Recent Postings
August 29th, 2014

360 Reasons to Attend API360 Summit in DC on Sept. 12

API360 SpeakersWe are two weeks away from the API360 Summit in Washington, DC. This event will examine the state of the industry in APIs, with a particular focus on the impact of open data and open APIs in the public sector.

We have a phenomenal lineup of participants, including:

  • Gray Brooks, who will describe the importance of APIs to the groundbreaking efforts of the federal government’s digital services delivery program, 18F
  • The API Evangelist himself, Kin Lane, who will moderate panels on open APIs and open data
  • Sanjay Motwani, who will tell the story of the API program at The Advisory Board Company, a leading healthcare research and consulting firm
  • Michael Prichard, Co-Founder & CTO at WillowTree Apps, who will give a client-side perspective on the importance of APIs and good API design

All the panelists are equally excellent and we hope to provide as many API perspectives as possible, while giving you – the attendee – the opportunity to interact and share your views in real time. We still have a few seats left and would love to see you there.

P.S. I would also like to let you know that our second API360 Summit will take place in London on November 18. Expect to see an announcement in mid-September.

August 27th, 2014

Why Banks Have the Same “Drivers” as Uber with APIs

Image credit: Adam FagenI’ve heard many banking IT staff declare definitively “we’re not exposing an API to the public.” I get it. It’s scary to create yet another point of entry, a potential vulnerability to the organization. Better to just lock it up tight. Throw away the key. In fact, to maximize security, we should probably just turn off all the computers.

Not really.

Do it or be Disrupted
There was a bit of consternation over Uber’s latest valuation. There’s a simple explanation for the high valuation. It’s not about the market for taxi rides. It’s about the platform:

  • “It’s interesting to think of Uber as the new Amazon. Amazon is a platform company, not a books company (and arguably not a retailer).” – Benedict Evans on Twitter

Uber Everywhere
Last week, Uber launched its API. I was surprised at how obvious it sounded but more surprised when a number of apps on my phone updated to add Uber reservation functionality. It was a very nice launch. Uber is now where I am: If I’m flying United, there’s Uber. If I’m making a reservation at OpenTable, there’s Uber.

The Power of an API
That’s an API impacting channel distribution. That’s also an API impacting brand power, demonstrating the real power of the application economy. Uber isn’t waiting for the customer to remember to open the Uber app; it’s in the app the customer is using at the moment they need Uber’s service. It’s beautiful.

Getting Banks to Think Like Software Companies
The key thing to remember is that someone will figure it out in financial services. If the banks don’t figure out how to create a financial services platform, someone else will. The banks realize they’re competing with Silicon Valley and believe they’re ready. Perhaps they are, from a technical-chops perspective. But from a perspective perspective, banks are not yet thinking like software companies.

The Business Case for Exposing a Loyalty Point API
Banks have the same drivers Uber does. (Hah! Going to leave that pun there.) The API is just a technology – just an interface implementation for integration. Banks are already doing external integration. My favorite example is the ability to pay with Chase Rewards points while shopping at Amazon.

It’s so easy to imagine Benedict Evans’ quote above tweaked to explain my point:

  • “It’s interesting to think of Chase as the new Amazon. Chase is a platform company, not a bank (and arguably not a financial services company).”

I can pay for my Amazon purchase with Chase rewards points. This has a clear business benefit, if I can be so crass as to summarize it simply:

  • More opportunities to pay with points are more opportunities to take the points off the balance sheet
  • The more points can be used, the more valuable they become and the more people care about the benefit
  • If an API is done properly it becomes much easier to use than the current architecture for external integration, which means the ROI for enabling smaller players becomes achievable thereby creating a virtuous cycle of more points off the books, more value to the points, more customers who care about the program
  • And with broad and visible distribution, there’s a Big Data play for analyzing shopper value and tweaking the point-dollar relationship to reduce the reward program’s costs

Why have they limited this to Amazon? (Rhetorical question. I imagine it’s because the non-API integration strategy takes a lot of effort and so doesn’t scale unless it’s with someone big like Amazon. Though I don’t know for certain.) Imagine if everywhere you could book an Uber, you could also pay with Chase Rewards points?

Interested in learning more about how financial services organizations can differentiate, extend reach and establish trust using APIs and mobile technology? Join me on September 25 for the webinar Adapting to Digital Change: Use APIs to Delight Customers & Win.

Sign up for the webinar >>

August 21st, 2014

3 Philosophies for the IoT Age

IoT eBook“What on earth do pillars of science have to do with IoT?” That’s a question I’ve had to answer a few times since the publication of our latest CA Layer 7 eBook, 3 Philosophies for the IoT Age. At first glance, some people have been a little taken aback at the idea that we’re comparing the Internet of Things to the work of great theoretical physicists like Isaac Newton, Albert Einstein and Niels Bohr (the founding father of quantum mechanics). What’s the deal here?

Anyone who digs a bit deeper into the document will quickly realize that this comparison refers to IT architecture broadly, rather than IoT specifically and – crucially – that it’s not supposed to be taken too literally. It’s a metaphor, folks! And as a metaphor, I think it works rather well – with Newton representing traditional on-premise architecture, Einstein representing the vast expanse of the Web and Bohr representing the billions of little connections that make up IoT.

While I’m pretty pleased with these analogies, I can’t really claim responsibility for them. The original idea came from my API Academy colleague Mike Amundsen. I took Mike’s idea and ran with it during a talk I gave at APIdays in San Francisco then fleshed it out a bit in the eBook. The more I looked at it, the more connections I could see between IoT and Bohr’s view of a dense, chaotic molecular universe.

I also believe Mike’s physics metaphor has a practical application. IoT is becoming such a big deal that it’s pretty much guaranteed to generate a wealth of business opportunities. But business leaders and IT experts currently have little insight into what this will actually involve. It’s my hope that the eBook will provide a framework for these folks to start exploring what the opportunities are and what the technical requirements for realizing these opportunities will be.

So, if you’re beginning to think about what IoT will mean for your business, 3 Philosophies for the IoT Age might just help to set you off in the right direction.

August 8th, 2014

Notes from the W3C Workshop on the Web of Things

W3C LogoAt the end of June, I had the opportunity to attend the W3C Workshop on the Web of Things, in Berlin. I saw some fascinating presentations and had some equally engaging one-to-one conversations. This was a great opportunity to learn about some new innovations around connected devices and the Internet of Things.

In particular, I was very intrigued by the WAMP Protocol, which I had not heard about before attending the workshop. I subsequently contacted Tobias Eberstein from Tavendo, who is one of the key maintainers of WAMP. We had a very interesting conversation about some of WAMP’s unique concepts, which I will talk about more in a future blog post.

In the meantime, here is a quick summary of my notes from the presentations I attended and the conversations I had at the workshop. If you would like to get more information on any of the emerging technologies outlined below, you can view some of the workshop presentations here and here.

Siemens Smart Grid
Siemens has chosen to use the XMPP messaging protocol as the standard for its smart grid technology. XMPP is being used because IoT, like online messaging, is based on distributed collaboration, in real-time, spanning multiple domains. In this sense, IoT is fundamentally closer to social media than it is to SOA-style Web services.

Siemens Connected Car Authentication
Siemens also presented an IoT authentication method, using the connected car as its real-world example. In this method, security concerns are separated between a Web API server and the car’s backend server. Client apps communicate with the car indirectly, via the API server. Sensitive vehicle data cannot be accessed directly via the API server.

EXI for Long-Lived Connected Things
Waste could be a serious problem in IoT. With billions of connected devices, we can’t afford to have anything becoming obsolete too quickly – ideally any given device should last at least five years. The Efficient XML Interchange (EXI) format addresses this by using XML schema to enable binary coding for extensible message formats.

Echonet Lite for Client-Side Energy Demand Management
The Echnonet Lite protocol allows smart meters to communicate with home appliances, enabling smart home energy management. Echnonet Lite is UDP-based and has more than 80 device models defined. It is already widely used in Japan and is starting to gain significant traction outside the Asia-Pacific region.

Sony Web API Server
Sony is working on a Web API server for the Android platform, using the previously-mentioned WAMP protocol. WAMP, which is essentially a sub-protocol of WebSocket, combines RPC-style and SubPub semantics.

IBM NodeRED
IBM’s NodeRED is an integrated development and runtime environment based on node.js. In the NodeRED environment, it is possible to design integration flows without resorting to code, by graphically snapping together components. NodeRed also allows the use of JavaScript to act on or transform data in flows.

August 1st, 2014

Balancing Security & Developer Enablement in Enterprise Mobility: Gartner Catalyst 2014

Gartner Catalyst San Diego 2014It’s that time of year again… time for another beautiful late-summer Gartner Catalyst conference in America’s Finest City: San Diego. Aside from being my hometown, the reason San Diego is so great is that it has balance. The warm sun is balanced by the cool ocean breeze, the strong business climate is balanced by the laid-back surf culture and the delicious fish tacos are balanced by a cold Corona. Balance makes everything better. Maintaining this balance is just as important when you’re talking about mobile strategy for your enterprise; that’s why I’ll be presenting a talk titled Balancing Security & Developer Enablement in Enterprise Mobility at Catalyst.

Enterprise IT security departments have always had a somewhat adversarial relationship with application developers, even when the applications ran entirely within the intranet. Now that internal data and applications are being exposed to employees, partners and customers through a whole new breed of mobile apps, these teams could potentially clash even more often. Security architects are more concerned than ever about core principles and security standards while developers are more focused than ever on providing incredible user experience rather than worrying about internal restrictions.

I’ll be discussing how these two groups – enterprise and security architects on one side and mobile app developers on the other – can accomplish the same goals. CA’s Layer 7 API Management solutions enable the enterprise to enforce the latest security specifications to the letter, protecting against malicious (or even accidental) threats to critical systems. But at the same time, they enable mobile app developers to very quickly consume the appropriate data through secure APIs, without having to implement the client side of those cutting-edge security standards. Stop by my talk on August 12 at 12:45pm to get the details or come by the Layer 7 booth (#113) to talk in more depth about how we can bring balance to your workplace.