterprise [and] B2B computing world, SOA services are still prevalent, but now APIs afford a way to easily extend these services to third parties.”
O’Neill hastened to add that APIs are also paying big dividends for those working on mobile and cloud projects.
- APIs for Mobile. “With the advent of mobile, increasing penetration into the enterprise resulting in a need to mediate between mobile apps and enterprise apps . . . we see APIs as a part of the mobile application creation and delivery scenario and feed very clearly into a mobile security strategy that can enable enterprise BYOD,” O’Neill said. Essentially by choosing to deliver data via an API, organizations can ensure that their data doesn’t reside on the mobile device. Rather, it is accessed by the applications running on the device. So in the event a device is lost or stolen, or changes are made to the user’s data entitlement, access can simply be turned off by the business so that data cannot be exploited by an unauthorized user. APIs are the conduit for all of this.
- APIs for Cloud. “APIs are also a key element of connecting or brokering the connection to cloud-side services and integration on-premises with cloud services . . . the key benefit, which an API Gateway brings here, is that [beyond integration] it can also provide the identity brokering to the cloud service (not just brokering the data itself),” O’Neill said.
“Our research shows that enterprises are increasingly leveraging APIs,” said Hugh Carroll, vice president, marketing at Axway. Companies are primarily leveraging enterprise APIs to rapidly develop and deliver new customer services to drive revenue growth into their cloud and mobile channels, he added.
With the Boon in Enterprise API Use
Where are Architects’ Concerns, Needs?
The Axway also poll found 30% of architects were using APIs to “expose” on premise apps to third parties. “Architects were primarily exposing existing ESB workflows, as well as SOAP-based .NET web services, as web APIs,” O’Neill said. The .NET architects, in particular, had requirements to present .NET services (which are primarily SOAP with WCF) out as REST APIs, O’Neill noted. He also offered more insights on the comparative value between using simple SOA or REST APIs versus the new generation of APIs.
“The value-add, which is added to the APIs, is primarily in the area of versioning, security, and identity brokering,” O’Neill said. He also noted APIs make versioning much easier and more accurate. “Back-end SOA/REST APIs typically do not have explicit version numbers, but do change often. Where versioning happens, it may be on a frequent and ad-hoc basis. However, clients expect the exposed API to explicitly have a version number clearly available (e.g., in the URL path, or as a header). The exposed API can “layer on” the versioning,” he said..
API architectural benefits pay even more dividends when it comes to security, O’Neill added. “For security – an exposed API must be protected against misuse such as data-harvesting attempts, or denial-of-service. Devs typically create a REST API but then use an API Gateway to test the security, add on extra protection as needed, the expose the API,” he said.
O’Neill also added a note about securing API access and authentication. “Devs do not wish to embed complex authentication into their APIs, or deal with the changes to emerging standards (e.g., OpenID Connect) but by using an API Gateway they can layer on the identity layer, leveraging these new standards, and then propagate identity back to their API,” he said.
So, with APIs becoming more popular go-to solutions for so many projects, IDN asked O’Neill what API devs are asking vendors for. His top-three list of most dev requests included: (1) Best practices for extending internal apps for cloud and mobile; (2) Support for delivering and enforcing SLAs and (3) Security. “The need to protect and manage API keys is an important part of the overall equation here and something that enterprises are concerned about,” O’Neill added.
One final insight – this time for those IT professionals looking at APIs as the next leg in their career paths. While not asked in the formal poll, O’Neill also shared some insights on just who are building these APIs.
“Our experience / observations from the field indicates that APIs are being developed from a variety of platforms, including .NET (primarily SOAP-based), open source such as Mule and Camel (primarily REST-based), and in front of messaging systems such as TIBCO. In each case, there is then a requirement to expose a REST API at an API Gateway, leveraging technologies such as OAuth 2.0, which may not be supported at the back-end,” O’Neill told IDN.
One analyst firm noted the Axway poll is the latest quantitative evidence to suggest a shift in how architects think about the best ways to wire businesses and consumers together. A report from Forrester Research entitled, Selecting Tools That Enable Agility, recently concluded in part: “Mobile and social commerce opportunities are the likely first ways in which these APIs will be leveraged, but touch points such as marketplace integration, embedded commerce ads, in-store digital signage, mobile point of sale (mPOS), and call center applications, among others, will soon be common ways that businesses use these APIs.”
- ‘Full Life Cycle’ API Management Can Drive Competitive Advantage
- Tibco’s ‘Hybrid Gateway’ for APIs Delivers New-Gen Platform for Digital Business
- DreamFactory: Next Chapter in ‘Cool APIs’ May Come with API Automation for App Building
- Cool APIs: Top Tips To Secure Valuable APIs Against Growing Security Threats
- CA World: In 2017, APIs Will Be Doorways to DevOps, Digital Transformation