Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

What Are Concerns With Integration and APIs?

DZone's Guide to

What Are Concerns With Integration and APIs?

There is a broad range of concerns around integration and APIs, with the most predominant being security, tools, and being business-centric.

· Integration Zone ·
Free Resource

The new Gartner Critical Capabilities report explains how APIs and microservices enable digital leaders to deliver better B2B, open banking and mobile projects.

To gather insights on the state of integration, API design, and API management, we spoke with 19 executives who are familiar with integration and APIs and asked them, "What are your biggest concerns around integration today?"

Here's what they told us:

Security

  • Implementation level provides APIs and services to integrators while maintaining a certain level of service. We provide an API with documentation and developers figure out the most creative way to use the API rather than following best practices. You must be able to detect and isolate as soon as possible. Employ security around APIs to provide the best UX.
  • The top concern would be information security. This is at multiple levels. The first would be at the level of API design itself — the choice of authentication mechanism, data encryption in transit over the communication channel, etc. Most developers overlook these aspects or implement them poorly leading to security issues. Then comes the implementation of each API call where developers must ensure the authorization rules of the application are enforced on each call. Also important is the decision about what actions can be exposed as an API, including determining if those actions should further be limited to each user or each user role. This layer of implementation should also take care of applying security filters, based on validating the input data. Developers must expect recurring cyber attacks through the API channel and protect it by validating data for malicious inputs, sanitizing and allowing only safe operations. The lack of awareness in such aspects is a huge concern. Finally, the developers also should be aware that the data consumed from their app through their API is no longer in their control. This aspect goes beyond technology, and hence there must be a clear agreement on the terms of use between applications — how the data will be used and the implications.
  • Security. Developers need to ensure that their users can only access the data and services to which they're entitled. The traditional way to achieve that has been to implement complex access rules in the application backend – MongoDB Stitch takes care of this, letting developers configure rules using simple JSON documents.
  • Lack of security is a big concern when it comes to API management and integration. By making its API available, an organization opens up the backend of its solutions or platforms for anyone to access and use. This creates security implications. Developers should spend enough time while building integration to keep users’ data safe. Fine-grained permissions are most desirable. Have the API source code checked by an expert to test whether it could be abused or misused by a malicious user? Think about what data gets exposed to apps/integrations built on top of their APIs.

Tools

  • I think we’re at a point where we have a host of powerful and accessible tools to build the next generation of integrated systems, but we need to be mindful of the discipline it takes to use them well. A platform is only as good as the value it presents to a business, no matter how cool the technology is. We should design platforms that don’t shy away from hairy integration tasks, but also make it effortless to integrate with modern, standards-aligned systems.
  • Embrace the cloud. Step away from the complexity of old integration tools. Explore API design and identify services that are out there and how to get APIs to communicate. There are no standards. Make sure you expose metadata on how to interact. Change from SOAP for RESTful APIs. It’s hard to understand what APIs can do. You need documentation.
  • Help identify integrations that drive solutions for customers. There are a lot of choices today in the SaaS world. This will create complexity both from a user experience perspective as well as a systems management perspective. The reality is that there need to be tools that can bring together capabilities without causing confusion about which tool should be used to solve a specific problem.

Business-Centric

  • As products are developed with integration in mind, consumers and organizations will make decisions based simply on whether something integrates with something else out of the box rather than determining the best solution for the job and then building the integration between those systems.
  • Point-to-point desire to move quickly and overlook the best way to approach. Leading companies think in those terms, many aren’t and will have a mess down the road if they don’t have a hybrid integration platform. If you don’t lay out your strategy you are creating problems and silos. Take an API-first look.
  • There’s more need for integration. The standardization already exists. Everyone opened interfaces. Now, with Swagger 2.0, we have a common way of talking. More opportunity than ever before. Need to be more business-centric than before. The only thing that can slow down the proliferation of APIs and integration are developers trying to write everything without focusing on putting business logic in the API. Buy versus build to ensure the acceleration of development.
  • Legacy-based apps. Monolithic apps. Financial services and healthcare want APIs so they can be active participants in the digital economy. How do we enable different companies to transition to an API economy without hindering the speed of development?
  • So many systems with all wanting to do the same thing in the CI/CD space. Which ones do you integrate with? Focus on the leaders. How do you keep up with open source? Provide an easy path for others to use your API to build their own. What does your customer expect and what is their trust level?
  • Deep integration of big players: you should treat big companies the same way you treat others. We can't tell how Facebook or Twitter will age. What will happen if suddenly tomorrow they decide to shut down their API access? I'm not saying you shouldn't deal with them, simply put them on the same level as others.
  • LOBs depend on fast analytics and connected, trusted data across cloud and on-premises. The biggest concern as companies are shifting to the cloud is managing and integrating data across multiple cloud applications (PaaS, SaaS, IaaS) and hybrid deployments across cloud and on-premises. The point solutions create more overhead on IT and increase TCO. What is needed is a single enterprise cloud data management platform to tackle all the integration and data management needs.

Other

  • People adopting iPaaS and cloud-based infrastructure need to understand how iPaaS connects to microservices.
  • Don’t stick your head in the sand. This is a tremendous opportunity. Create a disruptive experience with APIs.
  • Performance and reliability depend on the system we’re integrating with. We get blamed if the integration doesn’t work. SLA’s may be defined but they’re not easy to prove, and ultimately the customer doesn’t care who’s responsible, they just know their applications are not integrating.

What are your concerns around integration, API design, or API management at this time?

Here’s who we talked to:

  • Murali Palanisamy, E.V.P., Chief Product Officer, AppViewX
  • Kevin Fealey, Director of Automation and Integration Services, Aspect Security
  • Max Mancini, VP of Ecosystem, Atlassian
  • Shawn Ryan, V.P. Product Marketing, Digital as a Service, Axway
  • Parthiv Patel, Technical Marketing Manager, Built.io
  • Chaitanya Gupta, CTO, Flock
  • Anwesa Chatterjee, Director of Product Marketing,  Informatica Cloud
  • Simon Peel, CMO, Jitterbit
  • Keoki Andrus, VP of Products and Steve Bunch, Product Manager APIs and Integrations, Jive
  • Rajesh Ganesan, Director of Product Management, ManageEngine
  • Brooks Crichlow, Vice President, Product Marketing, MongoDB
  • Derek Smith, CEO, Naveego
  • Guillaume Lo Re, Senior Software Engineer, Netvibes
  • Vikas Anand, V.P. Product Management and Strategy – Integration, Oracle
  • Keshav Vasudevan, Product Marketing, SmartBear
  • Kevin Bohan, Director of Product Marketing Manager, TIBCO
  • Pete Chestna, Director of Developer Engagement, Veracode
  • Milt Reder, V.P. of Engineering, Yet Analytics

The new Gartner Critical Capabilities for Full Lifecycle API Management report shows how CA Technologies helps digital leaders with their B2B, open banking, and mobile initiatives. Get your copy from CA Technologies.

Topics:
integration ,api design ,api management ,api

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}