Tens of millions of connected cars, lights, home security units and even clothes are expected to be created in the next few years. But along with this rise of “things” in the Internet of Things (IoT) and wealth of new knowledge, leaders are struggling to leverage insights from their business applications. If we don’t change some crucial aspects involved in that data flow, the excitement over this new era of connectivity could fall flat.
One of the most crucial toolsets for leveraging the IoT and business applications is the API, which is used in every avenue of the enterprise to deliver data on everything from apps to animal collars. ProgrammableWEB shows there are more than 16,000 published APIs, meaning that managing the data from these sources will become the task of enterprises everywhere. The central challenge for these enterprises is that API development and implementation are being severely hindered by a lack of meaningful standards.
As enterprises pull in big data to inform their business, the inconsistency in how APIs are implemented dampens the decision-making capacity of executives and forces inefficiencies on IT departments. To effectively utilize APIs, developers should keep the following best practices and standards in mind.
Encrypting and security certification
If a company grants access to vital information while designing an API, encryption needs to be taken into account and should be implemented all the way through the API design. Additional security measures include Secure Sockets Layer (SSL) and Transport Layer Security (TLS), but these can be complicated to set up since transferring data over wireless networks can make data vulnerable.
In addition to granting access to information, devices and systems can introduce security vulnerabilities where hackers can hijack the process, much like the recent DDoS attack that flooded IoT APIs with bad traffic and shut down some of the most popular websites in the world. Accordingly, security protocols must be set to preserve confidentiality and protect the devices and their users from hackers.
For example, wearables should include security features such as custom security levels, encryption for Bluetooth and critical data, remote erase features and cloud security. Corresponding points for other devices used in the enterprise need to be established to ensure the best security for companies and users.
Reporting APIs and OAuth2 specifications
Another standard needed is the use of reporting APIs, which is critical for delivering actionable data, rather than the more simple base data APIs. Reporting APIs give users the ability to ask for a year’s total sales, for example, and automatically get the complete number. With base data APIs, users would need to manually calculate numbers, a far more inefficient process that also creates the potential for human error. The greater ease of use that reporting APIs offer will significantly boost productivity and give non-technical leaders quicker access to information for faster decision making.
Of all the improvements that could be made to the API standardization process, the one that would make the greatest difference though is the implementation of the latest OAuth2 specifications. Many larger companies have adopted OAuth2 specifications, but the vast majority of developers – often with fewer resources – have not incorporated it into their devices and projects.
Without adoption of OAuth2 compliance throughout the developer community, it becomes extremely difficult to pull data out of connected apps, devices and systems, or to get them to communicate effectively with one another. Simple changes, like a password reset for a non-OAuth2-compliant device, can cause debilitating interruptions in service.
Community and industry involvement
Unfortunately, these changes will not happen spontaneously. In order to bring about a true change, a united effort among leaders and developers in every industry must take place to ensure standards are upheld. My company has internalized this and began traveling around the country to start discussions with thought leaders in this space to find out what changes needed to take place.
As a result of that effort, a broad representation of software, business services and major enterprise companies came together and agreed on the challenges mentioned above. The consensus was that the industry needs continued education about API best practices and the merits of establishing standards, and potentially a ratings system for third-party APIs. That starts from the beginning of the process and all the way to the top of the organization. By implementing an API-first approach, it allows stakeholders to be consulted about an API before the application exists, leading to a more collaborative design.
Continued conversation around these issues must take place if we expect changes to be adopted. Ultimately, a standardization of APIs will not only bring better information to business users but also ensure greater security for consumers and companies. With the right guidelines in place, the benefits of a connected enterprise will continue to inform decision makers and encourage innovation and communication.
Andy Beier is a director of software engineering at Domo, where his main area of focus lies in connectors (third-party integrations). He takes special interest in API Design, OAuth, Java, web services, SaaS architecture, big data and data design. Andy helped build Domo’s technology for the last seven years and oversaw the integration of hundreds of systems into the platform.