Click here to close now.

Welcome!

DevOps Journal Authors: Bob Gourley, Trevor Parsons, Elizabeth White, Stackify Blog, Carmen Gonzalez

Related Topics: DevOps Journal, MICROSERVICES, Cloud Expo, Apache

DevOps Journal: Blog Feed Post

API Axes - Categorizing APIs By @Axway | @DevOpsSummit [#DevOps]

This week there has been a great discussion between David Berlind of ProgrammableWeb and Kin Lane of APIEvangelist.com

This week there has been a great discussion between David Berlind of ProgrammableWeb and Kin Lane of APIEvangelist.com, on the topic of categorizing Public and Private APIs. David quotes my ProgrammableWeb piece on Uber and ESPN, which talks about different API strategies, public and private. He makes some great points on the fact that many APIs are not fully public. I thought I'd expand on it here:

I believe there are two axes which can be considered:

First of all, let's look at API Exposure. The two categories are:
  • External : Able to be used outside the organization.
  • Internal : Used only inside the organization
Secondly, let's look at API Management. It may be one of three categories:
  • Open: Anybody can use the API, anonymously with no controls
  • Requires Registration: Has a public registration page ("API Developer Portal"), where developers can sign up for an API Key. Developers are identified with API Keys and usage is monitored accordingly.
  • "Dark" APIs: I first heard this term used by Anand Shamra from Cisco. I like the analogy with Dark Matter, which is all around us, but we don't see it. These are APIs without a public registration page. As an example, there is no public Pandora API, but hardware manufacturers such as Roku still can connect to Pandora via an API.
These axes are orthogonal. Using these axes, APIs divide into six categories. I've put them into a table below:


External
Internal
Open No registration required. Usually they take the form of read-only public data feeds. An example is the Nobel Prize API, which allows a developer to query information about Nobel Prize winners. Another example is the Massachusetts Roadway Events API. Open to all internal access, for example a Company Directory API. Note that API Management (specifically, an API Gateway/proxy) may still be used to monitor usage and protect against abuse such as data-harvesting.
Requires Registration Requires the developer to register, and may have an approval process before they gain access, e.g. the CVS Caremark API. Anyone can read the documentation, but developers have to register to use the API. These APIs may have a DaaS (Data as a Service) approach, like the Dun and Bradstreet D&B Direct API. Internal corporate API Developer Portals. Many large organizations use internal API Developer Portals to manage API usage across teams, which often include partners such as Systems Integrators. The general public cannot access the developer portal.
"Dark" No public developer page, and based on a business relationship. Often these take the form of B2B APIs between companies. An example is a 401.K provider which uses APIs to receive allocation amounts from its corporate clients, through an API Gateway. Inter-government APIs for sensitive intelligence data sharing also fit into this category. Developer access may be "by invitation only". These APIs often are use SOAP or XML because they are not designed for open use. e.g. manufacturing system APIs or drug-trial lookup APIs used in pharmaceutical companies. These often still take the form of SOAP Web Services since they have not been designed to encourage widespread developer access.


This is a fruitful area of debate, so I've anticipated some of the questions below:

Q&A:

Q: "Why not say 'Private' APIs instead of 'Dark' APIs?"
A: I feel that 'Private' has too much potential confusion with "internal".

Q: "Does 'open' mean there are no security or API management requirements?"
A: Since I work for an API Management vendor (Axway), you can expect me to answer "of course not!" here :-). But, realistically, if  an API is fully open to the world, that is all the more reason to ensure that it's not subject to misuse such as data-harvesting, denial-of-service, or attempts at application-layer attacks. You should also keen track of how its being used, using API usage analytics. In particular, internal "open" APIs are precisely the APIs which can be subject to internal attacks, often by attackers who get onto the internal network by (for example) compromising weak WiFi security. Access to these APIs must still be monitored and logged. Consider the example of Sony Pictures which, by some accounts, was the subject of an insider attack.

Q: "Could you not say that an API with an external developer portal is still an 'Open' API, because anyone can (at least in theory) use it once they are approved?"
A: In many cases, the API which requires registration is linked to a business relationship. For example, in the case of the D&B  API which has a "Data as a Service" model (which you can read about more in this account of our API Workshop presentation by D&B recently), the API is an important new revenue channel and access is metered by an API Gateway. Here I'm using "Open" to mean that anyone can access the API without any kind of registration.

Q: "Could you say that some internal APIs are only 'Dark' just because nobody knows they exist?"
A: Yes, and these are the wrong kind of Dark APIs. Wired Magazine has noted that "It is insanely easy to hack medical equipment" because many have "embedded web services that allow devices to communicate with one another and feed digital data directly to patient medical records." These are examples of internal APIs which Randy Heffner from Forrester has called "Product APIs". Do you know if devices on your network have product APIs? Are they protected? Do you even know about them? Could an attacker, who can get onto your network, misuse them?

Q: "With 'Deperimeterization', can you not say that 'Everything is an External API'"?
A: This week I visited a customer, a large pharmaceutical, which explained they have a fully "flat" network. However, they still use API Gateways to control access. It's all the more reason to have an API Management layer in place.

This is a hot topic, and I anticipate more debate on it! I suggest everyone follow @DBerlind and @Kinlane on Twitter to take part.

Read the original blog entry...

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

@DevOpsSummit Stories
The move in recent years to cloud computing services and architectures has added significant pace to the application development and deployment environment. When enterprise IT can spin up large computing instances in just minutes, developers can also design and deploy in small time frames that were unimaginable a few years ago. The consequent move toward lean, agile, and fast development leads to the need for the development and operations sides to work very closely together. Thus, DevOps becomes essential for any ambitious enterprise today. This Lunchtime Power Panel at DevOps Summit (http:/...
Plutora Blog on @DevOpsSummit Exceeds 20,000 Reads
SYS-CON Media announced today that @ThingsExpo Blog launched with 7,788 original stories. @ThingsExpo Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. @ThingsExpo Blog can be bookmarked. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago.
SYS-CON Events announced today that Plutora, Inc., the leading global provider of enterprise release management and test environment management SaaS solutions, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Headquartered in Mountain View, California, Plutora provides enterprise release management and test environment SaaS solutions to clients in North America, Europe and Asia Pacific. Leading companies across a variety of industries, including financial services, telecommunications, retail, pharmaceut...
SYS-CON Events announced today that Creative Business Solutions will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Creative Business Solutions is the top stocking authorized HP Renew Distributor in the U.S. Based out of Long Island, NY, Creative Business Solutions offers a one-stop shop for a diverse range of products including Proliant, Blade and Industry Standard Servers, Networking, Server Options and Care Packs. As a trusted supplier, CBS guarantees quality controlled stock levels thanks to an Auto...
SYS-CON Media announced today that 9 out of 10 " most read" DevOps articles are published by @DevOpsSummit Blog. Launched in October 2014, @DevOpsSummit Blog offers top articles, news stories, and blog posts from the world's well-known experts and guarantees better exposure for its authors than any other publication. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce softw...
High-performing enterprise Software Quality Assurance (SQA) teams validate systems that are ready for use - getting most actively involved as components integrate and form complete systems. These teams catch and report on defects, making sure the customer gets the best software possible. SQA teams have leveraged automation and virtualization to execute more thorough testing in less time - bringing Dev and Ops together, ensuring production readiness. Does the emergence of DevOps mean the end of Enterprise SQA? Does the SQA function become redundant? In her session at DevOps Summit, Anne Hungat...
As today’s digital initiatives increasingly combine the continuous delivery model of DevOps with the dynamic deployment environment of public and private clouds, resilience engineering becomes a central concern. How do we mitigate and ideally prevent adverse events like application failures and slowdowns as well as compliance and security breaches while still driving toward ever faster release cycles? Considering resilience to be one of the primary goals of DevOps-centric software delivery is the key. Organizations must balance continuous delivery, integration, and testing with resilience —...
What’s inside the cloud? Hard work. Cloud operators know the world inside the datacenter is gritty. Vendor marketing speak and cloudwashing quickly melt in the heat of SLAs, uptime guarantees, and users who want it now. In his session at DevOps Summit, Hernan Alvarez, Chief Product Officer at Blue Box Group, will deliver an unvarnished look inside the world of cloud operators, from the perspective of someone who lives it. Attendees get a front-row look into the toolkits and processes that enable cloud operators to stand up and manage private clouds end to end. Bring your questions and learn h...
"ElasticBox is an enterprise company that makes it very easy for developers and IT ops to collaborate to develop, build and deploy applications on any cloud - private, public or hybrid," stated Monish Sharma, VP of Customer Success at ElasticBox, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Liaison Technologies, a leading provider of data management and integration cloud services and solutions, has been named "Silver Sponsor" of SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York, NY. Liaison Technologies is a recognized market leader in providing cloud-enabled data integration and data management solutions to break down complex information barriers, enabling enterprises to make smarter decisions, faster.
Cloud is not a commodity. And no matter what you call it, computing doesn’t come out of the sky. It comes from physical hardware inside brick and mortar facilities connected by hundreds of miles of networking cable. And no two clouds are built the same way. SoftLayer gives you the highest performing cloud infrastructure available. One platform that takes data centers around the world that are full of the widest range of cloud computing options, and then integrates and automates everything. Join SoftLayer on June 9 at 16th Cloud Expo to learn about IBM Cloud's SoftLayer platform, explore se...
Enthusiasm for the Internet of Things has reached an all-time high. In 2013 alone, venture capitalists spent more than $1 billion dollars investing in the IoT space. With "smart" appliances and devices, IoT covers wearable smart devices, cloud services to hardware companies. Nest, a Google company, detects temperatures inside homes and automatically adjusts it by tracking its user's habit. These technologies are quickly developing and with it come challenges such as bridging infrastructure gaps, abiding by privacy concerns and making the concept a reality. These challenges can't be addressed w...
SYS-CON Media announced that Splunk, a provider of the leading software platform for real-time Operational Intelligence, has launched an ad campaign on Big Data Journal. Splunk software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. The ads focus on delivering ROI - how improved uptime delivered $6M in annual ROI, improving customer operations by mining large volumes of unstructured data, and how data tracking delivers uptime when it matters most.
SOA Software has changed its name to Akana. With roots in Web Services and SOA Governance, Akana has established itself as a leader in API Management and is expanding into cloud integration as an alternative to the traditional heavyweight enterprise service bus (ESB). The company recently announced that it achieved more than 90% year-over-year growth. As Akana, the company now addresses the evolution and diversification of SOA, unifying security, management, and DevOps across SOA, APIs, microservices, and more.
SYS-CON Events announced today Sematext Group, Inc., a Brooklyn-based Performance Monitoring and Log Management solution provider, will exhibit at SYS-CON's DevOps Summit 2015 New York, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Sematext is a globally distributed organization that builds innovative Cloud and On Premises solutions for performance monitoring, alerting and anomaly detection (SPM), log management and analytics (Logsene), search analytics (SSA), and search enhancement. They also provide exceptional Search and Big Data consulting services a...
Since the dawn of enterprise digital computing, managers have been looking to computer operators to run data processing jobs on those original workhorses of computation. The goal: to generate reports that the managers would use to make decisions on how to run their companies or government agencies. Today, those large binders filled with perforated pages striped in glorious green and white may be long gone, but the batch job – paper report – human decision pattern remains engrained on our managerial consciousness, for better or worse.
Leysin American School is an exclusive, private boarding school located in Leysin, Switzerland. Leysin selected an OpenStack-powered, private cloud as a service to manage multiple applications and provide development environments for students across the institution. Seeking to meet rigid data sovereignty and data integrity requirements while offering flexible, on-demand cloud resources to users, Leysin identified OpenStack as the clear choice to round out the school's cloud strategy. Additionally, the school sought a partner to provide OpenStack infrastructure deployment and operations expert...
Hovhannes Avoyan, CEO of Monitis, Inc., a provider of on-demand systems management and monitoring software to 50,000 users spanning small businesses and Fortune 500 companies, has surpassed 1.5 million page views on the SYS-CON family of online magazines, which includes Cloud Computing Journal, DevOps Journal, Internet of Things Journal, and Big Data Journal. His home page at SYS-CON can be found at Montis.SYS-CON.com
More organizations are embracing DevOps to realize compelling business benefits such as more frequent feature releases, increased application stability, and more productive resource utilization. However, security and compliance monitoring tools have not kept up and often represent the single largest remaining hurdle to continuous delivery. In their session at DevOps Summit, Justin Criswell, Senior Sales Engineer at Alert Logic, Ricardo Lupo, a Solution Architect with Chef, will discuss how to successfully integrate security controls in your DevOps program.
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Raspberry Pi, BeagleBone, Spark and Intel Edison. You will also get an overview of cloud technologies s...
WSM International is launching a DevOps services division that offers assessment, consulting and implementation to large enterprises and organizations with complex infrastructures. This is the first independent services company to create a dedicated practice to help organizations looking to transition to the DevOps model. The concept of DevOps is to blend information technology (IT) software development with operations to optimize the computing infrastructure according to the specific needs of the organization. According to a recent press release (www.gartner.com/newsroom/id/2999017) from Gar...
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 2...
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo – to be held June 9-11, 2015, at the Javits Center in New York City, NY – is now accepting Hackathon proposals. Hackathon sponsorship benefits include general brand exposure and increasing engagement with the developer ecosystem. At Cloud Expo 2014 Silicon Valley, IBM held the Bluemix Developer Playground on November 5 and ElasticBox held the DevOps Hackathon on November 6. Both events took place on the expo floor. The Bluemix Developer Playground, for developers of all levels, highlighted the ease of use of...
“Oh, dev is dev and ops is ops, and never the twain shall meet.” With apoloies to Rudyard Kipling and all of his fans, this describes the early state of the two sides of DevOps. Yet the DevOps approach is demanded by cloud computing, as the speed, flexibility, and scalability in today's so-called “Third Platform” must not be hindered by the traditional limitations of software development and deployment. A recent report by Gartner, for example, says that 25% of Global 2000 companies will be DevOps shops by next year! “As we see more IT shops running like software companies, we’ll see mor...