The risks and rewards of the age of APIs

As connected systems become the norm, APIs are available from thousands of sources -- with varying degrees of quality

The Age of the API is upon us, presenting developers with new opportunities to generate income by linking to the data and services of others. But developers need to be careful when navigating the new API landscape.

Although the term (short for "application programming interface") has been around for decades, APIs have taken on a whole new life lately, spawning development of a wide range of multifunctional APIs and now management software companies to help businesses cope with the burgeoning wealth of available options.

[ Test your programming smarts with InfoWorld's Java IQ test. | Get InfoWorld's Enterprise Java newsletter for all the latest Java developments. | For quick, smart takes on the news you'll be talking about, check out InfoWorld TechBrief -- subscribe today. ]

APIs, in fact, are becoming a successor to SOA (service-oriented architecture), providing easier mechanisms for service access than SOA's highly technical approach, says independent consultant Kin Lane: "APIs have jumped out of the petri dish of the enterprise."

Developers leverage basic Web technologies to participate in the API bonanza, such as HTTP, REST and JSON. Node.js, the popular server-side implementation of JavaScript, also can play a role. The OAuth 2.0 protocol, meanwhile, can be used to set secure access. "There are more than 10,000 public APIs, and that's just the tip of the iceberg. There are a lot of private ones, too," Lane says, such as for Facebook, Twitter, Google Maps, and Amazon Web Services.

Developers need to have a basic tool set for using APIs in the language of their choice, Lane advises. Those tool sets typically come with the API libraries, but there are also standard ways to consume APIs in languages such as PHP and Java. In addition, developers need to note that APIs can be withdrawn, as has occurred both at Twitter and Facebook, leaving third-party apps in the lurch.

Dealing with poor APIs

The current craze has spawned thousands of APIs, so developers need to be mindful of the varying quality of what is available, Lane says. "I see a lot of people make APIs. They think they understand APIs, but they've never really used APIs that are already in existence, so they don't emulate a lot of the healthy design patterns. They make a lot of the same mistakes over and over." These mistakes include APIs that break or that don't work well in mobile applications.

Other flaws in many APIs relate to security, simplicity, and scalability, says Dan Raju, CEO of cloud-based financial services vendor Tradier. Also, having only one version of an API is a good idea, says Chris Caselas, a developer at video syndicator RealGravity. Multiple versions of APIs can create issues such as incompatibility with the previous release, Caselas notes. "You should probably do it right the first time."

Poor API design usually keeps developers from using them, says Pamela Fox, a front-end engineer at online educator Khan Academy. But some poorly designed APIs -- such as Facebook's -- can't be avoided, she notes. Another example is the Google Maps API, which requires developers to sign up and use a key, to many coders' annoyance. "That just lowered the barrier for signup," prompting Google to eventually get rid of it, Fox recalls from her stint in Google's developer relations team.

PayPal's APIs had become complex and in some cases redundant, creating integration difficulties for developers. Then PayPal reworked its APIs to focus on JSON, REST and Oauth earlier this year, using a standard API model. "The new REST APIs offer all the same functionality in a simple, consistent way," says Deepak Nadig, PayPal's director of platform engineering.

APIs come from all sorts of industries

Mobile and cloud technologies are major drivers of the increasing number of APIs, as they let developers link customers to services residing on clouds and funneled to devices -- a reflection of the connected, heterogeneous reality of today's computing as compared to the old enterprise model of closed, complete systems. An Apple iPhone application, for example, might access an online merchant, PayPal payment services, and FedEx shipping services, Nadig says. As a result, "every company is feeling the mandate for them to expose APIs."

Participants in the burgeoning API landscape come from a variety of industries. Walgreen's, a $72 billion pharmacy chain, is counting on APIs in a big way in its e-commerce efforts: Its APIs lets both Walgreen's own app and others' applications order prescription refills, for example. As a result, those APIs are used to refill a prescription every second, says Joe Rago, a senior product manager for the Walgreen's API program.

Walgreen's also has an API for its QuickPrints photo-printing service, which gives third-party developers a 15 percent cut of net sales. Additionally, the company offers an appointment-scheduling API and its own software development kit.

Financial services provider Tradier has built its business by giving third-party developers APIs for cloud access to trade data, trade execution, and market access. Developers use them to build applications such as algorithmic and robotic trading systems.

Even the federal government has gotten into the act. Independent consultant Lane has been working on claims-processing APIs for the U.S. Department of Veterans Affairs. He's also worked with the Census Bureau and other federal agencies on API strategy.

This story, "The risks and rewards of the age of APIs," was originally published at Follow the latest developments in software development at For the latest developments in business technology news, follow on Twitter.

Copyright © 2013 IDG Communications, Inc.