2020 is ongoing… and now it’s time to reflect and think about trends and be prepared for innovation and trends about APIs subject!
If last year the focus was starting establish governance, compliance, security and think about service mesh and event-driven, we may say the focus will continue evolve these subject to another level of maturity. So, let’s see details about 6 APIs Trends for 2020:
1 - Modern Integration Based on APIs
The first question here is why modernize the integrations ? The answer could be
Improve customer experience with real-time events;
Monitore, be notified and react to integration non expected behaviors in real-time;
Extends your integration environment: Edge <> Cloud <> On Premise;
Secure your entire integration environment;
Increase agility when building new integrations flows.
In technical terms, the APIs are the base technology to delivery modern integration because it deliveries by default some crucial capabilities such as:
Event-Driven APIs: brings great benefits such as resilience, scalability and extensibility. Other change here is that the integrations are in real time, it means, it is not necessary to wait to create a daily batch processes to transfer hundreds of records.
Observability: it deliveries monitoring and governance over all integrations and as close to real time as possible. This feature implies having reactive observation events that react to monitoring events such as alerts are generated when allowed error limits are reached. Another important point is to have end-to-end detailed traceability, from integration source to destination.
Hybrid Environment: Integration processes need to run in multiple deployment scenarios whether multi-cloud or on-premise. In this scenario, it must have specific components to collect and receive integration events that are very close to the source and destination of the integrations.
Security Managed: This is a key factor in modern integrations, as with the ability to run in multiple environments and provide integrations across corporate boundaries such as partner integrations. And in this context, security risks need to be managed. Authentication, authorization and vulnerability protection policies need to be addressed in integration design.
Ready to use components: traditional API gateways and platforms have a lot of built-in components which help to create integration flows with great agility.
The term Business Moments came from Gartner which says “A business moment exploits the connection of people, business and things and allows companies to innovate for entirely new scenarios”
We can say all those new scenarios could be new products, new services or even new user experiences! But behind the scenes, there are the APIs as the main way to connect people (great user interfaces), business (systems) and things (devices, machines, wearables).
But all these APIs have different characteristics from tradicional APIs, which are:
Event-Driven: people interact with interfaces, systems generates customer promotions, the presence device detects customer enters the store. All those actions are events and APIs must follow those principles! See details about APIs that follow event-driven architecture: https://bit.ly/2Pum0Uq
Hybrid Environment: things are on the edge, systems are on premise, services in on cloud and so on! It requires new low latency and usually keep alive communications technologies such as MQTT specially for the edge connections;
Highly Plugable: while a lot of things, service and systems are required to connect, it’s almost certainly that there are no interface standards. In this scenarios a lot of connectors are required to plug to the systems and create standard APIs;
In fact APIs are the foundation to Business Moments, while to create the “connection”, it is required to be managed and standardized.
3 - Regulation Compliance Supported by APIs
A lot of countries has been discussing about how to regulate the management of people data. But the key factor here is how data can be accessed, retrieved and shared across people and organizations in secure ways and in compliance with regulations, for example, in Europe GDPR is already implemented and in financial context, PSD2 take effects.
But why APIs can help in this context? See some capabilities:
Data Exposition: API platforms helps to connect to the legacy systems to expose standard APIs to be used by third-party.
Orchestration: in order to provide the required data, existing services can be orchestrated to retrieve proper information and expose a single APIs
Security: by default, APIs implies to delivery a lot of security mechanisms such authentication, authorization and cryptography.
Auditing: every action must be logged and stored for future audit purposes. Traditional gateways delivery this kind of feature.
Permission Flows: APIs are commonly used to create permission flow between companies, third-parties and regulation organizations.
In fact, APIs is a crucial factor to support regulation compliance. A lot of details and others characteristics such as data storage are required to be full compliance, also, each country regulation has it’s own details, but in all cases APIs must be used and theirs ready-to-use components can helps to be compliance more quickly.
4 - Microservices Communication Managed by Service Mesh
Nowadays, digital businesses requires agility, scalability, resilience, control and ease of evolution. The microservices architectures enable these capabilities, however, they bring operational overhead such as observability and security challenges in communication context.
Service Mesh-based architectures enables unified security enforcement for microservices, observability with real-time dashboards and logs, graphical visualization of dependencies, shadow traffic, canary release, route diversion, and more.Commonly, all these enforcements can be compared to Internal APIs Management, and in fact they are! The main diference here are:
Support multiples protocols such as gRPC, AMQP, Kafka.
Container-based micro-gateways also called as proxies.
Telemetry - which is the capability to provide observability of service behavior, empowering operators to troubleshoot, maintain, and optimize their microservices
In nutshell, we can consider service mesh as a container-based APIs management with few diferences from traditional edge APIs.
Accordingly with Amancio Bouza, “An API product consists of one or several APIs that provide an interface to a value proposition.” In this context, we can say the product or service based on API can be a new business itself or create an ecosystem that generate new businesses.
But if this term not sounds as an innovation thing, why is it a trend now?! It because the company maturity increased! Below, there are some technical characteristics observed in companies which allows create mature APIs as Products:
Strong API Strategy
Full governance of external and internal APIs (including between services and microservices)
Usage of full capabilities of API Platforms
Strong compliance with regulations (e.g PSD2)
Mature microservice architecture using service mesh
Strong cloud-based infrastructure and foundation
Multiple managed communication protocols such as RESTful, GraphQL, WebSockets, gRPC, etc.
For more details about API Maturity Roadmap, see this post: https://bit.ly/37WT1yJSee also Amancio Bouza post's about API Product Management: https://bit.ly/2Tg84ym
6 - Advanced Governance
Which stage API Advanced Governance is so crucial for your company ?
-When your customer experience depends of APIs while digital channels connects to your backend services through APIs
When your partner ecosystem depends of APIs once your company exposes core services thought APIs
When your internal operation depends of APIs because systems integrate each other through APIs!
While complexity and maturity around API subject increase in companies, more and more advanced mechanisms for governance are required. In this context, governance policies must be automated and managed! Some of these polices could be:
Reuse: more and more APIs can be reused or even used to composite others APIs, especially User Experience APIs
Versioning: the version control is more required which multiples consumer are using those APIs
Security: in the hybrid context, Internal APIs, Partners APIs and Front-End APIs require specific security constraints.
Deployment: automation is required when deployment takes crucial
Impact Analysis: with multiples consumers and versions, it is mandatory have tools to help on analysis of impact.
API Catalog: while hundreds of APIs are created and must be maintained, the catalog helps to reuse and organize APIs
Ensure Quality Standards: more and more quality standards are required and tools to automate the analysis of quality.