Words of caution: APIs are an emerging spaghetti patchwork

A call for service oriented architecture principles: 'Managed APIs are SOA done correctly.'

The 'A' in SOA stands for 'API': I wish I would have thought of something that clever, but the full credit goes to Chris Haddad, former Gartner analyst now with WSO2.

Wires photo by Joe McKendrick
Photo: Joe McKendrick

There's been plenty of discussion lately about how APIs -- which deliver a wide variety of on-demand services -- form the backbone of enterprise connectivity and innovation. APIs, both public and private, expose critical services and make them easily accessible via REST calls. But the risk is similar to that seen in the early Web services days -- that having multiple departments, systems and individuals all making their own API calls, or delivering their own APIs, resulting in duplication, wasted resources, and a spaghetti architecture of services criss-crossing each other.

Time for architecture to help plan and combine resources. But what kind of architecture?

In a recent post, Haddad lays out an architectural scenario that brings APIs into a service oriented architecture. It isn't even a case of worlds colliding or anything like that -- they are both part of the same world. SOA, based on work that has taken place over the past decade, provides the answers for effectively and intelligently sharing and deploying APIs. They bring different sets of advantages to enterprises, he explains. SOA brings re-usable and evolvable implementations. APIs bring extended reach and decoupled interfaces, he says.

Ultimately, managed APIs are ‘SOA done correctly,' Haddad says. "Managed APIs are actively advertised and subscribe-able; available with an associated, published service-level agreement (SLA); secured, authenticated, authorized and protected; and monitored and monetized with analytics."

A successful merger of the two concepts requires that SOA governance principles be synchronized with API governance principles, Haddad advocates. This merger, if done correctly, can improve "architectural coherence," he says. The result is a focus enabling IT and business agility through services, rather than exercises in "simply swapping out IT toolsets, message formats, and protocols."

SOA governance includes guidance for the entire service lifecycle, including creation, testing, provisioning, utilization, management, and versioning. API governance addresses analytics such as service tier subscription information, collects usage statistics, present productivity metrics, and integrate with billing and payment systems.

At the core of the merged SOA and API operation is policy frameworks, as well as metadata, or the design and development time information used to describe a service or API, Haddad adds.