Enterprise Integration Zone is brought to you in partnership with:

Mark O'Neill is VP Innovation at Axway. Previously, he was CTO and co-founder at Vordel, acquired by Axway in 2012. He is the author of the McGraw-Hill book "Web Services Security" and is frequent speaker at conferences including Java One, the RSA Security Conference, and Oracle Open World. Mark is based on Boston, Massachusetts. Mark is a DZone MVB and is not an employee of DZone and has posted 63 posts at DZone. You can read more from them at their website. View Full User Profile

Enterprise APIs and Public APIs

08.14.2012
| 4232 views |
  • submit to reddit
Over at APIEvangelist.com, Kin Lane has a great list of "Successful APIs to look at when planning your API". These include Ebay and Flickr. It's a great list, showing how APIs can be very different from each other. Some are OData-y (Ebay), some still support SOAP as well as REST (e.g. Amazon), and some are closer to REST Nirvana than others [if you want to make a RESTafarian's head explode, show them Flickr's delete operation which uses a POST.].



But one thing all these APIs have in common is that information about them is publicly available, to anyone, and anyone with the right credentials can use them. APIs which are used inside organizations, or within groups of trading partners, are not mentioned. At the Cloud Identity Summit last month, Romin Irani ‏ from Cisco called these "Dark API's". The analogy is with Dark Matter. It's all around us, but we can't see it. Organizations are using enterprise APIs, which the outside world may not know about. Same goes for APIs used within products. I've written before, back in 2009, about why there isn't a Pandora API. Fast forward to 2012 and Pandora still doesn't have a public API. It doesn't fit their business model to have one [something that's worth a whole blog post in its own right]. But you can bet Pandora has their own API definitions they use internally. Effectively, that's a "dark API" too, even though it's for an entertainment service. So the distinction is not about "Enterprise versus Consumer" anymore (echoes of Eve Maler's excellent OAuth 2 piece)

For many of Vordel's API Server customers in the healthcare and financial transactions sectors, it doesn't make sense to have a "Public API". But they still want to leverage the benefits of APIs (e.g. for a HMO to talk to its hospitals). Eric Knipp from Gartner has been doing some really good research on this, about the distinction between "Public APIs" and "Enterprise APIs". Whatever terms we end up using ("Dark APIs", "Enterprise APIs"), it's definitely a conversation worth exploring.
Published at DZone with permission of Mark O'neill, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)