Guest View: All the Web’s an API

By Mark O Neill

January 15, 2010 — (Page 1 of 4)
Software development for the cloud often involves coding against Platform as a Service (PaaS) services provided in the cloud. These PaaS services often are provided in tandem with Software as a Service (SaaS) websites, with Salesforce’s Force.com being a well-known example. But how can you leverage these PaaS services without becoming tripped up by security and service management?

The idea of using Web-based APIs is not a new one. In the past, we would have thought of it as screen-scraping a website. This was the enabling technology behind early sites for comparing airline prices from multiple airline sites, or combining search results from multiple search engines.

The problem with screen-scraping is that website owners didn’t necessarily want their sites turning into an API. They didn’t want their data to be harvested, so they tried to stop it. However, early measures, such as limiting access by client IP address, were easily defeated by tools.

Another issue is that screen-scraping is brittle; a small change in the site’s look or feel could break the data access methods. That’s where the concept of the managed Web API was born.

Web APIs would allow developers to write code to access a website programmatically, using HTTP GETs and parameters within query strings, but in a managed manner that benefits both the client and the service provider. For the client, a standard interface enables applications to be written to a well-defined interface, safe in the knowledge that the API will not change unpredictably. For the provider, management of the API through rate limiting puts a virtual “circuit breaker” on the API usage, preventing overuse by a single client.

Web APIs are PaaS services that allow a developer to use the Web as a platform, creating an application from pieces of functionality sourced from the cloud. Service providers can monetize their services by putting a usage and pricing model into place.

The convention for managing Web APIs is to use an API key. Developers are given an API key (or in the case of Amazon, two keys), which are used for the identification and authentication of requests sent to the Web API. Sites providing APIs also provide snippets of code in various languages (such as PHP, Java or C#) that let developers use the keys.

Related Search Term(s): APIs, cloud computing, security

Pages 1 2 3 4

Share this link: http://sdt.bz/34049

Technorati

Digg

Slashdot

Facebook

Friendfeed

Twitter

del.icio.us

Cloud computing is green computing Despite advances made in efficient power consumption, cloud's scalability is the best way to cut down on energy use

How can you stay one step ahead in security for the cloud? Frequently the biggest vulnerability of an application lies in the very code itself

Cigital Develops Ready-to-Use Tools for Securing the Smart Grid Cigital Inc. announced the release of the Guide to Developing a Cyber Security and Risk Mitigation Plan.

Comments

01/16/2010 03:47:32 AM EST

Here is an example of the tool that leverages Amazon S3 API. CloudBerry Explorer that helps to manage S3 on Windows . It is a freeware. http://s3.cloudberrylab.com/

United StatesAndy

Cloud computing is green computing
Despite advances made in efficient power consumption, cloud's scalability is the best way to cut down on energy use Read More...