Java IoT Authors: Jason Bloomberg, Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan

Related Topics: @DevOpsSummit, Java IoT, @CloudExpo

@DevOpsSummit: Blog Feed Post

Your API Management Strategy By @PaulSBruce | @DevOpsSummit #API #DevOps

When you have a great idea for an API, just like a great blog series, you often need a way to publish, promote, & administer it

How Amazon API Gateway Shakes Up Your API Management Strategy
By Paul Bruce

As if a space jam-packed with the likes of 3scale, WSO2, Axway, Intel / Mashery, Apigee, Akana, CA, IBM, Oracle, Mulesoft, and HP isn't competitive enough, Amazon recently decided to get into the business of APIs-in-the-cloud. But Amazon brings something to API PaaS ( Platform As A Service) that no one else has in an API gateway solution: a cohesive DevOps pipeline.

API Management vs. API Gateway
When you have a great idea for an API, just like a great blog series, you often need a way to publish, promote, and administer it. This is the fundamental idea behind API management. API gateways on the other hand simply front an existing system with open API formats (like REST and JSON), possibly authorization and authentication semantics, but definitely to make it easier for software to be built on top of an existing system.

In contrast to simple gateways, API management portals often go far beyond these basic areas to include API ground-up design capabilities (like Apiary's API-Blueprint), gateway / brokering options, monetization, and consumer subscription throttling. But mostly, it's about how to scale, control, and version your APIs when you don't know exactly who is going to be accessing it before they sign up and start hurling requests at your most treasured and meticulously crafted APIs.

Companies like 3scale and Mashery have been on the leading edge for almost a decade, truly fleshing out what people need in an API management solution. Gartner has been predicting the growth of the API management space for a while now, even though their predictions have taken time to really prove correct. A whole new layer of competition has only recently been introduced in the past few years come in the form of big businesses getting into the API management game: IBM, HP, and Oracle. Many of these providers include the basic API gateway functionality, but wrap it with other really important aspects of the API-as-a-product lifecycle.

Why Amazon Isn't Quite in the API Management Game...Yet.
What Amazon API Gateway provides is exactly what it states: a gateway, a way to front another technology with an API. What technology are they fronting? At a high level, the answer is their existing cloud-based compute and request handling capabilities like Lambda, networking, and CloudWatch for metrics reporting. But API gateways are considerably different than API management. Gateways simply expose and handle requests to services; API management provides value-add around that core functionality, like caching, rate-limiting, billing, reporting, key/credential administration, and real-time diagnostics.

"As a PaaS solution, Amazon API Gateway will provide the greatest competitive pressure on companies that only offer cloud-based API management offerings" says Isabelle Mauny, VP of Product Management at WSO2. "By contrast, many of our global enterprise customers rely our cloud-enabled WSO2 API Manager software and cloud services to provide the flexibility for deploying on the cloud, on servers, and in hybrid environments."

The API management space has exploded in the past 5 years to become one of the most lucrative and strategic offerings to add to a company's API solutions portfolios. Estimates say that the space will quadruple to over $600 million by 2020, but people must expect that Amazon has so much more than API gateway functionality up their sleeves with this move.

As different as API gateways are from the larger API management offerings, Amazon comes awfully close to paving the way for a full API management contender. At AWS re:Invent 2014, Amazon rolled out a litany of DevOps tools, namely CodeCommit, CodeDeploy, and CodePipeline to onboard developers directly to the AWS, where many of their operations folks already are for virtualization and mass storage. It's only natural in a world where a growing segment of developers build APIs in order to have a solution that lets them get to their tasks solely in the Amazon cloud ecosystem. Perks like AWS Device Farm further sweeten the deal when mobile developers need a quick path to lots of cheap device time for testing or greenfield development purposes.

Frankly, it's a bit late to get into the API management game...unless you have a ten-fold advantage over any other cloud provider on the market, such is the case is with AWS. If it comes down to a market-share grabbing, strong armed competition, Amazon could quickly win a majority of the API DevOps market share. But how many APIs can be built and coded overnight that need immediate access to the Amazon Cloud? Not an earth shattering amount, and this is where Amazon, with all its might, doesn't present that big of a challenge to the current thought-leaders in the API management space.

Tsahi Levent-Levi

Tsahi Levent-Levi

How Does This Affect the API Landscape?
Steve Willmott, CEO of 3scale and one of the earliest thought-leaders in the API management space, sheds some light on the move by Amazon:

"Amazon's announcement is definitely an important development in the space and shows how important APIs and API Management are becoming. Amazon's focus in the announcement is on typical gateway functionality of key management and rate limiting, whereas we provide a much broader solution that also addresses the business workflows around adoption and measurement of the API. So actually think on AWS our offering will be able to connect up well with Amazon's."

These thoughts reflect an important aspect of the core API community: friendly competition. In discussion with other key API influencers, it's up for debate whether the Amazon API Gateway team connected with anyone in the community about what to build or how to position their solution in the larger ecosystem of API solutions. While other influencers are skeptical of its immediate value as an API gateway as it has been branded by Amazon, its volume pricing and low barrier to entry make it a viable contender for non-enterprise consumers, sort of the bargain basement of API management.

The whole thing gets more interesting with the inclusion of Swagger and other service description languages, in that many companies already invested in their APIs so much that they're also building descriptors could immediately benefit from Amazon API Gateway, provided a strict gateway is all that they're looking for. While there are many API gateway options out there already, existing investment in an API gateway solution by one enterprise group might not present as significant a hurdle to other groups adopting Amazon API gateway in an ad-hoc manner. The price and pipeline points are that compelling.

At APIdays San Francisco, I watched Daniel Jacobson, VP of Edge Engineering at Netflix present how his team delivers front door API functionality through a whole suite of home-grown tools, one that satisfies their gateway needs being Zuul. While Zuul and Amazon API Gateway aren't straight apples-to-apples comparisons, the most obvious difference between them is that the former is posted to Github as open source and the latter is not. It seems that Netflix general attitude towards code is that if you don't know how it works, that's probably going to cause you trouble down the line. Not knowing how Amazon API Gateway works beyond what is stated in the documentation could also represent this same risk.

I briefly chatted with Rob Zazueta, Director of Platform Strategy at Mashery (Intel), too. Since Mashery focuses on providing a complete API management platform and much less on the need for strict gateway functionality, his feeling was that the arrival of Amazon API Gateway doesn't displace Mashery's solutions at all, but rather is likely to compliment them for consumers of both. A positive outlook and confident attitude are generally always a good idea when competing in the API space.

How Does This Affect You?
It simply means that you have more options over basic gateway functionality, especially if you have legacy (full machine, non-componentized) systems in the cloud such as web front-ends and database systems that just beg for middle-tier mediation by APIs. It also means that you need to know your options in the API space better than ever before, since committing to one pipeline strategy can have both positive and negative consequences for your delivery line.

To simplify the process of deciding if diving into Amazon API Gateway is right for you, here's a quick table of pros and cons:

Fits if:

May not fit it:

Your operations or development teams already use AWS You have compliance requirements restricting you from delivering data via SaaS/cloud services
Your developers lack / need a cohesive software delivery pipeline You have anything more than very simple authentication requirements
You need to test from lots of different mobile devices You don't know how to program in HAL or for Lambda
You already have your API defined in Swagger Your existing APIs lack descriptors and you can't automatically generate them via framework
Your API solely uses cloud data storage You need to connect to off-site or on-premise data

This list is by no means exhaustive, and your encouraged to join the conversation below and contribute to what are specific reasons to consider or exclude Amazon API Gateway from your decision making process.

In the end, more API options are good for everyone, especially so when people are doing their own research on how they fit with their actual needs. It's important to build your own list of requirements over an API strategy, but be sure to also consider how your software delivery pipeline, operations scalability and downtime response procedures, and security compliance requirements factor in to your decision making process.

Please, let us know your challenges and thoughts on the matter. Conversation is always a friend.

Related articles:

Read the original blog entry...

More Stories By SmartBear Blog

As the leader in software quality tools for the connected world, SmartBear supports more than two million software professionals and over 25,000 organizations in 90 countries that use its products to build and deliver the world’s greatest applications. With today’s applications deploying on mobile, Web, desktop, Internet of Things (IoT) or even embedded computing platforms, the connected nature of these applications through public and private APIs presents a unique set of challenges for developers, testers and operations teams. SmartBear's software quality tools assist with code review, functional and load testing, API readiness as well as performance monitoring of these modern applications.

IoT & Smart Cities Stories
The challenges of aggregating data from consumer-oriented devices, such as wearable technologies and smart thermostats, are fairly well-understood. However, there are a new set of challenges for IoT devices that generate megabytes or gigabytes of data per second. Certainly, the infrastructure will have to change, as those volumes of data will likely overwhelm the available bandwidth for aggregating the data into a central repository. Ochandarena discusses a whole new way to think about your next...
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by ...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Cell networks have the advantage of long-range communications, reaching an estimated 90% of the world. But cell networks such as 2G, 3G and LTE consume lots of power and were designed for connecting people. They are not optimized for low- or battery-powered devices or for IoT applications with infrequently transmitted data. Cell IoT modules that support narrow-band IoT and 4G cell networks will enable cell connectivity, device management, and app enablement for low-power wide-area network IoT. B...
The hierarchical architecture that distributes "compute" within the network specially at the edge can enable new services by harnessing emerging technologies. But Edge-Compute comes at increased cost that needs to be managed and potentially augmented by creative architecture solutions as there will always a catching-up with the capacity demands. Processing power in smartphones has enhanced YoY and there is increasingly spare compute capacity that can be potentially pooled. Uber has successfully ...
SYS-CON Events announced today that CrowdReviews.com has been named “Media Sponsor” of SYS-CON's 22nd International Cloud Expo, which will take place on June 5–7, 2018, at the Javits Center in New York City, NY. CrowdReviews.com is a transparent online platform for determining which products and services are the best based on the opinion of the crowd. The crowd consists of Internet users that have experienced products and services first-hand and have an interest in letting other potential buye...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...