If you haven’t heard, APIs are the new website! What? According to programmableweb, API traffic is exploding. For example, did you know that twitter receives 13 billion API calls per month, Salesforce receives 12 billion per month and eBay comes in at around 8 billion?
These are some impressive numbers, and through they still pale in comparison to Google’s 88 billion per month search queries (in 2010), it’s somewhat surprising to see API traffic coming in at the same order of magnitude.
We all know the popularity of some of these websites, so its no mystery that their API traffic is on the rise as APIs allow external developers to consume content and services from these service providers, but how does this trend affect the Enterprise?
When an Enterprise opens up its internal systems to the outside world over REST or SOAP, it gains competitive advantage. Why? APIs create another channel to reach new customers, developers, partners and employees.
How should Enterprises secure API traffic? Security is about controlling the weakest link, and without protection, data exchanged via APIs may represent another channel of attack. How would an enterprise apply data leak protection, strong authentication, malware scanning and other Enterprise security controls to this type of traffic? What are some Enteprise API best practices? What about denial of service or SLA enforcement?
While the technology is the same (e.g. REST), we think some of the controls and concerns are a bit different.
This is an interesting area and we’ll be exploring this exact topic of Enterprise APIs with John Musser from programmableweb in an upcoming webinar, I hope you all can join us, it should be a good one.