Author Archives: Hussain Fakhruddin

Is The Mobile App Market Nearing Saturation? No, And Here’s Why!

Te global app market is far from being fully saturated

 

In the United States, a May survey (by Nomura) revealed that the total volume of app downloads had gone down by 20%. In general too, there was a decline in the year-on-year app download figure in the first quarter of 2016. What’s more, the International Data Corporation (IDC) has forecasted that the number of new app installations would grow at sub-10% annually, for the next 4-5 years. All of these apparently suggest that the global mobile app market is reaching towards saturation. However, the truth is far from it – and over here, we will highlight certain key stats and figures to show that app development is likely to grow further in the foreseeable future:

  1. Rise in app store downloads

    The combined number of downloads from all the mobile app stores is projected to reach 285 billion by 2020, according to the recent App Annie report. The growth will be mainly driven by a two-fold increase in the global user-base, between 2015 and 2020. Both Apple App Store and the Google Play Store will register steady (if unspectacular) increases in the app download figures. The developing economies will have a strong role in shoring up the app download and usage levels over the next half a decade or so.

  2. A $77 Billion Industry

    That’s what the international mobile app development sector has been predicted to be, by the end of 2017. The total number of mobile devices in use already outstrips the world population count on a 1:1.4 ratio, and 70% of the global population will become smartphone-users by 2020. In addition, over 45% of app-users will actually spend money on their mobile applications. From both the download as well as the revenue fronts, the app market seems to be in good health.

  3. Money matters

    One of the biggest signs of a market nearing saturation is dwindling annual revenue figures. No such trend is expected to be seen in the worldwide app market. In fact, after a relatively modest 123.8% revenue growth in 2016 over the 2015 figure ($50.9 billion vs $41.1 billion) – the total revenue from the app industry will breach the $100 billion mark in 2020, nearly double of the current value. Revenues from both iOS and android applications will show increases.

Note: With the total count of Android devices increasing every quarter, it is expected that the platform will overtake the gross revenue figure of the Apple App Store by mid-2017.

  1. Increase in smart device usage

    9 out of every 10 individuals in the US use mobile phones. On average, 6 out of these handsets are smartphones. The total number of smartphone shipments in 2015 was just a tick under 1425 million units – bringing in a whopping revenue of $426 billion. In 2016, China alone accounted for the sale of nearly 540 million units of smartphones. There is no way that demand for smart mobile devices is stalling – and that, in turn, rules out the possibility of app market maturity.

  2. Proliferation of wearable tech

    Mobile apps are only a section of the global app development industry. The strong presence of smart wearable gadgets also has to be taken into account. Apple Watch changed the face (quite literally!) of wearables in 2015, and since then – the demand for apps customized for wearable devices has been on a steady upward spiral. By September, the number of Watch apps had climbed to 10000+, and in 2016 Q2, the Cupertino company shipped more than 1.6 million units of the smartwatch (amidst rumors of declining interest in Apple products). Other leading wearable tech manufacturers, like LG, Samsung and Fitbit are also doing well. Most mobile app companies have started working on the wearables platform – and there is absolutely no dearth of projects.

  3. Are people getting bored with apps?

    If you thought that the novelty factor of mobile applications is wearing off…well…figures suggest quite the opposite. Nearly 69% smartphone-owners actually use applications after downloading them, and 57% people interact with their recently downloaded apps on a daily basis. The average number of applications present on a smartphone (including native apps) is 26 – and they are used with varying frequencies. The app boom that kickstarted in 2008 might have lost some of its momentum, but app download and usage figures have not slowed down.

  4. Difference between ‘saturation’ and ‘maturity’

    At this point, it would be prudent to highlight that ‘app market maturity’ and ‘app market saturation’ DO NOT mean one and the same thing. For sure the app market has become more mature than before – with users becoming more and more choosy about the applications they are likely to use and retain. In June, it was found that American smartphone users, on average, did not install any new applications, while on a global basis, 1 out of every 4 newly downloaded apps are deleted/abandoned after single usage. These are all signs of ‘market maturity’, and not ‘market saturation’ – which would have meant that app developers are no longer interested in making new software, and end-users are not bothered about installing new applications. Now that is certainly not the case!

  5. Expected spurt in the popularity in mobile games

    Mobile games are already strong, and they are expected to grow even stronger in the next few years. A report from Deloitte Global has indicated that the projected revenues from mobile games ($35 billion) in 2016 will be more than the revenues from console games and PC games ($28 billion and $32 billion respectively). From a slightly different viewing perspective, mobile games are expected to show a 20%+ increase in revenue this year over the 2015 figure. In the same time span, PC games have grown by a measly 5%. Mobile is all set to become the highest revenue generating platform for game developers.

Note: The average revenue per game will, however, remain low on the mobile platform. The revenue/game is the highest on consoles ($4.8 million), while PC games ($3.0 million on each game) occupy the second spot. Mobile comes in a distant third, with a $40000 revenue-per-game figure.

  1. Greater adoption of mobile apps for business

    In April, less than 1 out of every 5 small businesses in the world had their own mobile apps. That figure will be inching towards 48% by the end of 2017 – as companies start to realize the importance of having a custom app for business growth, in addition to mobile-friendly websites. It has been forecasted that by next year, nearly 70% of business traffic for corporate houses will be from the mobile platform – a far cry from 2012-13, when only 10% traffic was generated from business applications. The key factors behind the rapidly increasing demands for mobile business apps include delivering a better customer experience, generation of more sales leads and improving brand presence in the market. If the app market had already been saturated, this trend would not have been present.

  2. Innovations galore

    Let’s just say that app development – instead of stalling – is evolving faster than ever before. Industry 4.0, more commonly known as Internet of Things – which involves connectivity of smart devices for greater user-convenience – is set to go big in the next few quarters. Professional app developers are also increasingly getting projects based on virtual reality/augmented reality. Apps for smart automobiles has not yet peaked, and this sector is also expected to show growth in future (the phase after the launch of Apple Car will be interesting). As already mentioned, wearable technology is picking up pace across the world. There is demand for app development from all of these ‘new sources’ – and the demand is only likely to grow stronger.

  3. Mobile apps vs Mobile web

    Apps win this battle hands-down. More than 30 hours in a month is spent by an average user while interacting with the 20-odd applications on his/her smartphone. According to monthly usage reports, men and women are almost equally engaged to mobile applications. Nearly 90% of the total time spent with handsets is spent on using apps, while only 10% go to using the mobile browser. It’s still a ‘world of apps’ for iPhone and Android phone-owners – there are no two ways about that.

  4. Rising demand for APIs and cloud-driven apps

    People love using apps that are secure, scalable, consistent, and offer smooth access to cloud services. At present, almost 76% users prefer to install applications that have a strong backend support. This, in turn, explains the remarkable rate of growth in the number of application program interfaces (APIs) – the software tools that allow apps to access web resources – in the last couple of years. By the end of 2016, there will be more than 30000 APIs available, a ten-fold increase over the 2010 count. The API economy is well and truly booming, and it is pulling up the usage of cloud-based mobile apps with it.

  5. Growing use of cross-platform tools

    While myths about the slowdown in app markets go on, third-party developers are increasingly taking to cross-platform development tools like PhoneGap, Xamarin, React Native and Appcelerator – to churn out high-quality applications that work on both iOS and Android. The growth in agile development methods and the need to shorten the ‘time-to-market’ are key factors behind the popularity of the cross-platform tools.

Note: Big data applications can be used on any mobile platform. For creating such apps, developers generally use cross-platform frameworks and tools.

       14. Mobile commerce to take off in a big way

By the end of last year, nearly 1 out of every 5 commercial transactions happened via smartphones or tablets. While opinions will remain polarised over the success of Apple Pay and Android Pay – there is no scope of doubting that the number of users migrating to NFC-powered contactless payment methods is increasing every quarter. As a result, the demand for apps that integrate m-commerce features is also increasing fast. The fact that more and more new industries (for instance, healthcare and education) are witnessing extensive mobile app usage also nullifies the so-called ‘saturation theory’.

By June 2016, the Apple App Store had 2 million applications. At the same time, around 2.2 million apps were present in the Google Play Store and 670000-odd apps were there in the Windows Store. Along with the rising availability of apps, there are robust forecasts about app downloads and revenues from 2017 to 2020. The latest tech innovations have also fueled the growth in demand for apps and APIs. Yes, the app development market has entered into the ‘early maturity’ stage and the growth rates are nowhere near the levels at the turn of the decade – but it is certainly not nearing saturation. Not even close.

 

 

Top 14 Touch Screen Technology Trends To Watch Out For In 2017

Mobile touchscreen trends 2017

 

According to a recent estimate, the value of the international multi-touch screen market will touch the $8 billion mark by the end of 2020. Close to 96% of all smartphones used across the world at present are touchscreen models – and the number is expected to go up even further over the next couple of years. In addition to mobile and laptop displays, high-res touch screens are increasingly being used as display areas (for large audiences), in ATMs, for projection screens, digital cameras, and a variety of other gadgets and purposes. Let us here take a look at the most interesting trends, stats and figures from the global touch screen market to look forward to in 2017:

  1. Spurt in global shipments

    As many as 1.3 billion (approx) units of touchscreen devices were shipped globally in 2012. Think that’s a high figure in itself? If yes, sample this: by the time 2016 draws to a close, the figure will have more than doubled – to nearly 2.9 billion. It can be reasonably expected that the total sales of touch screen gadgets will cross the 3 billion units mark within the first couple of quarters in 2017.

  2. The revenue factor

    With greater sales come greater revenues – this one is almost a no-brainer. The touchscreen market has been forecasted to yield a global revenue of $23.9 billion by the end of 2017 – a 178.3% jump from the 2011 revenue figure ($13.4 billion). From a relatively low $4.3 billion revenue in 2009, the touch screen technology has grown fast – and the rapid rate of revenue growth is a clear sign of that.

  3. Types of touch screens

    Different types of interaction technology are used to create touch screen displays. Resistive touch screens – the ones with highly flexible top layers for electrical connectivity – were originally the most widely used variety (their cost-advantage also played a part). Sometime in 2010, capacitive touch screen technology overtook resistive screens in terms of popularity – thanks to the much-improved optical clarity, selection accuracy (with pixel grids) and much better overall reliability. In advanced gadgets like freescale semiconductors and analog devices, capacitive controller ICs are generally used. There are also the capacitive sensors – which are custom-built depending on the type of app/software in which the technology will be implemented. Other types of touchscreens that are expected to witness higher adoption rates in 2017 and beyond include surface acoustic waves, light pens, near field imaging and infrared-powered LED screens.

Note: The number of touch points on a touch screen varies from 1 in resistive screens, to 32 in optical and infrared screens. Projected capacitive touchscreens typically have 2 to 10 touch points.

  1. Moving beyond mobile screens

    The first thing that comes to our mind when we listen to the term ‘touch screen’ is a smartphone, right? Well, as 2017 rolls in, touch screen technology is gradually being implemented on larger screens as well, like curved screens, point-of-sale (POS) terminals, touch panels, automated teller machines and high-end security panels. The focus is firmly on the use of new, more durable materials – ranginging from high-tech glass to polycarbonate – to create larger, tougher, more usable (read: more responsive) touch screens. The technology is no longer limited to mobile phones – the spectrum of touch screen usage is expanding rapidly.

  2. User distribution

    Not surprisingly, the United States has by far the largest number of touch screen technology users in the world. What’s more interesting is that, the Asia-Pacific is the fastest growing touch screen market segment geographically, with a 18%+ compounded annual growth rate (CAGR) in 2015. Europe has also witnessed a sharp spike in the total count of users of touch screen devices over the last few quarters. As the need for quickly accessing digital media resources is increasing and form factor miniaturization trends are gaining momentum, people are getting the opportunity to choose from a truly wide variety of touch screen tools.

  3. Application in different domains

    In 2017 and beyond, the limits till which touch screen technology can be productively and effectively used will be pushed further than ever. In the medical sector, there will be terminals with touch screen panels at many places – and patients have to interact with it to ‘sign in’, and register their presence at the locations (say, clinics). In the transportation industry, touch screens have already found widespread acceptance for check-ins, ticket-purchasing and collections, map views, and a myriad of other functions – to enhance user-experience. In leading eating joints and bars too, large touch screen displays are used by people to order food, check out menus, and even play games. Businesses are also increasing their reliance on touch screens to improve their brand presence and to grab eyeballs, at trade shows and exhibitions.

  4. Evolving market trends

    The demands from users will continue to change as the touchscreen technology develops further in 2017. Current stats suggest that there is a growing demand for touch-based digital signage applications and gaming consoles/devices. In the mobile phone segment, users are increasingly opting for multi-touch devices, while there are upward movements in the demands for flexible display screens.

Note: Among the 11 types of touch screen technology, capacitive screens take up a whopping 70%+ of the total market share. They have replaced resistive screens – which were once the market leaders.

  1. Touch screen in education technology

    In the concept of ‘smart classes’, touch screen technology, arguably, plays the most important part. This trend is expected to grow stronger in the next 2-3 years, with interactive devices being introduced to help students grasp lessons quickly, easily, and in a more effective manner. In the United States, the total spending on advanced education technology tools (like interactive whiteboards) will be only a shade under $27 billion by 2018, as per a recent Deloitte report. The intuitive screens will facilitate the learning process of kids – and simultaneous participation will become simpler too.

  2. The growing wearable technology sector

    The value of the wearable tech market is already inching towards the $15 billion mark. By 2020, the sector is expected to jump to $35 million – with more than 410 million wearable gadgets being sold globally. The rapid growth of the wearables sector will be one of the chief drivers behind the expansion of the touch screen technology market in future. Apple Watch 2.0 has already been unveiled, there is a cool new lineup of Fitbit trackers, Samsung Gear S3 and Microsoft Band 2 are in the news, and there are strong rumors about the second-generation Google Glass. Wearable tech has every opportunity to pick up more pace in 2017, and touch screen technology will grow with it.

  3. Application in smart homes

    2017 is expected to be a big year for Internet of Things, and ‘smart homes’ are a vital cog within IoT. Apart from smartphones, tablets and laptops, there is every possibility that touch screens will be implemented in regular household items like mirrors, tabletops and kitchen countertops. Touch functionality will be seamlessly integrated in these home devices, allowing users to interact in them in a more intuitive manner.

Note: There will be more than 27.5 billion ‘connected devices’ by the end of this decade. The forecast clearly underlines the white-hot growth of Internet of Things worldwide.

         11. Dominance of new players

There are more than 250 leading touch screen suppliers around the world at present. Interestingly, a large percentage of these suppliers started out in the last 5 years – indicating that touch screen is still a relatively ‘young’ industry, holding out promises of further, and fast, growth. In particular, the number of suppliers of capacitive screens has witnessed remarkable year-on-year growth figures since 2012. Immersion Corporation, 3M Company, FUJITSU and Nissha Printing feature among the biggest corporate players in the global touchscreen market.

      12. The competition

In 2017, the worldwide touchscreen sector is likely to become more competitive than ever before – with service providers always looking to go one up on their rivals, and grabbing clients. This, in turn, will pose problems for new entrants – and should prevent any company from earning big profits as well. The average profit figures in the touch screen technology market (5%-15%) – while higher than several other software markets – is still on the lower side. The price competition will cause many new players to make losses, and established companies will retain a significant advantage.

     13. Touch technology in retail

Think that mobile shopping apps and online shopping portals are the biggest advances in the retail sector? If yes…well, think again! With the help of touch screen panels and displays, the concept of ‘direct purchases’ is expected to grow popular in future. The innovative ‘swipe-and-shop’ technology will allow people to make purchases simply by tapping the item(s) displayed on the screens. The challenge will be on retailers to come up with marketing plans/advertising campaigns that actually manage to connect with the new-age buyers.

     14. Moving beyond touch screens

Along with advanced forms of touch screen technology, there is also a definite focus on creating alternative platforms for better interactions of individuals with digital resources. Holographic technology is one such solution under the scanner – and it is likely to grow in 2017 and beyond. The application of this technology will be truly revolutionary: for instance, in a holographic shopping complex, all that people will have to do is view the displayed items and initiate a series of hand gestures – to access all the relevant information. It’s not without reason that Elon Musk, the CEO of Tesla, has identified holographic technology as the successor of touch screens.

Touch screen technology has come a long way since its discovery and application by E.A. Johnson in 1965 (for air traffic towers). The form factors of touch screen devices will become more varied, and high-end tools like Touch Video Walls – primarily for presentations at business conferences – will be used more frequently. The touch screen market is all set to expand significantly from 2017 and 2020 – and the technology shall gradually become more immersive with our daily lives in future.

13+1 Tips For Smarter RESTful API Development

Restful api development tips

 

For accessing and implementing remote services in applications, software developers have two alternative protocol choices for developing APIs. The first (and the older) option is to go with SOAP (Simple Object Access Protocol) APIs, which fetch data as services. For public APIs in particular though, this approach is no longer that popular. In a recent survey, it was found that 7 out of every 10 public APIs follow the REST (Representational State Transfer) protocol to access web services from the cloud. Not surprisingly, the focus of professional API providers have shifted towards making RESTful APIs, with SOAP APIs gradually receding to the background. In today’s discourse, we will deal with some handy tips for effective RESTful API development:

  1. Using GET for state alteration is a mistake

    This one is a big no-no. In order to make changes in state (or changing states altogether), the POST, PUT or DELETE methods should be used. Calling GET for this purpose is likely to generate errors. New API developers need to have a thorough idea about the functionalities of all the REST API methods before starting to code for interfaces.

  2. Avoid relying on only top-level resources

    You need to keep your APIs simple, and introducing subresources is a great way of doing that. This is particularly important for interfaces that involve a large number of relationships – where using only the top-level APIs can be complicated. In general, any resource that is a part of another (parent) resource can be used as a subresource. These subresources offer two-fold benefits: firstly, within the representation of the resource, the dependency on individual keys is brought down. Also, API customers can understand the resources more easily, when subresources are present. To put it simply, subresources significantly enhance the readability of RESTful APIs.

Note: Most aggregations can also be included as subresources. Make sure that all subresources are located within their respective parent resources.

  1. Versioning is important

    Version changes in an API can be broadly classified under two heads. Firstly, there are the minor version changes, which involve alterations that can potentially affect the performance of the API (for instance, adding HTTP headers on API calls). Secondly, there are major version changes like wholesale changes in the core functionality of the API and/or an overhaul of the URL. Both types of changes can cause loss of service for existing API customers, unless versioning is present. With a systematic versioning system in place (for major and minor changes) you can easily make and track changes in the API – as and when required, without affecting current users.

  2. Nouns YES, Verbs NO

    Unlike SOAP APIs, RESTful APIs make data available as ‘resources’. In such a resource-oriented ecosystem, all elements of the API domain (right from Sales and Clients, to Orders, Documents and Users) should be considered as separate ‘entities’. This, in turn, means that nouns – and not verbs – have to be used in the URL (e.g., POST abc.com/trainings instead of POST abc.com/gettrainings). Verbs can be delegated systematically with the HTTP verbs. Each resource needs to be exposed by an API, doing away with the difficulties of actually making endpoints of each specific ‘action’. The HTTP verbs will indicate the action to be performed, while the resources as nouns in the URL will highlight the purpose/functionality.

  3. Keep the URLs simple

    Part of the age-old KISS principle for software development. The more complex a URL is, the difficult it becomes for: a) the providers to make changes in the API, and b) the third-party app developers to use the API. The problems tend to go up further if the number of ‘relationships’ represented in the URLs is relatively large. That’s precisely why it is advisable to make use of designated query strings that would keep things simple, and make the URL more intuitive for the customers. A good approach for doing this is adding all value objects within the query string, and the entities just before the string (the Domain Design Driven approach).

Note: Avoid going beyond 3 levels of relationships (parent-child) in the URL. For deeper relationships, using query strings is recommended.

  1. Specify communication format in HTTP header

    The format of communication should be clearly mentioned in the HTTP header of a REST API. The serialization formats help both the API clients as well as the API developers to understand how communications/network requests would take place through the interface. For listing out all the supported response formats, use ‘Accept’. ‘Content-type’, on the other hand, specifies the exact format of the request. Confusions over the data communication format can seriously hamper the overall usability of a new API.

  2. Design for the user

    Instead of mechanically using the database-driven approach to create RESTful APIs, take time out to jot down the core features and capabilities of the interface first (along with its requirements). In many cases, you will find that using microservices is a much better solution than the traditional database-oriented method. Ideally, an application should have separate bounded contexts, with their implementation not being exposed to users. Customers who need to interact with a specific section/feature of your API should have access only to the corresponding bounded context (making all the data available to everyone makes no point). You need to focus on developing a minimalistic interface that delivers all the desired features, without ever posing a problem for the API customers. User-experience matters in a big way!

Note: The underlying resource(s) in a REST API might be rather too complicated for users. The onus is on API providers to generate a more user-friendly representation of these resources.

  1. Make the HTTP verbs idempotent

    While using any of the HTTP verbs in a RESTful interface (GET, POST, PUT, PATCH or DELETE), there should never be any uncertainties over the likely outcome. This is where the importance of HTTP verb idempotency comes into the picture. Check and double-check that all the methods generate the same results every time, irrespective of the frequency or the number of times they are being called. Remember that all API calls come with a certain expectation on the part of the user – and unless the methods in your API are consistent/idempotent, it won’t be able to fulfill these expectations. The API will suffer as a result.

  2. The importance of HATEOAS

    Yet another factor that can trip up an otherwise good REST API is an over-complicated navigation scheme. HATEOAS, or Hypermedia As The Engine Of Application State, is a principle that addresses this issue well – and hence, should be utilized during the API designing phase. In essence, the HATEOAS approach is all about placing properly working (pre-tested) hypertext links to facilitate smooth navigation within the interface. The use of hypermedia in RESTful APIs is already increasing across the world, and it does offer important advantages.

  3. Use plurals in endpoint names for accessing resource

    This is more of a matter of developer as well as customer convenience. While using plurals for every single resource does not seem correct from a strict grammatical point of view – there are other key advantages of using them over the singular forms (and API developers need not be overtly bothered about grammar in their codes any way!). The use of plurals (e.g., api/users instead of api/user) gives a clear indication of the entire collection of data that needs to be fetched (in our case, ‘user’). Barring a few exceptions, plurals should be used for most resources.

Note: The use of plurals in endpoints is not a rule per se. The important thing here is to avoid mixing up singulars as well as plurals at the different endpoints in the same API. Plurals are generally preferred since they make the APIs more intuitive.

         11. Go for security

API security is one of the most hotly debated topic among software and networking professionals globally. In any REST API, the presence of a valid SSL layer is an absolute must – to remove the risks of unauthorized data access, theft and/or modification. Keep in mind that all that it takes to access a web API is a terminal with a stable internet connection – and not all such connections are secure (at certain points, the data encryption can be incomplete, or worse still, absent). With SSL, all data stored and transferred in the API remain encrypted and organized. In addition, process of user-authentication also becomes simpler. Instead of signing each API call request separately, generalized access tokens can do the trick.

       12. Each resource should have two base URLs

The need for this might not be apparent at first – but it is very important nonetheless. API designers should create 2 separate base URLs corresponding to each resource. One of them will be handling specific (single) values, while the other will be for managing multiple values. This approach helps users keep track of their network requests on a real-time basis. Relying on a single URL for both specific and multiple values increases the chance of errors being returned.

        13. The camelCase vs snake_case debate –

Whether you should use camelCase or snake_case to name the fields depends entirely on the programming technology you are using. As a rule of thumb, use snake_case while working with Ruby and Python, and switch over to camelCase when you create APIs with Java or C#.

Note: According to an eye-tracking study, snake_case is around 20% more easily readable than camelCase. The former is extensively used for JSON APIs.

Bonus Tip: Sometime in 2011, JSON APIs overtook XML APIs in terms of popularity (as per Google Trends). JSON is a leaner, easier-to-parse and easier-to-read tool for data interchanging and access than XML. Unless you are building a REST API that would be widely used by enterprises, it’s better go for JSON-only interfaces.

While working on proxies that do not support all the HTTP verbs (there are some that support only GET and POST), a X-HTTP-Method-Override custom header is required. Choose the underlying API style carefully, and follow standard naming conventions (everything has to be intuitive). It’s important that you follow these best practices for RESTful API development – to ensure that your software indeed delivers the desired solution.

 

 

Top 12 Advantages Of Outsourcing IT Projects

Advantages of business outsourcing

 

More than 50% information technology firms across the world outsource their projects, either fully or partially. According to a 2016-17 IT Outsourcing Statistics report, around 40% of application development firms increased the degree of outsourcing last year (as opposed to a measly 9% firms actually reducing their outsourcing activities). In particular, both the level and the frequency of outsourcing is higher in larger-sized IT companies than in startups and mid-sized agencies. Over here, we will highlight some key reasons behind the popularity of outsourcing IT projects:

  1. Doing away with distractions

    Every IT firm or app development company has a core business, which has to be accorded first priority. What’s more, companies – even the largest ones – have limited manpower and technical resources. Outsourcing allows them to avoid keeping these resources engaged on different projects at any time. As a result, they can keep their focus on their main business activity, while the third-party developers they hire can complete projects. It’s all about freeing up resources, prioritizing things, and doing business optimally.

  2. Availability of skilled professionals

    One thing needs to be understood at the very outset – in IT, ‘experience’ is NOT equivalent to ‘skill’. Different projects require varying types of skillsets – and it would be a waste of time, money and learning resources to train your employees every time. The smarter alternative is, of course, looking for a company which already has the necessary skilled personnel to handle the project under question. Through outsourcing, projects can be handled by qualified professionals – without your having to organize in-house training sessions every time.

  3. Moving beyond resource constraints

    If every IT or mobile app agency were to accept only those projects which can be handled with their resources – they would have ended up working on very few projects each year. The reason for this is simple: in such a ‘closed’ environment, the existing resources of a company would simply not allow it to accept projects of various types. Outsourcing is the best way to do away with this constraint, get access to advanced technology (as and when required), and make the best use of them. An ‘open’ company has the capability to take on more, and diverse, IT projects.

  4. Better management

    As a company grows and its scale of business expands, operational inefficiencies tend to creep in. Certain areas remain unattended to, teams might start to lose productivity due to poor monitoring and management, and project budgets might slowly spiral out of control. To keep such risks at bay, organizations often hire IT project management personnel. In exchange of a pre-specified fee, these managers can make sure that day-to-day operations in an office are running optimally, and each project is progressing in the best possible manner.

  5. Objectivity

    If you are an employee of an IT company and are involved in an application development project, it is only natural that you will have a certain bias towards it. During the software testing phase, everything might seem perfect to you – since you are the one who had created it in the first place. The reality, however, can be quite different – and your software and mobile app might be complicated for the general users. This is precisely why objectivity and a clear perspective is required during testing, and a third-party tester/testing team brings that to the table. If you outsource software testing to a reliable external firm, you can rest assured that your app/software will be checked thoroughly and without any pre-conceived notions. The lack of familiarity will actually help in better project evaluation.

  6. Bringing down labor costs and operational expenses

    When you hire a third-party app developer, you will (of course!) have to pay his/her fees. However, these ‘outsourcing charges’ are, in most cases, significantly lower than the overall labor fees and other related expenses that a firm has to incur – if it opts to do all projects on its own (needless to say, the time-crunch will also complicate matters further). By delegating projects to third-party companies, these additional expenses are avoided, and there is no uncertainty over overhead expenses either.

  7. Better quality standards

    As already mentioned above, outsourcing helps IT companies to get hold of superior technology as well as the ‘right person for the right job’. As a result, chances of innovation and discovery becomes higher, and new elements can be implemented in projects to make the latter technically superior. Given the sheer volume of third-party companies at present, it is only natural that each of them focuses on high quality standards to give itself an edge. When you choose the right outsourcing partner, you effectively ensure that your projects will turn out to be better.

Note: On average, 2 out of every 3 tech firms do not find the time to train their employees on a regular basis. With outsourcing, the need for such training is minimized – since projects are actually worked upon by professionals from another company.

  1. New ideas and solutions

    It’s an absolute myth that IT professionals do not need to be creative. While brainstorming for a new app idea, or trying to resolve a nagging tech glitch – it is often important to be able to think out-of-the-box. Outsourcing projects opens up that opportunity. The team to which a project is delegated to can bring new ideas and thought processes to the forefront – something that in-house employees, already busy with their everyday tasks, might not be able to do. A fresh idea or a new way to work around a problem can help the entire project development greatly.

  2. Advantages without commitments

    One of the biggest advantages of working with an outsourcing partner is that, you get all the resource and expertise benefits, without any additional baggage. As an when projects arrive, you get in touch with a third-party company, get into an agreement, get the work done, make the payments, and be done with it. The next time you need to contact that company is when you have to hire its services again. There are no long-standing commitments to worry about. It’s just like paying an expert from outside your company to help you out – only when you need the help.

  3. Great for startups

    A new IT company, understandably, cannot even come close to match up with the setup and resources of an established organization. However, with the help of outsourcing, they can certainly take up projects of the same scale that the big players do. In essence, outsourcing allows the startup companies to ‘think big’, and ‘go big’ with their projects – even when their internal setup is small. Traditionally, new companies have always been at a disadvantage from their larger rivals – and outsourcing removes this by evening out the playing field.

  4. The continuity factor

    The turnover rate in the IT industry is on the higher side (and has an upward trend as well). The BenchmarkPro survey pegged the 2015 turnover rate in this sector at 16.4% – nearly one per cent higher than what the figure was in 2014. While working on a project in-house, if a team-member leaves – that can lead to considerable delays, as a replacement is recruited, trained, and given time to settle in. To avoid such messy scenarios, outsourcing is a good option. The specialist app development company you hire will make sure that projects do not suffer from continuity issues. More often than not, they have trained personnel as backup – just in case some team-members decide to leave prior to project-completion.


Note: With use of advanced technology, availability of more qualified workforce, and minimal continuity problems, outsourcing often helps in speeding up the overall project development cycle.

       12. Risk reduction

The risks associated with a new IT project come in many forms. On the one hand, there are technology-related issues and the rapidly evolving market trends, while on the other – there are things like legal regulations, government directives, competitor analysis, and security considerations. It is one of the main jobs of third-party outsourcing partners to keep track of all the latest developments regarding these. In addition, they are also well acquainted with the tools and resources that are best-suited for a particular project (and one size definitely does not fit all!). Project risks – particularly those cropping up from improper/incorrect/outdated information and sub-optimal utilization of resources – get minimized as a result.

While outsourcing IT projects has many benefits, it should be done with a certain degree of caution. For starters, a company should look for probable outsourcing partners, make a shortlist of suitable agencies, get in touch with them, and then make a choice. Before a project is delegated, all the paperwork has to be completed and things agreed upon – so that conflicts do not crop up in future (mobile app companies generally sign non-disclosure agreements (NDA)).

Outsourcing, when done in a smart, informed manner, offers companies a way to handle projects better – while avoiding increased operations, training and IT costs. Seamless knowledge sharing (between third-party experts and in-house employees) is yet another advantage of outsourcing. In Business 2.0, outsourcing plays an extremely critical role – and its growing popularity is far from being a surprise.

How To Design Your APIs? Here Are Some Useful Tips!

API designing tips and pointers

 

Like every other type of software, the success of application program interfaces (APIs) hinges crucially on the type of user-experience they provide. There is, however, a significant point of difference. While user-oriented software (mobile apps, for instance) need to be easily usable for the general public, APIs have to be accepted by developers – who are established programmers themselves. Hence, there is a certain additional level of technical sophistication required, when you design new APIs. In what follows, we will highlight a few handy tips for efficient API designing:

  1. Know the purpose of your API

    Keep in mind that APIs are, in most cases at least, not technical solutions per se. They are built to serve as tools for web and mobile app developers. Make sure that there is a clear requirement of your API – a unique problem it solves or a specific need it addresses. Instead of focusing on how your API can fit into existing IT setups, think of how it can help businesses in the long run. Avoid making APIs just for the heck of it – that would be a waste of time and hard work.

Note: The name of your API should clearly indicate its functionality. Do not fall into the ProcessData() trap, and stay away from trying to promote your company through API names.

  1. Go for Versioning

    It’s a brand new API, and you have no idea whether there will ever be a need for subsequent versions. Do you still need to use versioning in such cases? Oh yes, absolutely – since top-level versioning would make it extremely easy for you to add fresh versions later and include more functionalities in them, without having to change the API interface (versioning is, of course, free too!). What’s more, if your API is properly versioned, you can get a clear idea of its user-distribution as well. The version of an API should ideally be stated in its URL.

  2. Identify the core features of your API and keep them simple

    There are plenty of areas where an API can trip up, owing to sub-standard designing. However, you should be particularly careful while finalizing the data structure and options in your software, the workflows and data sequencing involved in it, and obviously, the richness of the data used in the API. Do not include too many structural variations and find out how many fields should be present in responses. Within the API workflow, ensure that the user-authentication/authorization flow is transparent and customer-friendly. While adding rich data, keep in mind that making the API layer too heavy can make its development cycle lengthier and also affect its overall performance.

  3. Use HTTP codes correctly

    Stay well away from API development and designing until you have a thorough idea of what each HTTP status codes mean. For a general REST (representational state transfer) API, the most common response codes are 200 (OK), 201 (Created), 204 (Zero Content), 401 (Unauthorized), 404 (Not Found) and 422 (Unprocessable Entity). The 5xx status codes signify refer to server-side errors (just as 4xx responses indicate client errors). Understand and use HTTP codes correctly in your API – mistakes here can introduce serious glitches in your software.

Note: Instead of having to deal with heavy XML processing for transferring data to your API’s endpoints, make use of JSON. SOAP APIs have given way to RESTful exchanges in terms of simplicity (and hence, popularity), and JSON is significantly easier to work with than XML.

  1. Make your APIs more scalable with hypermedia

    As widely discussed in last year’s Nordic API World Tour, hypermedia is the best possible tool for ensuring seamless evolvability in your APIs. Broadly speaking, hypermedia refers to all hypertext extensions for multimedia functionality, and it allows API providers to adapt to the rapidly changing ecosystem of business API requirements – without damaging the existing client applications. At first, the presence of hypermedia might just make an API seem slightly complex to mobile app developers. However, from a long-term perspective and changes that are likely to be needed in future, they have to be included.

  2. Include data caching in your API

    This is particularly important for APIs that need some time to load and execute. API providers mostly opt for distributed caching services, which allow all hosts to access/make modifications in it (as and when required). Avoid using in-memory data caching for every host, since that can make the entire system setup complicated and buggy. It has been proven that APIs with a hosted caching solution in the cloud execute faster and are, all things considered, more efficient.

Note: You have to use HTTP caching headers to define the caching rules for your API.

  1. Consider implementing a rate-limit

    Not a mandatory requirement, but a smart one nonetheless. As the user-base of your API grows, it will be integrated in an increasing number of new workflows and system infrastructure. App developers might make the mistake of introducing endless loops while calling the endpoints, resulting in serious API concurrency issues (such issues from the client-side can even result in your API breaking down temporarily). To minimize such risks, you should introduce basic rate-limits – to specify the maximum number of API calls/network requests within a given time-span – for endpoints that are the most resource-intensive. Make sure that your rate-limits are easily understandable by users.

  2. Formal documentation is necessary

    Technical documentation for an API is no longer an option. The documentation serves as the first point of interaction between your interface and developers who are likely to use it. You need to get your message about the features and advantages of your API across fast – or else, users might move over to another API provider. In addition to the methods, functions, requests, responses and other basic features – make it a point to include a detailed tutorial and multiple examples/Use Cases in the API documentation. It should work well as a guide for developers using your API for the first time.

Note: To find out whether your documentation is good enough, ask the API testers to go through it and then use it to create a basic application within 15-20 minutes. If they cannot do that, that’s a signal that further explanations are required in the documentation.

  1. Include pagination

    A consistent, easy-to-understand pagination system can go a long way in enhancing the usability of your API. For starters, it would bring down the total volume of computations required on the app servers. In addition, pagination would stop non-essential data from being transferred to clients. Choose from the different patterns available for pagination, depending on precise nature and likely usage of your API. All the timestamped pages in the API need to have links to more pages. That would ensure that pagination requests do not return duplicate results, even when the concerned objects have been modified.

  2. Know your way with the HTTP ‘verbs’

    We have already spoken about the importance of the HTTP status codes. Equally crucial are the so-called HTTP verbs, during the creation of any standard REST API. POST is used to create a new resource, PATCH is specified for the updation of already existing resources, GET is called for data retrieval, while for deleting a resource, the DELETE verb is used. There are several other common HTTP verbs as well, and they help developers while using new APIs.

Note: Avoid trying to use the GET request to to make data modifications. It is meant to be used only for retrieving data, and not for making changes in it.

      11. Use annotations and markers

Are you making a private API or a public/open API? Is authentication required on it? Create and use custom annotations and markers to clearly specify these issues. Both authentication requirements as well as the degree of access control can be managed with markers/annotations. To gain further information on the user calling an API, the markers need to have additional ‘context objects’. Yet another advantage of using markers and annotations in APIs is that, they can easily classify network requests on a granular level, based on user-profiling.

     12. API security should be a prime concern

If the security features of your API are suspect, it is almost destined to fail. Instead of providing your API exclusively under HTTP, go for simultaneous HTTP and HTTPS support. You can even consider offering your API only under HTTPS (this is increasingly being done by leading API developers across the world). Use ‘throttling’ methods (e.g, a 503 response) to protect your API’s performance from getting affected due to a huge number of requests from single users. Be wary of the many other forms of Denial-of-Service (DoS) attacks. If your API can promise (and deliver!) complete security assurance, nothing like it.

Note: Cross-site Request Forgery, or CSRF, is another serious black-hat security threat for APIs. The risk is particularly big when the interactive users use the same authentication configuration that is accepted by the API.

In addition to the above points, make sure that you follow the four rules of thumb while creating your API. Firstly, make your API highly reliable, with minimal system downtimes. For public APIs (which are rapidly growing) set up a transparent API monetization model and deliver high longevity. Next, share the best practices of using your API with its target users (i.e. the developers). Finally, design your API in a way that ensures that users have optimal ‘control’ over it. You can do this by letting developers download and store API data in their local servers, instead of having to depend on cloud operations at all times. Make APIs easily ‘discoverable’, and provide robust, round-the-clock developer support (with SDKs, references, pricing issues, and more).

Remember one thing: most API complexities need to be managed by you, the provider. Deliver a great user-experience to developers with your API – that’s the best way to pave the path for its success!

 

Top 10 API Security Threats You Should Be Wary Of

How to manage API security risks?

 

Instances of cyber hacks and software attacks are increasing at an alarming rate. In 2015, the year-on-year spike in the total number of ‘zero-day vulnerabilities’ (instances of cyber attacks for which fixes were not yet available) jumped by more than 125%. Like any other piece of software, APIs can also be compromised by these hack attacks. Since APIs serve as channels that expose applications for third-party integration, the applications can also come under security threats. Over here, we have outlined some common API security issues that you need to be careful about:

  1. Poor coding

    As an API developer, if you try to take the short way out by following the so-called ‘Just Enough Coding’ route, your API(s) might get exposed to serious vulnerabilities. The risk might not be apparent at first, since the concerned API might be doing okay on the usability and the functionality fronts. However, poor coding standards will not allow proper integration of API(s) with the overall platform/ecosystem. Problems can arise from multiple errors – right from absence of ‘type checking’ (which allows uploading of any file and deployment of the app on the server) and memory overflows, to incorrect error handling methods and even choice of the ‘wrong’ language for coding. You need to take time out to get a hang of how your APIs are meant to work and how customers would use them. That will help you in coding properly. If you rush too much to release your APIs, the latter might suffer.

  2. Weak validation

    For ensuring the security of web APIs and clients, validation of concerned SSL certificates is essential. However, developers often make the folly of making this validation process rather half-baked – as a result of which hackers can issue their very own bogus certificates (all that’s required is a working net connection), get random users to validate on these, and access confidential user information (breaking into the the encrypted data transfer process). Malicious API traffic interception and the ‘weak validation’ on fake certificates can deliver API keys, passwords and usernames right in the hands of hackers as well. Set up the data encryption and validation methods based on the sites that the web client will access. For iOS applications, consider ‘key pinning’ to keep things more secure.

  3. Uncertainties over enterprise API usage

    While on the topic of API validation, we should mention the risks that enterprise APIs might be subject to as well. In many large-sized companies, the administration fails to track who is using the enterprise APIs, how heavy is their usage, and the reasons they are using the APIs for. As a result, the usage charges remain unverifiable and can also spiral upwards. Since there is limited (or no!) information on the applications and/or the systems that are using the enterprise APIs, changing the API provider (as and when required) becomes a tough ask too.

Note: Many employees tend to access APIs with their enterprise credentials. If these credentials are exposed to unauthorized parties, that can put the API in particular, and the enterprise in general, under serious security clouds. For smart enterprise API management guidelines, click here.

  1. Whose responsibility is it, anyway?

    The API provider prepares the initial version of an API, the API Developer extends it with features and functionalities, and implements it, while the API customer uses it to create applications. Now, security should always be the responsibility of the person/team at the lowest level – the API providers or developers. Things like user authorization and authentication, API versioning and dependency management need to be handled by developers. Putting it in another way, adopting developer-centric API security norms is important. API customers can put in additional security layers (SSH, HTTPS, SSL, etc.) – but they are only of use when the developers have ‘securely’ designed the software.

  2. The risks of using SOAP/XML

    Make no mistake, most vulnerabilities from the server-side can be easily tracked and fixed in SOAP (Simple Object Access Protocol) APIs. However, the XML data format – which is bundled in with the SOAP protocol – has several ‘soft targets’ for hackers, like Denial of Service (DoS), attacks by external entities, and even problems in XML encryption. The fact that the SOAP protocol remains in production for extended periods due to heavy system dependencies complicates matters further. Unless you are working on a corporate API or a software legacy system, it makes a lot of sense to ditch SOAP/XML in favour of the much simpler JSON/REST (Representational State Transfer) combination. The potential security threats will be much lower.

Note: If you HAVE to work with SOAP APIs, make sure that the API audit prior to release is thorough. All vulnerable endpoints in the stack have to be found, and patches for them created, before the API is made available to customers.

  1. Enterprise API misuse

    This can be both intentional and unintentional. Let’s explain this risk with a simplistic use case: Employee A uses the enterprise API for a particular service (say, downloading a picture). Now, Employee B also accesses the API and avails the same service (in our case, downloads the picture which is already the property of the enterprise). Such redundant and repetitive API usage can go on, if not tracked by the company. As a result of such API misuse, many corporate houses end up facing a much higher bill than what they should ideally have to pay. Having an strong API governance setup at the enterprise level is important, and API providers need to monitor the usage of the interfaces constantly as well.

  2. Lack of security in the transport layer

    Absence of a Transport Layer Security (TLS) in an API is practically equivalent to handing out open invitations to hackers. Transport layer encryption is one of the most elementary ‘must-have-s’ in a secure API. Unless a TLS is used, risks of the fairly common ‘Man-In-The-Middle’ attacks (where an unauthorized third-party can intercept the transferred data and modify it) remain very high. Use both SSL and TLS in your APIs…they are neither too pricey or too complicated, and they go a long way in removing basic API vulnerabilities.

  3. Too much control with customers

    When can you say that your API is 100% secure? That’s right – when it is yet to be accessed and used by a customer. As soon as network requests (API calls) start coming in, the API gets exposed – and if you let customers use your APIs in whatever way they like – a hack attack might be waiting just around the corner. Many APIs do not set any specific password complexity rules, do not track the API metrics, or allow repeat session ID tokens. Remember that while most of the users are genuine, there can always be a handful of miscreants, looking to use your API to illegally usurp user-data and maybe even introduce bugs in the system (the ‘black-hat hackers’). Set limits on concurrent API connections, implement password length/complexity requirements, make re-authentication mandatory for extended usage, and be very careful while analyzing the API usage metrics. If any suspicious activity is detected, find out the reasons behind it.

  4. API terms of use not considered important

    Yet another security glitch that often bugs enterprise APIs. The threat stems from two sources: firstly, Final-users are not aware of the terms of service (ToS) of an API – and end up using them for purposes/in systems that they are not allowed to. Data ownership in enterprise APIs is also specified in the terms of usage. Secondly, when customers do not pay attention to the API terms and conditions, they often remain unaware of the quality of service the software is likely to deliver. That, in turn, results in improper data tracking on the customer-side. With APIs growing in importance for businesses worldwide, these visibility issues are going down…but they still present a threat.

  5. Insufficient security at endpoints 

    Leading API developers recommend the inclusion of ‘key signing’, ‘hashes’, ‘shared secrets’ and other such common endpoint hardening technologies within the API development cycle. Making changes at a later stage is difficult – since the legacy systems which use the API might suffer performance issues. In case the endpoint hardening is not done during the early phases of API development, it might not get done at all. As a result, the endpoints will remain vulnerable – and any competent hacker will have a field day.


The rapid evolution of the API economy throws up threats of its own. As we move on from basic backend-as-a-service (BaaS), to software-as-a-service (SaaS) and Infrastructure-as-a-Service (IaaS), new technologies, resources and API frameworks are becoming available. While technological advancement is a positive thing per se, using the latest tools without proper training and/or limited understanding of how they work can be counterproductive. The mindsets of API providers have to evolve as well, for optimal use of the new technologies.

 

The onus is on API developers to list out all possible ‘security holes’ in their software – which can be targeted by attackers. Once that is done, steps can be taken to block out these risks systematically, and make the APIs well and truly secure.

 

 

7 Reasons Why You Should Build API Driven Solutions For Your Mobile Apps

The importance of api-driven app development

 

It won’t be overstating facts if APIs were referred to as the ‘foundational technology’ behind application development. API-driven development methods were in focus since the start of Web 2.0 technology, although the attention on APIs has really spiked in the last half a decade or so. APIs bolster the performance of mobile apps in two chief ways. Firstly, they help in the seamless integration of applications with the internal IT systems in the backend. Also, apps can be connected with rich clients on the front-end without any hassles, with the help of custom APIs. In today’s discussion, we will delve a little deeper into the need for API-driven development for smartphone apps:

  1. Optimal use of developers’ time

    Writing endless lines of codes for an app is ‘hard work’. Working with pre-built, custom application program interfaces is ‘smart work’, and you should already be aware of which one you should opt for in today’s world. You might be the best mobile app developer going around, but a reluctance to use APIs will only stretch out the overall app development cycle, necessitate more (read: much more!) coding, and keep the risks of making errors wide open. APIs give developers the option to ‘destroy code’ as much as possible while creating high-quality applications. The time saved over here can be utilized for other productive purposes.

  2. Closer collaboration between app makers and clients

    Earlier on, most forms of software development were long-drawn processes, and they did not really involve the customers. The attention was more on the functionality of apps in their final stage, with client-feedback and suggestions staying in the background. The growing popularity of API design and development has revolutionized this scenario. Now, developers can actively seek the feedback/opinions of clients at multiple stages of development. The same can then be easily incorporated in the project. What’s more, customers can even get a first-hand feel of using apps BEFORE they are launched – through service virtualization techniques with APIs. In a nutshell, APIs have become instrumental for narrowing down the gap between clients’ expectations and the developers’ output. And that’s a good thing for both parties!

  3. Better organization

    When you are working on multiple mobile app development projects, the last thing you can afford to be is unsystematic. Keeping things in order is one of the most important reasons that drive up the adoption of API-driven solution methods. Provided that all the API descriptions, API schema, usage-related data and other specifications (including the formal API documentation) is securely stored at one place, accessing the right information at the right time becomes a whole lot easier for developers. The need for having a properly detailed schema, in particular, boosts the app testing procedure.

  4. Getting rid of repetitive steps

    With a strong API backend (backend-as-a-service or BaaS), most repetitive steps during the making of an app can be unified. All that the developers have to do is connect the paired SDKs (Android, iOS, Javascript, Python, Java, Node,js, and others) with the APIs, and get projects completed more quickly – while maintaining high quality standards. With new technologies and frameworks being launched frequently and mobile app development increasingly becoming more complex, APIs provide a smart way for developers to build apps faster, and pay more attention to the core features and the main point(s)-of-difference of new applications. There is no need to reinvent the wheel every time – the focus should be on making sure that the wheel rolls smoothly, always.

Note: Both boilerplate code lines as well as repeated stack setups can be removed by following API-driven development methodology for every application.

        5. Implementing important third-party services and functionality

How do multiplayer mobile game apps allow users to send invites to their Facebook friends? That’s right, by calling the Facebook API. Use on-demand cab service applications (think Uber)? The maps displayed in them are shown by calling the Google Maps API. Now imagine that APIs were not available, and you had to incorporate these functions through code-sharing (from other applications). It would have been an unnecessarily complex process, a wastage of both time and effort (without any guarantee of proper performance at the end of it all). Third-party apps, can, with APIs, share many key functionality of the biggest service providers in the online business. It’s like having access (albeit limited) to the readymade resources prepared by others.

      6. Evolution of enterprise application development

There was a time when developers were not concerned about app-to-app integration (i.e., the internal resources and information of an application being shared by other apps). Things have come a long way from there – and now developers can easily support such integrations with the help of RESTful API designs, access control (key-based) and versioning. JSON-based data has also emerged as handy resources/tools in this regard. These API conventions have successfully replaced the external middleware required for such integrations. In addition, for enabling rich mobile clients and/or JavaScript and HTML5, a robust API architecture has become essential in dynamic application delivery models. If you wish to make enterprise apps that would truly foster better internal and external collaboration, working with APIs is no longer just an option.

        7. Faster and more thorough mobile app testing

Manual testing is necessary, but is far from being sufficient for ensuring the quality of new mobile applications. In general too, thoroughly testing an app without APIs is an unduly long, and often half-baked process. With APIs, developers can use the ‘Test Automation’ feature to perform exhaustive app testing, and bring down the duration of the total app testing cycle at the same time. The pressure on manual testers gets considerably reduced. Chances of bugs remaining undetected is nil, and the apps become of assured quality. As a result, they can more than live up to the expectations of both clients and end-users.

APIs help mobile app developers to create a strong network ecosystem, in which they can develop software. Many apps need to capture and display data from the backend, and APIs are a must-have in them. Another point to be noted here is that APIs in particular, and BaaS in general, are important when you make your first app – and they become even more important when you become an established player (as the needs for higher quality apps and quicker development cycles grow). Not surprisingly, many leading mobile app companies specialize in custom API development as well.

The value of the BaaS market worldwide has been projected to inch towards $7.8 billion by the end of 2017. APIs help developers in multiple ways, and boost up the quality and performance standards of applications. Unless you use API driven solutions for your mobile apps – you are simply risking yourself being overtaken by competitors who have already switched over to the API economy.

Top 13 Tips On How To Optimize Your API Strategy

The importance of APIs – often dubbed as the ‘fossil fuel for the next generation’ – is growing rapidly in the world of business. In a recent survey, it was found that around 72% of all enterprises already have well-defined API strategies in place. What’s more, 1 out of every 2 companies were generating (or were likely to do so within a year) significant revenue from their API programs. However, these stats do not automatically mean that working with APIs will guarantee big success for your organization. A properly optimized API strategy needs to be in place, and the following tips should come in handy in that regard:

  1. Understand the need for an API strategy

    Let’s get this one sorted out at the very outset. Don’t go for an enterprise API program simply because ‘all the others are doing it’. Take out time to analyze how an API strategy would help the core product/service development processes at your company. In other words, avoid focusing on the standalone value of APIs (unless, of course, you plan to offer APIs as final products), and consider how they are going to complement your business. Only if you find that there is a demand from customers, or a scope to network better with partners/collaborators, or even for building up a stronger mobility platform and ecosystem, go for an API strategy. Keep in mind the potential risks (security, quality, etc.) as well.

Note: With APIs, you can turn your business setup into an infrastructure-as-a-service (IaaS) architecture – building up your overall reach in the process.

  1. Get an idea of the API value chain

    For make your API strategy successful, you need to know the flow in which APIs are used. This is referred to as the ‘API value chain’. It has the existing backend systems/enterprise IT systems at the first block. Next up in the chain are the API providers, who create and deliver the interfaces to the web/mobile app developers. The latter use the APIs to create client applications. These, in turn, are downloaded and used by the end-users or the general public. So, the ‘API value chain’ looks something like this:

Backend architecture → API Providers → Application Developers → Client Apps → Final Users

 

  1. Do a cost-revenue analysis

    Remember that APIs do not have (in most cases) any intrinsic value. They are NOT technical solutions per se, but are meant to serve as important components in your overall business strategies. As such, it only makes sense that you should estimate the net returns from developing and implementing an API program. Calculate the overall costs of building the APIs – based on the total resources used up and systems engaged in making them, and compare that with the additional revenue channels that are likely to open up due to the innovations brought about by your strategy. Customize your API strategy in a way that your revenues are always (significantly) higher than your costs.

  2. Study the importance of API version control

    Having an API strategy without a version roadmap is like trying to control a rudderless ship. There can be heightened security threats, app makers can start using them to make applications (and make changes in the API themselves), and outdated APIs can get dragged along for too long. As the API entrepreneur, the onus is on you to settle on a version control system for your application program interfaces. Plan how your APIs will be tracked and monitored (consider all the measurable metrics), what the security protocol and related updates would be, and how you will retire/phase out the older APIs. For that, you will also need to have an idea about the four stages in an API lifecycle:

API Analysis → API Development → API in Operations → API Retirement

 

  1. Pay attention to the technology

    From a purely technical perspective, there are several choices to be made when you are laying the blueprints of an API strategy program. XML or JSON can be used for data formatting purposes, you can go with either the experience-based or the resource-based design guidelines, and obviously, take a stand on whether to go for SOAP (Simple Object Access Protocol) or REST (Representational State Transfer protocol) APIs. Whatever may be your final choices, make sure that they are taken with an eye on the long-term viability of your business. Remember that APIs are not short-term fixes, and the ideal API architecture for one company is not likely to be suitable for another enterprise.

  2. Public APIs vs Private APIs

    You have to specify the target developers who would be using your APIs to churn out applications. For that, depending on your company’s requirements, you have to decide to go with either Private APIs or Public APIs. The former are meant to be used only internally within an organization – by in-house developers for their own projects. Open APIs (as Public APIs are generally referred to), on the other hand, are accessible by third-party developers for making apps. While Private APIs are more ‘inward-focused’, the Public APIs are instrumental in making the maximum use of the existing IT assets of enterprises. Find out which type of APIs will be best suited for your business, and decide accordingly.

Note: Designing public APIs is trickier than doing the same for private APIs, particularly from the security viewpoint.

  1. Know the role of everyone in an API program

    It’s all very fine to have an API strategy on paper. However, it’s an entirely different ball game to actually implement it within your enterprise. Not engaging the right personnel in the right roles in API management is one of the biggest reasons for the failure of many enterprise APIs. The enterprise architect(s) should be working as the lead managers in your API strategy, overseeing the development, designing, modifications and deployment of APIs (along with their backend integration). Product managers should double up as the connection/communication channel between the ecosystem of API developers and API customers. The responsibilities of maintaining the API architecture should be taken by the system administrator(s) of your company. Other important team players involved in your API program include API testers, senior software engineers, internal/external app developers, and other stakeholders.

  2. Build a MVP version of your API

    Think of it as a beta release of your APIs. It is never advisable to release the final version of an API and then make changes in it (that affects the way in which the APIs are used by those who make apps as well, diluting the overall scenario). Instead, you should look to release a MVP (Minimum Viable Product) version of your APIs as quickly as possible. Make sure that it is accompanied with proper formal documentation, terms of use, a user-friendly sandbox/public endpoint, and a robust security setup. The MVP can be initially offered to in-house developers, before it is rolled out to business collaborators, who can become customers of your APIs. Monitor the feedback received by the MVP, implement the required changes, and then release the full-blown version 1.0 of your API.

  3. Select the right API design style

    Designing an API that would deliver value to your enterprise is not the easiest task in the world, and going with a wrong design model can further complicate matters. Based on your business goals and pre-specified API visions (i.e., how APIs are going to boost your business operations), you can choose a Pragmatic REST model, a True Rest (Hypermedia) design model, or a Web Service Tunneling model. With the importance of Internet of Things (IoT) rising, many enterprises also opt for the Event-driven API designing style. Make sure that the API design strategy you pick will make the interfaces in sync with your backend systems.

  4. Manage the layers

    Familiarity with the architectural design is vital for optimizing the overall API strategy for your business. The design, of course, has to be deployed in the core infrastructure of the API, for proper functionality of the latter. Broadly speaking, the data contained in APIs need to pass through 4 layers. The first is the Security Layer – where security standards and authentication tools (OpenID Connect, OAuth, etc.) are deployed. Next comes the Caching Layer, which keeps a tab on the total API implementations, by managing common requests with cached responses. The Representation Layer is the third in the API architecture hierarchy, where the focus is on presenting your APIs in a easy-to-understand form to target developers, so that they can make the best use of the APIs. Rounding off things is the Orchestration Layer, where multiple backend systems can be managed, and data from several sources (APIs) can be securely clubbed together.

  5. Pay attention to the API Gateway

    An API strategy might be good in theory, and it might even have a captive developer audience (a ready set of customers). However, all the good work might be undone, if you are not careful while creating the ‘API Gateway’. The gateway is supposed to deliver all the functionalities included in the core API infrastructure – right from orchestration and caching, to data security and access control. For an API program to be usable, its gateway needs to be very carefully developed.

  6. Shorten the API development cycle

    This won’t happen overnight, but as your business expands and demand for APIs increases, a shorter development cycle will become very important. Settling on a well-defined ‘API Practice’ is the best possible way for doing this. The standard methodologies, tools and standards should all be mentioned in this API Practice, together with an overview of the roadmap/version control of the interfaces. There are several web-based frameworks and API lifecycle management tools (software-as-a-service, or SaaS), which help in establishing a proper API Practice for enterprises. The main use of this is shortening the development cycle by standardizing the overall process and ruling out uncertainties as much as possible.

  7. The overall quality factor

    Having an underperforming API out there can prove to be counterproductive for your business (in the form of faulty marketing, production glitches, and even loss of external developers/customers). You need to ensure that APIs are easily pluggable to multiple systems simultaneously, are scalable and available, and handle high volumes of network requests (API calls) without any problems. Be careful about the fault tolerance of your APIs as well – as significant API downtimes are likely to create a negative impression on customers. Quality is, by far, the most important concern among API providers – and the problems often get exacerbated due to inabilities in finding the root cause and/or employing the wrong set of people to fix API issues. Perform all the standard API testing procedures – unless your APIs are good, your strategies won’t work!


Like any other business venture, setting up an API program represents an investment by your organization. The focus, hence, has to be on earning a profitable return from this investment – and that is precisely where the importance of API strategy optimization comes into the picture. Around 8 out of every 10 enterprises with 10000+ employees manage to earn $5 million annually, from APIs. Clearly, there are rewards aplenty for a well-managed API strategy, and these tips should get you started in the right direction.

 

 

Data resource: https://www.scribd.com/doc/313089698/The-Rising-Value-of-APIs

Enterprise API Management: 12 Things You Need To Know

Business enterprises are moving towards a centralized ‘API economy’ at a rapid rate. It has been predicted that, by the end of 2018, more than 85% of all the large enterprises across the globe will set up their very own API programs*. The move towards enterprise APIs is fueled by a number of factors – with seamless information exchange and possibilities of better collaboration within organizations being right at the forefront. With growth of use of APIs in the corporate sector, the importance of efficient enterprise API management is also increasingly coming into focus. Over here, we will point out some of the most important points in that regard:

  1. In-premise and on the cloud availability

    Enterprise APIs need to be simultaneously available on-premise as well as on the cloud network. This enhances overall usability, since users are able to access additional resources (as and when required) without any problems. What’s more, switching over from the on-premise API model to the cloud API model also becomes easier. The key lies in ensuring that the enterprise API system can operate on both the platforms without requiring any modifications.

  2. Thinking beyond ‘closed’ enterprise IT systems 

    Information is of the essence in the present economy, when a company offers products or services for sale. The traditional IT system in enterprises is focused more towards protecting and maintaining the internal information database only. APIs, on the other hand, give an option to create an ecosystem where transactions can take place. With application programming interfaces specifying protocols and online service standards, they are, not surprisingly, being adopted rapidly by web-based enterprises.

  3. Selecting the right API tier

    Enterprise API management is much more than creating a standard, ‘one-size-fits-all’ API, and then hoping that it would work like a charm for all companies (it won’t!). The onus is on business entrepreneurs to select the custom API tier and strategy, that would enable their firms to create more value internally, and deliver more value to customers and other stakeholders. Startups should ideally go for the Open API tier, which can provide them with large-scale business recognition and exposure. More established enterprises, on the other hand, can have a combination of a customer-only API tier (that has all important transaction data) and an internal API tier (with the proprietary, confidential internal information). Since Open APIs can be accessed and used by anyone, they can somewhat dilute the brand image of larger companies.

  4. Need for API management at enterprise level

    We are in the midst of a ‘mobile-first’ generation. Now, there exists a gap in the latest mobile interfaces used by customers, and the established backend systems in place at workplaces. Also, the rate at which enterprise backend systems can be modified is different to the one at which business apps and APIs evolve. To bridge this gap, there is a need of a smart enterprise API management layer, that would help to transfer the full value of backend systems to the mobile interfaces.

  5. API-first model vs Backend-first model

    In a service-oriented architecture (SOA) system, this is no longer a debate. It is almost mandatory for API providers to adopt an API-first design approach. In essence, this means creating a smooth, functional and powerful interface to start with, and then hooking it to the backend logic setup (the traditional approach puts more importance on the backend, and relegates APIs to almost an afterthought). The API-first approach works well on two fronts – firstly, API testing becomes a lot less complicated, and secondly, the API implementation process remains thoroughly defined and documented. A backend-first model muddles the very existence of enterprise APIs.

  6. The biggest players with API programs

    Think that use of APIs for businesses is a ‘new phenomenon’? Well, that’s not much more than a myth. From the early years of the millenium (2000s), leading online shopping portals like Amazon and eBay have been working with APIs. Coca Cola and Cisco are two other biggies that entered the API-driven growth strategy at a fairly early stage. By the turn of the decade, online entities like Google, Twitter and Facebook had all adopted enterprise level APIs.

Note: The main objective of enterprise APIs is to deliver competitive advantage to the company which has them, over its rivals (who don’t have API programs yet). A classic example of this is the Netflix vs Blockbuster tussle. The latter had a healthy lead in terms of value till the second half of 2008, when Netflix announced its API to revolutionize its core business. Since then, it pulled ahead of Blockbuster (which did not have an API). By 2010, Netflix was soaring while Blockbuster was hurtling towards its end (acquired by Dish Network in 2011).

  1. Opening up to external ecosystems

    Buyer behaviour is hard to predict. There also remains considerable uncertainty regarding demand fluctuations over time too. In order to deal with these, more and more companies are using APIs that open up their information systems to external ecosystems, comprising of third-party coders, mobile app developers, testers, analysts, and the like. As a result, all the necessary experiments and surveys can be conducted with the help of the information assets at the disposal of companies. The degree of third-party information access can be controlled too. Firms that open up their ecosystems with APIs typically share their revenue-streams with third-party developers.

  2. Growing complexity IT operations in the corporate domain

    Search all you want, but you are not likely to find any software developer or any other IT professional who would say that the architecture of computing systems in his/her company is growing simpler over time. More systems and technologies are getting added, more teams are being plugged in to the development cycle – and deadlines are, understandably, getting stretched. A business API, or more simply, a business interface, can tackle these problems with ease. It can also upgrade existing applications and systems (which might otherwise remain overlooked). Enterprise API management refers to the way in which owners interact with their business, to make it more efficient, clear and simpler. It is not just about programming for business.

  3. API monitoring and assessment

    Like any form of software, APIs can also fail. If persisted with, a buggy API can cause significant loss of revenue for businesses. That, in turn, brings to light the value of analysing the available API metrics on a regular basis, to track progress and assess results/outputs. By tracking the analytics/metrics of an enterprise API, two things can be monitored: a) the API itself is working as it is meant to (the technical perspective), and b) the API is indeed creating innovations and generating value internally and externally (the business perspective).

  4. What do enterprises want from their APIs?

    We have already highlighted the main needs for having an enterprise API management layer in place. Let us now turn our attentions on what actually the big enterprises are using their APIs for. In a Layer 7 survey, it was revealed that 72% of the respondents created APIs to bolster the performance of their in-house mobility systems. This was closely followed by the demand for better integrations with business partners via APIs (70%). Over 65% enterprises expressed their willingness to develop cloud-based APIs. Interestingly, around 55% of the respondents wished to create third-party app developer communities with APIs.**

Note: The demand for APIs by in-house developers for their own projects ( ~67%) trumps that for developing external developer ecosystems, however.

        11. Types/Models of Enterprise APIs

 Apart from the broad API tiers, a company needs to choose the correct enterprise API model for itself. They can either go with private APIs, which are accessible only by authorized partners and developers, or public APIs (open APIs, mainly opted for by startups). Regarding the revenue model, there is the option to select either a revenue-sharing model, or a flat one-time fee model, or the free model (which is followed by Google in most cases). On top of it all, there needs to be a stable, reliable API governance system in place.

      12. It’s all about the ‘ilities’

An enterprise API needs to have certain properties, without which it would cease to be of any value to its parent company. The first of them would be ‘availability’, which refers to minimal downtimes and consistency across environments and platforms. Next up is ‘reliability’, which would make sure that any number of API calls can be handled, without performance being affected in any way. The third cog in the wheel is ‘scalability’, which deals with whether the API can be expanded in response to larger volumes of network requests. Finally, there is the need for ‘discoverability’, which means that all developers and users can access the API without any difficulty (herein lies the need for a stable central service repository).

Software engineers and mobile application developers agree on the importance of continuous API refactoring – in a bid to improve their user-experience levels over time. High-end security assurance is an absolute must-have in enterprise APIs, and while designing them, providers should implement systematic versioning. Companies need to build strong help and support communities for their APIs on social media channels too.

The success stories of big players like Google and Netflix after they started working with APIs are well-documented. What’s more noteworthy is that, more than 50% of all small businesses/startups will have their own mobile applications by 2017. In such a scenario, the adoption of enterprise APIs is only expected to rise further, and managing them will be crucial for realizing their potential value.

 


*, ** Resource: http://venturebeat.com/