© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

Leverage APIs to Create a Successful Enterprise Mobile App Strategy

2page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

THE PROMISE OF MOBILE (WITH HELP FROM APIs)In the early stages of the Web, the concept of the client/server framework began to receive attention as the driver of online activity and the backbone of Web-enabled transactions. Email and content consumption dominated what accounted for most transactions in those early days, while businesses rushed to provide a “destination” and consumers looked for the newest way to read, view or otherwise engage with the Web.

Client/server provided a relatively simple distribution model, and both users and enterprises recognized that there were all kinds of possibilities inherent in this type of infrastructure. So middleware and application servers became increasingly important as a way to do more than just serve content.

However, client/server required heavy custom client side downloads, which could quickly become out-of-sync from the server. Moreover it wasn’t a consumer friendly model. Client/server gave way to the Web, which ushered in a growth in consumer adoption of the internet, the most prominent of which was in ecommerce, social and online advertising with the likes of Yahoo, Google, Amazon and other major Web brands. The Web allowed both consumers and business users to access application and services. However a huge limitation

of the internet/Web model was that access was limited to desktops/PCs/laptops that were wired to either their offices or homes.

The recent growth in mobile and smartphone usage has unshackled users from their offices and homes, allowing them to access these applications and services from anywhere. Mobile applications also provided the additional context of who the user was, where he/

she was (geo-tagging, for example), which vastly improved the user experience. To enable this required multiple types of functionality

from different applications, and that forced companies to re-evaluate how they could differentiate their technology from their competitors and remain valuable in the eyes of their customers.

APIs are emerging as standard for externalizing applications and services for easy consumption through mobile devices.

SUMMARYThe opportunities inherent in mobile technology are dramatically changing the way that business gets done. Mass changes in organizational productivity and accessibility have translated into a completely new way for users to consume data, interact, and transact business online. Where this previously was the work of traditional packaged applications, our new mobile era means that work is being accomplished more efficiently and independently of location. Consumers are adopting smartphones and tablets as an alternative to desktops/laptops and using mobile apps to perform transactions through a user experience that is not only more appealing and simpler, but also provides additional context in terms of geo-location, social preferences and usability.

APIs are the foundational element of a mobile app strategy, and are necessary to truly get an enterprise’s massive amounts of data into a usable framework on a mobile device. While APIs are widely employed, there is still so much that they can offer that most enterprises have yet to take advantage of. In this paper, we provide an overview of how enterprises can set themselves up for success in the enterprise mobile app environment, and how they can use APIs as the foundation to do that. We’ll go into detail on how to plan, strategize, and consider the essential elements needed to successfully use APIs for your mobile enterprise.

3page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

• Channel: if one of your goals is extending your reach, then leveraging API’s to essentially establish a new channel by having your business’s core functionality available as an mobile app. If the API is usable, you’ll be able to take advantage of incremental exposure, which can turn into new purchases and use of your product.

Figure 1. An API extends data and transactions to dramatically increase the reach of your business.

THE STATE OF MOBILE IN THE ENTERPRISEThe rapid proliferation of mobile devices has already changed the nature of work. There’s recognition that an enterprise needs to connect with employees, customers and partners across multiple channels, wherever they are. Whether it is with customers who are accessing the services through a mobile device, employees who bring their own devices, or with company supplied tablets and smartphones, users are also demanding easy to use apps as the way to accomplish work-related tasks.

Some of this is driven by business necessity, and by the fact that technology offerings are enabling a more mobile workforce. Workers are remote more than ever, working out of their homes, shared office space, or while travelling for business. Meetings happen much less frequently in-person. At the same time, people are now so accustomed to using mobile devices to manage their personal lives, that it’s become almost second nature to operate the same way at work. The Yankee Group has noted that from 2011

APIs are both transforming the way we work, and also helping us adapt to technology’s evolutionary shifts. While they still play the essential role of connecting data and functionality from disparate applications, APIs have grown to a level of importance that we couldn’t have seen even ten years ago. Because of the simple and elegant structure they provide in the form of REST, APIs are now being increasingly used at the edge of your enterprise to make data and information available to mobile and web applications, connected devices, cars and enterprise applications. If you consider that the web was a great driver of the 21st Century economy till now, the connected mobile and Internet of things powered by APIs will be the driver for the future.

The concept of APIs has changed dramatically from their inception, and that’s encouraged a new paradigm for how they are being used. One thing that’s always been recognized as a feature of APIs is their great flexibility in serving almost any transactional use. Whether it’s delivery of internal, behind-the-firewall employee data, a personalized shopping engine, or retrieval of vast amounts of integrated content, APIs are recognized as the single most essential ingredient in enabling all of these types of activities. This is why the largest online vendors (Amazon, Zappos, Netflix), major B2B enterprises (Intel, Cisco, Boeing), and even smaller niche providers (Khan Academy, Bikesy, Mint) rely on APIs to operate their business.

The other, perhaps most important aspect of APIs, is their potential for monetization. In the context of what an API can provide via a mobile application, the real-life prospects are two-fold:

• Brand awareness: While your app will likely hold true value and potential as an actual revenue channel, the increased visibility of your brand through awareness on a tool that serves a users’ business needs (smart phone or tablet) should help to draw attention to your business, your capabilities and your ability to serve customers. Having your app available in a mobile environment provides a much different (and more profound) view of your brand.

Tablet

WebApp

MobileDevice Smart Phone

Connected Car

PartnerNetwork

Website

EnterpriseAppsCustomers

Partners

APIYourCompany

4page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

The ability to do this is a huge competitive advantage, and one that is increasingly mandatory for any organization conducting business online. This is why we see organizations as diverse as Virgin, Cisco, and Coca-Cola all delivering APIs so they can extend their business assets through their ecosystem.

A MOBILE API STRATEGY FOR YOUR ENTERPRISE (YOU’RE CLOSER THAN YOU THINK)Some organizations initiate their enterprise mobile strategy with a quick burst of panic. That’s totally understandable. They may be sitting on terabytes of data that are fed from hundreds of different applications, and the use cases for their applications are varied and constantly changing. The idea of targeting apps that deliver specific functionality can be overwhelming on first glance, but irrespective of how big your organization is, or what it’s trying to accomplish, if you look at your current IT infrastructure and assets, chances are you may already be set up for success.

Some organizations get into trouble because they think in grandiose terms – initiating a mobile API strategy doesn’t mean that you’re porting your entire platform to mobile. Break it down and you realize that you need to concern yourself with four essential elements:

• Backend Services and Applications: This forms the basis of what you want to surface in the mobile application – a combination of backend applications, data repositories, content management and social streams. This is really what provides functionality for your mobile app and has to be made available as APIs.

• Externalizing these services as APIs: You will need to externalize the services and applications above in the form of easily consumable and accessible APIs

to 2012, the proportion of U.S. employees who use a smart phone for work activities increased from 37% to 60%. The result of all of this is that there is not just widespread acceptance of mobile as a way to operate, but working in and with a mobile framework is now what is expected.

Figure 2. Growth in mobile traffic and usage

[source: Kleiner, Perkins, Caulfield and Byers]

This perfectly complements the inherent nature of API functionality; APIs act as a primary resource and enabler for extending an enterprise’s reach beyond its current limitations. Because of easy integration and rapid

delivery method, an enterprise can bundle assets along with those of partners and deliver them where users use them – which is increasingly on tablets and smart phones. As a result, API development has become more of a core operation of IT departments who want to provide their data to more people and encourage more interaction.

Internal data needs to be delivered beyond the firewall, and executable back into your data repository - and this needs to be done securely. The goal of the API is to combine assets and interaction from multiple sources to deliver a data-driven, context-driven, and/or transaction-driven result. As opposed to any other type of executable action, an API provides the greatest amount of flexibility to solve for a complex set of criteria (internal and external sources, different log-on capabilities and transactional capabilities required from various applications). Consider that the client is irrelevant because the data can be delivered in so many different ways. So if you know what you want to deliver, and realize that it can be rendered via a mobile device, then the API becomes the perfect broker for your data into the hands of users.

5page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

mobile form. Your infrastructure (and it might even be based completely on a client/server model) is already conducting some level of processing for all that data, so at this point, you’re really just looking for a way to extend it beyond where it’s traditionally been. An API makes that possible.

API

Figure 3. The landscape of enterprise data moving

from repository, through API, to mobile device

You’ll likely have a variety of data owners who provide different functionality but also use different ways of exposing their data. In the utilities space, a company providing service to hundreds of thousands of

customers needs a lot of specific data on each of those people - location, preferences, usage statistics. And pulling those together may require looking at formats as diverse as HTML pages and Excel spreadsheets. In order to combine all that data, do something meaningful with it, and render it on a mobile device, developers need a centralizing tool, which as we see, is the API. But while the developer’s job is made easier, the greater value (and greater in terms of the bottom line) is the ability to service more customers and do it in a more meaningful way. In some cases, multiple APIs will be needed, and this might be a place where a developer community solves the problem of connecting and collaborating among the developer community.

In a traditional context (desktop, on-premise), an API will help you bring together functionality from a lot of different apps. Consider the example of a manufacturing company that relies on a network of distributors for the majority of their sales. To maximize margins and reduce support costs, the company publishes a RESTful API that enables developers in the distributor companies to embed order placement instructions in their apps. Figure 4 shows a simple reference architecture for this type of environment.

• Developer Community: A Developer Portal for you to publish and share these APIs with a community of developers who can develop mobile applications. You want to foster a large community of developers and partners outside of your organization to build applications, while you focus on the core functional capabilities which can be monetized through these APIs.

• Security: You’ll need a platform that addresses authentication, authorization, and all other security, but you’ll want to do it in a way that provides greatest access and acceptability for your apps. That can be done with accepted standards like OAuth and OpenID.

• API Lifecycle: As you start rolling out multiple APIs, you will need an API Lifecycle management platform that not only manages the different versions of your APIs, but also the entire process of designing, developing, deploying, versioning and retiring APIs. Having a platform that enables complete end-2-end lifecycle management facilitates efficiency across all the stages of development and deployment, and ensures that business requirements are needs are effectively satisfied by developers.

• Client Application: This is where you develop the rendering of your app, using perhaps something like HTML5. As part of this, you need to consider how “heavy” or “light” you want your app to be. Will it address a lot of functionality through a series of screens, or will it focus on a specific activity?

The first thing to keep in mind is that apps exist to perform fairly basic functions. They transact, communicate, or deliver. Creating the functionality to do those things is becoming increasingly easier to do. But you can’t do any of these things if you have nothing worth communicating, transacting or delivering. So even before considering what you’re going to do with your mobile app strategy, you’re already sitting on a huge amount of intellectual property that can be leveraged in

6page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

CREATING YOUR ENTERPRISE MOBILE API STRATEGY The first step in understanding how to use APIs to deliver mobile enterprise solutions is to assess what you want to deliver. You’ll get the most valuable out of your enterprise API if there’s first a plan to meet specific business goals with it. You also want to distinguish between what you would do for a desktop app versus what you want to accomplish with a mobile app. Keep top of mind that your goal is to encourage participation and engagement at a level that can’t necessarily be achieved in any other environment than mobile.

Even before you begin to plan your mobile API specifics, you need to ensure that your strategy has given proper consideration to the main elements that are required to execute and manage a successful API, and to reap the most from your enterprise’s assets:

• Developer community: You need to establish a developer community that has communication, publishing, collaboration and distribution capabilities that support developers who build apps using your APIs. This may be the single most important factor in getting your API into the hands of more users.

• API Gateway: While it’s becoming easier to expose and consume Web services through a variety of different channels, for you to successfully implement an API, you need a tool that will enable simple enforcement of APIs, continuous monitoring capabilities, performance management, and assurance of high availability.

• Security: If your API isn’t secure, it can’t be used. So taking care of API security is something that needs to be addressed before any development happens. To that end, three essential elements must be included:

- Enterprise level OAuth: You need an OAuth authorization server so users can manage access rights for their data.

Figure 4

Reference architecture for manufacturing company that receives orders from distributors through a RESTful API

In using a RESTful API approach, each distributor is able to develop an app that allows their customers to place orders that will flow through to the manufacturer seamlessly. The app can call the manufacturer’s API to PUT orders, GET order information, POST changes, and DELETE orders. The ERP system can use the API to transmit changes in purchase orders (POs), refund information and perform other necessary tasks.Many benefits accrue to the business from using a RESTful API to connect distributors with ERP. Instead of performing a costly, time-consuming integration with each distributor, the API makes it relatively simple and streamlined to connect the distributors’ customers with the manufacturer’s actual ordering system. IT costs and time cycles come down. Revenue goes up. Customer service improves. And, while this type of standards-based integration was possible with SOAP Web Services, the RESTful approach is simpler on numerous levels. For one thing, REST is a much lighter weight protocol so it’s easier for mobile clients to use than the more bulky SOAP message format. The common syntax and community approach also allows for the formation of a community of developers amongst the distributors’ IT departments. As the community grows and shares best practices for using the manufacturer’s API, use of the API should increase.

Customers

RESTfulAPI

CustomersOrders

Invoices

TransactionsRevenue

Cash Journal

GeneralLedger

ERP

Orders

DISTRIBUTOR

App

OrderChanges

DISTRIBUTOR

App

OrderCancellations

DISTRIBUTOR

App

PaymentConfirmations

DISTRIBUTOR

App

PO Copyto Client

DISTRIBUTOR

App

RefundConfirmation

DISTRIBUTOR

App

PO Info

Payment Info

Order Info

Change Info

7page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

But consideration needs to be given to things like security (how will you provide access management to API publishers?), governance (industry standards, general oversight), lifecycle capabilities (do you want to truly manage all aspects of your API instance?), and promotion (how will you get developers to use your API and what do you need to give them to make their job easier?). Planning these crucial aspects will bring about more things to consider, and will now build requirements and assess the potential for user interaction. Time to market is important, but getting it right is far more so. Carefully constructed APIs will save you time later on, and they’ll give developers something useful and secure. The more you’ve planned for, the less developers have to worry about.

With goals and a clear strategy in place, and a team prepared to do development, you now need to clearly articulate in detail, the requirements for the API and how it will serve those goals. There are different methodologies for doing this, but we recommend first looking at several different types of artifacts to help define the requirements. These include:

• Use case models: It’s extremely important to understand the relationship of actors and use cases within a mobile context. These will be very different from those of a traditional app, and you need to provide clear definition to what is unique about the mobile piece of the app.

• Use cases: These will describe scenarios, but here again, they need to be done so with consideration of a mobile environment.

• User stories: These case-based scenarios will give you an understanding of specific interactions between the mobile app, the API and the user.

- Authtentication options: You’ll need to ensure your API can operate with a variety of authentication schemes, industry standards and token types.

- Cryptography: Ensure the privacy of customer data with sophisticated encryption and signature capabilities

SETTING THE PLAN IN MOTIONA key benefit to APIs is their flexibility. Because they can adapt and be manipulated, they can be used for multiple purposes, and this can be done without changing the fundamental nature of your API; usually some simple retooling may be all that’s required. But it is important to remain dedicated to your original intention when you’re doing your planning. Even though you’ll almost certainly be able to take advantage of your API’s flexible nature, you want to start your planning by identifying the following:

• What is the business purpose for the API?

• What do we want to achieve in a mobile context with our API that we can’t achieve in a different environment?

• Understand the cost-benefit outcomes for the business and intended users in a mobile context.

• Agree on the priority and delivery schedule for the API.

• Structure your business to support and manage the API.

After planning the initial steps of your mobile API, you’ll need to get more specific about requirements and implementation. Among your own data repositories, plus the added help of partners’ contributions, you’re already sitting on all of the data and content you’re going to need for at least your initial phase of app delivery. And, of course, the thing that will bring all that intellectual property together (irrespective of whether or not it’s delivered via mobile) and allow you to do something constructive with it is an API.

8page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

LET A THOUSAND FLOWERS BLOOM THE AKANA API MANAGEMENT PLATFORMWith a view towards open development and secure enablement of APIs for mobile, you’ll achieve a much better result if you establish your presence with a comprehensive management platform. Akana has been working with some of the world’s leading brands for more than a decade to help them increase their business reach through APIs and services. We’ve helped major enterprises create new channels for their mobile applications through our robust API lifecycle management solution.

Akana’s API Management platform considers all aspects of how APIs are used, and what enterprises can do to optimize them for mobile use. Our solution is built around the entire lifecycle of an API and optimizes how they are extended and governed, and addresses mobile applications and APIs in their entirety. The Akana API management platform includes tools that address the following:

Developer CommunityPerhaps the greatest advantage of using APIs to create a robust mobile environment is that you can leverage the work of other applications, APIs and development work to enhance your API offering. Because APIs are flexible and easy to develop with, they can be distributed widely and collaboration among other developers can give additional functionality that makes the API more usable (or, at least usable to more apps).

There will be considerations that are specific to mobile APIs. Even if your team has already developed APIs for mobile apps, it will be necessary to include these things as part of your planning process. Without them, you run the risk of delivering something that, while usable for an on-premise application, may not work at all in a mobile context:

• Inventory: Existing applications that will supply the API. This is an important point where both the organization’s business and IT goals should be considered. Get specific about the applications and repositories needed to achieve your goals, while balancing that with the IT capabilities that will allow you to get there quickly.

• Integration: What applications will be integrated, and how? What will ultimately be rendered through the API? This is an important point for IT to drive. Their input is key to knowing what can be done technically to deliver on the business goals.

• Device management: You’ll need to develop your mobile environment with a device management tool that provides centralized control of all company mobile assets, and ensure that updates, security and all aspects of governance are being addressed and met.

• BYOD: Bring-your-own-device is an increasingly popular way to enable mobile usage for an enterprise’s employees. In some cases it provides a lower TCO, but it also requires a great deal of security management. It will be important for you to understand the extent to which you’ll employ BYOD, and if you’ll use varying levels of access for employees and even, possibly, partners.

9page© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

Lifecycle ManagementLifecycle Manager for APIs enables enterprises to manage the entire process of designing, developing, deploying, versioning and retiring APIs. As mobile apps increasingly become more a part of the lifecycle of an enterprise’s API strategy, this tool becomes more important because it helps you look at your API irrespective of how it’s delivered. It helps track all elements of their API and services architecture, changing them as needed while maintaining a clear understanding of underlying interdependencies. This holistic perspective can only be achieved through effective development governance and thorough management.

CONCLUSIONThe businesses that stand to reap the greatest benefits with mobile APIs aren’t necessarily the ones that gain the earliest foothold in connecting apps to users. Rather, success will be realized by those who best understand how to apply and execute on a smart enterprise mobile API strategy. If you are now, or plan to, develop and deliver mobile enterprise apps through APIs,

you can be successful by leveraging much of what already exists within your current business and IT landscape. You’ll need to align your goals

with compatible security policies, share your data across domains, and consider the multiple levels of applicability that your API will access. The level of difficulty depends on how complex your app is, but knowing how to correctly use APIs to deliver on your goals will be an essential element of being successful in delivering mobile apps for the enterprise.

The platform provides a comprehensive portal product for developers to collaborate and share data and functionality, as well as well as security, monitoring, management, lifecycle, and gateway capabilities. As applications increasingly take on the ability to be accessed on mobile devices, it will be through the work of developers that this will happen. Developer Community Management gives you the ability to provide a connecting point to manage, share and promote your APIs in a secure, scalable environment. You can manage your own community with it, or use it to plug in to existing developer communities.

SecurityIrrespective of how your API will be put to use, security will be an essential component of your strategy. Without protecting sensitive data, and ensuring that only authorized apps and data sources are accessed by the right people, you’ll be unable to deliver on what your API promises. The Akana API management platform provides a security solution that has a wide range of authentication schemes, standards and token types to ensure that only valid users and apps can access your APIs. Additionally, the platform provides an enterprise-level OAuth tool so your users can manage access rights for their own data.

AnalyticsKnowing who’s using your API and what they’re doing with it will help you refine your offering and ultimately provide a better solution for your users. Akana’s API Management Traffic Monitoring tools enable you to monitor usage and understand how your customers are using your API. In addition, you’ll be able to quickly identify and fix problems that will ensure your customers are getting the greatest possible benefit from your API.

Disclaimer: The information provided in this document is provided “AS IS” WITHOUT ANY WARRANTIES OF ANY KIND INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT OF INTELLECTUAL PROPERTY . Akana may make changes to this document at any time without notice . All comparisons, functionalities and measures as related to similar products and services offered by other vendors are based on Akana’s internal assessment and/or publicly available information of Akana and other vendor product features, unless otherwise specifically stated . Reliance by you on these assessments / comparative assessments are to be made solely on your own discretion and at your own risk . The content of this document may be out of date, and Akana makes no commitment to update this content . This document may refer to products, programs or services that are not available in your country . Consult your local Akana business contact for information regarding the products, programs and services that may be available to you . Applicable law may not allow the exclusion of implied warranties, so the above exclusion may not apply to you .

© 2001 - 2015 Akana, All Rights Reserved | Contact Us | Privacy Policy

About Akana Akana is a leading provider of API Security and Management products that help businesses plan, build, run and share APIs, through comprehensive cloud and on-premise solutions that encompass API lifecycle, security, management and developer engagement. The world’s largest companies including Bank of America, Pfizer, and Verizon use Akana solutions to transform their business. For more information, please visit http://www.akana.com

Akana, API Gateway, Community Manager, Lifecycle Manager, Policy Manager, Portfolio Manager, Repository Manager, Service Manager, and SOLA are trademarks of Akana, Inc . All other product and company names herein may be trademarks and/or registered trademarks of their registered owners.

12100 Wilshire Blvd, Suite 1800Los Angeles, CA 90025866-762-9876www.akana.cominfo@akana.com