The API Economy
Transcription
The API Economy
The API Economy HOW BITS OF CODE EMPOWER BUSINESS RELATIONSHIPS Application programming interfaces (APIs) are bits of code that can integrate clouds and mobile devices; extract knowledge from social networking; and make productive and profitable use of the Internet of Things. Savvy enterprises and creative developers are using them to create new business models and new businesses that are now being referred to as the ‘API Economy.’ KEY FINDINGS Managing APIs is becoming important because their numbers are expanding exponentially. Managing APIs in a one-off fashion, as has been the case, is now impractical. Venture-backed API management vendors have appeared in recent years to tackle API management challenges. Their platforms include capabilities to simplify and automate how APIs are designed, coded and documented; how API distribution is managed; how API use can be controlled by developers; and how data access is enabled and performance controlled. There are several architectural gaps in current API management technology of which buyers and investors should be aware. The term ‘API Economy’ was coined by API technology vendors eager to sell their wares by describing how enterprises can expose data and applications to business partners and consumers through APIs. Several related IT markets are in the process of convergence. Common to the technology needs of all are APIs and how best to manage them. We believe this market convergence will trigger another round of venture funding and vendor acquisitions in 2015-16, similar to what occurred in 2012-13. © 20 1 5 4 5 1 R E S E A R C H , L LC A N D/O R I T S A F F I L I AT E S . A L L R I G H T S R E S E R V E D. 2015 i 451 RESEARCH ABOUT 451 RESEARCH 451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, we provide essential insight for leaders of the digital economy. More than 100 analysts and consultants deliver that insight via syndicated research, advisory services and live events to over 1,000 client organizations in North America, Europe and around the world. Founded in 2000 and headquartered in New York, 451 Research is a division of The 451 Group. © 2015 451 Research, LLC and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication, in whole or in part, in any form without prior written permission is forbidden. The terms of use regarding distribution, both internally and externally, shall be governed by the terms laid out in your Service Agreement with 451 Research and/or its Affiliates. The information contained herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss legal issues related to the information technology business, 451 Research does not provide legal advice or services and their research should not be construed or used as such. 451 Research shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its intended results. The opinions expressed herein are subject to change without notice. New York London 20 West 37th Street, 6th Floor New York, NY 10018 Phone: 212.505.3030 Fax: 212.505.2630 Paxton House (5th floor), 30 Artillery Lane London, E1 7LS, UK Phone: +44 (0) 207 426 0219 Fax: +44 (0) 207 426 4698 San Francisco Boston 140 Geary Street, 9th Floor San Francisco, CA 94108 Phone: 415.989.1555 Fax: 415.989.1558 1 Liberty Square, 5th Floor Boston, MA 02109 Phone: 617.275.8818 Fax: 617.261.0688 © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy ii TABLE OF CONTENTS SECTION 1: EXECUTIVE SUMMARY 1 1.1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 KEY FINDINGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.3 METHODOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 SECTION 2: APIS – INTEGRATORS AND BUSINESS ENABLERS 4 2.1 WHAT ARE APIS, AND WHY ARE THEY IMPORTANT? . . . . . . . . . . . . . . . 4 2.2 DEFINING THE API ECONOMY . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.1 API Publishers and Consumers . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 2.2.2 API Business Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 SECTION 3: HOW ARE APIS CREATED AND MANAGED? 8 3.1 THE ANATOMY AND QUALITY OF AN API . . . . . . . . . . . . . . . . . . . . 8 3.1.1 SOAP vs REST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3.2 SERVICES-ORIENTED ARCHITECTURES . . . . . . . . . . . . . . . . . . . . 10 3.3 API DESCRIPTION LANGUAGES . . . . . . . . . . . . . . . . . . . . . . . . 11 3.4 THE ANATOMY OF AN API LIFECYCLE MANAGEMENT PLATFORM . . . . . . . 12 3.4.1 The API Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 3.4.2 API Lifecycle Management Platform Architecture . . . . . . . . . . . . . . . . 14 3.4.3 Architectural Gaps and Market Opportunities . . . . . . . . . . . . . . . . . . 14 SECTION 4: 20 API VENDORS TO WATCH 18 SECTION 5: POTENTIAL ACQUIRERS AND TARGETS 26 Figure 1: Deals Involving API Management Platform Vendors, 2012-13 . . . . . . . . 27 5.1 MARKET EVENTS THAT MAY DRIVE M&A . . . . . . . . . . . . . . . . . . . . 27 5.2 POTENTIAL ACQUIRERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 5.3 POTENTIAL TARGETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 INDEX OF COMPANIES 32 © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 1 451 RESEARCH SECTION 1 Executive Summary 1.1 INTRODUCTION Why are something so technical and as seemingly minute as application programming interfaces (APIs) drawing so much attention among business leaders, IT professionals and investors? Because they are more than just the means to link systems and applications. They are also business enablers – economic engines, if you will – that fuel applications, devices and things with data. They enable the execution of business processes and commerce transactions among partners, suppliers and customers. They span disparate and distributed technologies, architecture and infrastructure. They can extract knowledge and disseminate information for rapid response. API management platforms are emerging as next-generation services-oriented architecture (SOA), technology intended not only to manage the design and development of APIs, but also govern their use as economic enablers within what some now refer to as the API Economy. In this context, APIs are considered to be products, created and offered to generate new business and new business value, establish competitive advantage and open new markets. They are likely to compose the integration foundation upon which many 21st-century enterprises will be built. Business leaders and IT professionals are now considering how APIs can be used to transform their companies. 1.2 KEY FINDINGS • Managing APIs is becoming important because their numbers are expanding exponentially. This is caused by the proliferation of SaaS offerings and the imperative to link them with on-premises applications; the expansion of mobile computing, social media and Internet of Things (IoT) devices; the anticipated migration of IT from on-premises datacenters to private and hybrid clouds; and the desire by organizations to syndicate their content and integrate e-commerce systems (websites) with affiliate partners. Managing APIs in a one-off fashion, as has traditionally been the case, is now impractical. • Venture-backed API management vendors have appeared in recent years to tackle API management challenges. The savviest vendors are smaller firms with closely knit ties to developer communities. Such vendors are now building out comprehensive API lifecycle management frameworks. Their platforms include capabilities to simplify and automate how APIs are designed, coded and documented; how API distribution is managed; how API use can be controlled by developers; and how data access is enabled and performance controlled. • The term ‘API Economy’ was coined by API technology vendors eager to sell their wares by describing how enterprises can expose data and applications to business partners and consumers through APIs. E-commerce was an early driver for expanding API use. It called for various business partners such as retailers, suppliers, banks and parcel carriers to integrate their respective systems to execute an end-to-end ‘order-to-receipt’ business process. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 2 • There are two sides to the API Economy, where APIs are considered as products. Publishers create APIs, and can also be considered as ‘sellers’; consumers use or subscribe to APIs, and can be considered as ‘buyers.’ The publish-and-subscribe business model is at the heart of the API Economy. The tools and feature sets needed within API management platforms will differ based on the unique needs of publishers and consumers. • When analyzing the offerings of various vendors across the API market, we note several architectural gaps in current API management technology of which buyers and investors should be aware. They represent opportunities to enable competitive differentiation for current API platform vendors or new entrants, and potential avenues for investment. • Several related IT markets are in the process of convergence. Vendors offering application development environments, DevOps frameworks, data and application integration technology, PaaS and iPaaS offerings are reaching into each other’s domain. Common to the technology needs of all are APIs and how best to manage them. We believe this will likely trigger another round of venture funding and vendor acquisitions in 2015-16 similar to what occurred in 2012-13. 1.3 METHODOLOGY This report on the API Economy is based on a series of in-depth interviews with a variety of stakeholders in the industry, including IT managers at end-user organizations across multiple sectors, technology vendors, managed service providers, telcos and VCs. This research was supplemented by additional primary research, including attendance at a number of trade shows and industry events. Reports such as this one represent a holistic perspective on key emerging markets in the enterprise IT space. These markets evolve quickly, though, so 451 Research offers additional services that provide critical marketplace updates. These updated reports and perspectives are presented on a daily basis via the company’s core intelligence service – the 451 Market Insight Service. Forward-looking M&A analysis and perspectives on strategic acquisitions and the liquidity environment for technology companies are also updated regularly via the Market Insight Service, which is backed by the industry-leading 451 M&A KnowledgeBase. Emerging technologies and markets are also covered in additional 451 channels, including Datacenter Technologies; Storage; Enterprise Platforms & Infrastructure Software; Networking; Information Security; Data Platforms & Analytics; Development, DevOps & Middleware; Social Business Applications; Service Providers; Cloud & IT Service Markets; European Services; Multi-Tenant Datacenters; Enterprise Mobility; and Mobile Telecom. Beyond that, 451 Research has a robust set of quantitative insights covered in 451 products such as ChangeWave, TheInfoPro, Market Monitor, the M&A KnowledgeBase and the Datacenter KnowledgeBase. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 3 451 RESEARCH All of these 451 services, which are accessible via the Web, provide critical and timely analysis specifically focused on the business of enterprise IT innovation. This report was written by Carl Lehmann, Research Manager, Enterprise Architecture, Integration & Business Process Management. Any questions about the methodology should be addressed to Carl Lehmann at: [email protected]. For more information about 451 Research, please go to: www.451research.com © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 4 SECTION 2 APIs – Integrators and Business Enablers APIs are bits of code designed to enable data to be exchanged between systems, applications and devices. Since the inception of cloud computing in 2006, the number and types of APIs in use have exploded exponentially. For the most part this has been due to the need to connect SaaS offerings with on-premises applications, and to power mobile applications with the data they need. In fact, APIs have limitless uses. Savvy enterprises and creative developers use APIs to exchange data and integrate applications with business partners, suppliers and customers. This helps create new business models and businesses, and it accelerates commerce transactions among trading partners. Examples are everywhere: The travel and hospitality industries share data to book more guests. Retailers, product suppliers, banks and shippers connect applications to enable online ordering and overnight product delivery. Indeed, we truly would be lost if we couldn’t ask our smartphone to direct us to the nearest barista. This is the new economy, and it is driven by many things, but its common denominator is a few bits of code that enable what some now call the ‘API Economy.’ 2.1 WHAT ARE APIS, AND WHY ARE THEY IMPORTANT? Modern cloud services, mobile applications, social media and embedded software in the Internet of Things (IoT) are assembled from multiple bits of discrete code – building blocks, if you will – that comprise a system or application. For the building blocks to function together they must communicate and exchange data based on rules that describe how they work. When in operation, they must execute consistently, within thresholds of performance, and be controlled when variance or change occurs. In so doing, such bits of code become reusable services that can be called upon by other systems and applications. Such is the role of an API. An API is a set of routines, protocols, instructions and tools for building and integrating applications. APIs specify how software components exchange data and interact. There are many types of APIs, such as those designed to handle data, transactions, application integration and user interfaces (UIs), among others. Managing APIs is becoming important. Why? Because their numbers are expanding exponentially, caused by the proliferation of SaaS offerings and the imperative to link them with on-premises applications; the expansion of mobile computing, social media and IoT devices; the anticipated migration of IT from on-premises datacenters to hybrid clouds; and organizations’ desire to syndicate their content and integrate e-commerce systems (websites) with affiliate partners. Managing APIs in a one-off fashion, as has traditionally been the case, is now impractical. In 2005, there were fewer than 100 open APIs (meaning they were published by organizations that were seeking firms and developers to integrate with their data and applications). Today, that number has inflated into the tens of thousands. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 5 451 RESEARCH APIs are not new. They have long been used within enterprises as common behind-the-scenes technology used to access databases, make queries and enable application-to-application (A2A) integration behind firewalls. However, because the number and types of APIs continue to grow and new uses are developing, a new set of IT challenges has emerged – how to manage the quality of collaborative API design, development and performance; secure and enforce usage policies; and monetize, audit and scale the deployment of APIs in and among enterprises, consumers and technology domains including smartphone apps, tablets, browsers, middleware, legacy applications and anything else capable of HTTP. Venture-backed API management vendors have appeared in recent years to tackle such challenges. Their platforms include capabilities to simplify and automate how APIs are designed, coded and documented; how API distribution is managed; how API use can be controlled by developers; and how data access is enabled and performance controlled. Established IT vendors and service providers are realizing the importance of such technology. Moreover, they are beginning to invest in development efforts and acquisitions to shore up their product portfolios in response to the actions of their rivals, and how enterprises are now pursuing digital channel relationships in the API Economy. 2.2 DEFINING THE API ECONOMY Technological advances in cloud, mobile and social computing have caused many enterprises to rethink how they deliver value to customers, how they extend their reach to new customers, and how they can enter new markets. To be honest, however, few companies actually refer to these efforts as means to participate specifically in an API Economy. The term ‘API Economy’ was coined by API technology vendors eager to sell their wares by describing how enterprises can expose data and applications to business partners and consumers through APIs. E-commerce was an early driver for expanding API use. It called for various business partners such as retailers, suppliers, banks and parcel carriers to integrate their respective systems to execute an end-to-end ‘order-to-receipt’ business process. While APIs play a vital role, other IT vendors with application- and data-related software will refer to the phenomenon as the App Economy (because applications enable user interaction and transactions) and the Data Economy (because nothing happens without data). Of course, they’re all right. However, the common denominator needed to tie all of these pieces together is increasingly becoming the API. Perhaps the most successful example of the API Economy can be found among several highprofile brick-and-mortar and online retailers such as Lowes, Home Depot, Amazon and Zappos. They use APIs to expose their website e-catalogs to their suppliers to exchange product and pricing data. APIs also enable a distributed business process that allows online orders to be taken, processed, paid and delivered across the retailer, supplier, bank and courier supply chain. The retailers benefit by offering their customers a greater product selection (by linking to supplier e-catalogs) without having to carry inventory costs. Suppliers benefit by exposing © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 6 their products at low cost to a broad range of retail channels, banks benefit through credit card transaction fees and couriers increase their volume of package delivery. Each participant in this supply chain generates revenue at low cost, all enabled through various APIs that foment the API Economy. 2.2.1 API PUBLISHERS AND CONSUMERS There are two sides to the API Economy: Parties that wish to expose data, applications and services to third parties are API publishers, while parties that use the APIs are API consumers. For example: • Google developed and published an API that lets developers embed (consume) Google Maps on Web pages and mobile devices. • YouTube developed and published an API that lets developers integrate (consume) YouTube videos into websites and applications. • Twitter published an API that allows developers to access Twitter data, and another API to interact with and search (consume) it. • Amazon published its Product Advertising API to enable access to its product selection and discovery capabilities, enabling companies to advertise and sell Amazon products on their own websites. When the APIs are paid for, the consumer becomes a subscriber. Indeed, the terms ‘consumer’ and ‘subscriber’ are used interchangeably by many. We prefer to make a distinction between developers that pay to use APIs and those that do not. It becomes important when APIs are developed as products and offered via the various business models noted below. Publishers can also be considered ‘sellers’ and consumers can be considered ‘buyers.’ The publish-and-subscribe business model is at the heart of the API Economy. Moreover, the tools and feature sets needed within API management platforms will differ between developers that create and publish APIs, and those that consume or subscribe to them – a topic we address later in our discussion of API lifecycle management. 2.2.2 API BUSINESS MODELS Business models in the API Economy can be structured into four general classes: free to use, pay to use, get paid to use, and by the use. In a free-to-use model, APIs are freely made available to developers, typically to attract a development community or promote APIs to incite various product/service cross-sell and upsell opportunities for the API publisher. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 7 451 RESEARCH In the pay-to-use business model, the developer has to pay for the API. There are several variations to this model: • In a freemium variant, developers can access a basic version of the API for free and later upgrade to a more comprehensive version that is unrestricted or is supported in other ways. • In a pay-as-you-go variant, developers only pay as the API is being used, or called. It is a common model for cloud-based APIs, and in use cases that dynamically scale up or down based on need or demand. • In a call-based variant, developers’ payments are determined by the number of API calls. API calls may be grouped into various call types and billed based on the type (e.g., get, post, query, et al.) and/or usage volume (e.g., per 1,000, or 1 million API calls per unit of time, typically monthly). Payment models based on usage volumes are also sometimes referred to as a tiered pay-to-use business model. • In the transaction fee variant, the API publisher earns a percentage from the transaction fees executed via its API that are charged by the developer. In the get-paid-to-use business model, the developer is paid by the API publisher based on a revenue-sharing agreement for affiliate partner arrangements. It is typically used in advertising and paid based on end-user actions, clicks and/or customer leads. It can be structured as one-time fees or recurring fees for ongoing subscription customers. The by-the-use model more broadly addresses various other ways of indirect payment or revenue for things such as content acquisition, SaaS integration and content syndication. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 8 SECTION 3 How Are APIs Created and Managed? 3.1 THE ANATOMY AND QUALITY OF AN API To understand an API, it might be best to think of it as an instruction manual. The instructions include a protocol that describes how to establish communication between applications and services; methods to authenticate a valid data exchange; the structure of a request message that calls out the operations to perform; techniques to process the operations and messages; the means to return a response; and how error handling works should anomalies occur. Most APIs perform a few basic operations or actions. They post data (create and/or update), read data (e.g., make queries) and delete data. Collectively these operations are affectionately referred to as ‘CRUD’ (Create, Read, Update and Delete). APIs are by no means limited to these operations, but they represent the core actions most APIs perform. Well-designed and documented APIs make it easier for developers to use such operations to develop applications and fuel them with the data they need. An API’s instructions may be embodied in an API contract that calls out the terms and conditions that govern its use. A contract is a collection of metadata that describes various characteristics of an API. It can include the purpose and function of its operations; the messages that need to be exchanged to engage operations; data models used to define the messages, including validation rules; the conditions under which the operations are provided; and information about how and where the API can be accessed. API contracts can also help codify the business relationships between trading partners that can call out the business model, fees and terms for payment when APIs are sold as products and/or when APIs are used to enable commerce transactions among trading partners. The quality of API design has emerged as a critical issue because poorly designed APIs are costly and labor-intensive to support, and are likely to go unused. Poorly designed APIs fall prey to common oversights such as when API documentation uses ambiguous language to describe the role and purpose of API functions, operations or actions; is overly complex, making future changes to the API difficult; fails to use actions already available via HTTP (as in RESTful API design – noted below) thus creating redundancy, overlap and confusion, especially when using and interpreting errors codes; and/or is incomplete in ways that cause developers to create their own workarounds to execute the operations required. When an API is called, developers want to be able to predict what will happen. Poor or incomplete documentation will require developers to read through the API code itself, where they are likely to find and make mistakes with workarounds developed by trial and error. Poorly designed APIs are likely to be overlooked by third-party developers. This hinders a company’s ability to expose and monetize its data and services. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 9 451 RESEARCH A trend has emerged in recent years to address API design challenges and quality control. API developers are making greater use of the API description languages noted in Section 3.3. Most API management vendors support one or more of the description languages and/or have created design and development tools of their own for such purposes. Indeed, these improved tools are helpful and productive. However, many API developers today are also interested in simplifying their efforts and making sure that the APIs they publish or consume are lightweight and minimize IT resource overhead on the infrastructure upon which they execute. This has fomented a trend toward a RESTful design preference for APIs. 3.1.1 SOAP VS REST There are several protocols used for APIs today, including Simple Object Access Protocol (SOAP), Representational State Transfer (REST), JavaScript, HTTP and XML-RPC. An API protocol defines a set of rules for requesting information from a server using specific techniques. SOAP and REST are the most widely deployed. Roughly 65% of APIs deployed today are developed using REST and 25% use SOAP. REST has become the protocol of choice among developers, but it does not eliminate the need for SOAP. Choosing a protocol to craft an API depends on how the API will be used. SOAP was originally developed by Microsoft to replace older technologies that did not work well on the Internet (e.g., Distributed Component Object Model [DCOM] and Common Object Request Broker Architecture [CORBA]). SOAP relies exclusively on XML to provide messaging services. It was also designed to support expansion, so it is capable of handling several Web Services Standards (defined by W3C) such as WS-Addressing, WS-Policy, WS-Security, WS-Federation, WS-ReliableMessaging, WS-Coordination and WS-AtomicTransaction, among others. REST is described as a stateless, client-server, cacheable communications protocol. A ‘state’ is information that describes where the user is in an interaction. ‘Stateless’ means that the server does not store any state information about what the client is doing. Rather, state is passed around to every place that needs it. This is the ‘State Transfer’ part of REST. This distributes session management workloads across all clients, and servers don’t become bogged down with handling state logic. For example, when browsing ‘image 5’ in an image gallery, the client (browser) cannot simply send a ‘next’ request to the server. Rather, it must request ‘image 6’ because the server did not remember the state of what was being viewed (image 5). The client maintains state information enabling servers in so-called RESTful designs to be capable of handling millions of users. The ‘client-server’ design of REST typically means a browser and a Web server are used. ‘Cashable’ means that clients can cache server responses, and because responses are cached, client-server interactions can be reduced considerably, improving scalability and performance. REST was created as a simplified alternative to other more complex protocols like SOAP. The four common actions typically encoded in most APIs (i.e., CRUD) map directly to established HTTP actions like Get, Post, Put and Delete. Rather than reinvent the wheel for such actions, REST just makes better use of HTTP. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 10 SOAP is needed in highly secure ecosystems like banking, for example. It supports security tools that most Web services do not need. SOAP also supports ACID (atomicity, consistency, isolation, durability) transactions – technology that guarantee database transactions are processed reliably. REST is limited by HTTP, which can’t provide twophase commit across distributed transactional systems. SOAP messaging techniques are also more reliable. REST calls upon clients to address communication failures by retrying. SOAP uses successful/retry logic and provides end-to-end reliability. REST supports many different data formats such as JSON, whereas SOAP only supports XML. JSON usually is a better fit for data, is more ‘readable’ by humans and parses faster. We make note of these differences because REST is fast becoming the most popular protocol for network applications development and integration, and in API designs. Nevertheless, it is not practical in all cases, so support for SOAP will still be a requirement for enterprises and vendors of API management platforms. 3.2 SERVICES-ORIENTED ARCHITECTURES Many API management platforms originated from earlier SOA technologies. HTTP and HTML Web-based applications are composed as sets of software objects and components referred to as ‘Web services.’ SOA technology was originally developed to manage and govern the creation, deployment and use of Web services to assure quality of function and interoperability. SOA offerings from vendors were, by and large, application development environments that included design and execution governance practices and controls. However, due to their cost and complexity, and because many enterprises had already invested heavily in early integrated development environments (IDEs) and packaged business applications (e.g., ERP, CRM, supply chain management [SCM]), SOA stumbled in the market. But it did not fall. Rather, it is in a process of a metamorphosis. APIs are akin to Web services. However, in many cases, they were developed independently, isolated from a system of rules that govern their designs and execution. As a result, API quality, completeness, reliability, performance, documentation and change management has been difficult and costly. The growing demand for and use of APIs has spawned the need for API lifecycle management and is resurrecting SOA-based technology and platforms. In some ways, API management vendors can be considered nextgeneration SOA vendors. They help bring order to API design in ways very similar to how SOA technology manages and governs Web and application services. Several vendors early to the API market actually originated in the SOA market, such as Akana (formerly SOA Software) and WSO2. But early SOA-based offerings lacked some of the sharing (publish/subscribe), management and analytics unique to API deployment and use. SOA vendors began to retrench with specialized API offerings, and new entrants came to market such as 3scale, Apigee, Layer 7 (acquired by CA Technologies), Mashery (acquired by Intel), MuleSoft and Vordel (acquired by Axway), among others. They sought to bring to market a comprehensive platform for API lifecycle management. Essentially, © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 11 451 RESEARCH API management technology embraces and complements SOA principles in application development and in emerging DevOps (converged application development and IT operations) environments. It is becoming a critical platform upon which next-generation cloud, mobile, social and IoT services will be developed. 3.3 API DESCRIPTION LANGUAGES APIs can be written in many programming languages and be structured in many ways. However, to be effective, they must be easily interpreted by the developers who use them to access and expose data between systems and applications. As noted, many APIs are poorly designed and documented, making them difficult to use and expensive to maintain. To remedy these shortcomings, the open source community contributed to the development of a series of API description languages. At the heart of most vendors’ API management platforms is an API description language. API description languages are a category of programming languages used by software developers for building applications that include APIs used to share data or functionality. They include capabilities to describe endpoints, resources, HTTP methods and representations; produce documentation and generate client software developer kits (SDKs); create server skeletons, test suites and mock servers; and enable discovery, provide version controls and facilitate security (among other functions). APIs designed using an API description language are easier to manage, collaborate on and use. API description languages were spawned from earlier predecessors designed to construct Web services, namely WSDL and WADL. Web Services Description Language (WSDL) was submitted to the W3C in 2001 by IBM, Microsoft and Ariba as an XML language for describing Web services in conjunction with SOAP. Web Application Description Language (WADL) was developed as an alternative to WSDL with specific support for RESTful Web services. It was developed at Sun and submitted to the W3C in 2009 but not standardized by the consortium. Neither of these were very ‘human-readable,’ making them difficult to use, and as a result they were not widely adopted. WSDL is still used for SOAP-based services. Several API description languages that have made improvements over WSDL and WADL are in use today. The most common are Swagger (sponsored now by SmartBear), RAML (RESTful API modeling language, sponsored by MuleSoft) and API Blueprint (sponsored by Apiary). Swagger is the most widely used, followed by RAML. All are relatively new. The initial open source commit for API Blueprint was in April 2013, and RAML was September 2013. Swagger is more mature, committed in July 2011. Each has similar functionality but they differ in several ways, most notably in the data formats they support. API Blueprint supports Markdown, RAML supports YAML and Swagger supports JSON. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 12 Several other open source API description languages projects are also underway: • ApiAxle sits in front of APIs and provides services such as rate limiting and key authentication. It’s designed to be installed on-premises rather than in a cloud to enable control over data ownership and costs. • API Umbrella is an API management platform that automates access control, rate limiting, documentation and analytics (among other features). APIs running on different servers or written in different programming languages can be exposed at a single endpoint for the API consumer. It acts as a layer above APIs so code doesn’t need to be modified to take advantage of API Umbrella features. • DreamFactory is a software package for mobile application developers. It functions as a middleware platform that connects any data source to any device. It creates REST APIs for legacy SQL databases, client SDKs for major development languages and server-side scripting for customization and workflow. • Kong was recently contributed to the open source community by Mashape. It’s an API gateway that intermediates API communications between clients and (micro)services. It is composed of a Kong Server – an nginx-based server (high-performance load balancing) for receiving API requests – and Cassandra for storing operational data. • Red Hat recently launched its open source apiman project for API management that will craft an API design and configuration layer capable of high-speed runtime. • Restlet is a RESTful Web API framework for the Java platform used for both server and client Web applications. • Tyk is a lightweight API gateway that enables developers to control access to APIs and record detailed analytics on users and uses. Like ApiAxle, it sits in front of applications and manages authorization, access control and throughput limits. 3.4 THE ANATOMY OF AN API LIFECYCLE MANAGEMENT PLATFORM 3.4.1 THE API LIFECYCLE An API lifecycle, like many IT lifecycles, is composed of several phases. In general, these phases include design, development, testing, integration, deployment, management, monitoring and archiving/retiring. In cases where APIs are used to facilitate business partnerships, a monetization phase is needed to address how pricing models, usage contracts, billing and payments are managed. Each phase calls out specific tasks: • The design phase addresses the means to assure API design quality and consistency. It may include the use of style guides, graphical tools for visualization, and collaborative editing and approval processes. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 13 451 RESEARCH • The develop phase typically embodies agile-inspired and test-driven development (TDD) practices emphasizing developer productivity through the use of tools such as design templates, code samples, code generators and automated documentation. • The test phase includes technology that can virtualize an API design in a test platform and subject it to the rigors of execution under different use cases (e.g., mobile applications, peak loads driven by social networking dynamics, diverse IoT environments). • The integrate phase establishes API connectivity and commutations with applications, systems and/or other APIs to execute data and process flows over networks and across distributed systems. • The deploy phase guides the release of the API; offers SDKs to developers; manages developer on-ramping; helps issue server code; enables publication and subscription (consumption) processes; controls versioning; and manages the framework for integration. • The manage phase controls the execution of the API; assures authentication; and enforces access control policies, security and control of API traffic via throttling (rate limits) of API calls. • The monitor phase includes the means to enable debugging, capture usage and performance metrics, and provide event management and remediation techniques. • The monetize phase provides the means by which payment plans are structured, contractual terms are captured and managed, and billing and payments are made. • The archive/retire phase maintains the API as an asset in a repository for discovery and reuse. A common strategy of most API management vendors is to extend their respective platforms to enable as much API lifecycle management functionality as possible. In efforts to differentiate themselves, each vendor will define the API lifecycle differently to play to their strengths. Some vendors choose to specialize in certain phases of API lifecycle management. For example, Apiary focuses on the front-end design phases of API lifecycles using API Blueprint to help developers improve the quality of API designs. Other vendors choose to emphasize the security issues of API management. For example, Intel acquired Mashery in April 2013 and packaged it with its existing security/service gateway to deliver Intel Expressway API Manager, a secure, on-premises gateway for API enablement. Also in April 2013, CA Technologies acquired Layer 7 Technologies for similar reasons. Managed Methods also approaches the market from a cloud security perspective. Its Cloud Service Discovery offering finds the users and applications sharing data with cloud services to expose vulnerabilities for the security and compliance. Some vendors such as Informatica and Red Hat focus solely on the coding aspects of APIs, preferring to relegate the publication, execution and monetization tasks of API management to other specialists such as Apigee and 3scale. Still other vendors take different routes. Mashape has developed and API marketplace aspiring to become the ‘eBay of cloud services.’ 3scale is addressing the challenges facing application developers that consume multiple APIs with a tool that enables them to track and comply with the contractual variables tied to APIs from multiple publishers. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 14 Indeed, all vendors will report at least some capabilities in API lifecycle phases where they lack strength, and/or have established partnerships with various technology vendors to shore up their capabilities. 3.4.2 API LIFECYCLE MANAGEMENT PLATFORM ARCHITECTURE The technology needed to support all the API lifecycle phases calls for an API lifecycle management platform to include the following architectural components: • A design and development environment to craft APIs as code (may include support for one or more API description language such as Swagger, RAML, API Blueprint, Restlet, etc.). • Project management tooling to coordinate collaboration among distributed API development teams and manage APIs throughout their lifecycle. • Tools to test APIs under a range of use cases (Web, mobile, enterprise applications, IoT). • Resources for developers via a portal for access to knowledgebase(s), marketplace(s) and documentation for and about APIs. • Capabilities that enable APIs to be published, discovered, downloaded and/or subscribed. • Tools to secure API usage including identity, resource and access management (typically implemented via an API gateway). • Tools to manage, throttle and control API usage and network traffic. • Technology to manage pricing models and monetize APIs in the form and billing and payment services. • Utilities for event management, alerting and remediation. • Tools for reporting and system analysis (e.g., usage, performance, trends, traffic). • Tools for analytics (customer behavior and digital channel performance). • Digital channel relationship management that controls the business relationships among trading partners that comprise a digital channel. 3.4.3 ARCHITECTURAL GAPS AND MARKET OPPORTUNITIES The list above represents what we believe to be a comprehensive set of capabilities that may compose an API lifecycle management platform architecture. Not all of these capabilities are required by developers and enterprises to engage the use of APIs, or participate in the API Economy. Just as all vendors do not completely address all phases in an API lifecycle, no single vendor currently includes all these capabilities in its platform. That’s to be expected, because not all customers are likely to require this breadth of functionality at this still-nascent time in the market. Many enterprises are just in the early stages of understanding the value of APIs as flexible and adaptive integration technology. Others are only now exploring the use of APIs as the means to create and build digital channel partnerships and business models that define the API Economy. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 15 451 RESEARCH When analyzing the offerings of various vendors across the market, buyers and investors should be aware of several architectural gaps in current API management technology. They represent opportunities to enable competitive differentiation for current API platform vendors or new entrants, and potential avenues for investment. Testing Comprehensive testing capabilities are absent in most vendor offerings. APIs can be applied in many ways and have virtually limitless variants when deployed for mobile, social and IoT applications. Several API management vendors have partnered with SmartBear for its testing capabilities; among them are 3scale, Apiary, MuleSoft and WSO2. Project Management Most API vendors do not manage the API lifecycle using project management tooling. Such tools are capable of automating lifecycle management, proactively tracking tasks and reviews from cradle (concept) to grave (archive) as a process. Asset Management Some vendors offer capabilities to manage APIs as assets, but they are often limited to version control, a services repository, or a catalog enhanced (in some cases) with discovery and search techniques. Most APIs are not static. They are part of other systems, applications and business processes that have many dependencies that require governance through portfolio management techniques and asset management controls. Governance and asset management capabilities are lacking in several API management vendor offerings. Exceptions can be found in SOA-based platforms such as from Akana with its Lifecycle Manager offering, WSO2 with its middleware platform, and such IDEs as IBM WebSphere, Oracle Fusion and SAP NetWeaver. Predictive Analytics Many vendor offerings also lack API analytics that can understand end-user behavior. Such knowledge can be used to accelerate business opportunities, proactively act in real time to deliver individualized services (e.g., cross-sell, upsell, promotions), and support applications designed to improve business outcomes among the participants in a digital channel. Apigee, Intel Mashery, and CA Layer 7 were early to market. Apigee acquired predictive analytics vendor InsightsOne in January 2014; it is now offered as Apigee Insights. Others will follow with similar technology. Infrastructure Performance APIs affect the performance of the infrastructure upon which they are called and execute. Most vendors do not address such backend IT overhead issues when APIs are opened to the public. Without proper preparation for peak loads and proper throttling analysis, APIs can cripple serving infrastructure. Apigee recognized this and developed a backend-as-aservice offering in response. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 16 Developer Productivity Many API management vendors have yet to address the consumption side of API management. On average, a developer can use as many as 5 to 10 APIs from disparate publishers, each with different contracts, pricing terms, usage and payment/monetization practices. As noted earlier, 3scale recognized this challenge and has developed its APItools offering to control the complexity associated from using APIs from multiple publishers. Data Quality Most API management vendors have overlooked the issue of data quality when using APIs. More often than not they simply describe the means to expose and acquire data, relinquishing data quality management to other specialty firms. Singly (acquired by Appcelerator, a mobile backend-as-a-service [MBaaS] vendor) realized this and developed its App Connection Platform to minimize the effort required to access, cleanse and normalize data via APIs to make data usable. The Internet of Things Most API management vendors are only now considering the opportunity afforded in the IoT markets by supporting the basic IoT protocols. In the world of IoT, several protocols have been developed for specific purposes: For example, IoT devices or machines must communicate with each other (D2D or M2M); device data must be collected and sent to servers (D2S); and servers have to share device data (S2S), possibly providing it back to devices, analysis programs or people. The protocols that enable these exchanges include: • Message Queue Telemetry Transport (MQTT), a protocol for collecting device data and communicating it to servers (D2S) • Extensible Messaging and Presence Protocol (XMPP), a protocol for connecting devices to people, an adaptation of D2S (i.e., people are connected to servers) • Data Distribution Service (DDS), a fast bus for integrating intelligent machines (D2D) • Advanced Message Queuing Protocol (AMQP), a queuing system designed to connect servers (S2S) • Constrained Application Protocol (CoAP), a Web transfer protocol used with constrained nodes and networks, designed for M2M applications (e.g., smart energy and building automation) Only a few API management vendors are beginning to support the fundamental D2S protocols MQTT and CoAP. For example, in March Apigee launched Apigee Link for connecting devices to the Internet using MQTT and CoAP protocols. Support for the remaining IoT protocols is still being considered. IBM launched its Internet of Things Foundation, a fully managed, cloud-hosted service enabling developers to derive value from IoT devices. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 17 451 RESEARCH Business Planning Finally, from a business perspective, many business users within enterprises don’t understand the value and importance of APIs and how they can be used to establish profitable business relationships as promised by the API Economy. It takes education and a bit of hand-holding. Mashery, Apigee and MuleSoft have picked up on this. Mashery has long offered API education services. Apigee established the API Institute that advises how businesses can integrate via APIs to generate new lines of business and forms of revenue. MuleSoft has an impressive developer outreach program. It acquired ProgrammableWeb, a news and information website/ service, to help educate both business and IT users about the goings-on of the API world. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 18 SECTION 4 20 API Vendors to Watch The following list of vendors is not meant to be exhaustive, but it includes 20 primary vendors (listed alphabetically) that we have identified as being focused on the emerging API management market at large, and that we believe have the potential to shape the market in coming years. The vendor list includes both startups and established industry veterans hailing from several IT markets such as SOA platform vendors, data and application integration vendors, platform-as-a-service (PaaS) providers and integration platform-as-a-service (iPaaS) providers. Absent in this watch list (for now) are vendors that publish and consume APIs for specific development ecosystems, such as IoT middleware vendors and MBaaS vendors. For the time being, all these markets are still somewhat independent, but all are in the process of converging. The architecture, components and capabilities for various SOA-based application and services development, PaaS, iPaaS, API management, IoT middleware and MBaaS are similar. Vendors in each market will attempt to broaden their footprint by adapting their platforms to enable a common framework capable of serving the needs of multiple markets. 451 Research will keep a close watch on this convergence as it occurs. You will note that several of the vendors in this watch list have already begun to make moves in this direction. 3scale FOUNDED: 2007 | TOTAL FUNDING: $4.0m (estimate) Most API management platforms available today target API providers or publishers that want to generate business opportunities by exposing their APIs to third parties. Other API management tools help application developers improve the quality of APIs to make it easier for developers to understand how to use the API and properly track its use. 3scale’s API Management Platform enables such capabilities. Its APItools offering is designed for developers that struggle to manage multiple APIs from multiple publishers in a single application. This is a relatively new twist in the market – serving the consumers of APIs (rather than just publishers) with a tool that enables them to track and comply with the contractual variables tied to APIs from multiple publishers. We expect this to trigger a new round of innovation on the part of other API management vendors to better address API consumers’ dilemma. Akana FOUNDED: 1998 | TOTAL FUNDING: $41.0m SOA Software renamed itself Akana in March 2015 because the firm has expanded its offerings beyond its SOA platform origins. When APIs emerged as critical cloud services enablers, the company recharged its strategy to include API management with new products such as API Gateway, Community Manager and OAuth Server. In 2011 it announced its API Management platform, which has been driving much of its recent engineering and marketing efforts. Akana has been doing well in the market as the result of its API management strategy and platform. It continues to accumulate customers and deepen relationships with those already established. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 19 451 RESEARCH Its API catalog will help it open up new opportunity in enterprises that have developed, created and are using internal services and APIs for data and application integration but have lapsed in the use of consistent SOA development practices. An internal catalog may help establish fundamental SOA principles without much cost or effort. Akana is preparing its platform to support big-data analytics and DevOps. Apiary FOUNDED: 2010 | TOTAL FUNDING: $1.6m Apiary’s strategy to sponsor, build out and productize the Blueprint API description language is gaining traction in the market. It is nicely designed, easy to use and reasonably priced. Its agile development approach to API lifecycle design is consistent with how enterprises are exploiting agile programming techniques and gradually moving toward DevOps and continuous integration practices. Both such IT practices are on the rise in nearly all enterprises, and Apiary’s product portfolio is likely to complement such efforts. Once the firm matures a bit and proves itself in the market, it should represent a strong acquisition target; likely acquirers would be those that seek to bolster their application development, DevOps, continuous integration or API management offerings with stronger design tooling. Apigee FOUNDED: 2004 | MARKET CAP: $428m Apigee went public on April 23, 2015, opening at $20/share. Its stock at the time of this writing is trading below the opening price. It is the first of the API management pioneers to go public. Apigee has crafted through experience a succinct and realistic two-part strategy. First, develop a sound API management technology platform that is attractive to application and integration developers. Then, position it to help businesspeople build digital channel partner relationships, and generate action from analytic insights derived from API data flow. The latter analytic strategy can potentially help generate a perpetual revenue stream, if in fact analytics insights drive incremental API calls. The company has strong partnerships with notable firms such as Accenture, Equinix and SAP. It recently entered the IoT market with its Apigee Link offering. Apigee is among the leaders in the API management space. Axway FOUNDED: 2001 | MARKET CAP: $408m Axway, a B2B integration vendor, acquired Vordel in 2012 to add API management capabilities to its Axway 5 Suite that was composed of electronic data interchange (EDI), managed file transfer (MFT), and operational intelligence tooling and services. Vordel added an API Gateway for access and an API Portal for development, among other capabilities. Its traditional MFT- and EDI-based business model has been slow to adapt to cloud-based technologies, and it lacks an iPaaS offering that many of its rivals have embraced. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 20 CA Technologies FOUNDED: 1976 | MARKET CAP: $13.7bn CA Technologies bought API management vendor Layer 7 Technologies in April 2013 for $155m. CA’s strategy was to use Layer 7 to extend the functionality of both its existing identity and access management portfolio, including SiteMinder, and its DevOps family, including the LISA Service Virtualization suite. CA envisioned five applications for Layer 7’s technology: to secure management of cloud, mobile and IoT initiatives; to externalize and monetize API assets; to expand API developer networks; to use API governance to enforce SLAs; and to secure API businesses through authentication, authorization, auditing and threat protection. The technology has now been rebranded as CA API Management. Cloud Elements FOUNDED: 2012 | TOTAL FUNDING: $3.1m Cloud Elements offers a ‘one-to-many’ approach to API design and deployment. It enables developers to use a single API to connect applications to many of the leading SaaS providers in various categories such as documents, CRM and finance. It offers a layer of abstraction that minimizes the number and types of APIs and connectors developers have to use for application integration with, and across, like cloud services. Its technology combines API management and integration capabilities that take the redundancies out of integrating with multiple services of similar categories. It may represent a new architectural approach to hybrid IT integration strategy overall. Dell Boomi FOUNDED: 1984 | TOTAL FUNDING: Taken private in 2013 for $25bn Dell acquired the SaaS integration vendor Boomi in November 2010 to help foment its cloud strategy. At the time, Boomi’s platform had some API management capabilities, but they were limited to Web services publishing. In 2012, the company introduced Atom Workers, which helped ensure predictable performance levels for real-time data transfers. This was followed in 2013 with capabilities to monitor, measure, secure, throttle and scale published APIs. It recently announced that Boomi has extended its AtomSphere iPaaS with a set of API lifecycle management capabilities. Dell Boomi API Management offers features that enable users to create, publish and centrally manage APIs on-premises or in clouds. Dell is reacting to both the explosive use of APIs by enterprises and the actions of its rivals. The new API Management release will help Dell Boomi maintain its market leadership position as the iPaaS market evolves and converges with the API management market. It also exposes the larger Dell Software group to new opportunities in hybrid cloud integration, mobile application integration and IoT projects. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 21 451 RESEARCH DreamFactory FOUNDED: 2005 | TOTAL FUNDING: $13.3m DreamFactory’s Services offering is an open source REST API platform, essentially an open source backend for HTML5 and mobile applications. It is designed for developers to connect mobile, desktop and IoT devices to any enterprise or public data source, without having to do the serverside work to build their own security or user management systems, and without having to customcreate their own REST APIs. As part of its strategy, DreamFactory is pitching its services platform to become the default backend for the growing number of mobile applications that enterprises are looking to create. It has made a good start developing the platform, building installers for key platforms and getting itself into a range of enterprise software marketplaces. DreamFactory does not want to become a SaaS vendor of the platform and instead is hoping its larger partners, such as Microsoft and IBM, will drive adoption. It has recently finished building installers for PaaS environments including IBM’s Bluemix and Cloud Foundry. IBM FOUNDED: 1911 | MARKET CAP: $167.5bn IBM originally entered the API management market in April 2012 with its Cast Iron API Cloud. Its current API Management V4.0 offerings are composed of a family of products designed to create, manage and securely share APIs. They include a developer portal for self-service application development and onboarding; means to curate existing internal or external APIs in a catalog; utilities to manage applications and API plan subscriptions; and analytics and operational metrics to track API usage and performance. IBM API Management capabilities can be found in its Bluemix PaaS, WebSphere and DataPower offerings. IBM prefers to operate independently and has not as yet worked with other API management vendors in the market to co-develop any interfaces/integrations to its DataPower products. Informatica FOUNDED: 1998 | MARKET CAP: Taken private in 2015 for $5.3bn In June 2014, Informatica acquired StrikeIron primarily for its data quality management technology. A residual benefit, which the integration vendor did not pick up on immediately, was the value found in StrikeIron API management capabilities. The company has since added StrikeIron’s API framework to its Informatica Cloud iPaaS to improve how APIs can be published and consumed. The offering provides more comprehensive data-integration capabilities, includes process orchestration and enables composite service creation (integrating multiple APIs into a composite service). Informatica isn’t interested in competing with other API management providers. On the contrary, it is positioning to add value to platforms that manage APIs. As one would expect, the vendor believes that publishing and consuming APIs requires strong integration capabilities with data sources. Its approach complements the functionality of other API management platforms that offer features for API cataloging, packaging and marketing; developer community management and portal; and API measurement including reporting, billing and chargebacks. There may be some capability overlap in the areas of API design, definition and development, but it will likely be inconsequential. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 22 HP FOUNDED: 1939 | MARKET CAP: $59.1bn The roots of HP’s API management offerings are grounded within its communications industry portfolio of products and services. HP’s API management platform provides cloud services enablement, M2M communications, network applications and call management. In 2013, it began to take what it learned in the carrier markets and offer its API management capabilities to enterprises that are now using APIs more frequently for purposes of messaging (text and content), charging and payments, and advertising and applications that include personalized recommendations (marketing). HP will still need to build out a different go-to-market approach if it is to upsell to existing enterprise customers or even attract new ones. API management is maturing nicely technically, but business users are still a bit confused and will require education and hand-holding to learn how to use APIs to craft business partnerships and generate new sources of revenue. HP will have to bolster its efforts in this regard. Managed Methods FOUNDED: 2007 | TOTAL FUNDING: $3.5m Managed Methods’ tech-savvy team sees newfound opportunity in the SOA foibles of the past. It is not just trying to carve out a piece of the emerging API management market; it is approaching enterprises that already have invested in and are using Web services and APIs with a discovery tool. The firm is targeting IT and security professionals, helping them get a handle on current in-place Web services and API use before they expose IT infrastructure to risk when cloud services and mobile networks form hybrid clouds. All in all, it’s a good strategy that can be backed up with upsell efforts to the rest of its API management portfolio. MuleSoft FOUNDED: 2006 | TOTAL FUNDING: $131m MuleSoft is aggressively pursuing what it believes to be the most promising segment for growth among the various data, application and cloud-integration markets – RESTful APIs. Throngs of developers seek to learn how best to design and develop them. MuleSoft is feeding the market a steady stream of resources and hoping to itself become a de facto firm for all things API. It made available its developer tooling for the RAML open source language; these tools (API Designer, API Console and API Notebook) are offered as a free service available on MuleSoft’s APIhub and as an open source download. They are intended to assist developers in building REST APIs by standardizing design patterns and using plain English to describe them. This should help the firm continue its growth and drive revenue to its Anypoint offering. While MuleSoft has been hard at work crafting its API strategy, its ESB and iPaaS rivals have been adding process orchestration, data-quality management and big data integration to their respective integration platforms – all high-value capabilities beyond API management that MuleSoft may also have to address to maintain its established customer base. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 23 451 RESEARCH Oracle FOUNDED: 1977 | MARKET CAP: $189bn Oracle’s approach to API Management was based on its Oracle API Gateway, Enterprise Repository, Service Bus and SOA Suite that provided lifecycle management of APIs. In November 2014, Oracle announced that it will extend its API Management offering with an API Catalog that provides the ability to simplify the publication of APIs that are developed in Oracle SOA Suite and other sources. It integrates with Oracle Mobile Suite, a portfolio of products for mobile enablement. The API Catalog harvests services in Oracle Fusion Middleware to allow one-click publish and manage re-use across other consuming applications. It is SOAP- and REST/JSON-compliant. In February 2015, Oracle released its API Manager, a product that extends its Service Bus functionality providing a portal to manage APIs and browse analytics. Red Hat FOUNDED: 1993 | MARKET CAP: $13.67bn Red Hat views API management from two perspectives. At a base level, the company believes it should enable capabilities for design and development, and secure access and control based on policies via an API gateway. At a higher level, when it is used to nurture a community of developers and establish business relationships as part of the API Economy, other capabilities will be needed to manage API uses and monetize APIs as products. Red Hat’s apiman open source project kicked off in January 2015 to address the former. In February 2015, the company created a partnership with 3scale to address the latter. Red Hat admits that it is late to the API management market, but it reports several proof-of-concept projects currently under way with 3scale. Indeed, its customers are drawing Red Hat into the API market as part of the broader discussion of the evolution of SOA and the JBoss Middleware platform. Restlet FOUNDED: 2012 | TOTAL FUNDING: $4.0m Restlet (the company) is bringing Restlet (the open source API framework for Java) to market after roughly 100,000 developers have had a chance to use it over the past 10 years. This is much along the same lines as Apigee with its support for the Blueprint API description language and MuleSoft with its backing of RAML. The difference with Restlet is that it’s attempting to enable the framework with a broader spectrum of API lifecycle management capabilities than most other rivals. Moreover, it wants to extend API publishing and consumption capabilities directly to nontechnical business users. It believes that more of them are being charged with building greater value from information and application assets, and APIs are the tools needed to expose such assets as consumable services. However, many business personnel are just now being exposed to the API learning curve – something Restlet (like HP) needs to be aware of and make efforts to flatten its slope and guide their ascendance. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 24 SmartBear Software FOUNDED: 1999 | TOTAL FUNDING: Undisclosed SmartBear offers management software that supports the application-delivery processes of development, testing, API readiness and user-experience monitoring across desktop, Web and mobile platforms. Overall, API management vendors are building out their platforms to address as many of the capabilities required to manage API lifecycles as possible (e.g., design, develop, test, integrate, deploy, manage, monitor and retire/archive). Testing is not glamorous, but it is essential to enable quality code, especially under the range of use cases to which various APIs will be subjected – e.g., Web services, mobiles devices, hybrid cloud architectures, social media and analytics, and IoT. That means testing calls for unique capabilities and skills that API management vendors don’t have the time, resources or capital to duplicate. That’s why many are partnering with third parties to enable high-quality API testing. SmartBear’s skills in application quality management, and its unique focus on API testing in particular, make it the go-to vendor for such purposes – for now. In March 2015, SmartBear acquired the Swagger API open source project from Reverb Technologies. SmartBear is now the company behind the two most widely adopted API open source initiatives, SoapUI and Swagger. Talend FOUNDED: 2006 | TOTAL FUNDING: >$100m Talend is making headway on several fronts in preparation for an IPO (or perhaps another liquidity event) sometime in 2016. It is expanding beyond its ESB and big data integration roots to enter new markets. It recently launched Talend Cloud, an iPaaS based on Talend’s Unified Platform. The Version 1.0 offering will enable data integration as a service that include its Flow Builder (a Web-based integration design tool), support for batch and bulk data integrations, data-preparation tooling along with initial support for big-data integrations, and a marketplace designed to attract open source communities by offering integration-flow templates to popular SaaS offerings (e.g., for CRM, marketing, HR and others). Version 1.2 is planned for late summer 2015, and will accommodate customer feedback and enhancement requests, and include smarter data-preparation and mapping capabilities. Version 2.0 is targeted at the end of 2015 or perhaps into 2016, and is expected to enable real-time integrations and include Talend’s initial foray into API management. At a high level, Talend’s API management capabilities will include an API Studio for development; a Portal for documentation, publishing and marketing; a Gateway for exchange and policy enforcement; and an API Manager that will include API lifecycle management, billing and metering, partner administration and analytics. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 25 451 RESEARCH WSO2 FOUNDED: 2005 | TOTAL FUNDING: $20.5m WSO2’s product strategy is to create a unified application development and deployment framework via several related and interconnected open source platforms – one that provides a common platform for cloud DevOps, application service governance, cloud integration, runtime management, IT delivery, API management and mobile enablers. In 2012, it added API management to its open source software and App Factory PaaS. Its API Manager enables API monetization, chargeback capabilities and analytics through monitoring. API Manager seems to be opening new doors for the firm that may attract considerable upsell potential. Its App Factory can appeal to organizations seeking an integrated suite of application development and DevOps capabilities and can help manage development projects to rapid completion. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 26 SECTION 5 Potential Acquirers and Targets Many of the larger IT vendors (e.g., IBM, Oracle, SAP), midsized IT vendors (e.g., Software AG, Red Hat) and cloud service providers (e.g., AWS, Google, Rackspace), among others, have only recently awakened to the need for API management technology and the opportunity created by the API Economy. We believe this to be true for two reasons. First, they were all too busy building out their overall cloud strategy and architecture, engaged in pricing wars, and positioning to leapfrog one another. Second, they believed the revenue opportunity from APIs and the API Economy was not yet sufficient to warrant attention. This is now changing, as the following market events can attest. While the market is not yet sorted out, we believe it is near an inflection point. Enterprise enduser demand is on the rise. Nearly all enterprises rely on one or more SaaS offerings that require integration with in-place systems. Most enterprises are investing in private clouds to supplement or supplant their on-premises datacenters, again requiring new means to integrate infrastructure. Mobile-first initiatives are driving the need for integrated development environments and next-generation SOA platforms to enable the development of native applications specific to a given mobile platform (e.g., iOS, Android, Microsoft). The social media phenomenon is now influencing enterprise and business application design to include more collaborative ‘social’ qualities focused on outcomes and results. Early M2M) initiatives to intelligently automate the operational technology (OT) that runs facilities, manufacturing operations, power plants and the like have fomented new technology needed to enable the IoT. These trends are driving API management to become an architectural precept. We believe in the coming years it will be common within a variety of IT architectures and platforms including application development environments, DevOps frameworks, data and application integration technology, and nearly all types of cloud service – most notably in PaaS and iPaaS. This will likely trigger another round of venture funding and vendor acquisitions similar to what occurred in 2012-13 (see Figure 1). © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 27 451 RESEARCH FIGURE 1: DEALS INVOLVING API MANAGEMENT PLATFORM VENDORS, 2012-13 Source: 451 Research M&A KnowledgeBase, 2015 DATE ANNOUNCED ACQUIRER TARGET TARGET FOUNDED TARGET REVENUE ADVISORS November 7, 2012 Axway Vordel 1999 $13.5m Mooreland Partners (Vordel) April 17, 2013 Intel Mashery 2006 $10m Stifel Nicolaus Weisel (Mashery) April 22, 2013 CA Technologies Layer 7 Technologies 2002 $35m Jefferies & Company (Layer 7) April 23, 2013 MuleSoft ProgrammableWeb 2005 Not disclosed Not disclosed April 24, 2013 Intel Aepona 1999 Not disclosed William Blair & Company (Aepona) October 23, 2013 Microsoft Apiphany 2012 Not disclosed J. Moore Partners (Apiphany) 5.1 MARKET EVENTS THAT MAY DRIVE M&A Among the vendors noted in Section 4, several have engaged in substantive strategic initiatives in 2014 and in early 2015 that are shaping the future of the API markets and influencing vendor strategies, product roadmaps and investment patterns: • Akana launched an API catalog and readied its platform as a big API data analytics engine. It recently changed its name from SOA Software, partially to escape the stigma sometimes associated with the SOA acronym, but more accurately to reflect a new identity that may help it distinguish itself in the expanding API management market. • Apigee went public on April 23, 2015. In its IPO filing it reported that total revenue for the company grew from $27.6m in 2012 to $52.7m in 2014. However, losses have mounted from $8.3m in 2012 to $60.8m in 2014, and operating expenses increased from $24.8m in 2012 to $83.7m in 2014. It also announced a partnership with SAP in 2014. Under the OEM and reseller agreement, SAP will deliver an API management application built on Apigee’s Edge platform. The offering, SAP API Management, is available as a cloud service on the SAP HANA Cloud Platform and also as on-premises software. • Citrix acquired Octoblu in December 2014 for its toolkit designed for the discovery, control and management of any API-based software application, hardware device, appliance or social media network. It acts as a broker to connect devices that run many disparate protocols across a common platform, as well as offering services for orchestration, security, compliance and auditing. • IBM funded the development of its own API management technology that is part of its Bluemix application development PaaS, DataPower and Websphere development and MQ environments. • Informatica acquired StrikeIron primarily for the latter’s data quality management technology and services. It also had an API management platform that Informatica is now productizing and bringing to market. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 28 • Intel finalized its API branding strategy – the prior acquisitions of Mashery and Aepona became Intel Mashery API Services. • Managed Methods started life developing enterprise security and performance monitoring tools, later morphing into the SOA market. In 2014, it launched its strategy for API discovery and security and a fresh suite of API tools. • Mashape, a ventured-backed API marketplace, open-sourced Kong, one of the core technologies that power its service. It manages the API requests of the more than 140,000 developers who use its service. • Microsoft acquired Apiphany in late 2013 to API-enable Azure. Little was mentioned of the acquisition, or of Microsoft’s API management strategy, until a year later when Azure API Management became generally available in September 2014. • Oracle upped the ante in the API management market, launching a new API Catalog in late in 2014, and its API Manager (development portal) in February 2015. Both are intended to supplement its SOA Suite and Service Bus. • Restlet, a venture-backed startup, brought the Restlet open source API description language for Java to market. • Red Hat entered the API management market in early 2015 by kicking off its apiman open source project and partnered with 3scale to establish a market presence. • SmartBear acquired Swagger, making the application testing vendor a key player in both SOAPand REST-based services development. 5.2 POTENTIAL ACQUIRERS All IT vendors include integration technology within their product portfolio in one form or another. They must; without it, they would need to rely on the presence of a third party within a customer’s IT portfolio to integrate their offerings with in-place systems. In many cases, though, these integration offerings were not core components of the vendors’ product roadmap. They were sometimes afterthoughts, good enough to enable what was needed and help to close deals. With the emergence of APIs as an integration architectural style, along with the business value they promise, vendors now consider them a source of new competitive advantage. The following vendors could benefit by including and/or expanding API management as part of their product strategy: • Accenture is an investor in Apigee and is on the latter’s advisory board. It also partnered with Apigee to offer API management capabilities and services to Accenture clients. It may see value in other complementary technologies to the Apigee offerings. • Alcatel-Lucent offers its own Open API Platform. It enables API monetization and optimization software for telecommunication service providers to turn data and infrastructure into commercial transaction platforms. Its core technology, apiGrove, was offered to the open source community in September 2012. Alcatel-Lucent’s goal is to make apiGrove a core layer in a cloud infrastructure. The firm may be interested in picking up technology vendors that have embraced it. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 29 451 RESEARCH • Axway needs to modernize in technology and infrastructure. While it already acquired Vordel for API management, it may seek to expand by acquiring a complementary vendor that also has an iPaaS offering and installed base. • AWS does not currently offer API management services as part of its cloud offerings, but indeed makes great use of them. • BMC has extended its market footprint in application management, cloud lifecycle management and DevOps but currently lacks an API management strategy or offering to complement these capabilities. • Equinix provides network connectivity and cloud interconnection services – it partnered with Apigee for its API management service. It may consider other complementary options. • Fujitsu is pressing to expand the global market share of its Cloud Integration Platform (CIP) for hybrid cloud management and integration. It may consider adding API management to help expand the value of CIP and its Interstage business operations software. • Google makes extensive use of APIs as a publisher to expose advertising and analytics models but does not currently go to market with any API management offering. • Huawei is considering investment in various cloud infrastructures, and API management may be part of its middleware strategy going forward. • HP offers API management platform derived from its relationships with telecommunications carriers. It market focus is somewhat narrow but will be expanding into broader enterprise applications. Its Helion strategy for cloud computing will likely create the need for broader API functionality. • OpenText’s InfoFusion information-access platform enables users to discover, analyze and act on enterprise information. Its components include integration connectors, content and metadata enrichment. API management would be a natural extension to this platform to assist in exposing and using enterprise content and information. • SAP has an OEM reseller agreement with Apigee but may seek to expand its market footprint via technology development or an acquisition of its own. • SnapLogic has been making consistent market headway as an iPaaS provider. It recently entered the market for big data integration. Many of its direct rivals such as MuleSoft, Informatica and Talend have API management offerings – a fact that will likely drive SnapLogic to eventually build out its own based on some of the emerging open source technologies noted in this report. • Software AG’s acquisition of LongJump, a cloud applications platform, is being positioned as ‘webMethods AgileApps Cloud’ that also will likely require API development and management as part of its product roadmap. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 30 The API Economy • TIBCO’s ActiveMatrix Lifecycle Governance Framework is essentially an API management platform, but can use some updates to expose it more broadly to developer communities and enable the publishing and management of API deployments. It could develop such a capability, but an acquisition might shorten its time to market. DevOps vendors are also likely to consider adding a variety of integration technologies to link containerized applications and microservices as part of their respective platforms. Efforts to create competitive differentiation may include the development or acquisition of API management technology. The DevOps vendor landscape is getting crowded with companies including Automic, BitRock, BMC, CA Technologies, CliQr Technologies, CloudMunch, CloudVelocity, DTO Solutions, ElasticBox, Electric Cloud, fluid Operations, HP, IBM’s UrbanCode, OutSystems, Plutora, QualiSystems, Ravello Systems, Rogue Wave, ScriptRock, Skytap, Stackify, UShareSoft, XebiaLabs and ZeroTurnaround. Most are emerging vendors and have little capital for acquisition – a condition that may change in the future. 5.3 POTENTIAL TARGETS • 3scale provides a cloud API management platform to securely open, control, manage, operate and monetize APIs. Capabilities include access control and security, contract management and rate limits, analytics and reporting, billing and payment technology, an API proxy, and a developer portal and documentation. • Akana offers an Enterprise API Management suite that includes developer community management, API security, traffic monitoring and quality of service management. The firm originally approached the market offering SOA governance capabilities, and has since shifted its strategic priority to emphasize API management. • Apigee is now public, but it still represents a potential (but costly) acquisition target for large acquirers seeking to buy market share and expertise. • Appcelerator offers a mobile enterprise platform to deliver native apps, mobilize data and provide real-time analytics. In 2013 it acquired Singly for its App Connection Platform, an API integration management technology. Appcelerator represents a target for an acquirer seeking to enter the mobile application development and API integration markets. • Cloud Elements’ one-to-many approach to API design and deployment enables developers to use a single API to connect applications to many of the leading SaaS providers in various categories such as documents, CRM, finance and others. It offers a unique means for developer productivity. • Crosscheck Networks offers technologies for API performance testing. Many of the other API management vendors that go to market with an API lifecycle management offering often overlook testing as a part of the API lifecycle. Many such vendors partner with other testing vendors. SmartBear has been a preferred choice for such partnership; however, Crosscheck offers a viable alternative. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 31 451 RESEARCH • Managed Methods’ CloudGate is a hosted cloud API management and governance offering that enables end-to-end control of Web-based services and APIs deployed in public and private clouds. It enables users to design, monitor, secure and deliver APIs to external partners and developers. • Mashape offers an API e-commerce backed by the CEO of Amazon, Jeff Bezos, and Google CEO Eric Schmidt’s Innovation Endeavors VC firm. It’s a suitable acquisition for firms that seek technology to monetize and distribute APIs. • MuleSoft’s product strategy is embodied in its Anypoint Platform, which is composed of three pillars. Its on-premises SOA offering is anchored by Mule ESB; its cloud iPaaS offering (MuleSoft refers to it as SaaS) is CloudHub; and its API Portal, along with its RESTful API design tool RAML, enables the design, testing and publishing of APIs. • Nevatech offers lifecycle management tools for services deployment and ongoing management. It extends Microsoft SOA/API stack capabilities with an integrated framework, is built on a Microsoft technology stack and serves Microsoft ecosystems. • Restlet recently launched with a no-coding API lifecycle management platform designed to enable anyone to become an API publisher or consumer. • SnapLogic offers new and unique cloud-based application integration technology as an iPaaS vendor, and has recently moved to enable big data integration. Its core technology, we believe, is already API management-ready. • StrongLoop’s LoopBack is an MBaaS capability composed of an API server and a variety of cloud backend services accessible to developers through REST APIs. • WSO2 offers a broad portfolio of application development and integration technologies. Its API Manager is capable of publishing APIs, creating and managing a developer community and routing API traffic. It leverages its integration, security and governance components from the WSO2 Enterprise Service Bus, WSO2 Identity Server, WSO2 Governance Registry and WSO2 Business Activity Monitor. Its broad product portfolio will command a hefty market price, and is best suited for IT vendors that lack an application development and integration architecture for their cloud and/or hosting services. © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. The API Economy 32 INDEX OF COMPANIES 3scale 10, 13, 15, 16, 18, 23, 28, 30 Fujitsu 29 Akana 10, 15, 18, 19, 27, 30 Google 6, 26, 29, 31 Alcatel-Lucent 28 Home Depot 5 Amazon 5, 6, 31 HP 22, 23, 29, 30 Apiary 11, 13, 15, 19 Huawei 29 Apigee 10, 13, 15, 16, 17, 19, 23, 27, 28, 29, IBM 11, 15, 16, 21, 26, 27, 30 30 Appcelerator 16, 30 Ariba 11 AWS 26, 29 Axway 10, 19, 27, 29 BMC 29, 30 Boomi 20 CA Technologies 10, 13, 20, 27, 30 Citrix 27 Cloud Elements 20, 30 Crosscheck Networks 30 Dell 20 DreamFactory 12, 21 Equinix 19, 29 Informatica 13, 21, 27, 29 Intel 10, 13, 15, 27, 28 Layer 7 10, 13, 15, 20, 27 Lowes 5 Managed Methods 13, 22, 28, 31 Mashape 12, 13, 28, 31 Mashery 10, 13, 15, 17, 27, 28 Microsoft 9, 11, 21, 26, 27, 28, 31 MuleSoft 10, 11, 15, 17, 22, 23, 27, 29, 31 Nevatech 31 OpenText 29 Oracle 15, 23, 26, 28 ProgrammableWeb 17, 27 © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED. 33 451 RESEARCH Red Hat 12, 13, 23, 26, 28 Restlet 12, 14, 23, 28, 31 SAP 15, 19, 26, 27, 29 Singly 16, 30 SmartBear Software 11, 15, 24, 28, 30 SnapLogic 29, 31 Software AG 26, 29 StrikeIron 21, 27 StrongLoop 31 Sun 11 Talend 24, 29 TIBCO 30 Twitter 6 Vordel 10, 19, 27, 29 WSO2 10, 15, 25, 31 YouTube 6 Zappos 5 © 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED.