Welcome!

IoT Expo Authors: Mark O'Neill, Jnan Dash, Pat Romanski, Liz McMillan, Elizabeth White

Related Topics: IoT Expo, Java, SOA & WOA, Cloud Expo

IoT Expo: Blog Feed Post

Look Beyond The Mobile or Web Client To The Internet of Things

Ten API Commandments for Consumers

Kin Lane, the API Evangelist, has produced a list of the Ten API Commandments for Providers. It's a very good list, including privacy, security, and documentation. I encourage everyone to read it and comment.
What about the corresponding list for API Consumers? Although I don't want to compare myself to a biblical figure (or indeed to Kin Lane :) ), here is my crack at a list of API commandments for consumers:

1. Protect your API Keys. API Keys are often issued to developers through an API Portal to use in their apps. These API Key allow developers to access apps. Sometimes the keys are used in conjunction with OAuth, or sometimes they are used in a pure API Key based authentication scheme. It is natural for developers to use Github as a repository for their code. But, what if the API Key is baked into the code of your API consumer app? Ross Penham recently wrote about the disturbing amount of API Keys which he found in Github. A good solution is to use an API Gateway to manage the API keys, separately from the API consumer application itself.


2. Understand how APIs affect your client app's performance. If an API call is slow, then your app is slow. Users may then understandably complain. What if the problem is not your app itself, but an API it's consuming? How you can isolate the problem, so that you can see how a slow API is affecting your users? The answer is to have Root-Cause Analysis in place for your APIs. Here is an example of how you can track the response times of the SalesForce.com API. Here is another example, this time from the mobile telco 3 in the UK. In this way, you can point your finger at the problem, and apply root-cause analysis.

3. Apply the "Missing SLA". API Providers often do not provide a Service Level Agreement (SLA). Unless you are a very large corporation, spending a lot of money on API calls, you may not be able to force them to put an API in place for you. Again taking the example the SalesForce.com API, here is a walk-through with videos of how you can apply monitoring and an SLA in place for your outbound API calls.

4. Think about the data. When calling an API, it's natural to think about the security of the API call itself. Commandment #1 above is about securing the keys used for the API call. But what about the data being sent to the API? In many cases, you can think of an API as a conduit for data. If this data contains anything private, in terms of what is called PII (Personally Identifiable Information), then it must be encrypted, redacted, tokenized, or removed by an API Gateway.

5. Plan beyond asynchronous request response - think about WebSockets, AMQP, MQTT, and CoAP. HTML WebSockets are an exciting technology which we're seeing customers begin to leverage for their API consumption. WebSockets brings some great capabilities, such as full-duplex communication with the capability for APIs to "push" data to the client. But, it also brings security questions, and a veritable alphabet soup of new protocols beyond HTTP. The good news is that companies like Axway are thinking about the interplay and security of these new protocols. For more reading, I recommend checking out December's AMQP WebSocket Binding (WSB) which was drafted with help from my Axway colleague Dale Moburg.

6. Loose Coupling. Yes, "Loose Coupling" is something that isn't new - in fact it is a dictum of SOA-based integration from ten years ago. However, it is just as relevant now. Don't hard-code your API consumer to a particular version of an API. In fact, by putting an API Gateway in place, you don't even have to hard-code your API to a particular API (e.g. you can switch between different storage services).

7. Don't hate HATEOAS. HATEOAS is something that some API developers struggle to understand (or even pronounce), but it is very valuable because HATEOAS provides a framework for API calls which describe the "flow" of calls which a client can make. Even if you don't plan on using HATEOAS initially, and are just constructing quick-and-dirty API calls using string manipulation, it is still worth understanding.

8. Look beyond the Mobile or Web client to the Internet of Things. Until recently, API clients were assumed to usually be mobile devices. In fact, if you see a diagram on a Powerpoint slide of an API being called, it is usually a mobile app which is doing the calling. Now, we're moving on to the "Internet of Things" (IoT). IoT raises interesting requirements for API Consumers. For example, how can a low-powered device (like a lightbulb) perform the requisite processing required to access an API? What about devices which have intermittent Internet connections (e.g. a Connected Car, which may not always be online). At Axway, we've produced a Webinar and associated White Paper with Gunnar Peterson on the new security requirements when accessing APIs in the Internet of Things. I encourage folks to check this out.

9. Take a broad view of APIs: XML is unfashionable but still exists. If you look at some APIs used in business-to-business contexts, you often see the more heavyweight XML-based standards like AS2 and ebXML used. For example, later this week we are running a Webinar about accessing Australian Government "Superfund" services, and this uses an API which heavily XML-based. You won't find "I AS2" or "I ebXML" written on a sticker on the back of a MacBook Pro anytime soon, but if you are writing API Consumer apps which will access Enterprise APIs, you ignore these older types of APIs at your peril.

10. Spread the word. Here I echo Kin's commandment to spread the word - to evangelize - your API exploits. In the case of API Consumers, this is just as important as API Providers. On our API Workshop tours, we've had API practitioners speaking about how they are using APIs. Watch this space for news on our upcoming API Workshops, and feel free to get in touch if you have any great API Consumer stories, or tips to add to these Ten Commandments :)

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

Latest Stories from IoT Journal
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With “smart” appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user’s habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can’t be addressed without the kinds of agile software development and infrastructure approaches pioneered by the DevOps movement.
The worldwide cellular network will be the backbone of the future IoT, and the telecom industry is clamoring to get on board as more than just a data pipe. In his session at Internet of @ThingsExpo, Evan McGee, CTO of Ring Plus, Inc., to discuss what service operators can offer that would benefit IoT entrepreneurs, inventors, and consumers. Evan McGee is the CTO of RingPlus, a leading innovative U.S. MVNO and wireless enabler. His focus is on combining web technologies with traditional telecom to create a new breed of unified communication that is easily accessible to the general consumer. With over a decade of experience in telecom and associated technologies, Evan is demonstrating the power of OSS to further human and machine-to-machine innovation.
Whether you're a startup or a 100 year old enterprise, the Internet of Things offers a variety of new capabilities for your business. IoT style solutions can help you get closer your customers, launch new product lines and take over an industry. Some companies are dipping their toes in, but many have already taken the plunge, all while dramatic new capabilities continue to emerge. In his session at Internet of @ThingsExpo, Reid Carlberg, Senior Director, Developer Evangelism at salesforce.com, to discuss real-world use cases, patterns and opportunities you can harness today.
The Industrial Internet of Things represents a tremendous opportunity for innovative companies looking to unlock new revenue sources by packaging their products with new digital services, says Accenture (NYSE:ACN) in its new report, “Driving Unconventional Growth through the Industrial Internet of Things.” Combining sensor-driven computing, industrial analytics and intelligent machine applications into a single universe of connected intelligent industrial products, processes and services, the Industrial Internet of Things generates data essential for developing corporate operational efficiency strategies. However, the Accenture report finds that the Industrial Internet of Things also provides a rich opportunity to drive revenue growth through new, innovative and augmented services for a rapidly expanding marketplace.
littleBits Electronics, the company putting the power of electronics in everyone’s hands, today announced the launch of the bitLab, an app store for user-generated hardware. The marketplace furthers littleBits’ goal to democratize the hardware revolution, giving hardware developers the tools and ecosystem to develop and sell their own littleBits modules. "When Apple launched the App Store, many apps were games, many were frivolous. But now - 6 years later - there are more than 1.3 million apps that have distributed nearly $15 billion to the software developer community,” said Ayah Bdeir, CEO and founder of littleBits. “And those apps are solving huge problems, from cancer detection to transportation and anything in between. We believe the same thing will happen with hardware - developers just need one common platform to develop on, a supply chain that powers it, and a marketplace for community and distribution. We believe the bitLab will be the hardware industry’s solution to innovation, scale and growth.”
It's time to condense all I've seen, heard, and learned about the IoT into a fun, easy-to-remember guide. Without further ado, here are Five (5) Things About the Internet of Things: 1. It's the end-state of Moore's Law. It's easy enough to debunk the IoT as “nothing new.” After all, we've have embedded systems for years. We've had devices connected to the Internet for decades; the very definition of a network means things are connected to it. But now that the invariable, self-fulfilling prophecy of Moore's Law has resulted in a rise from about 10,000 transistors on a chip in 1980 to more than 2.5 billion today, our systems are powerful enough and fast enough to deliver long-imagined dreams. There simply was not enough bandwidth even a decade ago to the dataflows from tens of billions of sensors, billions of phones and tablets, and tens of millions of enterprises. Systems were not powerful enough to process such large amounts of data, nor could they handle software sophisticated enough to make sense of it all. Now, everything is up to speed. Moore's Law will continue, future systems will continue to make past systems look quaint and comical. But the paradigm will shift n...
Internet of @ThingsExpo announced today a limited time free "Expo Plus" registration option. On site registration price of $600 will be set to 'free' for delegates who register during this period. To take advantage of this opportunity, attendees can use the coupon code "IoTAugust" and secure their "@ThingsExpo Plus" registration to attend all keynotes, as well as limited number of technical sessions each day of the show, in addition to full access to the expo floor and the @ThingsExpo hackathon. Registration page is located at the @ThingsExpo site.
The Internet of Things promises to transform businesses (and lives), but navigating the business and technical path to success can be difficult to understand. In his session at Internet of @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show you how to approach creating broadly successful connected customer solutions using real world business transformation studies including New England BioLabs and more.
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, will discuss single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example to explain some of these concepts including when to use different storage models.
Code Halos – aka “digital fingerprints” - are the key organizing principle to understand a) how dumb things become smart and b) how to monetize this dynamic. In his session at Internet of @ThingsExpo, Ben Pring, Co-Director (AVP), Center for the Future of Work at Cognizant Technology Solutions, will outline research, analysis and recommendations from his recently published book on this phenomena on the way leading edge organizations like GE and Disney are unlocking the IoT opportunity and what steps your organization should be taking to position itself for the next platform of digital competition.
There are dozens of disruptive, innovative, truly ground-breaking connected devices on the market today. Most of them, however, have not achieved anything close to the kind of ubiquity that they are seeking. Why? Because in the wearable tech industry, innovation alone is not enough. In order to be adopted by mainstream audiences, a device must be both disruptive and unobtrusive – it must slip into our lives without us having to adjust our behavior, or even really think about its presence. In his session at Internet of @ThingsExpo, Gilles Bouchard, CEO of Livescribe, will discuss the role that design plays in reaching mainstream consumers.
In his @ThingsExpo presentation, Aaater Suleman will discuss DevOps, Linux containers, Docker in developing a complex Internet of Things application. The goal of any DevOps solution is to optimize multiple processes in an organization. And success does not necessarily require that in executing the strategy everything needs to be automated to produce an effective plan. Yet, it is important that processes are put in place to handle a necessary list of items. Docker provides a user-friendly layer on top of Linux Containers (LXCs). LXCs provide operating-system-level virtualization by limiting a process's resources. In addition to using the chroot command to change accessible directories for a given process, Docker effectively provides isolation of one group of processes from other files and system processes without the expense of running another operating system.
It's the Great Convergence! That is, the convergence of the IoT and WebRTC. “From telemedicine to smart cars, digital homes and industrial monitoring, the explosive growth of IoT has created exciting new business opportunities for WebRTC, real time calls and messaging,” says Ivelin Ivanov, CEO and Co-Founder of Telestar. Ivelin will be one of the featured speakers at our @WebRTCSummit, to be held Nov 4-5 as part of the overall @CloudExpo @ThingsExpo conference and exhibition Nov 4-6, at the Santa Clara Convention Center, Santa Clara, CA. In his session, Ivelin promises to share “some of the new revenue sources that IoT created for Restcomm - the open source telephony platform from Telestax.” Unmistaken Identity @WebRTCSummit Conference Chair Peter Dunkley, based in the UK at Acision, says “we are reaching the end of the beginning with WebRTC and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment--in some form or another--is identity management.” “For example,” he says, “if you have an existing service - possibly built on a variety of different PaaS/SaaS offerings - and you want to add real-time communications you are...
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
IoT is still a vague buzzword for many people. In his session at Internet of @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, will discuss the business value of IoT that goes far beyond the general public's perception that IoT is all about wearables and home consumer services. The presentation will also discuss how IoT is perceived by investors and how venture capitalist access this space. Other topics to discuss are barriers to success, what is new, what is old, and what the future may hold.