[This article was written by Ed Anuff, VP of product strategy at Apigee.]
Many developers and architects see APIs as simply a step in the evolution of the integration-based architectures that have long been used within enterprise IT.
This is a limited view, however.
While service-oriented architectures (SOA) often address the needs of corporate information system integration, today’s digital businesses must expose data via mobile apps, and this comes with a whole new set of demands. As a result, APIs – which serve as the underlying glue connecting data to these apps – are becoming a foundational technology in the development of modern enterprise applications and much more than a SOA replacement.
The iPhone triggered a landslide
Traditional SOA models discrete information systems or components as services, which are accessible over a network via well-defined protocols and data formats. This enables independent development and the evolution of cooperating systems without the need to employ a common technology base. This, in turn, gives companies flexibility in managing discrete business functions, which translates to operational efficiency. SOA served as a useful model for IT integration until…
The introduction of the iPhone in 2007 changed everything; it triggered a landslide of disruption in information systems. The viral spread of smartphones and the advent of tablets, along with advances in browser technologies, brought new interactivity, style, and power to Web applications, and enabled consumers to carry the Web around with them. This change created the need for a way to connect corporate information systems with remote systems and mobile devices, in a way that SOA can’t.
At first, making this adjustment proved difficult for many organizations. Some of the first SOA implementations were done by centrally based architecture teams that were enamored of the elegance of a unified architecture but were removed from the realities of day-to-day application development. Moreover, many of the concepts of distributed computing that architecture teams worked with were still relatively unfamiliar to most application teams.
We’re now at a point where an entire generation of developers has come of age in the era of the Internet, and API-centric IT – which has different goals than simple enterprise integration - is moving in.
APIs – security and control in the “engagement layer”
APIs aren’t a replacement for SOA and legacy systems. Rather, they can act as a façade in front of these systems; adding this layer fosters digital ecosystems by enabling developer portals and analytics. APIs offer the ability to hide complexity and expose functionality in an easily consumable way, via an “engagement layer.”
This approach enables IT departments to use APIs to foster innovation and move with the speed and the agility necessary for the engagement layer, while maintaining the stability, security, and control needed in the legacy back-end systems.
For example, an app developer can’t simply access a typical internal system at a Fortune 500 company. Providing this kind of access requires a very deliberate, thoughtful, and secure process on behalf of the business.
APIs are key to crossing the chasm between the requirements centralized IT demands and the new digital economy. Security can be built into the APIs themselves, but threat protection, identity services, infrastructure security, and compliance must also be considered.
To that end, API governance has emerged as a new area of focus in today’s enterprise architecture, separate and distinct from SOA governance. API governance concerns itself with providing standardized conventions for documentation and consistent security and access control mechanisms.
It exists in support of the application teams rather than the centralized IT resources and, as a consequence, is not prescriptive except in a few vital areas, such as defining standards for security mechanisms including OAuth.
Enterprises can no longer afford to view APIs as simply an extension and evolution of integration-based architectures. APIs have become the foundational technology necessary to meet the new expectations of how corporate information systems connect with remote systems and mobile devices.An API-centric approach is the only way to surmount the challenges of providing the right content and capabilities at the right moment for the right person on any number of devices.