Perficient Digital Transformation Blog


Archive for the ‘Mobile’ Category

Companies That Didn’t Update for Mobile Paying Price has an article outlining the price paid by companies who haven’t updated their sites to support mobile.   They are making reference to the fact that Google updates their algorithms to give preference to sites that support mobile vs those that don’t.

Indeed, companies that weren’t ready for the so-called “Mobilegeddon” have lost up to 10% of traffic, according to ADI.

“While there wasn’t a precipitous drop among non-friendly sites, the effect is pronounced over the 10 weeks after the event,” said Tamara Gaffney, principal at ADI. “Such continued loss of traffic suggests that immediate emphasis would have been placed on paid search as a quick way to recover traffic. But that strategy is not necessarily sustainable.”

10% is a big number these days and while not as significant as the change Google made late last year to give preference to sites that more regularly update their content, it’s still a big deal.  Notice that they reference “continued” loss.  In other words, Google just made a bad trend worse. But that trend was still there.  It’s become a mobile world and if you don’t support it, you become less an annoyance and more someone people won’t visit………

The article also goes into detail on impact to ad revenue for Google based on a per click model rather than number of ads per page.  It’s worth reading to gain some insight.

API Security: Common Threats and Considerations


Common API Threats: spoofing, tampering, repudiation, denial of service, unauthorized access, confidentiality violation

API Security Considerations: 

Identification – Know Your Consumer
The common approach to implementing this is using API keys, which are nothing but randomly generated values that will vary for each consumer.

Authentication – is Consumer Authentic

User-Password over SSl/TSL: the API consumer will be providing a user password to ensure their authenticity.

OAuth – Additional Security by providing token-based access, and the token can have attributes like expiration, which means
any user can perform certain activity for certain period of time and then later on they need to renew or get a new token
depending on what strategy is being implemented.

SAML – Another mechanism for Authentication. Security Assertion Markup Language (SAML) is an XML standard for injecting
Assertions. Typically, the identity provider will validate the user’s identity and insert appropriate assertions to describe things like what application, resource users have access, roles etc.

OpenID is another solution that gives funcationality similar to OAuth and SAML

Authorization – Is consumer authorized to perform a certain action?

Apart from these basic things, one might also want to consider following:

Json Attack: Since most of the API accept or return JSON response, the response can be intercepted in middle. We can have API Gateway taking care of this for all request responses.

Data Protection : Depending on the information being sent or received, we might need to encrypt certain data elements or mask data so that it will be difficult to guess or figure out what they are and what they really mean. For example, PHI or PCI information.

Richer, More Personalized Customer Experiences for an API Economy


Open API Economy Source:

At the IBM Digital Experience 2015 Conference, Ajay Kadakia with IBM talked about how the API economy is affecting legacy IT companies versus the newer cloud-based companies. The challenge is how to provide more agile, market reactive content off the legacy systems when competing against seemingly more agile, cloud based systems.

Ajay talked about the digital disruption that is already underway:

  • 90% of data has been created in the last 2 years
  • 4x increase in cloud investment vs 2013 (just 2 years)
  • 100% of LOB apps will be mobile first by 2017
  • 75B internet connected devices by 2020

Customer centricity is the only differentiator in today’s world, so experience really matters. But customer choice has exploded in the ways they can experience our brand.  Previously a website was the key method for customer self service.  Now we have devices such as mobile apps, kiosks, internet TV, connected appliances, connected cars, etc.

The only way to reach out to all these channels is to build robust APIs. To succeed, you must include a strategy for API creation and consumption in your overall business strategy. And this requires support at every level of the organization.

So what is an API in the context of an API economy. An API is like a Lego building block that can be combined with other APIs to build more sophisticated services.  APIs are the fast path to new business opportunities.  At the end of 2014, over 75% of Fortune 1000 had public APIs.  Almost every bank or financial services companies have APIs for their partners.

A successful API initiative requires end-to-end capabilities. APIs need to know who is using the API, you need to figure out how to charge or not charge for use of the API, and of course you need to manage the use of the API, which can require some IT infrastructure.

Entry points into the API Economy include:

  • Build – API Design and Implementation
  • Manage – API Lifecycle Management
  • Secure – Security, Metering and Control
  • Monetize – Analytics and Monetization

So how do you get started?  First accelerate your agility.  If you can’t be agile, you won’t be fast enough to meet customer and market demand.  Second you need a strategy to identify business goals, assets and revenue strategies.  Finally you need to monetize the API.

What can be API’s? Here are some examples of business assets that could be exposed through APIs:

  • Product catalogs
  • Customer records
  • ATM/Retail Locations
  • Payment Services
  • Shipping and fulfillment
  • Job Openings
  • Risk Profiles
  • Transaction data

You need to do a thorough asset inventory to identify the potential assets that you have that can become APIs.  Some APIs could be monetized, while others may be more useful to create brand loyalty. For each API you need to determine the business goals and success criteria.

There are several monetization models to consider:

  • For Free – can drive adoption for typically low valued assets or brand loyalty
  • Developer pays – high value assets (like Amazon Web Services) could get paid by developers
  • Developer gets paid – provides incentives for developers to use your API for things like Ad Placement, etc
  • Indirect – includes other models

For IBM, they were late to the API Economy, but have quickly caught up through various acquisitions over the past few years. IBM Watson and the new IBM/Apple apps are built on the IBM API platforms.

How to do API Versioning

1- URL based versioning

Easy and very common way to version api is to include version no in api url.
For e.g. http://myapi/v1.0.0 , http://myapi/v1.0.1

  • Easy to use and identify different version by looking URL.
  • Over time need to maintain various urls

2- Using query param

Another easy to use startegy for api versioning
For e.g. http://myapi?version=1.0.0

  • Same url for different api version
  • Need to add tranformation logic to route to particular version

3- Using custom HTTP header

Slight advantage over approach #2 since this will keep url short.

  • same url for different api version
  • Need to add tranformation logic to route to particular version

4- Using Accept HTTP Header

For e.g. Accept:application/v1.0.0+json , Aceept:application/v1.0.0+json

Slight advantage over approach #3 since no need to add new custom header.

  • Same url for different api version
  • Need to add tranformation logic to route to particular version

Tags: ,

Posted in api, Best Practices, Mobile, News

Private APIs Vs Public APIs

Private APIs :

  • APIs which are used within organization to build apps.
  • Apps built on private APIs can be used inside organization or released to public using various channels like company site, app store.
  • Partners can use private APIs to build apps.
  • Private APIs enable faster business integration with partners.
  • Avoid dependency on external APIs and apps, For e.g. public API is discontinued.

Public APIs:

  • Expanding reach across various platform and devices.
  • Increased brand value.
  • Creativity has no limits.
  • Your competitor can use content for various purpose if your API overexposed your business content.
  • Patent/Rights infringement.

Tags: ,

Posted in api, Mobile, News

Top 10 Reasons Why You Need API

1. First things first: Not having an API today is like not having a website in the 90s.

2. Spread your wings – reach more channels and devices that you can imagine.


3. You need it because your competitor has it.

4. Collaborate with you partners more closely than ever.

5. New revenue opportunity as you build product (API) out of existing business functionality.

6. Grow customer loyalty and meet customer expectations.

7. Enhance company value and brand name.

8. Access any time and anywhere.

9. Innovation. As more people and partners use API, you get new ideas from their feedback and experience.

10. Increased Application Value as more platform or channels are available for integration.

Mobile is at the Top of CEO’s Agenda for Digital Transformation

You’ve probably heard a lot about mobile in the past two years.  In PriceWaterhouseCoopers 18th annual Global CEO Study (2015), 81% of CEOs said that mobile technologies are strategically important to their business.  PWC says, “The sheer ubiquity of mobile devices today has revolutionised customers’ ability to obtain information – which has, in turn, transformed how they perceive value and the type of relationships they want to have with companies.”

PWC Technology Infographic

Everyday we see more and more evidence that mobile has to be a top priority for large and small companies. Not only are the sheer numbers of mobile devices and mobile users increasing every day, but the reliance on these devices increases every day.  Merkle RKG produces a quarterly Digital Marketing Report that has lots of information about where advertisers spend their money and the resulting consumer clicks. Here are some interesting data points from Merkle RKG’s first quarter 2015 report:

  • Mobile Paid Search Ad Spend was 32% of all ad spend in Q1.  That’s up from under 20% in Q1 2013.  Advertisers have increased buying mobile ads 60% in just two years.
  • 44% of paid search clicks on Google came from mobile devices.  So almost half of all ads clicked were ads displayed on mobile devices.
  • Desktop ad clicks dropped another 4% in Q1 on top of a drop of 3% in Q4 2014.  At the same time, phone clicks were up 42% in Q1 and tablet clicks were up 9%.  Tablet clicks were at 28% in Q4 2014, so the growth rate for tablets has slowed.
  • Mobile Organic Search Clicks accounted for 45% of all clicks in Q1 2015.  That’s up from 34% in Q1 2014.  That’s a 32% increase in just one year.

From those numbers it is clear that mobile devices are important to advertisers and search engines. From the click rates, it is also clear that mobile is very important to consumers.

But what if you haven’t jumped on the mobile bandwagon yet?  Will that hurt you? If you don’t really participate in paid advertising or paid search, does this matter to you?

Well Google is about to make that pain more real for companies who don’t make their sites mobile- friendly.  Google has decided to include “mobile- friendly” in its rankings for search results.  If your site is not mobile-friendly, then your ranking will drop on Google.  While your Search Engine Optimization efforts over the past few years have moved you up in the search results, this new designation will drop you back down.  How real is this mobile-friendly ranking?

According to Merkle RKG, Google has identified 29% of the Internet Retailer 500 websites as not mobile-friendly.  For all Fortune 500 websites, 46% do not meet Google standards for mobile-friendly.  Wow, half the Fortune 500 websites are at risk if they don’t revamp their sites.

It should be clear why 81% of CEOs think that mobile is strategically important. Not only are there a lot of mobile devices, but consumers, advertisers and Google are paying a lot of attention to content delivered on mobile.

Change is in the Air

The strategy is complete, implementation of the mobile application andJigsaw-Change-Management analytical system is finished, data scientists are providing useful analytical research.  But is your enterprise getting the value out of your digital transformation investments?

A company’s culture, people, and business processes usually provide the largest barrier to realizing the value from digital investments.    Yes, we talk about change management, however, most times that change management is involved in a one-time event like the implementation of ERP system or rolling out a new Salesforce application.   Read the rest of this post »

Financial Insights Into Costs For New Digital Applications

When I initially wrote my blog “Making Financial Sense of PaaS” it was to crowdsource my estimates comparing building and operating a new mobile application for a year using various platform architectures. The platform choices ranged from n-tier on-premise using licensed software to using a hosted PaaS. The blog resulted in some excellent conversation and feedback leading me to produce “Making Financial Sense of PaaS – Part Deux”, which illustrated the estimates for businesses that efficiently operate their data center resources.

These blogs have been very well-received by the community. Some have written in appreciation for raising the issue into public discussion. However, for me, the real surprising factors was the costs for a single mobile application. Most estimates I have done focused on the development and deployment costs, but few times have I been asked to show the operations costs over time. This analysis provided me with real insight into what businesses transforming into the digital world should account for in new application development. Additionally, it begs the question what does it cost to operate each individual application currently running in your business? Read the rest of this post »

How Mobile Apps Can Replace Your Intranet

Mobile is one sticky form factor.  So sticky that many states are finding it necessary to legislate people out of using their phones while driving.  In other words, the mobile experience is so compelling that some people literally won’t put down their phones unless you make using them illegal.

Meanwhile, intranets have traditionally struggled with user adoption.  I’m fairly certain every successful intranet project known to man has featured a “user adoption” component meant to help people understand when, where, how and why to use their intranet for actions beyond looking up the daily cafeteria menu.  This still holds true, almost twenty years since the first intranets sprung up from the ashes of Gophers and fileshares.

Mobile works.

Intranets… need work.

So why not use mobile apps to engage your erstwhile intranet users?

In my latest post over at CMSWire, I’ve outlined a (very plausible) scenario whereby the groundswell of user preference for mobile form factors could– and perhaps, should– spell doom for the concept of the enterprise intranet.  This is “digital transformation” writ large for employee productivity.

It’s a heady mix of mobile’s engaging (even addictive) UX, service-oriented architecture, software as a service (cloud/SaaS), and forward-thinking embrace of technology and consumer trends.  And you can just about pull it off with today’s technology.

Curious?  Go check it out.