Politics is all about power. Whether in Washington DC, Brussels, or Beijing, individuals jockey for advantage using the political process. The politics of APIs centers on ‘knowledge being power’ and ‘data content being power’. Individuals and corporations gain a powerful advantage in the API economy by enforcing content ownership, access privileges, and distribution rights to their advantage.
Choosing appropriate API security options will help you gain developer trust, increase API adoption, and build an effective API ecosystem. While APIs are the ‘coolest’ and most effective mechanism to expose business functionalities out towards the outside world and inward to other teams, API security requires learning new technologies (i.e. OAuth, MAC token profiles, and JSON Web Token [JWT]) and retrofitting existing identity management architecture with token chaining and identity brokering.
Many mobile application developers and architects find API security and identity options are arcane, jargon-filled, and confusing. They frequently ask whether selecting one choice over another is appropriate – and you need to cautiously identify and isolate tradeoffs. A robust API security platform can help guide you in the right direction.
API Security Basics
Security is not an afterthought. Incorporate security as an integral part of any application development project. The same approach applies to API development as well. API security has evolved significantly in the past five years. The recent standards growth has been exponential. OAuth and bearer tokens are the most widely adopted standard, and are possibly now the de-facto standard for API security.
What API security decisions should you consider?
In section 6.3 of Roy’s dissertation, he explains how REST applies to HTTP. But the implementing a RESTful approach requires painstaking assembly without REST tooling. Java JAX-RS and API Management infrastructure reduce the learning curve, increase API adoption and decrease development effort by simplifying API creation, publication, and consumption.
RESTful systems must consider security, separation of concerns, and legacy web services.
During the SOA craze days in the past, proponents pitched SOA’s lofty benefits from both business and technical perspectives. The benefits are real, yet sometimes very difficult to obtain. Surprisingly, today’s API proponents target similar benefits, but with an execution twist.
While everyone acknowledges API and Service Oriented Architecture (SOA) are best practice approaches to solution and platform development, the learning curve and adoption curve can be steep. To gain significant business benefits, teams must understand their IT business goals, define an appropriate SOA & API mindset, describe how to implement shared services and popular APIs, and tune governance practices.
The crew in the Home Port Lighthouse spotted a few interesting posts were spotted. Here are the links and my sighting report:
Location: CloudBees Cloud App Development Platform Available on Verizon Cloud
WSO2 App Factory is an Open Source PaaS offering functionality similar to CloudBees. The DevOps PaaS delivers Jenkins, continuous delivery, enterprise governance, and DevOps best practices.
Location: Harnessing the Power of APIs
Are you publishing Naked APIs, or Managed APIs? A managed API is:
- Actively advertised and subscribe-able
- Available with an associated, published service-level agreement (SLA)
- Secured, authenticated, authorized and protected
- Monitored and monetized with analytics
When creating an API Management program, consider including these five steps:
- Step 1 Embrace the Managed API
- Step 2 Establish a Monetization Model
- Step 3 Make APIs Easy for Developers to Access
- Step 4 Employ Governance
- Step 5 Monitor API Use
- Excellent distinction by Dave when parsing Cloud’s momentum and investment drivers. “That’s not new money, just moved money.”
- ” focus on the specific aspects and the value they bring to your business — that’s where you want to align your own investments.”
๏Step 1: Foundational value metrics focus on Time to Market
๏Step 2: Optimization value metrics focus on Portfolio Efficiency
๏Step 3: Transformational value metrics focus on Productivity
API governance is heavily influenced by IT business goals and objectives. Leading API governance platforms provide analytics supporting the assessment of IT business value. The platform should capture service tier subscription information, collects usage statistics, present productivity metrics, and integrate with billing and payment systems.
The SOA perspective is reverberating into an API echo. During past SOA craze days (2003-2008), proponents pitched SOA’s lofty benefits from both business and technical perspectives. The benefits are real, yet sometimes very difficult to obtain. Surprisingly, today’s API proponents target similar benefits, but with an execution twist.
When crafting an API strategy and proposing API benefits, consider whether your organization is pursuing an API-Access Mindset or and API-centric Enterprise Mindset. These API approaches are similar to recognized Big SOA / Small SOA or Top-down SOA / Bottoms-up SOA approaches.
To accelerate agility and increase time to market, a Connected Business relies on accessible and integrated business capabilities. A leading edge integration platform can reshape your enterprise integration architecture and create an integration environment where project teams can easily and rapidly connect, re-use, and compose data, APIs, and services into effective business solutions.