I am starting to see a familiar pattern of big mistakes that companies make when developing a REST API strategy. This blog covers four myths and misconceptions that every enterprise architect should be aware of before creating their own RESTful services. I spend a lot of time talking to customers, and unfortunately the conversation often goes something like this...
1) Building Your Own REST API Is A Big Mistake
Me: Do you guys have RESTful services?
Customer: Yes, thousands of them.
Me: How did you build them?
Customer: Well, we bought some expensive software for that.
Me: Did it work?
Customer: Yes, unfortunately it did. Over the years our developers built many REST APIs. They are all different. They were built for specific projects. They all have different security protocols. They all have different user management strategies. They use our databases in different ways. They can't be easily moved. They are directly tied to specific pieces of infrastructure. It's a gigantic mess.
Me: Ouch. Building REST APIs is more difficult than people realize. It took us years to figure out how to handle scalability, security, portability, and reliability properly.
Customer: Some developers did a good job, and some didn't. Every consultant had their favorite method. All in all, we spent a lot of time and money building REST APIs, over and over again, for every new project. I wish our developers were focused on actually building the client software.
Me: With DreamFactory, you can hook up any database or storage system and we automatically generate the REST API for you. All of the backend data sources have a consistent interface. You can add new application features without the need to create new services.
Customer: What about portability from dev to test to production? Or from data center to cloud?.
Me: Since DreamFactory is an open source software package, you can install it anywhere. This really simplifies the deployment process. You can move an application between clouds, or swap out a database without disrupting the applications.
2) Creating A Custom Web Service Is A Big Mistake
Customer: But wait a second. What happens when you need a custom REST API?
Me: We have server-side scripting for special cases and advanced functionality. But if you design your application correctly, you will find that custom services are almost never needed. Let me ask you a strange question. Do you know what JDBC is?
Customer: Um, sure, that's the Java database connectivity interface for SQL.
Me: Do your developers ever rewrite it?
Customer: Never.
Me: Well, that's a good example of a comprehensive data interface that can handle a large number of application development scenarios without the need for any customization. We've done the same thing for REST, and have been building on top of this design pattern for over 10 years now. Let me give you an example. Our DreamTeam product management applications makes over 350 different calls to the backend database. But we didn't need a single new custom service to run that application on the DreamFactory Services Platform.
Customer: But what about legacy services?
Me: We can hook up any existing REST API and add it to the services palette. You get user management, roles and permissions, and a Client SDK for each service. This is an easy way to manage everything in one place.
3) API Management Software Is A Big Mistake
Customer: We tried to use API Management Software to clean up all of our services.
Me: Did it work?
Customer: Not really. The implementation was difficult. It's another layer on top of the existing mess. All it really does is control access. We ended up not using it.
Me: With DreamFactory, every new database or storage system automatically becomes another branch of the API tree. You can control which users see which services. There is record-level access control for both SQL and NoSQL databases. The Live API shows all the services organized in one place. There is no need for additional management.
4) Mobile Device Management Is A Big Mistake
Customer: I see how you organize the server side, but what about the client side? There are all of these new devices.
Me: I agree, you can't manage all the different phones and tablets out there. And you shouldn't try. Manage the data, instead.
Customer: What do you mean?
Me: When a user comes in through single sign-on, DreamFactory delivers only the data that they have the permission to see, based on their role. If they lose their phone an administrator can kill the session. They no longer have access to the data from any device.
Related reading: What Is API Access?
Customer: What about protecting the client application?
Me: I'm pretty skeptical about that. DreamFactory provides a secure proxy to backend data storage systems, and we hide the master credentials on the platform so that they are never needed in a client application where they could be compromised.
5) Finally, Something That's Not A Big Mistake
And so, there you have it. Don't waste time and money building your own REST API, purchasing API Management Software, or implementing Mobile Device Management. DreamFactory transforms any data source into a comprehensive palette of RESTful services. We support a wide variety of backend data sources including SQL and NoSQL, file storage systems, and external services. DreamFactory also generates client SDK code for every major development environment. Other important services include user management, application hosting, record-level access control, and server-side scripting. DreamFactory can be installed on any server, in the cloud, or on premises. We provide free and paid product support at our website, www.dreamfactory.com