|By Mark O'Neill||
|February 20, 2013 09:00 AM EST||
Quick: name some APIs! Which ones come to mind? Amazon? Twitter? Google Maps? Chances are, the APIs which came to mind are APIs which are open to any developer to use. But are these the only kinds of APIs that exist? What about Enterprise APIs?
In order to answer this question, let's look at how APIs can be categorized.
First of all, let's look at API Exposure. The two categories are:
- External : Able to be used outside the organization.
- Internal : Used only inside the organization
Second, let's look at API Protection. It may be one of three categories:
- Open: Anybody can use the API, anonymously with no controls
- Requiring Registration: Developers are identified with API Keys and usage is monitored accordingly
- Enterprise: Goes beyond just developer registration, adding tight controls on sensitive data, integration with enterprise systems such as Identity Management and event monitoring (SIEM, Splunk, etc).
These axes are orthogonal. Using these axes, APIs divide into six categories. Let's look at the categories:
Open External APIs
These are APIs which are open to anybody to access. Usually they take the form of read-only public data feeds.
An example is the Nobel Prize API, which allows a developer to query information about Nobel Prize winners. Another example is the Massachusetts Roadway Events API, which provides developers with access to the (many) roadworks projects happening in Massachusetts at any given moment.
External APIs requiring Registration
These are APIs which are open to any developer to use, but require registration. Once a developer registers, they typically get an API Key. It's important to note that the API Key is not necessarily used for authentication, but instead it is used for identification of the app developer. In this way, the API publisher can apply limits to the usage of their API, and track the usage also.
An example is the US Postal Service's Shipping API. Any developer can use this, but they must register first. The Google Maps API is another good example of a Managed External API. API Keys are required in order to use this API, but any developer can sign up for it. Another example is the Staples API which allows the Staples catalog to be queried. The data is not sensitive, but the developer access is controlled with API Keys.
External Enterprise APIs
These APIs are used to conduct business, or to access sensitive data such as health records. Documentation and information about the API is sometimes public, as in the case of some payments APIs. In many cases though, developer access to the API is by invitation only, and the documentation may be private. An example is a large HMO in the US which provides an API to retrieve patient prescription information. Access to this API is tightly controlled. Another example, in the B2B space, is a large 401.K provider which allows its corporate customers to provision their new employees with 401.K plans via an API. Access to this API is also tightly controlled.
Other examples of Enterprise External APIs come from the "Internet of Things" where devices such as electricity meters transmit sensitive information via APIs, and this data must be tightly protected.
Enterprise External APIs are typically linked to other enterprise systems such as enterprise Identity Management (IdM).
Just like on the Internet, lightweight REST APIs are taking over from heavyweight SOAP services inside the organization. However, SOAP and XML are still a fact of life, which means that Internal APIs typically span both XML and JSON.
Open Internal APIs
An example is a company directory API. It is open to all access.
Internal APIs requiring Registration
In some large organizations, as part of an initiative to allow internal developers to develop apps to be used by company employees, some functionality may be exposed as APIs. Access to these APIs is managed, so that developers can sign up, and usage of the APIs can be monitored. An example is an inventory lookup API, which checks the inventory of a particular item in a warehouse. This may be used to develop internal apps for personnel in the field. Internal developers sign up to use this API, get their API keys, and the API usage is monitored in order to prevent data-mining or excessive usage. However, data sensitivity itself is low.
Internal Enterprise APIs
These include APIs used to access private customer data, which may be subject to regulatory controls. Enterprise-class controls are required for these APIs. Even though its exposure is just internal to the organization, its data sensitivity is high. Remember that many privacy breaches come from inside the organization.
In the financial services sector, these include APIs to perform fund management operations such as buying and selling stock. For example, in one large Mutual Fund company, fund managers required the ability to manage their funds via iPad apps. This required access to Internal Enterprise APIs from iPads. This was delivered using tightly-controlled Internal Enterprise APIs.
In the healthcare sector, this category includes APIs which access patient data from inside hospitals and health insurer systems.
On top of simply registering developers, Internal Enterprise APIs require rules to be in place for sensitive data protection, and for a signed audit trail, to prove which user has accessed the API. Internal Enterprise APIs also must integrate with enterprise Identity Management, such as directories and single sign-on.
It is useful to categorize APIs into different axes, because it allows decisions to be made about how to manage them. It is a fact that the most well-known APIs are open APIs on the Internet, or APIs such as Google Maps for which any developer can obtain API Keys. However, although many people are not aware of them, Enterprise APIs are common and perform vital functions for businesses. They are exposed outside the organization and inside the organization also. By categorizing APIs, we can see their requirements clearly, and manage our APIs accordingly.
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Avere delivers a more modern architectural approach to storage that doesn’t require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbuilding of data centers ...
Feb. 10, 2016 09:00 PM EST
SYS-CON Events announced today that Alert Logic, Inc., the leading provider of Security-as-a-Service solutions for the cloud, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Alert Logic, Inc., provides Security-as-a-Service for on-premises, cloud, and hybrid infrastructures, delivering deep security insight and continuous protection for customers at a lower cost than traditional security solutions. Ful...
Feb. 10, 2016 02:30 PM EST Reads: 423
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 ad...
Feb. 10, 2016 02:30 PM EST Reads: 394
Companies can harness IoT and predictive analytics to sustain business continuity; predict and manage site performance during emergencies; minimize expensive reactive maintenance; and forecast equipment and maintenance budgets and expenditures. Providing cost-effective, uninterrupted service is challenging, particularly for organizations with geographically dispersed operations.
Feb. 10, 2016 01:15 PM EST
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management...
Feb. 10, 2016 12:15 PM EST Reads: 424
SYS-CON Events announced today that VAI, a leading ERP software provider, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. VAI (Vormittag Associates, Inc.) is a leading independent mid-market ERP software developer renowned for its flexible solutions and ability to automate critical business functions for the distribution, manufacturing, specialty retail and service sectors. An IBM Premier Business Part...
Feb. 10, 2016 12:00 PM EST Reads: 620
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, will discuss the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filte...
Feb. 10, 2016 11:00 AM EST Reads: 189
Fortunately, meaningful and tangible business cases for IoT are plentiful in a broad array of industries and vertical markets. These range from simple warranty cost reduction for capital intensive assets, to minimizing downtime for vital business tools, to creating feedback loops improving product design, to improving and enhancing enterprise customer experiences. All of these business cases, which will be briefly explored in this session, hinge on cost effectively extracting relevant data from ...
Feb. 10, 2016 10:45 AM EST Reads: 107
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
Feb. 10, 2016 10:45 AM EST Reads: 248
SYS-CON Events announced today that Pythian, a global IT services company specializing in helping companies adopt disruptive technologies to optimize revenue-generating systems, has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2015 at the Javits Center in New York, New York. Founded in 1997, Pythian is a global IT services company that helps companies compete by adopting disruptive technologies such as cloud, Big Data, advanced analytics, and DevO...
Feb. 10, 2016 10:30 AM EST Reads: 220
With the Apple Watch making its way onto wrists all over the world, it’s only a matter of time before it becomes a staple in the workplace. In fact, Forrester reported that 68 percent of technology and business decision-makers characterize wearables as a top priority for 2015. Recognizing their business value early on, FinancialForce.com was the first to bring ERP to wearables, helping streamline communication across front and back office functions. In his session at @ThingsExpo, Kevin Roberts...
Feb. 10, 2016 09:00 AM EST Reads: 384
As enterprises work to take advantage of Big Data technologies, they frequently become distracted by product-level decisions. In most new Big Data builds this approach is completely counter-productive: it presupposes tools that may not be a fit for development teams, forces IT to take on the burden of evaluating and maintaining unfamiliar technology, and represents a major up-front expense. In his session at @BigDataExpo at @ThingsExpo, Andrew Warfield, CTO and Co-Founder of Coho Data, will dis...
Feb. 10, 2016 09:00 AM EST Reads: 184
SYS-CON Events announced today that iDevices®, the preeminent brand in the connected home industry, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. iDevices, the preeminent brand in the connected home industry, has a growing line of HomeKit-enabled products available at the largest retailers worldwide. Through the “Designed with iDevices” co-development program and its custom-built IoT Cloud Infrastruc...
Feb. 10, 2016 08:00 AM EST
Eighty percent of a data scientist’s time is spent gathering and cleaning up data, and 80% of all data is unstructured and almost never analyzed. Cognitive computing, in combination with Big Data, is changing the equation by creating data reservoirs and using natural language processing to enable analysis of unstructured data sources. This is impacting every aspect of the analytics profession from how data is mined (and by whom) to how it is delivered. This is not some futuristic vision: it's ha...
Feb. 10, 2016 07:45 AM EST Reads: 438
Silver Spring Networks, Inc. (NYSE: SSNI) extended its Internet of Things technology platform with performance enhancements to Gen5 – its fifth generation critical infrastructure networking platform. Already delivering nearly 23 million devices on five continents as one of the leading networking providers in the market, Silver Spring announced it is doubling the maximum speed of its Gen5 network to up to 2.4 Mbps, increasing computational performance by 10x, supporting simultaneous mesh communic...
Feb. 10, 2016 07:00 AM EST
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, will provide an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data profes...
Feb. 10, 2016 12:45 AM EST Reads: 202
SYS-CON Events announced today that Men & Mice, the leading global provider of DNS, DHCP and IP address management overlay solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. The Men & Mice Suite overlay solution is already known for its powerful application in heterogeneous operating environments, enabling enterprises to scale without fuss. Building on a solid range of diverse platform support,...
Feb. 10, 2016 12:00 AM EST Reads: 213
One of the bewildering things about DevOps is integrating the massive toolchain including the dozens of new tools that seem to crop up every year. Part of DevOps is Continuous Delivery and having a complex toolchain can add additional integration and setup to your developer environment. In his session at @DevOpsSummit at 18th Cloud Expo, Miko Matsumura, Chief Marketing Officer of Gradle Inc., will discuss which tools to use in a developer stack, how to provision the toolchain to minimize onboa...
Feb. 9, 2016 07:45 AM EST Reads: 108
SYS-CON Events announced today that Fusion, a leading provider of cloud services, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Fusion, a leading provider of integrated cloud solutions to small, medium and large businesses, is the industry's single source for the cloud. Fusion's advanced, proprietary cloud service platform enables the integration of leading edge solutions in the cloud, including clou...
Feb. 6, 2016 03:30 PM EST Reads: 768
Most people haven’t heard the word, “gamification,” even though they probably, and perhaps unwittingly, participate in it every day. Gamification is “the process of adding games or game-like elements to something (as a task) so as to encourage participation.” Further, gamification is about bringing game mechanics – rules, constructs, processes, and methods – into the real world in an effort to engage people. In his session at @ThingsExpo, Robert Endo, owner and engagement manager of Intrepid D...
Feb. 5, 2016 09:00 PM EST Reads: 829