|By Mark O'Neill||
|August 11, 2012 05:00 AM EDT||
But one thing all these APIs have in common is that information about them is publicly available, to anyone, and anyone with the right credentials can use them. APIs which are used inside organizations, or within groups of trading partners, are not mentioned. At the Cloud Identity Summit last month, Romin Irani from Cisco called these "Dark API's". The analogy is with Dark Matter. It's all around us, but we can't see it. Organizations are using enterprise APIs, which the outside world may not know about. Same goes for APIs used within products. I've written before, back in 2009, about why there isn't a Pandora API. Fast forward to 2012 and Pandora still doesn't have a public API. It doesn't fit their business model to have one [something that's worth a whole blog post in its own right]. But you can bet Pandora has their own API definitions they use internally. Effectively, that's a "dark API" too, even though it's for an entertainment service. So the distinction is not about "Enterprise versus Consumer" anymore (echoes of Eve Maler's excellent OAuth 2 piece)
For many of Vordel's API Server customers in the healthcare and financial transactions sectors, it doesn't make sense to have a "Public API". But they still want to leverage the benefits of APIs (e.g. for a HMO to talk to its hospitals). Eric Knipp from Gartner has been doing some really good research on this, about the distinction between "Public APIs" and "Enterprise APIs". Whatever terms we end up using ("Dark APIs", "Enterprise APIs"), it's definitely a conversation worth exploring.
- APIs - the weak security link in IoT / Home Automation - How an API Gateway can help
- API Security - protecting yourself from being the next breach - Boston API Craft Meetup
- "Beyond the OWASP Top Ten" - watch the session recording by Smartbear and Axway
- Return of the XML Bomb
- API First, beyond "portal first", for Electronic Health Records
- Jill Tummler Singer of the CIA Speaks on "Cloud Safety" : +1
- Securing Web Services
- We Know Web Services Need Security, But What Type?
- Cloud Computing in Practice
- XML Without Wires - Part 1 of 2
- Connecting to the Cloud in Chinese: 连接到云
- Google Says "Cloud Computing Is" ...
- Maureen O'Gara at Cloud Computing Journal on the Vordel Cloud Service Broker
- Vordel Connects SOA to the Cloud
- Connecting to the Cloud in Japanese - クラウドに接続する