More organizations are turning to API management as a means of making services available externally to business partners and customers.But what’s surprising, explains Layer 7 Technologies CTO Scott Morrison, is that they’re also adopting REST as an approach for internal services and APIs.
Morrison: Basically, we’re in the upper right, kind of in front of everybody else, which is exactly where you want to be. It’s the best place to be, because it’s showing you're out there leading everybody else. So we were really pleased with where we ended up, and in particular I think Forester is the right analyst firm to be doing this kind of analysis. I think they tend to be a very technical firm. They went very, very deep into the technology, characterizing what it does and what features it has.
Lawson: It looks like your main competition really isWSO2?
Morrison: WSO2 is a good company. They're based out of Sri Lanka and they do all of their development over there. They have an interesting hybrid model where they have a number of different components that people can download and those are out in open source and they’ll do consulting and more sophisticated licensing and things like that. Like Layer 7, they’ve been around for a number of years and have a good, solid product that’s proven itself in the field.
I think one of the important things of the Forester report is it brings to the forefront that this is a game of integration. Like it or not, the API management and security area really is also about integrating different APIs, but integrating different applications and services and that’s a tough game in the end. That’s a game of details and it’s a game really where experience counts a lot.
While we’d like to believe it’s very simple to just layer a management infrastructure over any API and just have it work, the truth is that the devil’s always in the details. There’s always something unusual that happens like, some kind of strange effect because a downstream router is timing out faster than anything else or you're getting issues with setting up secure SSL connections. Those are the kinds of details we’ve really sweated for almost 11 years here at Layer 7 and so it’s given us, number one, a lot of experience, but number two, we’ve plowed all of that experience back into the product. That really reflects where we ended up on the Forester report, because of the experience and breadth of capabilities in the product.
Lawson: One thing about the report that interested me was it discusses the difference between SOA governance and API management, and in particular, it talks about internal services being complex and challenging to deploy. What I’m wondering is why those services — and I’m guessing they mean SOAP-based services, because that’s what most service-oriented architectures originally used — would be difficult to deploy?
Morrison: One of the reasons that the whole RESTful model has taken over from SOAP and some of the older styles of communication so much is it really is that it’s easier. It doesn’t require a lot of extra infrastructure. It fits extremely well with the conventional architecture of the Web.
Some of the non-REST services can be very challenging. Of course, we have a lot of customers that are interested in putting RESTful facades on top of existing services that may not be REST. We have technology that allows you to automatically map a SOAP interface, like a SOAP service, into a RESTful API, and we have a lot of customers using that because they’ve invested a lot in SOAP services over the last 10 years or so.
Those (SOAP services) don’t really work well for mobile computing and things like that. So what they want to do is make RESTful interfaces available, but they don’t want to completely go back to basic principles. They just want to have an adoption layer, and that’s a common use case for us, so we actually built some technology to do that automatically.
But you also see it in other places, like where people have some kind of legacy application, maybe even a mainframe, for instance, that they want to wrap in a RESTful transaction. Those connections can actually be pretty difficult to do, because very often you're getting into interesting problems in mediating between different transports, between different data types, and so on. So, yes, some of that can be challenging, for sure.
Lawson: When you change, say, a SOAP service, does it stay intact within the enterprise, but then the RESTful API deals with the outside world, so to speak?
Morrison: Yes, although here’s something very interesting. Our initial guess was exactly that. We thought, OK, people are going to keep doing SOAP inside and on the outside, they're going to go 100 percent REST because they're going to use REST for integrating to mobile devices and even partners now, let’s say if you’re doing supply chain management and you want to talk to all of your partner’s inventory systems. The right thing to do is do that with REST.
But here’s what really we found that was interesting and we didn’t expect this: It turns out that even in the enterprise, people are moving very aggressively towards REST. So even if they have existing SOAP in the enterprise, for all the same reasons that REST makes sense outside, maybe with the exception of mobile devices, they're also using it inside. So part of our API management platform, we designed it in some ways mostly with the outside user in mind. But it turned out, really it’s the inside user that is probably 50 percent of the deployments of it. And that really struck us. All of these ideas about REST are just as relevant and just as attractive to somebody who’s doing app-to-app communications behind the firewall. And that’s something that’s really bared out for a while now.
Lawson: Besides mobile apps, what are the types of use cases you see for your solution?
Morrison: We do a lot of partner enablement. What tends to happen is a lot of our customers want to put Layer 7 with API management and portal at the edge of their network and use that for partner enablement. But more and more, we’re finding customers want to create platforms. They looked at the rise of Facebook and Twitter and such and you can arguably attribute some of that success to the fact that both of those applications, Facebook and Twitter, would from the very beginning characterize themselves as platforms. So you could extend them, build stuff on them and integrate them with other apps. In the case of Facebook, Zynga could come in and build Farmville and Mafia Wars and all this other stuff on top of it and be part of that platform.
The enterprise wants to do something similar, except they want their people to build on their platform in such a way that it drives business, either directly into their core business or indirectly through sort of the mindshare it captures by having their brand integrated in different locations.
That’s becoming important to people and our API management platform really lets organizations do that. They’re finding they're getting integrations done with, not just phones, but things like gaming platforms, like an Xbox, or all sorts of other devices. So more and more, we’re seeing wide distribution of possible clients coming in and using RESTful methods to get access through Layer 7 technology to existing resources like apps and databases and things like that behind the firewall. That’s where our customers are falling right now.