« Reflecting on 120 days of the CodePlex Foundation | Main | Business Logic vs. Business Policy in Cloud Services and APIs »

February 04, 2010


Davis W. Frank

I'm not sure I fully understand your solution.

Are you saying there's a market for API proxies for analytics, load balancing, and access control? Mashery does this now.

Or are you saying that webapp developers who support APIs would do well by themselves by separating these concerns away from their core application into a separate API proxy app?

Sam Ramji

I think you understood very clearly, in fact. My perspective is not provider centric but app developer centric. Not every app will expose an API but most will use one. This is why we've built Apigee (http://www.apigee.com).

So yes, there's a growing market for API proxies. There are a number of players in this market, including Sonoa (my company), Mashery, 3Scale, Webservius, and I expect that there will be others soon. Each has its own focus areas and features. Apache Synapse can perform similar functions but was not designed with this use case in mind.

Additionally, not just webapp developers but any app developer - including iPhone app developers, for example - who uses 3rd party APIs will benefit from an API proxy.

Finally, the idea of the separation of concerns is important but most of my experience with this pattern (business policy vs. business logic) is from the API provider's perspective. My thoughts on this are posted here: http://blog.sonoasystems.com/detail/business-logic_vs._business_policy_in_cloud_services_and_apis/.

Steven Willmott

Interesting points and I think the architectural changes APIs are driving will be profound. I'm not sure I really agree with the proxy control point though (unless I misunderstood).

There are really two interesting control structures involved for APIs - provider side and consumer side. On the provider side you certainly want a gateway of somekind which enforces security, rights, rate limits etc. There are some API infrastructure vendors which solve this problem with cloud-hosted or on-premise proprietary gateways (labelled proxies) which provider traffic control. At 3scale (http://www.3scale.net) we solve it by providing control agents which you plug into different systems - either open source proxies such as Varnish or most flavours of software stack.
Either way, you are bringing traffic management to the data ingress point.

On the API consumer side however, as you point out, you need mechanisms to track the rights that you have on any given API. Currently this is very weak since it depends on essentially having a list of keys and certs + hoping that some other system is tracking the rights that those give you.

You seem to suggest that the two sides will necessarily be unified in the middle but I doubt this will happen broadly (it may for certain applications) - primarily because A) the way the web works at scale is point to point, traffic needs to go peer to peer otherwise overwhelming volume will choke bottlenecks, B) the actual problems you need to solve for APIs are actually various (establishing identity, tracking rights, analytics, payments, monitoring) and it's not actually obvious the will all need to go through the same point. For example Facebook has become a leading Web Identity provider and it's used to track credentials/access to many sites - yet, the content of those sites subsequently does not pass through facebook.

Interesting debate!

There were recently some sessions on this at Gluecon and in one we had the chance to provide a bit of an overview on possible evolutions of the web - I think some of those topics are relevant here also! http://slidesha.re/KQltld

The comments to this entry are closed.

My Photo
Difference Engineer: I donated to the Ada Initiative

Donate to the Ada Initiative’s Seed 100 campaign to support women in open technology and culture!

When we win it's with small things,
and the triumph itself makes us small.
What is extraordinary and eternal
does not want to be bent by us.
I mean the Angel who appeared
to the wrestlers of the Old Testament:
when the wrestler's sinews
grew long like metal strings,
he felt them under his fingers
like chords of deep music.

Whoever was beaten by this Angel
(who often simply declined the fight)
went away proud and strengthened
and great from that harsh hand,
that kneaded him as if to change his shape.
Winning does not tempt that man.
This is how he grows: by being defeated, decisively,
by constantly greater beings.

Rainer Maria Rilke