The recent enterprise acceptance of lightweight REST-based protocols for exposing data and application assets as APIs has been due, in large part, to the simplicity of the resulting interfaces. This simplicity means there is little barrier to entry for developers wishing to consume these APIs in applications built for mobile, Web, desktop, Cloud and gaming platforms. However, as this article from Netflix’s Daniel Jacobson reveals, simplicity can’t be the only goal when designing an API. Flexibility, scalability, optimization, orchestration and adaptation are just a few of the features required in a successful API infrastructure.

At Layer 7, our enterprise customers build incredibly elegant API platforms using our API management technology. Our solutions recognize that one size does not fit all and we provide the tools to adapt to changing requirements without re-architecting new APIs from scratch. Though we certainly support the simple “large number of known and unknown developers” use case Jacobson describes – with robust, scalable technology deployed on a wide variety of hardware, virtual, software and Cloud platforms – we can also address the specific concerns raised by the variety of devices and environments in Netflix’s ecosystem.

Message size, structure and delivery constraints due to device variation represent a large part of the problem. Layer 7 Gateways support the relevant formats and transports and can perform message transformation and protocol mediation on the fly. Policy-based configuration enables custom “virtual” APIs tailored to each device, community of developers or calling application. These format and behavioral changes can be explicit or can be triggered by user identity, app permissions, message content or transaction metadata. Even more complex mediations, such as REST exposure of internal SOAP-based assets, are simple to configure and help to reduce re-implementation costs.

Interaction models can also be optimized and tailored to the calling platform. Composition of comprehensive document-based APIs from multiple backend calls can reduce chatty client interactions. Conversely, small messages from memory-constrained devices can be aggregated into larger, less frequent backend calls. Mobile traffic can be optimized using persistent HTTP(S) connections and over-the-wire compression. And content can be cached at any level of granularity, using an in-memory cache like Terracotta, to reduce the number of calls to the application backend.

As director of one of the world’s most broadly adopted public APIs, Jacobson’s most profound observation is that “public APIs are waning in popularity and business opportunity and… the internal use case is the wave of the future.” API infrastructure needs to support everyone – open API developers, internal coders, contracted development teams and partner groups – especially as mobile workforce enablement and BYOD gain popularity. Layer 7 solutions allow enterprises to make that distinction clear through public vs. private APIs, configurable classes of service and role-based access control.

Jacobson mentions several piecemeal solutions that he and others have attempted to compile into a working platform but notes that those approaches still fall short. Providing an enterprise-grade REST API is no simple feat and it’s great that the truth of the matter is starting to come out. The benefits of a successful API strategy are numerous and well-documented. Layer 7 is the only vendor providing an API management solution that incorporates all the basic necessary functionality and much, much more.

The hottest IT trends of 2012 are shaping up to be Cloud, mobile and “big data”. The links between API management, Cloud and mobile are clear. The links between API management and big data – a concept that creates capabilities for capturing and analyzing previously unimaginable amounts of unstructured data – are less obvious but no less significant. I see two key areas of synergy…

First of all, in the three-tier architecture of the Web, the line was typically blurry between the presentation and logic tiers and concrete between logic and data. Big data now blurs the line between logic and data. Combine this with the fact that the mobile app development paradigm fragments the presentation platform and it is evident that the API will become the concrete and consistent border in application processing flows. In this context, API management will prove vital in enforcing security, collecting business metrics and normalizing protocols.

Second, big data allows analytics to be performed in the scope of real-time data retrieval. This will create another wave of real-time integration needs in enterprises of every size. More real-time integration means more APIs with higher volumes. The common protocol for exposing big data on the network is REST using either JSON or XML formats. Again, this will mean a greater necessity for API management tools and techniques and a compound benefit in their usage.

Simply put, mobile, Cloud and big data are driving a new era of enterprise IT and API management will provide amplified value for companies embracing these trends.

Earlier this week, Layer 7 CTO Scott Morrison presented our second Tech Talk Tuesday meet-up on Facebook, which concentrated on Simplifying REST Adaptation. For those of you who missed the live event, the recording is now available in the Layer 7 Resource Library. For those of you who attended, I thought I’d provide some detailed information on how Layer 7 facilitates bulk conversion of SOAP-based Web services to RESTful APIs.

We’ve previously provided some insight into the process of translating between REST and SOAP in a tutorial on our Web site. In that tutorial, we demonstrated how our policy language lends itself to a simple way of defining the conversion process, making converting REST to SOAP a fairly trivial exercise. However, if you have tens or hundreds of existing SOAP services, translating them all to REST might seem somewhat daunting.

Luckily, a Layer 7 Gateway can also help to make that process considerably easier – and I’m going to show you how. I’ll be walking you through a wizard that makes it simple to (a) upload your Web services to the Gateway as WSDLs and then (b) customize how you want the REST version of each service to look.

First, you upload your WSDL.

Then, configure how you would like to present your REST interface.

Each operation can be customized with the type of HTTP method used.

Once you submit your configuration, you’re ready to go!

At the end of the wizard, sample HTML-based documentation is provided that can be used for presenting the REST endpoint to your clients. This documentation is the first step in presenting the details of your new RESTful API via the Layer 7 API Portal.

Here’s an example of the same operation above that was converted to a HTTP GET style.

Finally, we also provide a sample WADL based on the parameters that you specify.

Once you login to the Layer7 Policy Manager, you’ll find a predefined policy that does all the conversion from REST to SOAP.

From here, you can add any additional policy enforcement requirements as you see fit.

It was live, it was unscripted and it was awesome. Tech Talk Tuesday – the first ever live Layer 7 Facebook interactive chat – was a huge success. I mediated the Livestream and Francois Lascelles, Layer 7′s Chief Architect, took the hot seat, answering questions live through the Layer 7 Facebook page. Questions came from all over the world and Francois did a great job of thinking on his feet, answering some very tough questions around OAuth. In case you missed it, you can watch the recording here.

And now it’s time for the next episode. We’re excited to announce that Scott Morrison, our CTO, will be the guest expert and he’ll be taking questions on how you can simplify REST adaptation using existing IT infrastructure. So save the date – on Tuesday April 3, we’ll be streaming live at 9am PST. Start thinking of some great questions to ask Scott and be sure to tell your colleagues about this rare opportunity to chat live with Layer 7′s CTO.

To join the session, simply go to the Layer 7 Facebook page and click the Livestream icon. Once the Livestream app is open, click the play button and you’ll be watching the stream live. If you want to ask a question, click the big red button that says “check in and chat” and bang you’ll be ready to chat live with Layer 7. We’re really excited about this talk and anticipate lots of audience engagement. So we’ll see you next Tuesday April 3, live on Facebook.

The Enterprise is buzzing with API initiatives these days. APIs not only serve mobile applications, they are increasingly redefining how the enterprise does B2B and integration in general. API management as a category follows different models. On one hand, certain technology vendors offer specialized infrastructure to handle the many aspects of API management. On the other, an increasing number of SaaS vendors offer a service which you subscribe to, providing a pre-installed, hosted, basic API management system. Hybrid models are emerging but that’s a topic for a future post.

Before opting for a pure SaaS-based API management solution, think about these key considerations:

The Cloud Advantage
One can realize the benefits of Cloud computing from an API management solution without losing the ability to control its underlying infrastructure. For example, IaaS solutions let you host your own API management infrastructure. Private Clouds are also ideal for hosting API management infrastructure and provide the added benefit of running "closer" to key enterprise IT assets. Through any of these SaaS alternatives, an API management infrastructure optimizes computing resource utilization. IaaS and private Cloud-based API management infrastructure also provide elasticity and can scale on demand. Look for an API management solution that offers a virtual appliance form factor to maximize the benefits of Cloud.

Return on Investment
The advantage of a lower initial investment from SaaS-delivered API management solutions quickly becomes irrelevant when the ongoing cost of a per-hit billing structure increases exponentially. With your own API management infrastructure in place, you can leverage an initial investment over as many APIs as you want to deliver, no matter how popular the APIs become. Many early adopters, which originally opted for the SaaS model, are currently making the switch to the infrastructure model in order to remedy a monthly cost that has grown to unmanageable levels. Unfortunately, such transitions are sometimes costing more than any initial costs savings.

Agility, Integration
SaaS solutions provide easy-to-use systems isolated in their own silos. This isolation from the rest of your enterprise IT assets creates a challenge when you attempt to integrate the API management solution with other key systems. Do you have an existing Web portal? How about existing identity, business intelligence or billing systems? If your API management solution is infrastructure-based, you have access to all the low-level controls and tooling that are required to integrate these systems together. Integrating your API management with existing identity infrastructure can be important to achieving runtime access control. Integrating with billing systems is crucial to monetizing your APIs. Feeding metrics from an API management infrastructure into an existing BI infrastructure provides better visibility.

Security
Depending on the audience for your APIs, various regulations and security standards may apply. Sensitive information traveling through a SaaS-based system is outside your control. Are any of your APIs potentially dealing with cardholder information? Does PCI-DSS certification matter? If so, a SaaS-based API management solution is likely to be problematic. In addition to the off-premise security issue, SaaS-based API management solutions offer limited security and access control options. For example, the ability to decide which versions of OAuth you choose to implement matters if you need to cater to a specific breed of developers.

Performance
Detours increase latency. By routing API traffic through a hosted system before it gets to the source of the data, you introduce detours. By contrast, if you architect an API management infrastructure in such a way that runtime controls happen in the direct path of transaction, you minimize latencies. For example, using the infrastructure approach, you can deploy everything in a DMZ. Also, by owning the infrastructure, you have complete control over the computing resources allocated to it.

I'll be touching upon some of these issues when I give a presentation called Enterprise Access Control Patterns for REST & Web APIs on March 2, at the RSA Conference in San Francisco.