In my previous blog post, I examined the problem of REST API complexity in the enterprise. In short, as a company builds more and more web services, the situation server-side becomes increasingly complex, which can reduce portability, scalability, efficiency, and security. It also slows down development, just at a time when enterprises are scaling up development of mobile applications. In this blog post, I discuss some of the solutions that companies use to address this problem, and assess their effectiveness.
Better, Faster Spaghetti
It starts innocently enough: someone needs to build a new enterprise application that requires web services. The dev team has to think carefully about the services they need and then figure out how to build them and test them. In some cases, they use a REST API creation tool or adopt a specialized developer framework. Other internal and external teams may also use these tools, or perhaps something else, and over time they build lots of REST APIs for lots of new projects using different tools.
All of these services typically have different user-management systems, different security protocols, different parameter styles, and different requests and responses. They will be hardwired to various data sources, and designed to run on different pieces of physical infrastructure, in the cloud or on premises.
Using highly efficient REST API creation tools has an unintended consequence. Ironically, companies that use these tools hit the complexity wall harder and faster than they otherwise would have. The real problem is not how to build services quickly, but rather how to build the right services that can be reused for general-purpose application development across multiple projects.
Unfortunately, architecting a general-purpose REST API platform is a much more difficult problem than simply creating a bunch of web services. Only after building many applications will the proper design patterns become apparent, but most companies are unable to start over at that point.
One Proxy To Rule Them All
Some companies have tried to address the complexity problem by using API Management software. These systems allow existing REST APIs to be hooked up to a proxy server that can expose them in a unified way. Additional features include usage reporting, API throttling, and ecommerce gateways.
API Management can provide a unified interface for client application development, but it doesn’t address the core problem of back-end complexity. Instead, API Management actually adds an additional arbitration layer on top of the existing mess, which increases the overall complexity of the system.
API Management solutions also require an additional proxy server gateway, and this limits the runtime performance needed for mobile applications and high-volume transactions. This gateway becomes yet another system that further reduces the performance, scalability, and portability of the back-end infrastructure.
Fixing the Wrong End of the Stack
Another way to tackle complexity and data security is to implement Mobile Device Management (MDM). This approach attempts to sidestep the root cause of complexity by ignoring the server-side spaghetti and instead controlling data access from the client side. But as new mobile devices are deployed and employees demand flexible access to enterprise data sources, this strategy becomes more difficult to maintain.
Separate Client-Side and Server-Side Development Efforts
To really address the root cause of complexity, companies should control access to the source data, not the device. Then, developers can build any type of client application that they want, given the existing service architecture. This “decouples” client-side software development from server-side software development, and dramatically speeds the development cycle.
With a comprehensive REST API service platform, users come in through single sign-on and are assigned a role that governs data access. If they leave their tablet on a plane, an administrator can deactivate their session. Controlling data access from the server side "decouples" security concerns from any particular client device.
Back-end complexity limits portability, scalability, efficiency, and security. Powerful REST API creation tools compound the problem. Meanwhile, API Management and Mobile Device Management don’t address the root causes of complexity; they are just Band Aids for a festering problem that’s slowing you down and contributing to applications that are less reliable.
In my next post, I will discuss a new approach to building a general-purpose and reusable REST API platform, a universal data-access layer, and show how this modern approach dramatically reduces back-end complexity and provides a better, faster, and less costly way to build, secure, and maintain enterprise mobile and web applications.
I’d like to hear from you: have you seen or experienced the problems I outline above? How do you address these as you develop and deploy mobile applications?
Read part 3 of 4 in this series, "Building Reusable REST API Services."