Welcome!

@ThingsExpo Authors: Elizabeth White, Yeshim Deniz, Zakia Bouachraoui, Liz McMillan, William Schmarzo

Related Topics: @ThingsExpo, Microservices Expo, @CloudExpo, @DXWorldExpo

@ThingsExpo: Blog Feed Post

Rise of the Thing - Internet of Things

The Internet of Things (IoT) is giving rise to a whole new set of protocols for API access

Here are some predictions for the API space for 2014:

Rise of the Client
It's generally agreed that an API is only as good as the clients which use it. An unused API is a failure. So that's why it's odd that so much attention has focused on the server side of APIs, with comparatively little attention paid to the client side (there are exceptions though, like Runscope's handy Request Editor and hurl.it, to help developer API clients).

If you ask an API provider about how their API is going to be called by clients, often you are met with a hand-wavy answer along the lines of "It's REST, so it's easy". While it may be true that it's easy to hack together a client to call the API that "just works", the problem is that that's all it does. It "just works", but doesn't provide the high-level benefits such as:
- Ensuring the API is responding according to your expected service level
- A broker layer so that you're not locked into any particular API provider, or:
- API orchestration

At Axway we've seen that our API Gateway is frequently used at the Client Side, adding a layer of visibility and control to API usage from the client's point of view, as well as providing an independent audit log of API usage, separate from the logs provided by the API provider. All of this points to the rise of the client.

Another major factor involving the rise of the important of the API client is raft of new protocols associated with Machine-to-Machine API access, used in smart-meter or "connected car" environments for example. Which leads us nicely on to the next prediction...

Rise of the Thing
(hat-tip to Zahid Ghadialy from EE for this title, taken from his excellent recent presentation)

The Internet of Things (IoT) is giving rise to a whole new set of protocols for API access. Until recently, it was taken for granted that JSON is all-conquering and predominant. In my view, the popularly of JSON for APIs is as much to do with the widespread usage of dynamic languages on the client side (JavaScript in particular, of course) as it is to do with the smaller size of JSON relative to XML.

In the word of IoT, with embedded devices on the client and greater bandwidth constraints, it's not the case that clients will always be JavaScript based and expecting JSON. In IoT, we see MQTT, CoAP, and AMQP. All different, but all existing to deal with the low-latency and message size constraints of IoT devices. In this case, it isn't possible to simply throw together a REST client with JavaScript on the client - the result would be hopelessly inefficient since even JSON is too verbose. Ironically, with the IoT standards we are back to binary encoding, something I wrote about (BER encoding for XML) way back in 2002.

I would also watch Google's Protocol Buffer, which with protobuf.js provides JavaScript without the JSON size overhead.

Going Meta
In the world of SOA, we saw that each Web Service could be associated with metadata expressed using WS-PolicyAttachment with WSDL. The mention of any WS-* specification is enough to make anyone cringe, but in the case of SOA, at least there were standards for attaching meta-data to services.

In the case of APIs, we have sites such as ProgrammableWeb which provide human-readable information about APIs. But this is not the same as machine-readable information which a client can consume, conveying information how to call the API, security tokens (e.g. OAuth 2.0 Access Token) required, and expected response times.

Ole Lensmar wrote a great round-up of the API metadata options, back in the summer (now you would add RAML to this list). For Enterprise APIs, with security and quality-of-service requirements, I expect API metadata to grow in importance in 2014.

Traditional and API-based Integration continue to converge
Axway got a jump on this trend back in late 2012, with the acquisition of Vordel. In fact, at the time of the Vordel acquisition, Kin Lane foretold that "I predict in 2013-2015 we are going to see more of these types of acquisitions occurring. Large software companies are going to need a robust set of API tools to bring legacy systems into the modern, API driven economy." And how right he was! 2013 saw a slew of further acquisitions. I would hope that my predictions could be as accurate as Kin's.

There is clearly a need to take advantage of API-based integration, but in tandem with more traditional integration technologies. It's not a case of "either/or". Here at Axway, with API-based integration incorporated into our portfolio, we provide customers with a single suite solution covering B2B, APIs, managed file transfer, and even email security. In 2014, APIs will not be an isolated "new new thing", but will be working in tandem with traditional integration technologies.

SOA and APIs no longer adversarial
Paolo Malinverno from Gartner likes to say that "When people talk about APIs and Services, 99% of the time they are talking about the same thing". One of the big take-aways of the recent Gartner AADI conference was that we've gotten over the adversarial talk of "SOA versus APIs" and now there is a realization that they are linked. The linkage goes both ways. For example, APIs can be built on SOA principles (loosely-coupled, abstracting underlying implementation details), and SOA architecture itself can be used to manage APIs. Ideas from SOA, such as management of service meta-data in a repository, find new life in API Management with customizable API Catalogs in API Developer Portals.

In 2014, I expect to see more healthy realization that SOA principles are complimentary to API Management,

More API Breaches
Finally, on a less positive note, I believe we will see more successful attacks on APIs. In 2013 we had the attack on Buffer's API and, just last week, the attack on Snapchat's API. Earlier in the year we saw DoS attacks on banking websites which also brought down Web APIs (resulting in some banking mobile apps becoming unusable). One of the key things which API Gateways do is to protect APIs from attack. Of course, they also provide more positive advantages like API Quota Management, caching, and REST-SOAP transformation. But, with growing awareness of API breaches, the security factor will grow in 2014.

Happy 2014 everyone!

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

IoT & Smart Cities Stories
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactu...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
AI and machine learning disruption for Enterprises started happening in the areas such as IT operations management (ITOPs) and Cloud management and SaaS apps. In 2019 CIOs will see disruptive solutions for Cloud & Devops, AI/ML driven IT Ops and Cloud Ops. Customers want AI-driven multi-cloud operations for monitoring, detection, prevention of disruptions. Disruptions cause revenue loss, unhappy users, impacts brand reputation etc.
Apptio fuels digital business transformation. Technology leaders use Apptio's machine learning to analyze and plan their technology spend so they can invest in products that increase the speed of business and deliver innovation. With Apptio, they translate raw costs, utilization, and billing data into business-centric views that help their organization optimize spending, plan strategically, and drive digital strategy that funds growth of the business. Technology leaders can gather instant recomm...
OpsRamp is an enterprise IT operation platform provided by US-based OpsRamp, Inc. It provides SaaS services through support for increasingly complex cloud and hybrid computing environments from system operation to service management. The OpsRamp platform is a SaaS-based, multi-tenant solution that enables enterprise IT organizations and cloud service providers like JBS the flexibility and control they need to manage and monitor today's hybrid, multi-cloud infrastructure, applications, and wor...
The Master of Science in Artificial Intelligence (MSAI) provides a comprehensive framework of theory and practice in the emerging field of AI. The program delivers the foundational knowledge needed to explore both key contextual areas and complex technical applications of AI systems. Curriculum incorporates elements of data science, robotics, and machine learning-enabling you to pursue a holistic and interdisciplinary course of study while preparing for a position in AI research, operations, ...
After years of investments and acquisitions, CloudBlue was created with the goal of building the world's only hyperscale digital platform with an increasingly infinite ecosystem and proven go-to-market services. The result? An unmatched platform that helps customers streamline cloud operations, save time and money, and revolutionize their businesses overnight. Today, the platform operates in more than 45 countries and powers more than 200 of the world's largest cloud marketplaces, managing mo...
I spend a lot of time helping organizations to “think like a data scientist.” My book “Big Data MBA: Driving Business Strategies with Data Science” has several chapters devoted to helping business leaders to embrace the power of data scientist thinking. My Big Data MBA class at the University of San Francisco School of Management focuses on teaching tomorrow’s business executives the power of analytics and data science to optimize key business processes, uncover new monetization opportunities an...
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud workloads, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and investigation, enabling better, faster protection. With more than 6,00...