APIs are brokering data across all kinds of domains, applications and platforms, but too many developers think in terms of traditional on-premise, sit-down-in-front-of-your-laptop-and-consume-this type of environment. Especially in the enterprise world, there’s a desire to access data that sits in huge application repositories and integrate it with data from other apps, and make it usable. An API is what enables this and presents users with a highly usable and interactive application, which gives the the ability to do more, and the provider gets a much more engaged user.
We’re seeing massive usage numbers for APIs (both by users and developers), and we’re seeing much of that usage recently being focused on translation and integration of data for mobile devices. We suspect that there will an increased focus among developers to use APIs to bring apps to users’ smart phones and tablets, and that this will rise to the top of the “to do” list of many CIOs.
One of the reasons for the lack of mobile apps derived from APIs is, we think, the perceived complexity in pulling data from servers and databases. To fill that gap, some vendors have developed API tools that are very specific and focus on certain types of data. Indeed, these tools usually pull data, but they focus on the front end and are all about delivering something that’s generally not very robust. It may provide some functionality, but it doesn’t allow for very much data to be used because is was architected for only a very singular purpose. We hear from customers that these are far too narrow in scope and don’t offer the flexibility that’s needed to integrate and render a valuable user experience. What we see in these situations is usually an emphasis on a sexy front-end. Many of our competitors are good at providing excellent integrated development environments that make use of an API to help make app development easy. Usually these IDEs, however, are specific to a certain application and don’t interact with services from different back-ends. This is a major limitation that’s preventing many enterprises from being able to offer a meaningful user experience for their applications.
Users want mobile apps not just because it simplifies their lives. Rather, it’s because the amount and types of data available to them have become so overwhelming that there’s an increasing need to interact with it in a more consumable fashion. Vendors push their apps with APIs by first layering them on a REST interface (at least, more robust, flexible apps are built on REST). This is a great starting point for using your API, but what’s really needed to make it usable is to ensure accessibility and security for data being communicated across and within the various applications that have access to the API.
To get all that valuable information out of the database or server and into an application used to require some sort of connector or interface. And while we still have data stored in huge backend systems, it could also be in a variety of other repositories and in multiple possible formats. To make applications usable, you have to find, connect with, and manage that data so it can render as something useful. This is where SOA Software API Gateway provides a comprehensive combination of security, developer communities, application integration, mediation and application management that can be used for mobile apps, in the cloud and on-premise.
API Gateway includes a variety of key elements to ensure security. It has threat protection features that detect and prevent denial of service attacks, poorly performed messages or excessive XML/JSON depth and breadth. It supports a variety of authorization and authentication schemes, and can easily integrate with legacy security systems with our OAuth Server.
In order to effectively use all that data, in whatever format it is delivered, it has to be secure. We’re talking about data on a huge magnitude, and it’s moving from one source to another quickly and being consumed in a variety of different ways. If users can’t use an application on their mobile device, through an API, or even in a big enterprise application without their data being compromised, they’ll look for someone else who can provide that.
So we take security very seriously, because as enablers of the API Economy and SOA frameworks, which is why we looked to REST to help create an efficient environment in which that data can move and be used. Our OAuth Server is aimed at providing a totally transparent solution for these types of security issues by providing enterprise to cloud SSO, centrally managed access control, and secure mobile identity, among other functionality. That ability to secure data and apps is crucial because companies that are taking their apps to mobile will only have success if they can ensure tight security, along with appropriate usability.
From a competitive standpoint, guess what?: we think that SOA Software provides the single most effective API platform for mobile apps. Well, of course we do. But if you consider the business-critical needs of your users, customers and partners, a slick UI won’t drive more revenue, because the value is dubious. Mobile apps do, indeed, help people be more efficient, but that only happens if you use your API to provide them with the most potential capabilities to actually do something constructive.
Written by Roberto Medrano