The cloud is a network. The infrastructure, platforms, applications, data resources and the myriad variety of services and functions that exist within the cloud are all networked together. Although reliant upon many of the core communication and interchange protocols that go to make up the Internet itself, a key conduit for the modern age of cloud is the Application Programming Interface (API).
With APIs now acting to form the bonding channels and gluing mechanisms between modern connected technologies, we have – in the last decade especially – witnessed the birth and rapid development of an entire sub-genre of IT in the form of API management.
No longer a sub-genre and now an industry in and of itself, API management is creating a whole new thread of connectivity-centric technology in the modern IT stack, so who is doing it and how does it work?
Working very visibly in the API management space is Kong. The company creates software and managed services that connect APIs and microservices natively across and within cloud datacenters and other technologies. Built on an open source core, Kong’s service connectivity platform claims to allow organizations to manage the full lifecycle of APIs and services for modern architectures.
“API Management has evolved over the years, it is not a standalone use case anymore but rather a very important part of the broader service connectivity infrastructure that every application requires. When API management first started, it allowed us to expose monolithic applications at the Internet of Things (IoT) edge to mobile applications and a network of developers,” said Marco Palladino, CTO and co-founder of Kong.
MORE FOR YOU
He explains that the IT industry has transitioned to microservices with the introduction of Kubernetes (an orchestration technology designed to bring together the now more granular pieces of IT that exist in the cloud and over the web) in 2014. This meant that Kong’s API communications increased by x10 to x100 times internally, inside organizations. This created an opportunity for Kong to create an API gateway that could support this new decentralized and cloud-native world.
To define what Palladino means when he says ‘gateway’ in this sense, an API gateway is an API management tool that sits between a [software] client [application and/or dataset] and a collection of backend services whose access has to be governed by tablestakes API management functions [such as authentication tools, rate-limiting controllers or other analytics functions]. An API gateway acts as a reverse proxy [a means of getting backend IT to talk to individual applications] to accept all the API calls that are happening in any given IT system, aggregate the various services required to fulfil them and then return the appropriate result.
“Where that gets us to is today, a point where performance, native Kubernetes integrations and ease of operations have all became critical. This last half-decade has seen progress which meant that traditional centralized API gateways became quickly obsolete. In 2021 and in the immediate future, service connectivity doesn’t stop at the API gateway layer anymore, but continues within the applications themselves with modern service meshes that provide zero-trust security, observability and modern self-healing routing,” said Palladino.
The birth of the ‘connectivity stack’
The upbeat Kong CTO feels that the future ahead of us is very exciting when it comes to API management. But as our applications – and users – become more demanding the API management process itself must also evolve.
“Some of the areas that will present the most innovation are where Artificial Intelligence (AI) and Machine Learning (ML) are applied to what firms should now realize is their ‘connectivity stack’ to automatically detect anomalies and self-heal our requests to avoid downtimes,” concluded Kong’s Palladino.
It’s an interesting notion i.e. enterprise organizations must now realize that they have their IT stack (their procured estate of hardware, software, devices and cloud as-a-Service technologies) at the core of the business. But within that core (and surrounding it in a state of DNA-fusion throughout it) is the connectivity stack i.e. all of the neural links to internal and external technology connections through APIs and also to non-API legacy systems where those conduits has been created and opened.
Also prevalent in this space is Apigee, now part of Google Cloud. Director of product management Vikas Anand explains that Apigee brings together Google technologies such as ReCAPTCHA, Cloud Armor and Content Delivery Network (CDN) for scale, performance and multi-layer security.
The company has worked to simplify API operations with Artificial Intelligence (AI). With AI-powered rules that trigger alerts and auto-thresholds that adjust the monitoring criteria of APIs, Anand says that a lot of the complexity is handled by Apigee rather than your IT operations team.
Monetization of APIs
Apigee’s Anand talks about new opportunities for organizations to start monetizing APIs i.e. charging some form of license fee to access those technologies a firm creates that can be ‘exposed’ to APIs for connectivity. Apigee has partnered with the Robotic Process Automation (RPA) company Automation Anywhere to make it easier for developers to manage and secure the APIs that trigger bots.
This means depending on Apigee to manage API complexity, allows you to focus on business outcomes,” said Anand. “But there’s also a different angle to consider here. APIs are increasingly driving new customer experiences and helping companies build – and participate in – ecosystems. These ecosystems are typically exposed as developer APIs and allow companies to funnel the massive demand from these other business platforms for their corporate use.
Examples of such ecosystems include the Twitter API, which may allow corporations to analyze the sentiment of Tweets or listen for important events. But how can organizations connect to these massive ecosystems and leverage these APIs in a manner that maintains corporate security, governance and also extract the most value?
Apigee calls this process API productization. This is the company’s term for how corporations treat all the concerns around an API – including a portal for API discovery, onboarding, security, and analytics.
Though APIs can be typically thought of as glue between applications, there are plenty of instances where the API is the product itself, such as Twilio and Stripe. In those instances, Anand suggests that it’s useful to think of an API as a box on the shelf – so the question developers need to ask is, what do they need to do in order to understand what’s in the box and buy it?
It feels like organizations are on the brink of needing to not just have a phone number and address, not just have a web page and their own dedicated customer app, not just have an e-commerce portal or some form of customer-facing purchasing channel… they will also need a global API storefront and use that as both a technology and commercial proposition too.