Just when you thought the Internet couldn’t get any bigger, here comes the Internet of Things (IoT). The GSM Association’s Connected Life predicts that by 2020, there will be 24 billion connected devices, while Cisco’s current Internet of Everything prediction is 37 billion “intelligent things,” such as cars, appliances, smartphones, tablets, monitoring sensors and more, connected to the Internet. By even the most pessimistically Malthusian calculus, human connections will be by far the exception to the rule.
Certainly the scale of the connected network will require lots of GSM cell phone towers and Cisco routers, but that’s not all. The rise of IoT depends on a whole host of enabling technologies like RFID, IPv6, Big Data, and Application Programming Interfaces (APIs). Web APIs, or more specifically REST APIs, are key for connecting devices to the Internet. Initially driven by human-held mobile devices and modern dynamic web-user interfaces, lightweight and developer-friendly REST APIs are just what the doctor ordered.
But organizations looking for opportunity in IoT with REST APIs need to get very serious about API management. And it’s not just the massive scale that should be a concern. The nature of “things”, plus the nature of the human beings operating them, plus the importance of some of the things we will connect (satellites, weapons, vehicles) raise critical issues as well.
Addressing these issues and preparing for IoT requires solid API management.
API management is an umbrella under which are grouped a collection of solutions — such as gateways, security, and access management — each with its own potential disaster scenario if we get things wrong. Unlike desktop computers, for which Microsoft can address security flaws every Patch Tuesday, some intelligent things may not be as easy, or even possible, to update. And, they may remain in existence for a very long time. For example, think of the supervisory control and data acquisition (SCADA) systems used to control public utility infrastructure, their design life cycles, andattendant concerns over security. Many intelligent things are not nearly as complex as Windows desktops or SCADA, but even simple topics like version management for things that can last a decaderequire planning and foresight.
API management also includes developer registration and API key control. We need to grant developers who enable the connecting of things to APIs the authority and associated keys to do so, while retaining the right to revoke that access when necessary. Similarly, the API may need to include device-level identifiers and management tools for handling them. For a working example, look at the API management infrastructure required to send notifications to Apple iOS and Google Android mobile devices.
APIs are not only thing-facing. Part of what makes IoT so important is the ability to connect applications to devices, either singly or in aggregate. A connected car has an app that can unlock the doors. The Fitbit API might allow a sports drink vendor to send promotions to an athlete. Developers on the device and data sides of the equation are different entities, with different rights, different APIs, and different API management security requirements.
More info here.