making sense of the api economy - marist college
TRANSCRIPT
Copyright©2017byJosephGulla
MakingSenseofTheAPIEconomyByJosephGulla,[email protected]://www.linkedin.com/in/joseph-gulla-ph-d-ba5b9515/
AbstractInthispaper,theauthorpresentsa360-degreeviewofmodernApplicationProgrammingInterfaces(APIs)thatfocusinnovationandentrepreneurshipoftenwithaconcentrationonenterprisecomputing.ThepapergivesanintroductiontotheAPIeconomythenexplainstheclassificationofAPIswithaparticularfocusonmicroservices.LeadingAPImanagementsoftwarecompaniesareidentifiedandimportantAPItechnologiesareexploredincludingRESTandSOAP,aswellasopensourcetoolsandopenstandardsandprotocols.
IntroductiontotheAPIEconomyAccordingtoGartner(WelcometotheAPIEconomy,2016),theAPIeconomyisanenablerforturningabusinessororganizationintoaplatform.Howisthispossible?AccordingtoGartner,theAPIeconomyisasetofbusinessmodelsandchannelsbasedonsecureaccessoffunctionalityandexchangeofdata.So,toanswerthequestion--newmodelsandchannelsmakethispossible.Innewways,APIsmakeitsimplertointegrateandconnectpeople,places,systems,applicationsanddata.ManybusinessesareimplementingAPImanagementproductstomakewhattheyalreadyhave,oftencalledsystemsofrecord,morereadilyavailabletonewsystemsofengagementincludingmobiledevicesandcloudservices.
ClassificationofAPIsbyTypeTheauthorhasdevisedasimplemethodofclassification.O-APIsreferstothe“older”typesofAPIslikethoseforaccessmethodsandperformancemanagement.TwoexamplesortypesoftheolderkindofAPIsaresummarizedinTable1.Table1.O-APIsCategory Description Example
A-type AccessMethods
TheQueuedSequentialAccessMethod(QSAM)wasreleasedinOS/360offeringdeviceindependence:totheextentpossible,thesameAPIcallsareusedfordifferentdevices(QueuedSequential,2017).TheVirtualStorageAccessMethod(VSAM)isinthesameclassasQSAM.
Copyright©2017byJosephGulla
2
P-type ApplicationPerformance
TheApplicationResponseMeasurement(ARM)APIisfocusedonapplicationresponsemeasurementandhasthefunction“arm_init”thatisusedtodefineanapplication.ItmustbemadebeforeanyotherARMAPIcallsrelatedtothatapplicationlikearm_startandarm_end(ApplicationResponse,2017).
TheN-APIsclassificationpertainsto“new”typesofAPI.Newcanbestbeclassifiedasthosethatarosesincetheadventoftheworldwideweb.ThreeexamplesortypesofthenewerkindofAPIsaresummarizedinTable2.Table2.N-APIsCategory Description Example
D-type Dataaccess LocalGovernment,Climate,EcosystemsandAgricultureareexamplesofdatasetsavailableondata.gov.Thedataisavailableinmanyformslike.xlsand.tarforhumanviewingorprogramuse.
$-type Acceptonlineandmobilepayments
PayPalpayments&Squareonlineandin-personpaymentsareexampleoffinancialAPIs.
M-type Applicationprogramintheformofamicroservice
TheseprogramsarecreatedfromavarietyofAPIManagementtoolsproducinganewkindofapplicationrunningontopofthelegacyapplicationsthatisnon-disruptive.
SpecialFocusontheM-typeAPIThistypeofAPIhascomeaboutsincethecreationofcloudcomputing.M-typemeansmicroservices,whichisakindofsmalldataprogram.Thesesmalldataprogramsaregroupedintoapplications.Theseapplicationsareusedbycompaniestogeneraterevenue,lowercosts,improveefficiencyandrespondtocompetitivepressures.Theseprogramsarecreatedinanintegrateddevelopmentenvironment(IDE)andtheyprovideaconnectionbetweenthelegacyworld(calledthesystemsofrecord)andthenewworldofengagementThesemicroservicesAPIsaresurroundedbysupportcapabilitieslikeamanagementconsole,security,analyticsandlogging,thatisusedforgovernance.ThemostcompleteAPIManagementprogramshaveafulllife-cycleapproachthatisneededbecausethesemicroservicesAPIsareapplicationsthatneedtobehandledascompanyassets.
Copyright©2017byJosephGulla
3
APIsandMicroservicesTherearetwoviewsofmicroservices.OneviewcharacterizesitasanarchitecturalstylewheretheotherviewusesthetermmicroservicetodescribethedataprogramscreatedwithAPIManagementsoftwareproducts.
AnArchitecturalStyleThroughadoptionofthemicroservicesarchitecturalstyle,companiesusemanyverysmallmodules,communicatingusinglightweightprotocolsthatcombinetoprovideaservice.Theyarepartofanapplicationlikeorderprocessing,supportingabusinessarealikeaddanewcustomer,foraspecificscenariolikeverifycustomeraddress.Themicroservicescanbeandareoftenusedinmultiplescenarios.
AKindofProgramManyAPIManagementsoftwaresuppliersareprovidinganIDEandotherkeycomponentslikeamanagementconsoleandanalytics,insupportofthecreationofsmalldataapplicationstheycallmicroservices.Thesedataapplicationscanbeusedstand-aloneorcombinedintoapplicationsbymakingimportantdataandprocessesavailableinnewwayswithoutdisruptingthesystemofrecord.
TheRoleViewofAPIsFigure1depictstheroleofAPIs,whichistoleverageexistingenterpriseassetstounlockyourbusinesscapabilities.ThisviewalignswiththeGartnervisionandhasthismaintheme—unlockyourbusinesscapabilitiesbyleveragingyourexistingassets.Thisisacompellingideaformanycompanies.
Figure1.TheRoleofAPIs(FioranoAPIManagement,n.d.)
Copyright©2017byJosephGulla
4
WhoaretheLeadingAPIManagementSoftwareCompanies?Figure2,below,isaconsolidationofthehighlyregardedAPImanagementproducts.IncludedareLeaders,VisionariesandStrongPerformersidentifiedbyForresterandGartner.IDCusesthewordRepresentationalinitssoftwaretaxonomydocument.
Figure2.LeadingAPIManagementSoftwareCompanies
HowtheAPIManagementSystemsareOrganizedtoGetWorkDoneThecommoncomponents--IDEordeveloperportal,connectors,gateways,security,monetization,analyticsandoperationssupporttools—arecommoninthecontextofabuildandrunlifecycle.Figure3,belowfromarecentBLOGpostshowsthefeaturesofmanyAPIproducts.DesignTimeincludesDataModeling,InterfaceModelingandRegistry&RepositorywhereasRunTimeincludesAPIManagementSolution,IdentityStack,Monitoring,DevOpsTools,Logging,andApplicationInfrastructure(Broeckelmann,2017).
Copyright©2017byJosephGulla
5
Figure3.TheToolsofAPIManagement — TheFullStack
AProductExample--ComponentsofIBMAPIConnectRatherthanalogicalviewofAPImanagementsoftware,letslookataleadingproduct’scomponents.ThisistheactuallistofcomponentsforIBMAPIConnect(APIConnectComponents,2017).Thelistincludes--1. CloudManagementConsolethatprovidesanadministratorinterfacemainlyto
manage/monitor(add,start,stop,delete,getusagereport,etc.)serversandtoregisterthecomponentsthatwillbeusedatruntime.
2. APIDesignerprovidesanAPIdevelopertoolkit,installedonworkstationstocreateandsecureLoopBackapplications.ALoopBackapplicationisaNode.jsapplicationthatsupportsthecreationofRESTAPIsbasedondatamodeldefinitions.
3. ManagementServeristheAPIdeveloper’sinterfacetomanageandsecuretheirexistingAPIs.
4. DeveloperPortalisforapplicationdeveloperswherepublishedAPIswillbereferenced,describedandcanbetested.
5. APIGatewayisusedtoenforceAPIssecurityorfunctionalpolicieslikeJSONschemavalidationandJWTgeneration.AllregisteredapplicationssendtheirrequeststotheAPIGatewaytoaccesstheAPIs.
6. LibertyCollectiveareserverclusterscontainingoneLibertycontrollerandmultipleLibertymembers.LibertycollectivesareonlyusedifthereisaLoopBackapplicationorMicrogatewaytorun.ItconstitutestheNode.jsruntimeenvironment.LibertyserverscanberunonLinuxonz.
Copyright©2017byJosephGulla
6
MostAPIManagementproductshavegatewaysalthoughtheirfunctionisn’talwaysexactlythesame.TheyalsohaveserverstorunandmanagetheAPIsandfacilitiesfordesignanddevelopmentofAPIs.TheyofteninterfacewithanEnterpriseServiceBus,ifitispresent,allowingcompaniestomakeuseoftheirexistingintegrationandSOAinvestments.
ImportanceofRESTfulWebServicesandOtherInternetTechnologiesManyAPIproductsuseWebserviceslikeRESTandSOAP.RoyFieldingisthefatherofRESTasitwasthesubjectofhisdissertationcalledArchitecturalStylesandtheDesignofNetwork-basedSoftwareArchitectures(Fielding,2000).Hereareafewkeypointsfromtheabstractofhisdissertation--"RESTemphasizesscalabilityofcomponentinteractions,generalityofinterfaces,independentdeploymentofcomponents,andintermediarycomponentstoreduceinteractionlatency,enforcesecurity,andencapsulatelegacysystems.IdescribethesoftwareengineeringprinciplesguidingRESTandtheinteractionconstraintschosentoretainthoseprinciples,contrastingthemtotheconstraintsofotherarchitecturalstyles.Finally,IdescribethelessonslearnedfromapplyingRESTtothedesignoftheHypertextTransferProtocolandUniformResourceIdentifierstandards,andfromtheirsubsequentdeploymentinWebclientandserversoftware."Figure4,below,makesitstraightforwardtoseesomeofthemainpointsofREST.RESTisaclient/serverarchitectureallowingforscalability.Theservercaninteractwithmanyclientsatthesametimebecauseitistheclient’sresponsibilitytohandlecontext.NotstoringcontextontheserverisoneelementofREST’sarchitecturalstyle.
Figure4.RESTfulArchitecturalStyle(Rocheleau,n.d.)
XMLandJSONwithRESTXMLandJSONcomeupwhendiscussingREST.Theyaresimplywaysofserializingdata.XMLismoreflexibleandwithmanystandardsdesignedaround,somefeelthatitistoocomplexandlong-winded.JSONismorestraightforwardanddefinesafewbasicstructuresinsimpleways.Thismakesiteasytouseforinformaldatastructures(JSON,REST,SOAP,WSDL,2013).
Copyright©2017byJosephGulla
7
SOAPversusRESTSOAPandRESTareoftencomparedbuttheyarequitedifferent.SOAPisaprotocolwhereasRESTisanarchitecturalstyle.RESTAPIsaccessaresourcefordatawhereasSOAPAPIsperformanoperation.RESTpermitsmanydifferentdataformatslikeplaintext,HTML,XML,andJSONwhereasSOAPonlyusesXML.WithSOAPandREST,securityishandleddifferently.SOAPrequiresmorebandwidthwhereasRESTrequiresfewerresourcesdependingontheprocessingthatisneededtosupporttheAPI.SOAPhasanadvantageoverRESTinthatSOAPhasAtomicity,Consistency,IsolationandDurability,calledACID,whichisasetofpropertiesofdatabasetransactions.Thesecharacteristicshelpensureaccurateandrecoverabledatabaseupdates(SOAPversusREST,n.d.).
RoleofOtherOpenProtocols,StandardsandToolsSomeAPImanagementproductsaredistributedasopensourcebutmanyuseopensourcecomponentsforlogging,security,andotherkeysupportfunctions.Theusefulnessofopensourceprotocols,standardsandtoolsisasbuildingblocksfortheseAPIproducts.ThebrieflistbelowinTable3,istakenfromaninternaldocumentcalledOpenLegacyTermsandDefinitions.Itcontainsasampleofopenprotocols,standardsandtoolsusedbyOpenLegacyAPImanagement.Table3.OpenProtocols,StandardsandToolsusedbyOpenLegacy
Item DescriptionApacheLog4j
Areliable,fastandflexibleloggingframeworkwritteninJava.
TrailFile AnXMLrepresentationofin/outscreens.oAuth OpenprotocoltoallowsecureauthorizationforRESTAPIs,web,
mobileanddesktopapplications.EhCache WidelyusedopensourceJavadistributedcacheengine.Angular Opensourcedevelopmentplatformforwebapplications.Freemarker Opensource,Java-basedtemplateengine. Templates Astructuredformat,createdbyFreemarker,intowhichdatais
enteredwhengeneratingentities.
SpecialFocusonAPIwithEnterpriseComputingIn2015,IBMannouncedz/OSConnectEnterpriseEdition,astrategicAPIgatewayintoz/OS.Thisgatewayisaconfigurable,highthroughputinterfaceintoCICS,IMS,DB2andWebSphereApplicationServer.ThisproductisusedtomakeAPIsthatutilizedatafromCICSandIMSapplicationswhilerequiringnochangestotheapplication’sunderlyingCOBOLorPL/1code.Sincez/OSconnectisagateway,themostimportantthingitdoesishelptransformapplicationswritteninonearchitecturalstyletoadifferentone.Itisverywelldocumentedsoyoucanunderstandexactlywhattodoevenifthetasksarenot
Copyright©2017byJosephGulla
8
alwaysnativetoyourskillset.Figure5showstheinputsandoutputshandledbyz/OSConnect(IBMz/OSConnect,2015).
Figure5.TheRoleofz/OSConnectEE(Excellent2Pager,2016)
StepstoCreateanAPIforaCICSTransactionTherearefourmaintaskareasforcreatinganAPIusingz/OSConnect(CreatinganAPI,2016):
1.GenerateBindingsfortheApplicationUsingasuppliedJCLjobstream,generatethebindings,datadefinitionslikeacommareacopybook,whichwillallowz/OSConnecttocallyourCICSapplication.ThisgeneratesaServiceArchiveFile(SAR)file.
2.ImporttheSARFileintotheToolingThisallowsthez/OSConnecttoolingtodisplaythefieldsthatarepartofyourapplicationinterface.Thefirststepistocreateanewz/OSConnectEEAPIproject.TodothisselectFile–NewProject.Inthelistscrolldownandexpand‘z/OSConnectEnterpriseEdition’andselectz/OSConnectEEAPIProject.Clicknext.ThedetailedactionsareeasytofollowintheCreatinganAPIArticlereferencedabove.
3.MaptheAPIDefinetheUniformResourceIdentifiers(URIs)thatmakeuptheAPI,youcanthenmapfieldsfromtheURIstothefieldswithintheapplicationinterface.
4.DeploytheAPIOnceyourAPIisreadyyouneedtodeployit.Thez/OSConnectEEtoolinghastheabilitytodeployyourAPIdirectlytoCICS.ThisisdonethroughaserviceintheruntimethatislisteningonthesameHTTPportfromwhichyourAPIwillbeexecuted.
Copyright©2017byJosephGulla
9
ConclusionItisinterestingandusefulthatAPIshavebeenreinventedandbroughtforthinacompletelynewway.TheoldAPIs,accessmethodslikeQSAMandVSAM,arevitalandstillinuse.ThenewAPIshavefoundtheiruseinthedata-sharingsettingtosavecostsandimproveefficiency.ThemicroservicesAPIsaresupplementingapplicationsinmanybusinessestosatisfyneedsunmetbyexistingapplicationsandsystems.ThemicroservicesAPIsaremakingtheirimpactbyprovidingpowerfullevelsofintegration,inanapplicationcontext,withouttheneedforchangestotheexistingsystemsofrecord.MicroservicesAPIprogramsarenotwithouttheirchallenges.Justlikeconventionalapplicationassets,youdesignandbuildtheAPIprogramsthentheyaredeployed,managed,madehighlyavailableasnecessary,backedupandeventuallyretired.ThesedisciplinesmustbegiventheproperlevelofattentioninorderfortheAPIstoreliabilitycarryouttheirpurpose.
ReferencesAPIConnectComponents.2017.AccessedinMay2017athttps://www.ibm.com/support/knowledgecenter/en/SSMNED_5.0.0/com.ibm.apic.overview.doc/capim_overview_apiconnectcomponents.htmlApplicationResponseMeasurement.2017.AccessedinMay2017athttps://en.wikipedia.org/wiki/Application_Response_MeasurementBroeckelmann,R.2017.TheToolsofAPIManagement — TheFullStack.AccessedMay2017fromwww.linkedin.com/pulse/tools-api-management-full-stack-robert-broeckelmann?trk=v-feed.CreatinganAPIfromaCICSapplication.2016.AccessedJune2017fromhttps://developer.ibm.com/mainframe/docs/getting-started/how-to-expose-a-cics-service/creating-an-api-from-a-cics-application/Fielding,R.2000.ArchitecturalStylesandtheDesignofNetwork-basedSoftwareArchitectures.AccessedMay2017fromhttps://www.ics.uci.edu/~fielding/pubs/dissertation/top.htmFioranoAPIManagement.n.d.AccessedMay2017fromhttp://hkwiseco.com/fiorano-api-management-2/GettingStartedwithIBMAPIConnectConceptsandArchitectureGuide.2016.AccessedMay2017fromhttp://www.redbooks.ibm.com/redpapers/pdfs/redp5349.pdf
Copyright©2017byJosephGulla
10
IBMz/OSConnectEnterpriseEditionV2TechnicalOverview.2015.AccessedMay2017fromhttps://www.slideshare.net/UkRobJones/zos-connect-enterprise-edition-v2000-technical-overview JSON,REST,SOAP,WSDL,andSOA:Howdotheyalllinktogether.2013.AccessedMay2017fromhttps://stackoverflow.com/questions/16626021/json-rest-soap-wsdl-and-soa-how-do-they-all-link-togetherQueuedSequentialAccessMethod.2017.AccessedinMay2017athttps://en.wikipedia.org/wiki/Queued_Sequential_Access_Method Rocheleau,Jake.n.d.TheBasicsofRESTandRESTfulAPIDevelopment.AccessedinMay2017athttp://www.hongkiat.com/blog/rest-restful-api-dev/SOAPvs.REST:ALookatTwoDifferentAPIStyles.n.d.AccessedMay2017fromhttps://www.upwork.com/hiring/development/soap-vs-rest-comparing-two-apis/Tommaseo,L.2016.Excellent2Pageronz/OSConnect.AccessesMay2017fromhttps://www.slideshare.net/LuigiTommaseo/excellent-2-pager-on-zos-connect-ent-editionWelcometotheAPIEconomy.2016.GartnerResearch.AccessedMay2017fromhttp://www.gartner.com/smarterwithgartner/welcome-to-the-api-economy/