The New API Gold Rush

A technology born of the Web and accelerated by mobile is now blossoming inside businesses. Ignored for years, application programming interfaces—a key layer of connectivity between disparate software—are undergoing a renaissance.

The trickiness of managing these connections, and their importance to the way businesses run their operations today, explains why we see vendors like Intel buying Mashery. Or CA Technologies snapping up Layer 7 Technologies. Or MuleSoft picking up ProgrammableWeb. Or, this morning, a startup contender, 3scale, raising $4 million from investors.

And that's just in the last seven days.

Of course, this raises the question: what the heck is an application programming interface?

First, The APIs

In the simplest terms, an application programming interface, or API, is a set of requirements that enables one application to talk to another application.

On your desktop, an API is what lets some applications talk to others (like Word to Excel and vice versa), or access features of the operating system. Such APIs are familiar ground to any programmer who has built an application that needs to share features or data directly.

This is the API with which I am familiar: steady sets of code and requirements that lived on the operating system. But there's a whole other class of APIs, built for Web services, that has kicked open the field of API management.

Web APIs are analogous to their older counterparts, but they serve as gateways to Web-based services, like Twitter or Facebook or Foursquare or Amazon. They are what enables developers to build applications to communicate directly with those services.

If you have a third-party app that connects to, say, Twitter, that app communicates with Twitter's API to handle the actual connection. You, as the user, never see this API. As far as you are concerned, the whole thing is seamless. You post a tweet in the app and it shows up in the Twitter feed. But it's the API that handles the job.

It is easy to think of APIs in this context as doors; they let data in and out of a Web service. But they are rarely indiscriminate doors. Like any door, they only swing in a certain way. And they are typically open for only the people who have keys to the lock. They have rules.

And rules have to managed.

Here Come The Managers

It turns out, explained Ed Anuff, a vice president at API management vendor Apigee, there are actually a lot of things that need to be managed about Web service APIs.

There's the sign-up process for developers who express interest in using an API. There's the documentation for the API, so they can write code that accesses it. There are credentials to be issued to both developers and users—these are all just part of the scope of information that has to be managed when a service releases an API for developers.

"All of that stuff is part of what an API management tool does," Anuff said.

A critical function of API management tools is handing out the keys that let authorized developers unlock the door to a Web service's data and functionality. Some APIs charge for access; API management tools handle billing. Sometimes there are limitations on access; those must be enforced.

API management began as a way for popular consumer Web services to open up to the creativity of independent developers. But what fueled the rise of API management as a cottage industry was enterprise IT managers who saw the success these household Web names were having with their APIs and who wanted to adapt the same model for their internal infrastructure.

"Lots more companies looked at these Web services and saw things they needed," Anuff said. "Internal APIs didn't have this self-service stuff."

What really kicked the industry in the pants, however, was the tidal wave of mobile computing. Rather than building two separate versions of software for a desktop website and a mobile app, it's far more efficient to build an API for the underlying service that holds user data and business logic, and then build desktop and Web versions of software that talk to that same API.

Add up all the different mobile platforms out there—iPhone, Android, Windows Phone, and so on—and an API rapidly becomes the only sensible architectural approach. Suddenly enterprise developers needed much better API management to handle all of the apps they wanted to build for their own employees on a variety of platforms.

It's All About The Data

Anuff gave two big reasons why enterprises are seeking API management tools.

The first was operational. If a developer produced a poorly written app that made a burst of requests to an API, one right after the other, for instance, an API management tool would enable the IT staff to throttle the requests hitting the company's Web service to something approaching a sane level until the app could be fixed.

The second example is very likely the reason why there's been so much interest in this sector of late.

Recall that when an API is in use to connect to a service, then all of the data shared by the third-party app and the service passes through the API and, therefore, through the API management tool. This means that API management tools can be one-stop shops for rich and valuable data.

Larger vendors who want to keep their skin in the big-data game are going to be very interested in startups in the API management space. The analytics API management tools can provide for the requests they handle are a rich gold mine of information, and a new source of data is bound to attract attention.

Which explains a lot of the hubbub.

The Machine-to-Machine Future

Today, the APIs we think about most often - like Twitter's and Facebook's - typically handle requests generated by people clicking on a website or swiping and tapping on an app. But another, far more interesting potential for APIs lies in processing requests generated by machines - a market that could hit $18 billion in spending by 2014.

Think of the smart, Internet-connected energy meters being adding to homes. Or diagnostic sensors in your car that report back to the manufacturer when there are signs of an incipient engine failure. Or systems that detect atypical network traffic and reroute it on the fly to avoid slowdowns or outages. These all need defined rules for how one machine talks to another. And those rules are found in - you guessed it - APIs. APIs that need to be managed.

That's the real growth market for APIs. And it suggests that what we've seen in the past week is only the first glimmer of a vein of gold that smart people will mine for decades to come.

Image courtesy of Shutterstock.