Soa API Economy eBook 2012 11

Extending Your SOA in the API Economy

©2012 Apigee. All Rights Reserved.


2

3

3

4

4

5

7

8

9

9

10

11

Contents

Abstract

Service Orientation Basics

The Benefits of SOA

Ubiquitous Mobile Computing Introduces New Requirements

Limitations of SOA

To Do Apps Well, You Need More

Introducing Apigee, the API Platform

Comparing Apigee and SOA/ESB

Connectivity and More

Apigee Complements SOA

Summary



3

Abstract

Today the combined forces of social, mobile, and cloud computing are driving

a change in how enterprises interact with employees, customers, and partners.

Enterprises need to figure out how to expose systems to be easily consumed by

third-party applications in a secure and trusted way; need to reach many different

devices; need to figure out how to drastically reduce the time and cost of working

with their systems, and improve the customer experience.

The shift underway in enterprises is one from a world of messaging platforms to one

of collaboration platforms - platforms for real-time connectivity and collaboration

across boundaries and firewalls that enable machine-to-machine, person-to-person,

B2B, and B2C interactions and transactions.

The growing App economy is at the heart of this transformation, placing new demands

on companies but also opening up unprecedented opportunity.

SOA has traditionally addressed the needs of corporate information system

integration, but apps and APIs interconnect corporate information systems with

remote systems and mobile devices everywhere, addressing the needs of the App

Economy in a way that a corporate SOA or ESB alone, cannot.

Service Orientation Basics

In Service Oriented Architecture, discrete information systems or components are

modeled as services, which are accessible over the network via well-defined and

standard protocols and data formats. The most commonly used protocols include

HTTP and TCP; the most common data formats include XML, SOAP (which is XML

that uses a specialized schema), and JSON. The aim of SOA is to promote re-use

of software systems or information functions within enterprises via intersystem

communication. Formally defining the network interfaces or “contracts” over which

disparate systems can connect within SOA allows independent development and

evolution of cooperating systems, without the need to employ a common technology

base. This allows companies flexibility in managing discrete business functions, which

translates to operational efficiency.



4

The Benefits of SOA

Many companies have benefited greatly from employing SOA as the preferred archi-

tectural approach for IT integration – in other words the preferred way of connecting

disparate information systems across the enterprise. Before SOA, information assets

such as an inventory control system or an order validation system were effectively

isolated systems; they were accessible only via product-specific or vendor-specific

mechanisms, or via novel or incompatible programming interfaces. The result of this

was ineffective IT integration, or inefficient IT operations.

SOA breaks down the walls between systems by establishing ground-rules and

principles for interconnection between disparate systems. As SOAP and Web

services toolkits became popular in the early 2000’s, the influence of SOA among

IT practitioners grew. XML and SOAP libraries went mainstream. Packaged apps

bundled web services support into their products. Support tools arrived, including

ESB – Enterprise Service Bus products, which provide a management and control

point for SOAP communications. SOA succeeded in connecting enterprise building

blocks.

Many companies have greatly improved the efficiency and effectiveness of their

information systems by embracing SOA.

Ubiquitous Mobile Computing Introduces New Requirements

In June 2007, Apple’s iPhone became generally available, and immediately became

a disruptive influence in wireless telephony, consumer music, and later, information

systems. There are now over 1 billion smartphones on the planet; the iPhone and

other smart phones have democratized connected, mobile computing. Now, people

carry the Internet around in their pockets. Larger format devices such as tablet

computers have brought richer connected experiences into everyday life; greatly

adding to the momentum of ubiquitous connected computing.

At the same time, advances in web browser technologies including markup and styling

(HTML5 and CSS3), JavaScript engines (v8, SpiderMonkey, Chakra), programming

metaphors (AJAX), data formats (JSON), and app frameworks (jQuery, Mootools,

Sencha) have brought new interactivity, style, and power to web applications.



5

Finally, the cumulative effect of Moore’s

Law has driven the cost of server compute

resources – CPU, storage, and network -

down sharply, while cloud technologies in

the area of Big Data and Virtual Networking

have matured to take advantage of farms

of networked server computers. Not long

ago, server compute time was a scarce,

expensive resource; it is now plentiful,

cheap, and easily scaled.

With these advances in greater connect-

edness and interactivity, and with the

improved economics, companies have

new opportunities to better connect to

their customers. Apps that run on these

mobile devices and in modern browsers

deliver the experiences that delight and

attract customers. As a result, companies

are compelled to adopt and expose APIs,

enabling those apps and the developers

who build them, to win new business.

Limitations of SOA

Is SOA well suited to supporting connec-

tions from mobile apps? Is it well suited

to enabling connected web experi-

ences? Let’s consider. SOA is focused on

enabling interconnection between existing

systems deployed in a corporate network.

Participants in SOA networks are long-lived, and purposefully slow to change; the

pace of application development is correspondingly deliberate. Data models are

formal and rigorous.

What is an API, anyway?

At one time, the term “API” referred to an Application Programming Interface ex-posed by a library. A standalone program running on a single computer needed to link to that library to use the API. An API was a contract that said to developers: if you include in your program a call to a specifically-named function, and pass a set of arguments of a given type, the li-brary exposing the API will perform a spe-cific function.

These days, the term API implies a net-work interface that is HTTP-based. When a company offers an API, they’re effec-tively saying to developers: if your app sends a particular message to a specific HTTP endpoint, it will receive a particular response.

For example: “If you send an HTTP GET message to example.com with this URL path: /weather/5day/Palo Alto, then I will send you an XML document containing a 5-day weather forecast for Palo Alto, Cal-ifornia.”

Obviously, APIs can be sophisticated, with many options for message request and response payloads, headers, and query parameters. But the basic idea is this: an app sends a message that conforms to a simple specification, and receives a par-ticular response.



6

Apps are different. Mobile apps get conceived, designed, and built at an entirely

different pace. The evolution of apps to satisfy new customer desires is rapid and

continuous. Apps don’t speak SOAP; they speak JSON, and use “APIs” to connect. This

implies different data models and looser, more flexible and dynamic data formats.

There are very different security requirements.

At a coarse level, SOA and the App+API philosophies are similar: they both are focused

on interconnectivity. But there are differences as well.

Aspect SOA / ESB Apps and APIsCore goal Enable Internal devel-

opers and systems to

connect, while complying

with IT department

standards.

Enable developers, either

external or internal, to

build nifty, compelling

apps, and allow users to

run them.Network Low-latency, trusted. High-latency, untrusted.

(Mobile wireless network)Developer Audience Internal, well trained,

methodical.

External or internal,

internet savvy.Development Style Deliberate, structured,

governed by process.

Rapid, iterative,

experimental.Connected Platform High-powered server. Any connected device.Data Contract Formal, strict. Flexible, dynamic.Data Format XML, JMS, SOAP, EDI,

possibly many others.

JSON and XML.

Communications TCP, MQ, HTTP, others. HTTP.Authentication and

Authorization

Internal mechanisms,

LDAP.

Internet standards

including OAuth.Usage Analytics Limited use, secondary

importance.

Of primary importance.

While SOA addresses the needs of connecting existing enterprise systems, it was

never conceived to address the key requirements in the different world of APIs and

connected mobile apps.



7

To Do Apps Well, You Need More

The above comparison focuses on the communications capability. In the world of

apps and APIs, there are very important considerations outside this realm.

The popularity of applications running on powerful mobile devices has lead to

what can be called “the App Economy”, where apps can be a key differentiator for

a business. Outsized benefits accrue to those who get it right. To do so means

addressing requirements beyond basic communications:

› Developers: Recruiting, enabling, and managing developers.

› Platform: Making it easy for developers to build rich applications.

› Agility: Analysis to understand trends in performance and usage and

iterating to respond.

Developers

In the App Economy, because apps are a key differentiator, the recruitment and

enablement of developers is critical. There are many platforms and opportunities

competing for their attention. Companies need to appeal to developers by making

it super easy to understand the APIs that are available, to try things out quickly,

to get started on their own. API providers also need to manage the developers

– their access rights, quotas, and the binding commercial terms. Companies also

need to encourage community, so that developers can collaborate and support each

other without active involvement by the API provider. This fosters innovation and the

development and evolution of new ideas - for example combining the company’s API

capabilities with external services can extend a company’s brand in powerful ways.

Platform

The API - the programmable interface into the company’s systems - is the center-

piece of the unique platform a company offers to developers. But there are many

aspects of a platform that developers view as not specific to a particular company.

Things like social integration, location-aware services, or a general-purpose cloud-

based key/value store, programmatically accessible from any app. In short, a simple

API is not enough.



8

Agility

Engaging developers and providing a capable and compelling platform is not a

one-and-done task. Companies know they need to innovate quickly and iteratively on

their products; when APIs are your product the requirement is the same. To iterate,

they need to analyze the data around API usage patterns, to understand which APIs

get used, when, how, and by which apps. They need to be able to rollout changes

and new APIs as rapidly as possible, and adjust course as often as necessary.

Doing all of this requires more than SOA.

Introducing Apigee, the API Platform

Apigee provides the infrastructure to address these needs, complementing the

capabilities of SOA. Apigee manages API communications into existing systems,

acting as the gateway from the world of apps into a corporate SOA. And, Apigee

addresses the novel needs of the API lifecycle: encouraging developers to build

better apps, faster; and providing insight into app and API usage. All of this ultimately

enables companies to better connections with their customers.

Apps

Developers

APIs

API Team

Figure 1: Apigee API Platform



9

Comparing Apigee and SOA/ESB

As a communication interchange approach, Apigee Gateway Services is similar in

some ways to an ESB, or to the SOA architectural approach. Common between Apigee

and an ESB: message routing, message transformation, rate limiting, security checks

and access control, and analytics. SOA and Apigee Gateway Services are similar; both

are focused on interconnecting disparate systems, both model systems via network

interfaces, both typically use XML or other data formats. There are clear similarities.

Connectivity and More

Like SOA or an ESB, Apigee provides connectivity and communications management.

But the Apigee API Management platform provides much more.

› Gateway Services – management of communications between outside

apps and internal systems. The Gateway receives incoming HTTP API requests

and performs authentication, authorization checks, rate limiting, auditing and

logging, and routing.

› App Services –a backend-as-a-service resource, it provides a core set of

commonly used social media application objects, and can be extended to

store arbitrary data. It enables developers to get better apps up and running

more quickly.

› Developer Channel Services – an extensible portal and set of web-based

tools to engage developers, encourage adoption, and speed development of

apps that leverage managed APIs.

› Analytics Services – using the traffic analysis gathered by the Gateway,

Analytics Services provides insight into API and app usage across developers,

apps, and time, so that operators can see how app requests are driving the

business.

These four functional components comprise Apigee Enterprise, to address the

specific needs in the app economy. None of these are functional areas included in

the traditional realization of SOA.



10

Apigee Complements SOA

With this set of features, Apigee is much more than “SOA with a longer wire”,

or “a Service Bus for HTTP APIs.” For companies with a corporate SOA or ESB,

Apigee provides a necessary control point for channeling Internet API calls into the

corporate network, integrated with additional features specifically targeted to the

App Economy.

GatewayServices

(Policy ControlPoint)

DeveloperChannel

AppServices

AnalyticsServices

API AnalystApp Developer

Internal Systems(accessed via SOAP

& Web Services)Web Internal

Firewall

ManagementGUI

Apps

http

http http TCP/IPSOAP, JMS,

HTTP

Figure 2: Apigee API Platform Deployed in the Cloud

Apigee can provide a “facade” to an ESB. The Apigee proxy acts as a point-of-entry

API layer to SOAP services, geared toward agile development, developer collabo-

ration, and rapid innovation. App Services can provide back-end services optimized

for mobile app usage. Developer Channel Services, and the Developer Portal provides

the on-ramp for developers who want to use your APIs. With the Apigee Enterprise

Platform, all of these pieces work together, and are managed from a single integrated

management interface.

The integrated set of capabilities in Apigee Enterprise addresses the needs of

companies that seek to fully exploit the potential of the app economy. Apigee

complements a SOA, and extends the reach of a company out to the edge of the

network – right into customers’ hands.



11

Summary

SOA addresses the needs of corporate information system integration, but apps and

APIs place new demands on companies.

Apigee provides a platform to satisfy those demands. Optimized for JSON, XML, and

HTTP, Apigee handles internet-scale volumes of transactions, originating from a wide

variety of devices into the corporate SOA.

Apigee interconnects corporate information systems with remote systems and

mobile devices everywhere, in a way that a corporate SOA or ESB alone, cannot.



12

About Apigee

Apigee is the leading provider of API technology and services for enterprises and

developers. Hundreds of companies including AT&T, Bechtel, eBay, Korea Telecom,

Telefonica and Walgreens, as well as tens of thousands of developers use Apigee to

simplify the delivery, management and analysis of APIs and apps. Apigee’s global

headquarters are in Palo Alto, California, and it also has offices in Bangalore, India;

London; and Austin, Texas. To learn more, go to apigee.com.

Find Best Practices to Accelerate your API Strategy

Scale, Control and Secure your Enterprise

Build Cutting-Edge Apps and Intuitive APIs

Apigee Corporation

Tel: +1 (408) 343-7300

[email protected]

http://apigee.com/about/

http://apigee.com/about/api-best-practices

http://apigee.com/about/enterprise

http://apigee.com/about/developers

Documents

Soa API Economy eBook 2012 11