Welcome!

Java IoT Authors: Elizabeth White, Dana Gardner, Pat Romanski, Liz McMillan, AppDynamics Blog

Related Topics: @ThingsExpo, Java IoT, Microservices Expo, @CloudExpo

@ThingsExpo: Blog Feed Post

Look Beyond The Mobile or Web Client To The Internet of Things

Ten API Commandments for Consumers

Kin Lane, the API Evangelist, has produced a list of the Ten API Commandments for Providers. It's a very good list, including privacy, security, and documentation. I encourage everyone to read it and comment.
What about the corresponding list for API Consumers? Although I don't want to compare myself to a biblical figure (or indeed to Kin Lane :) ), here is my crack at a list of API commandments for consumers:

1. Protect your API Keys. API Keys are often issued to developers through an API Portal to use in their apps. These API Key allow developers to access apps. Sometimes the keys are used in conjunction with OAuth, or sometimes they are used in a pure API Key based authentication scheme. It is natural for developers to use Github as a repository for their code. But, what if the API Key is baked into the code of your API consumer app? Ross Penham recently wrote about the disturbing amount of API Keys which he found in Github. A good solution is to use an API Gateway to manage the API keys, separately from the API consumer application itself.


2. Understand how APIs affect your client app's performance. If an API call is slow, then your app is slow. Users may then understandably complain. What if the problem is not your app itself, but an API it's consuming? How you can isolate the problem, so that you can see how a slow API is affecting your users? The answer is to have Root-Cause Analysis in place for your APIs. Here is an example of how you can track the response times of the SalesForce.com API. Here is another example, this time from the mobile telco 3 in the UK. In this way, you can point your finger at the problem, and apply root-cause analysis.

3. Apply the "Missing SLA". API Providers often do not provide a Service Level Agreement (SLA). Unless you are a very large corporation, spending a lot of money on API calls, you may not be able to force them to put an API in place for you. Again taking the example the SalesForce.com API, here is a walk-through with videos of how you can apply monitoring and an SLA in place for your outbound API calls.

4. Think about the data. When calling an API, it's natural to think about the security of the API call itself. Commandment #1 above is about securing the keys used for the API call. But what about the data being sent to the API? In many cases, you can think of an API as a conduit for data. If this data contains anything private, in terms of what is called PII (Personally Identifiable Information), then it must be encrypted, redacted, tokenized, or removed by an API Gateway.

5. Plan beyond asynchronous request response - think about WebSockets, AMQP, MQTT, and CoAP. HTML WebSockets are an exciting technology which we're seeing customers begin to leverage for their API consumption. WebSockets brings some great capabilities, such as full-duplex communication with the capability for APIs to "push" data to the client. But, it also brings security questions, and a veritable alphabet soup of new protocols beyond HTTP. The good news is that companies like Axway are thinking about the interplay and security of these new protocols. For more reading, I recommend checking out December's AMQP WebSocket Binding (WSB) which was drafted with help from my Axway colleague Dale Moburg.

6. Loose Coupling. Yes, "Loose Coupling" is something that isn't new - in fact it is a dictum of SOA-based integration from ten years ago. However, it is just as relevant now. Don't hard-code your API consumer to a particular version of an API. In fact, by putting an API Gateway in place, you don't even have to hard-code your API to a particular API (e.g. you can switch between different storage services).

7. Don't hate HATEOAS. HATEOAS is something that some API developers struggle to understand (or even pronounce), but it is very valuable because HATEOAS provides a framework for API calls which describe the "flow" of calls which a client can make. Even if you don't plan on using HATEOAS initially, and are just constructing quick-and-dirty API calls using string manipulation, it is still worth understanding.

8. Look beyond the Mobile or Web client to the Internet of Things. Until recently, API clients were assumed to usually be mobile devices. In fact, if you see a diagram on a Powerpoint slide of an API being called, it is usually a mobile app which is doing the calling. Now, we're moving on to the "Internet of Things" (IoT). IoT raises interesting requirements for API Consumers. For example, how can a low-powered device (like a lightbulb) perform the requisite processing required to access an API? What about devices which have intermittent Internet connections (e.g. a Connected Car, which may not always be online). At Axway, we've produced a Webinar and associated White Paper with Gunnar Peterson on the new security requirements when accessing APIs in the Internet of Things. I encourage folks to check this out.

9. Take a broad view of APIs: XML is unfashionable but still exists. If you look at some APIs used in business-to-business contexts, you often see the more heavyweight XML-based standards like AS2 and ebXML used. For example, later this week we are running a Webinar about accessing Australian Government "Superfund" services, and this uses an API which heavily XML-based. You won't find "I AS2" or "I ebXML" written on a sticker on the back of a MacBook Pro anytime soon, but if you are writing API Consumer apps which will access Enterprise APIs, you ignore these older types of APIs at your peril.

10. Spread the word. Here I echo Kin's commandment to spread the word - to evangelize - your API exploits. In the case of API Consumers, this is just as important as API Providers. On our API Workshop tours, we've had API practitioners speaking about how they are using APIs. Watch this space for news on our upcoming API Workshops, and feel free to get in touch if you have any great API Consumer stories, or tips to add to these Ten Commandments :)

More Stories By Mark O'Neill

Mark O'Neill is VP Innovation at Axway - API and Identity. Previously he was CTO and co-founder at Vordel, which was acquired by Axway. A regular speaker at industry conferences and a contributor to SOA World Magazine and Cloud Computing Journal, Mark holds a degree in mathematics and psychology from Trinity College Dublin and graduate qualifications in neural network programming from Oxford University.

@ThingsExpo Stories
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...
SYS-CON Events announced today that MangoApps will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MangoApps provides modern company intranets and team collaboration software, allowing workers to stay connected and productive from anywhere in the world and from any device.
The IETF draft standard for M2M certificates is a security solution specifically designed for the demanding needs of IoT/M2M applications. In his session at @ThingsExpo, Brian Romansky, VP of Strategic Technology at TrustPoint Innovation, explained how M2M certificates can efficiently enable confidentiality, integrity, and authenticity on highly constrained devices.
"We've discovered that after shows 80% if leads that people get, 80% of the conversations end up on the show floor, meaning people forget about it, people forget who they talk to, people forget that there are actual business opportunities to be had here so we try to help out and keep the conversations going," explained Jeff Mesnik, Founder and President of ContentMX, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
When people aren’t talking about VMs and containers, they’re talking about serverless architecture. Serverless is about no maintenance. It means you are not worried about low-level infrastructural and operational details. An event-driven serverless platform is a great use case for IoT. In his session at @ThingsExpo, Animesh Singh, an STSM and Lead for IBM Cloud Platform and Infrastructure, will detail how to build a distributed serverless, polyglot, microservices framework using open source tec...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
From wearable activity trackers to fantasy e-sports, data and technology are transforming the way athletes train for the game and fans engage with their teams. In his session at @ThingsExpo, will present key data findings from leading sports organizations San Francisco 49ers, Orlando Magic NBA team. By utilizing data analytics these sports orgs have recognized new revenue streams, doubled its fan base and streamlined costs at its stadiums. John Paul is the CEO and Founder of VenueNext. Prior ...
A critical component of any IoT project is what to do with all the data being generated. This data needs to be captured, processed, structured, and stored in a way to facilitate different kinds of queries. Traditional data warehouse and analytical systems are mature technologies that can be used to handle certain kinds of queries, but they are not always well suited to many problems, particularly when there is a need for real-time insights.
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo Silicon Valley Call for Papers is now open.
Big Data engines are powering a lot of service businesses right now. Data is collected from users from wearable technologies, web behaviors, purchase behavior as well as several arbitrary data points we’d never think of. The demand for faster and bigger engines to crunch and serve up the data to services is growing exponentially. You see a LOT of correlation between “Cloud” and “Big Data” but on Big Data and “Hybrid,” where hybrid hosting is the sanest approach to the Big Data Infrastructure pro...
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
We all know the latest numbers: Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from last year, and will reach 20.8 billion by 2020. We're rapidly approaching a data production of 40 zettabytes a day – more than we can every physically store, and exabytes and yottabytes are just around the corner. For many that’s a good sign, as data has been proven to equal money – IF it’s ingested, integrated, and analyzed fast enough. Without real-ti...
I wanted to gather all of my Internet of Things (IOT) blogs into a single blog (that I could later use with my University of San Francisco (USF) Big Data “MBA” course). However as I started to pull these blogs together, I realized that my IOT discussion lacked a vision; it lacked an end point towards which an organization could drive their IOT envisioning, proof of value, app dev, data engineering and data science efforts. And I think that the IOT end point is really quite simple…
With 15% of enterprises adopting a hybrid IT strategy, you need to set a plan to integrate hybrid cloud throughout your infrastructure. In his session at 18th Cloud Expo, Steven Dreher, Director of Solutions Architecture at Green House Data, discussed how to plan for shifting resource requirements, overcome challenges, and implement hybrid IT alongside your existing data center assets. Highlights included anticipating workload, cost and resource calculations, integrating services on both sides...
"We are a well-established player in the application life cycle management market and we also have a very strong version control product," stated Flint Brenton, CEO of CollabNet,, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The IoT has the potential to create a renaissance of manufacturing in the US and elsewhere. In his session at 18th Cloud Expo, Florent Solt, CTO and chief architect of Netvibes, discussed how the expected exponential increase in the amount of data that will be processed, transported, stored, and accessed means there will be a huge demand for smart technologies to deliver it. Florent Solt is the CTO and chief architect of Netvibes. Prior to joining Netvibes in 2007, he co-founded Rift Technologi...
Unless your company can spend a lot of money on new technology, re-engineering your environment and hiring a comprehensive cybersecurity team, you will most likely move to the cloud or seek external service partnerships. In his session at 18th Cloud Expo, Darren Guccione, CEO of Keeper Security, revealed what you need to know when it comes to encryption in the cloud.