Recent Postings
June 26th, 2014

APIs in the Connected Car: APIdays San Francisco

APIdays SFToday, I’m going to share some rather opinionated thoughts about APIs and the connected car. My opinions on this subject sprang from a combination of real-world experience plus (informed) speculation and came together as I prepared a talk for APIdays San Francisco.

The connected car is widely recognized as a game changer for the automotive industry. Experts all agree that just selling cars is a thing of the past. Mobility, connectivity and in-car user-experience will be leading decision considerations for car sales. Right now, automotive manufacturers, content providers and app developers are all competing to take a leading role in the connected car space. This is a matter of survival. Winners of the competition will be richly rewarded; the losers may sink into oblivion.

Car manufacturers seem understandably determined to dominate the connected car space. But this space is inherently shared with device manufacturers, content providers and app developers. Take away any one participant and you no longer have a sustainable ecosystem. If the automotive sector is not prepared to work with and accommodate the needs of other stakeholders, then no one will win. There are three things the industry can do to make things significantly better right away.

1. Implement a Standard Hypermedia Type for Automotive APIs
Right now, every car manufacturer wants to do its own thing and sees originality as a key to differentiation. This is a fallacy. There are way too many car manufacturers for content providers and app developers to keep up with the variety. Some have suggested that all manufacturers should just deploy Android as the base OS. I personally doubt they will all be able to agree on something as fundamental as the core OS. We should shoot for something much more realistic.

This is where hypermedia comes in. The most distributed system ever built — the World Wide Web — uses a hypermedia type (HTML) as its engine. There is a great opportunity to create a hypermedia format for car APIs that will energize the space just like HTML did for the Web. I believe this format could be based on an existing, generic type such as: Uber, HAL or Siren. This would be similar to the way the Collection.Document type was created for the news media industry, based on Collection.json.

2. Adopt a Standard API Security & Identity System
The prospect of connected cars getting hacked creates enormous anxiety. But connected car security can be addressed quite simply by adopting a security framework based around compartmentalization and standards-based access control.

In this context, “compartmentalization” means that core functions of the vehicle should be highly guarded. Specifically, no third-party app should have access to core driving functions like handling and braking. Meanwhile, a standards-based access control framework like OAuth will provide secure, granular access to specific system features. This would be similar to the way mobile apps currently ask for access to other parts of the device (GPs, contacts etc.)

3. Enable App Developers
Currently, only the lucky few are able to develop apps for connected cars. Generally, these are app vendors that have formal partnerships with car manufacturers. In most cases, developers can’t even get access to API documentation without a group of lawyers signing stacks of papers. The connected car space will not develop if it remains a tightly-held, closed system. On the contrary, manufacturers must build developer communities by providing the things that developers require: documentation; self-service portals; sandboxes; SDKs etc.

But That’s Not All
These are three immediate steps that can be taken to improve the connected car space significantly but as the space develops, we will have to focus not only on immediate requirements but also on the big picture. The connected car is a special case of the Internet of Things (IoT). The context of IoT is different enough that it requires a fundamentally different approach to system design and architecture. Hopefully, I will be able to delve into this context more in future.

Another aspect of the big picture is a good deal simpler: fun. If this space is going to develop as it should, manufacturers will have to make it fun for developers to experiment with the potential of automotive connectivity.

So, have fun out there!

June 9th, 2014

Jailbreak Your APIs

Jailbreak Your APIsAt this week’s Computers, Freedom & Privacy Conference, I gave a presentation titled Jailbreak Your APIs, in which I explored the concept of “linked APIs” and explained the potential these interfaces have for helping us create a freer, more open world. The global informational overload that we are constantly exposed to, can be overwhelming but ideas like linked APIs help us remember that the explosive surge of available data also brings us beautiful things such as transparency, openness and an unprecedented feeling of global connectedness.

We’ve never felt more connected to the rest of the world than we do now. Computers, mobile devices and the Internet have brought us closer than ever before. We now take it for granted that a person can be pretty much anywhere in the world and still get a real-time, front-row view of breaking news from half-way around the globe. While this disappearance of informational boundaries has surfaced many of our most polarizing differences, we still cherish our unprecedented ability to access information because access to information has always been our most powerful weapon for defending our rights and liberties.

In this context, the White House’s Open Data Policy (part of the Open Government Initiative) is particularly exciting. Never before has the American public had so much access to government information, at all levels. And all this happens directly through the Internet, in near real-time. The ability to access this information in a timely manner is crucial – we need access to information right when it is immediately relevant to guaranteeing our freedoms. This relates to my work with CA Layer 7’s API Academy because APIs supply the core technology for facilitating timely access to data.

Recent growth in the prominence of APIs is not simply a reaction to Open Government and Open Data. The API has organically become more important in recent years, due to our increasingly mobile lifestyles. APIs are vital to mobility because they connect our mobile devices to the cloud – specifically, to the datacenters that host the information and functionality that powers our apps. APIs have played an undeniably critical role in the mobile revolution of recent years. However, for APIs to play a similar role in the Open Data revolution, we need them to become much better.

The problem with APIs right now is that most of them are, at best, creating narrow windows into solid walls surrounding siloed data. Even the biggest, most well-known APIs (such as those provided by Twitter, Facebook and Google) to a large extent, only operate on the data that is within these organizations’ own databases. And most Government APIs don’t even allow any “write” functionality – they are strictly read-only.

In that sense, most current APIs create isolated, guarded data islands. This is very “anti-Web” — the World Wide Web was created in the spirit of decentralized equal participation. On the Web, everybody publishes everywhere, owns their data and then we have ways to reach that data through hyperlinks, through Google search and other methods. APIs have not really reached that stage of maturity yet. APIs are highly centralized, in terms of data storage and virtually none of them ever link to other APIs.

We need a new breed of interfaces: linked APIs, based on the same hypermedia design that we have on the rest of the Web. Such APIs will have the biggest impact for Open Data because they will link and make connections across datasets and organizational boundaries. Linked APIs are also very scalable, so they will be best suited to meeting the challenges of Big Data. After all, the Web is the largest, most distributed network of information humankind has ever created. We know the architecture of the Web can scale and linked APIs have the exact same architecture, with hypermedia as the engine.

For freedom of data, we really need more linked APIs. We can only truly have open and free data if we jailbreak the information out of the silos it is currently stashed-away in. Linked APIs provide us with keys to the data fortresses where large aggregators currently keep data. Linked APIs can ensure that our data isn’t stashed in centralized warehouses. Linked APIs represent the engine of data freedom on the Web. Let’s get the engine cranking!

June 6th, 2014

APIs Fueling the Connected Car Opportunity

APIs Fueling the Connected Car OpportunityI just attended the Telematics Detroit 2014 conference, which was abuzz with mobile connectivity sessions and workshops. But the mobile conversation at this event was entirely in the context of the connected car, as opposed to the mobile phone.

The connected car has emerged as a real-world illustration of the opportunities presented to businesses and consumers by the Internet of Things (IoT). And – as you probably know – IoT is a hot topic right now.

Thilo Koslowski, Vice President & Distinguished Analyst at Gartner, who is known for his prediction making, claimed the car will be the most innovative and exciting mobile platform over the next 10-to-15 years. A bold statement but this goal is achievable and very much within reach.

The automobile industry has already made great strides and is quickly leveraging the business advantages offered by the digital economy. What once was considered to be a telematics and roadside assistance market has quickly transformed into fertile ground for mobile app development, with broad connectivity opportunities that will enhance the consumer’s overall digital lifestyle while delivering auto manufacturer efficiencies throughout the entire value chain.

While consumers continue to demand somewhat standard connectivity features such as navigation, maps and parking location services, there’s also a significant demand for advanced connectivity features such as the ability to make payments directly from the vehicle, remotely start the car or receive diagnostic information on a mobile device. There is also a willingness to share data with third parties, especially if this results in a better driving experience or cost savings.

But data sharing has privacy implications in this context, which could become a significant roadblock. A Gartner survey of automobile consumers uncovered that 61% respondents would not opt-in if too much information was taken. So, enabling this new world of connectivity in auto requires a balanced approach. Consumers want the convenience and personalized experience that connectivity offers but only if it doesn’t impact their rights and freedoms.

That’s where a proper API strategy makes a difference. APIs will become fundamental to any connected car strategy by enabling an ecosystem of drivers, vehicles and partners to share data in a way that will improve the consumer experience through better digital design, engagement and security.

To learn more, please read our new eBook: APIs Fueling the Connected Car Opportunity. This document outlines a number of key connected car use cases and explains how the proper API security and management solution will enable you to meet your connected car business and security objectives.

June 5th, 2014

The Need for Secure APIs in Retailing

Secure API RetailApplications in today’s retail industry are highly distributed and are generally connected by proprietary protocols. But trends toward expanding geographic distribution are driving increased demands for integration — and these demands are driving a greater use of application programming interfaces (APIs) in retail.

Retailers worldwide are under tremendous pressure to innovate faster and cycle through inventory as quickly as possible. Also, aggressively managing inventory supply chains is increasingly challenging because consumers have online access to competitive retail Web sites and can easily purchase products elsewhere.

“Showrooming” — the practice of examining merchandise in a traditional brick-and-mortar retail store but then shopping online to find a lower price for the same item — is placing increased margin pressure on retailers, particularly in countries like the US that have relatively low shipping costs.


Read more: 5 Simple Strategies for Securing APIs


Retailers are responding by accelerating inventory churns by gaining product visibility on partner Web sites and maximizing exposure of available inventory. The ability to quickly implement secure APIs that enable innovative merchandising opportunities and aggressive supply chain management can make the difference between success and failure in a highly competitive market.

Customers expect retailers to always have items they want in stock. For example, a customer who wants a sweater in a certain size and color will just shop elsewhere if that exact sweater is not available when he or she wants to buy it. Brand loyalty and repeat business are hurt by a failure of any link in the supply chain. APIs and the ability to accelerate integration with partner systems help retailers not only to increase merchandising opportunities but also to gain greater visibility over purchasing patterns and supply chain demands.

APIs can have an even greater impact on retail markets with products that have shorter shelf lives. While the clothing markets are aggressively deploying APIs, so too are retail markets that rely on perishable products, such as the food industry. Obtaining food products when needed and minimizing spoilage requires an information-centric approach to supply chain management. Food service retailers and grocery stores both depend on real-time information about product availability. In this context, innovative APIs into third-party applications can provide a competitive advantage.

To see the long-term potential of APIs in retailing, I think we can take a look at industries such as online gambling. The gambling industry is a tremendously aggressive consumer of APIs. In locations where it’s legal, large bookmaking organizations compete to quickly introduce opportunities for people to bet on everything from sports to political races or the national budget. Online betting companies develop games or set up innovative new betting scenarios to captivate retail customers and APIs allow them to retail new services out very quickly, to keep customers engaged.

For multi-channel retailers, it’s only natural to want to give customers immersive shopping experiences across not only brick-and-mortar storefronts but also Web, mobile and social media channels. These online experiences are increasingly location-specific and contextualized to each shopper’s identity and buying history. APIs provide the means for ensuring consistent shopping experiences across multiple retail channels.

Retailers are increasingly seeking to engage buyers everywhere they might be, whether online or in-store. They are looking for ways to deliver immersive commerce experiences — including consistent content, promotions and rewards —  across multiple channels. Retailers want to tailor these experiences to buyers’ enhanced identity information. Achieving all this requires the ability to:

  • Expose content, commerce, loyalty and promotion functions as APIs
  • Integrate APIs from third-party affiliates, mobile apps, social networks, geolocation services, customer data sources and ad networks
  • Resolve and reconcile a buyer’s identity across online channels
  • Simplify mobile notifications.

Having the toolset to manage APIs is essential. The CA Layer 7 API Management Suite provides all the API creation, integration and orchestration features necessary to meet context-aware, multi-channel retail merchandising objectives. By adopting proven policies and procedures for ensuring secure APIs, retailers can aggressively scale their online merchandising initiatives and potentially reach more customers with innovative offers of products and services.

June 4th, 2014

The Right Connected Car App Experience

Connected CarLike most connected things these days, the connected car is powered by APIs. A rich connected car application ecosystem – running on both mobile devices and in-car infotainment systems – is seen as a key to customer loyalty. Car manufacturers and car service providers are hard at work developing a connected car experience that will “stick” over time.

As well as enabling new user experiences, connected car APIs unlock data that offers tremendous business value, powering partnerships with insurance companies and law enforcement, enabling new use cases around traffic management and urban planning. You can read about some of these use cases in our eBook, APIs Fueling the Connected Car Opportunity.

I’ll be at the Telematics Detroit 2014 conference this week, where I will be speaking about the need for secure APIs to power the connected car – starting at 4:35pm on Thursday. Earlier that day, live from the conference, I’ll be joining CA Layer 7’s latest API Tech Talk, The Connected Car, IoT, Apps & OAuth, which starts at 9am PDT.

If you’re attending the show, please stop by the Layer 7 booth (#118) to learn more about how APIs enable connected car use cases (and enter to win some Bose speakers!) If you can’t make it to the show, be sure to join the Tech Talk, where you’ll be able to get your connected car questions answered live. And if you can’t make that, you can always read the eBook.