How Defining Some API Standards and Best Practices Might Benefit Enterprises

There is no way to stop or reverse the accelerating pace and influence of data in business life. With the number of connected objects in the IoT anticipated to hit 40-50 billion in the next four to five years and countless software platforms to integrate with, our world is creating data in entirely new ways and to an unprecedented extent.

The Crucial Role of APIs in the New “Information Society” -- and the Core Problem

One of the most important toolsets for this brave new world of connected systems is the API. APIs are used in every avenue of the enterprise to transfer data and improve interconnectivity, from medical devices to smart grid systems and an endless host of apps.

The central challenge is that API development and implementation are being severely hindered by a lack of meaningful standards, which is in turn impeding the progress of the enterprise. Even as data becomes increasingly integral to the life of the enterprise, the current inconsistent manner in which API are implemented inhibits the decision making capacity of executives and forces inefficiencies on IT departments everywhere.

For the enterprise to effectively utilize APIs, they have to support enterprise-level standards for authentication, encryption and protocols. At Domo, like many enterprises, we are set up on a 5-Gig Wi-Fi standard. To our frustration, we experienced the phenomenon that many devices – that would otherwise be extremely useful – are hampered by their failure to conform to an enterprise standard. One otherwise highly effective electrical usage tracker was wired on a 2-Gig standard rather than 5-Gig, so the IT team had to perform a time-consuming setup process to make it work with our systems. Many IT teams would not have the bandwidth or wherewithal to perform such a painstaking setup, so their companies would simply miss out on the benefits of the device.

The Way Forward: OAuth, Reporting APIs and Security Certification

Of all the improvements that could be made to the API standardization process, the one that would make the greatest difference is the implementation of the latest OAuth specifications. While most large enterprises have adopted this practice, the overwhelming majority of devices and systems – often created by developers with fewer resources – have not. OAuth needs to become standard practice throughout the marketplace for the sake of companies and consumers alike. In the absence of ubiquitous OAuth compliance, it is extremely difficult to pull data out of connected apps, devices and systems, or to get them to communicate effectively with one another. Common changes, such as a password reset for a non-OAuth-compliant device, can cause debilitating interruptions in service.

In addition to OAuth compliance, another standard needed is the use of reporting APIs rather than the more simple base data APIs. Reporting APIs give users the ability to ask for a year’s total sales, for example, and automatically get the complete number. With base data APIs, users would need to manually calculate numbers, a far more inefficient process that also creates the potential for human error.  The greater functionality and specificity that reporting APIs offer will significantly boost productivity and give leaders quicker access to information for faster decision making.

In addition to these strategic standards upgrades, devices and systems can introduce security vulnerabilities where hackers can hijack the process, much like the Snapchat data breach in early 2014 that used APIs to access phone records and usernames. Accordingly, security protocols must be set to preserve confidentiality and protecting the devices and their users from hackers. For example, one cyber-insurance expert recommends that businesses include a number of core security features for wearables. These might include custom security levels, encryption for Bluetooth and critical data, remote erase features and cloud security. Corresponding points for non-IoT devices used in the enterprise need to be established to ensure the best security for companies and users.

A Collaborative Endeavor

In the end, the systemic changes outlined above will not happen organically. It will require a concerted effort by industry leaders across the spectrum, from the enterprise to smaller innovators, and ideally representative consumer groups as well. To this end, earlier this year my company launched an initiative to promote the adoption and use of industry-wide standards for APIs, and invited organizations throughout the marketplace to participate. As a result, a broad representation of software, business services and major enterprise companies came together and agreed on the challenges mentioned above.  The consensus was that the industry needs continued education about API best practices and the merits of establishing standards, and potentially a ratings system for third party APIs. But ultimately the conversation around this topic needs to continue within each business in order for industry best practices to be adopted. By driving the standardization of APIs, communication between devices and systems will become exponentially safer and more effective. This will cause innovation to flourish and to drive the benefits it is capable of generating.

Andy Beier is a Director of Software Engineering at Domo where his main area of focus lies in connectors (3rd party integrations) and he takes special interest in API Design, OAuth, Java, web services, SaaS architecture, Big Data and data design. Andy has helped build Domo’s technology for the last seven years and has overseen the integration of hundreds of systems into the platform. He holds a bachelor's degree from Arizona State University.

Comments