Business is increasingly data-driven (raise your hand if you have heard the term “Big Data”) and when you talk to a company about enterprise mobile applications, the issue revolves around providing key data to a mobile workforce when and where they need it. The important point is “providing key data” and the challenge is connecting those mobile applications with a firm’s existing enterprise systems that hold this key data. Up till now, we connected web applications and portals to a firm’s existing enterprise systems through a SOA platform. In this new mobile world, that SOA platform still exists but as Eric Roch pointed out in one of his blog posts:
SOA is shifting to support social, mobile and cloud. SOA is being used to support task specific services called Application Program Interfaces – APIs.
A typical SOA infrastructure will need to be adapted and extended to mobile applications and one proven approach is through the creation of an external set of APIs. Application Program Interfaces are not a new concept but in the context of mobile applications, a new generation of APIs is growing, based on the lightweight REST architectural style. Sitting on top of a firm’s existing set of services, these APIs provide a level of separation between the firm’s existing services (which critical internal applications depend on) and the mobile application. An excellent introduction to this new generation of APIs can be found within API 101.
Starting up, a single, simple API is relatively easy to manage. However, with success comes growth and the need to control both the management and maintenance of the APIs. An API gateway provides an enterprise with the flexibility to manage the interaction between the public-facing APIs and key backend services such as transformation, workflow orchestration, service call aggregation, rate limiting and use cases where the typical security infrastructure is inadequate for supporting access security token exchanges, new security protocols such as OAuth, as well as non-trivial access federation scenarios with multiple business partners.
Enterprises should consider an API management platform (also called a mobile access gateway) to provide a single point of control over the administration, monitoring, security and transformation of all API traffic. These Mobile Access Gateways are offered by a number of vendors such as Layer 7 and is one of the best ways to manage the challenges stemming from the introduction of an API supporting the data needs of a firm’s social, mobile and cloud strategy.
Using a gateway such as Layer 7 supports:
- A layer of abstraction between what functionality a firm uses internally and what functionality is exposed publicly to their own mobile applications and to partners/3rd parties.
- Policy-based controls allowing a firm to define an external message signature, identity and interface level security for the APIs.
- Provide the ability to track API usage and limit the rate of use during peak periods.
- API governance such as managing, versioning and updating a firm’s set of APIs.
and provides a more agile platform in which to develop mobile offerings compared to the alternative of trying to use a firm’s existing service infrastructure.