Things are always obvious in retrospect. This mantra applies just as much to the emergence of the enterprise of application program interface (API) from the exclusive use of specialists in the B2B arena to their widespread public consumption. Granted, the results of APIs have always been accessible to the public-at-large. However, the current dynamic utility that extends to modifying the underlying code itself is new to the public sphere. And, it only looks to grow larger. With the emergence of App-dominant mobile devices, App-driven Tablet PCs and the explosive social media revolution (most of which is very enterprise API-heavy), APIs are clearly poised to be the standard platform for business-to-consumer interaction. They simply cover every sphere, ranging from the formation of a community as a future advertising target or in the construction of online checkout carts for a purchase.
Reaching for the Cloud-Tops
One of the drivers of the API vehicle is the cloud, as evidenced by the success of online retail giant Amazon.com’s robust enterprise API known as the Elastic Compute Cloud or EC2. With the increasingly easier-to-use developer tools becoming more accessible, even small businesses are scrambling to make use of application programming interfaces. As the parallel benefits of “Bring Your Own Device” (BYOD) and constant network accessibility become realized, cloud services become more attractive, and the security concerns are naturally minimized. In fact, the incentive to develop more robust security measures for the cloud are already being realized, which will lead inevitably to greater enterprise API integration and use.
The Importance of Security with API Growth
Unfortunately for the enterprise API, security in the cloud doesn’t run exactly parallel to security of the actual programming interface code. Obviously, it helps in the sense that a secure API can only benefit from cloud-release and use if the latter is independently secure. But, as it stands, employing the REST API platform with minimal Web-based protection only serves to open it up to many more instances of potential abuse. One need only imagine what an explosively popular mobile enterprise API could be subjected to, with spammers and scammers – as well as accidental system breaches – having such a large (and rapidly growing) pool of recipients from which to choose.
Despite these security issues, it isn’t realistic for a company to let these existing problems deter them given that their competitors are looking to branch out into these realms because of the many benefits. Furthermore, there are already security measures in place, such as those offered by the right developer community. Using REST or even the older, less user-friendly-but-more-inherently-secure SOAP platform can be buttressed by the common measures used by secure Websites, such as double-authentication and signed http header confirmation to gain access to an App. There actually exists a whole range of such measures, which a central software application can implement and oversee, giving any enterprise API all the benefits of expansion, with next-to-none of the downside of widespread availability.
Oversight is the key. A platform such as SOA Software Atmosphere, for example, tirelessly monitors the allocation of system resources in order to catch and eliminate security threats that might have slipped pass the multiple layers of authentication. No matter the level of sophistication, a threat can’t hide its consumption of system resources, which it needs to operate at all. This and more are already in place to aid the expansion of the API into the future, and will only get better with time.