Essential Guide API Mobile Application
August 6, 2014

The Essential Guide to APIs and Mobile Applications


Most people will say that the front-end of a mobile app is where the excitement is. While it's true that design and look-and-feel can have a big impact on adoption and usage, the test of an app's value is what it delivers to the user, and what that user can do with it. The value is really in the data, and being able to access and manage that data is the determining factor in what makes or breaks the success of an app. For this you need a guide to Mobile APIs.

Related blog >>What Are APIs?

As user demand and capabilities become more sophisticated, mobile apps now often rely on integrated data from multiple sources. An easy way to connect that data from server, database, LDAP or other repository into the presentation layer is critical. Always-on availability is, naturally, of highest priority, but so too is the ability to secure that data, mash it up with other data sources, and make it available to developers so they can create more channels.

APIs for Mobile Applications

API Platform

For some apps, especially consumer ones, mobile APIs provide the tool that enables user interaction with data from multiple applications. For example, Uber makes use of a sophisticated database of drivers, GPS data, messaging, and a host of other capabilities, all of which come from different sources.

Many enterprise apps are more singularly focused, but still require that authentication and security be locked down to protect corporate intellectual property. In all instances, the API (or multiple APIs) strengthen the application fundamentals by allowing it to be flexible (whereby developers can use, and add to, its functionality), secure, yet all the while, totally usable.

The beauty of the API is its simplicity. You are never actually porting to different platforms because the API is concerned mostly with data, not platform nor device. You find the data, build something usable around it, grow it with additional functionality (or allow others to build on top of it), and monetize it. API for mobile application development is unto itself and it’s why CEOs are starting to show up at enterprise app and architecture conferences.

As you consider your mobile strategy, you will come to find that there is little difference between your mobile application efforts and your mobile API efforts. Effectively implementing and managing the API lifecycle becomes your goal. In order to do that effectively, you need to be mindful of some essential pieces of that lifecycle and what you need to do:

Securing Your Data

Every application developer will tell you that security is his/her highest priority, but even experienced developers may not take into consideration that it's not just the data that needs to wrapped in a security layer. User information is transmitted on the front end, data is transported both from the user and from the server, and all those transactions mean more exposure and greater risk of data being compromised. There are three main areas of concern for data integrity that a mobile app developer needs to account for:

  • Authentication and authorization: Remember, users don't think about security when they use a mobile app (at least not as much as they probably should); they want to click, interact, and then they're out. If access is too hard, they won't use it. We think that using an OAuth-based server provides the most flexible and least onerous environment, and gives the API the freedom it needs to find and transact with data (or commerce, in which case, a PCI-compliant API is required). You'll be able to integrate easily with existing ID management tools and add their access control into your app.
  • Messaging: Apps are meant for back-and-forth interaction, and that translates into a lot of data flying back and forth. SSL, TSL and message-based encryption is critical for all that data in-flight to go where it's supposed to go and stay secure in transit. We have long believed that encrypting and decrypting using XML-based standards keeps mobile app data secure but easily usable.
  • Threats: It is absolutely essential that you provide a firewall around your data to protect against SQL, JavaScript or XPath and XQuery attacks, and ensure a validation schema so that content cannot be distorted.

Exposing Your Data

The easiest way to grow your channels and reach is to let your API do the heavy lifting. It's a tool that is already optimized for sharing and its natural state is to connect. If you allow developers to access and use it, they will bring their own data and functionality into the equation, which, in turn, strengthens your own app. Essentially, the API becomes your most valuable mobile app tool because it enables you to be able to access and share your own data, and benefit from the data of other apps, and take all of that to a huge range of devices and platforms.

The most effective way to do this is by using RESTful services, which we believe should be the foundation for your API lifecycle. We are always looking for options that might enhance the REST promise, but at this point, REST provides the most effective way of transmitting and extending data. Our Policy Manager product is fully supportive of REST so it can centralize and automate the management of SOA and Web services and provide consistent policy and service definition. This means that you can monitor, cluster and add valuable SOA governance easily to your APIs, and for mobile apps which are often feature-rich, REST ensures fast and secure transmission of data.

Analyzing Your Data

Apps deliver to your users and customers, while APIs allow you to really know who they are and how they behave. That's a major business advantage; understanding users helps you deliver a more desirable app.

APIs manage quality-of-service for your APIs, quotas and service levels for each app. Beyond understanding how the user interacts, it also ensures that your app is doing what it's supposed to be doing. Is the right data being served? If not, API analysis will alert you and can be developed so it is automatically responsive (with correction and/or alerts to the app admin). Additionally, applying the right type of analysis provides a layer of additional security; admins can be notified of denial-of-service attacks and other attempts to hack data.

Monetizing Your Data

APIs have become the most important tool to exploit your digital commerce presence, especially for mobile apps. To take advantage of doing that, you will need to treat your API like a product, and it has to have a product strategy for your digital transformation. In that strategy should be a focus on channel development - that is where the API will help you reach new users and partners, and will help you promote your brand awareness. You should look to use a tool like Akana's API Management Solution to create API licensing opportunities. Doing this other businesses an almost immediate opportunity to partner with you. Even with little development or technical expertise, business owners will be able to manage the entire process of creating API bundles based on levels of entitlement that you set. This gives you the ability to control the visibility of your APIs, provision access to data, and manage rate limiting policies. The licensing arrangements then become totally your domain, and you then can become, essentially, a franchisor.

There's nothing revolutionary here, but attention to the details and awareness of opportunities means greater chance that you'll get maximum benefit from your mobile app and API efforts. We invite you to learn more about mobile apps and APIs with these resources:

  • API Gateway: learn about how you can streamline management, deployment, development and operation of APIs.
  • How to Get Your Business Selling in the API Economy: Delivering ecommerce and content together in the form of a streamlined, easy-to-consume API is the best way to spark innovation, sell from within digital and mobile channels, and generate new streams of revenue.
  • API Security: A Guide to securing your digital channels: This whitepaper lays out the necessary components of a well-constructed API security strategy.
  • Contact Us: Speak with our experts for an API Strategy Assessment or an Akana demo.

Try Akana

Sign up for a free 30-day trial of the Akana API management platform!

Try Free