How (and why) the API became the new IT cornerstone

Acting as the 'glue' between connected services, Application Programming Interfaces now proliferate across the web, across the cloud and throughout the fabric of contemporary enterprise computing.

shutterstock 1253200882 1

We all love APIs. The creation, popularisation, proliferation and implementation of Application Programming Interfaces (APIs) has now become so ubiquitous that most C-suite level keynotes make reference to them and most programmers consider them to be an integral part of life on the web, in the cloud and across the ether in between.

Although the C-suite suits talk about the importance of APIs and their ability to provide connection points to their own platform and those of their partners and customers, few step back to define the term and consider how we got here.

Somewhere around the turn of the millennium, coding breakout sessions at technology conferences were telling us that we could use the web as a sort of patchwork quilt fabric, but in a way where not every square had to be sewn from scratch.

Why reinvent the wheel?

It was a kind of ‘why reinvent the wheel' proposition. If you have a travel website, then why build a mapping service, a weather service and a currency calculator? Why not concentrate on the core functionality and ‘leave a window' on the page for those services to be fed in as a connection by using an API?

So how do they work?

In simple terms, an API is intended to shorten and simplify the software application development process by abstracting the underlying software implementation that has created some other function or service. Consequently, the API works to only expose the software objects, data or procedural actions (which could be an analytics engine, or an AI function, for example) that the developer needs.

In more simple terms, an API is like a glue. It works to form a communications bond across individually separate chunks of software code and data streams. Any given API is tasked with mapping and defining the route for a developer to build a program, web service or smaller component that can make requests from another service, operating system (OS) or other application.

In terms of form and function, APIs have a ‘required syntax' (they have to be written to fit a defined shape and structure) and are brought into play and implemented through the use of ‘function calls' composed of verbs and nouns.

In the modern world of web, cloud and mobile, APIs have proved exceptionally useful in terms of allowing us to connect and build across a landscape of increasingly interconnected (but still individually discrete) software components.


How APIs changed software development

Senior NGINX solutions engineer at F5 Leif Beaton has also called APIs a ‘type of glue' that binds all the components that make up the modern application stack together. So much do they do so, they have changed the way we approach software development.

We know that microservices (connected via APIs) allow for an application to be built in a modular fashion, with smaller components working in concert to deliver a unified user experience. Crucially, individual microservices can progress at their own pace, as determined by their own roadmap and user feedback.

"This level of freedom extends far beyond how software developers iterate functionality in their services. Leveraging APIs also gives the freedom to create in their chosen development environment. In an API-driven world, developers are free to choose the tools or languages that best suit the specific uses they envisage. Any single application could be created using dozens of different languages, enabling quick access to the most relevant skills for the task," said Beaton.

He advises that embracing a microservices software development model means the application strategy needs to be determined up front. This, in turn, means that a focused effort to execute against a defined plan limits the chance of feature creep in the initial development phase.

Good deeds & users' needs

Notably, the use of APIs allows for rapid and incremental improvements, as the needs of the users is better understood. The ability to roll out updates to individual services means that the pace of innovation increases while the risks decrease.

"A single application can potentially leverage hundreds or even thousands of APIs, which is why management is so critical. While some microservices would be delivered as part of the core application, the uptake of cloud-based services is growing across the world. This raises the issue of trust and the need to ensure that application updates don't impact overall stability. API gateways play a critical role here, providing a central point for integration, as well as for monitoring and providing security," said F5's Beaton.

So is it all good news? Beaton and team note that one positive side effect of applications created to be shared-by-design is that developers are more conscientious about commenting alongside their code in the form of explanatory annotations. He says that there is a clear recognition of the importance of others understanding the purpose of specific code elements. This more transparent and collaborative approach doesn't always happen in traditional monolithic development environments.

There are also some new challenges to be mindful of from a developer's perspective, however, as well as some changes in approach.

"Fundamentally, this entails developing a trust that other APIs you are developing towards provide a stable interface and produce predictable and timely results. For example, it is often good practice to offload the authentication and access control logic to the gateway rather than hardcode it into every API. This can enable better scalability. If anything changes in the authentication logic, it needn't be re-developed in thousands of APIs," said Beaton.


No such thing as a free API lunch

All this goodness does come at a cost though.

Whereas a function call in a monolithic application typically has the speed and security benefits of living within memory on one and the same hardware, API calls are network calls - often to remote systems. Beaton explains that this means that a new way of thinking about security internally to the application is required. It is also vital to ensure that the gateway is as fast as possible. Even slight latency issues at the gateway tier will multiply exponentially and reduce app performance.

"The truth is that the API has significantly accelerated software development innovation for both consumer-facing and enterprise-level applications. With teams focused on improving individual microservices, which may be in use across multiple applications, the incentive to unlock new use cases levels of performance is huge," said Beaton.

The API does indeed represent a new cornerstone for software construction and development. But as will all things that drive us towards change, we shouldn't rip and replace current structures until we have comprehensively identified the need for change.