The API Economy

Transcription

The API Economy

The API Economy
HOW BITS OF CODE EMPOWER BUSINESS RELATIONSHIPS
Application programming interfaces (APIs) are bits of code that can integrate clouds and mobile devices; extract knowledge from social networking; and make productive and profitable use of the Internet of
Things. Savvy enterprises and creative developers are using them to create new business models and new
businesses that are now being referred to as the ‘API Economy.’
KEY FINDINGS
Managing APIs is becoming important because their numbers are expanding exponentially. Managing APIs in a
one-off fashion, as has been the case, is now impractical.
Venture-backed API management vendors have appeared in recent years to tackle API management challenges.
Their platforms include capabilities to simplify and automate how APIs are designed, coded and documented;
how API distribution is managed; how API use can be controlled by developers; and how data access is enabled
and performance controlled.
There are several architectural gaps in current API management technology of which buyers and investors should
be aware.
The term ‘API Economy’ was coined by API technology vendors eager to sell their wares by describing how enterprises can expose data and applications to business partners and consumers through APIs.
Several related IT markets are in the process of convergence. Common to the technology needs of all are APIs and
how best to manage them. We believe this market convergence will trigger another round of venture funding and
vendor acquisitions in 2015-16, similar to what occurred in 2012-13.
© 20 1 5 4 5 1 R E S E A R C H , L LC A N D/O R I T S A F F I L I AT E S . A L L R I G H T S R E S E R V E D.
2015
i
451 RESEARCH
ABOUT 451 RESEARCH
451 Research is a preeminent information technology research and advisory company.
With a core focus on technology innovation and market disruption, we provide essential
insight for leaders of the digital economy. More than 100 analysts and consultants
deliver that insight via syndicated research, advisory services and live events to over
1,000 client organizations in North America, Europe and around the world. Founded in
2000 and headquartered in New York, 451 Research is a division of The 451 Group.
© 2015 451 Research, LLC and/or its Affiliates. All Rights Reserved. Reproduction and distribution of
this publication, in whole or in part, in any form without prior written permission is forbidden. The
terms of use regarding distribution, both internally and externally, shall be governed by the terms
laid out in your Service Agreement with 451 Research and/or its Affiliates. The information contained
herein has been obtained from sources believed to be reliable. 451 Research disclaims all warranties as
to the accuracy, completeness or adequacy of such information. Although 451 Research may discuss
legal issues related to the information technology business, 451 Research does not provide legal
advice or services and their research should not be construed or used as such. 451 Research shall have
no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The reader assumes sole responsibility for the selection of these materials to achieve its
intended results. The opinions expressed herein are subject to change without notice.
New York
London
20 West 37th Street, 6th Floor
New York, NY 10018
Phone: 212.505.3030
Fax: 212.505.2630
Paxton House (5th floor), 30 Artillery Lane
London, E1 7LS, UK
Phone: +44 (0) 207 426 0219
Fax: +44 (0) 207 426 4698
San Francisco
Boston
140 Geary Street, 9th Floor
San Francisco, CA 94108
Phone: 415.989.1555
Fax: 415.989.1558
1 Liberty Square, 5th Floor
Boston, MA 02109
Phone: 617.275.8818
Fax: 617.261.0688
© 2015 451 RESEARCH, LLC AND/OR ITS AFFILIATES. ALL RIGHTS RESERVED.
The API Economy
ii
TABLE OF CONTENTS
SECTION 1: EXECUTIVE SUMMARY
1
1.1 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 KEY FINDINGS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.3 METHODOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
SECTION 2: APIS – INTEGRATORS AND BUSINESS ENABLERS
4
2.1 WHAT ARE APIS, AND WHY ARE THEY IMPORTANT? . . . . . . . . . . . . . . . 4
2.2 DEFINING THE API ECONOMY . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2.1 API Publishers and Consumers . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2.2.2 API Business Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
SECTION 3: HOW ARE APIS CREATED AND MANAGED?
8
3.1 THE ANATOMY AND QUALITY OF AN API . . . . . . . . . . . . . . . . . . . . 8
3.1.1 SOAP vs REST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 SERVICES-ORIENTED ARCHITECTURES . . . . . . . . . . . . . . . . . . . . 10
3.3 API DESCRIPTION LANGUAGES . . . . . . . . . . . . . . . . . . . . . . . . 11
3.4 THE ANATOMY OF AN API LIFECYCLE MANAGEMENT PLATFORM . . . . . . . 12
3.4.1 The API Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.4.2 API Lifecycle Management Platform Architecture . . . . . . . . . . . . . . . . 14
3.4.3 Architectural Gaps and Market Opportunities . . . . . . . . . . . . . . . . . . 14
SECTION 4: 20 API VENDORS TO WATCH
18
SECTION 5: POTENTIAL ACQUIRERS AND TARGETS
26
Figure 1: Deals Involving API Management Platform Vendors, 2012-13 . . . . . . . . 27
5.1 MARKET EVENTS THAT MAY DRIVE M&A . . . . . . . . . . . . . . . . . . . . 27
5.2 POTENTIAL ACQUIRERS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
5.3 POTENTIAL TARGETS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
INDEX OF COMPANIES
32
1
451 RESEARCH
SECTION 1
Executive Summary
1.1 INTRODUCTION
Why are something so technical and as seemingly minute as application programming interfaces
(APIs) drawing so much attention among business leaders, IT professionals and investors? Because
they are more than just the means to link systems and applications. They are also business enablers
– economic engines, if you will – that fuel applications, devices and things with data. They enable
the execution of business processes and commerce transactions among partners, suppliers and
customers. They span disparate and distributed technologies, architecture and infrastructure. They
can extract knowledge and disseminate information for rapid response.
API management platforms are emerging as next-generation services-oriented architecture (SOA),
technology intended not only to manage the design and development of APIs, but also govern
their use as economic enablers within what some now refer to as the API Economy. In this context,
APIs are considered to be products, created and offered to generate new business and new business value, establish competitive advantage and open new markets. They are likely to compose the
integration foundation upon which many 21st-century enterprises will be built. Business leaders
and IT professionals are now considering how APIs can be used to transform their companies.
1.2 KEY FINDINGS
• Managing APIs is becoming important because their numbers are expanding exponentially. This
is caused by the proliferation of SaaS offerings and the imperative to link them with on-premises
applications; the expansion of mobile computing, social media and Internet of Things (IoT)
devices; the anticipated migration of IT from on-premises datacenters to private and hybrid
clouds; and the desire by organizations to syndicate their content and integrate e-commerce
systems (websites) with affiliate partners. Managing APIs in a one-off fashion, as has traditionally
been the case, is now impractical.
• Venture-backed API management vendors have appeared in recent years to tackle API
management challenges. The savviest vendors are smaller firms with closely knit ties to
developer communities. Such vendors are now building out comprehensive API lifecycle
management frameworks. Their platforms include capabilities to simplify and automate how
APIs are designed, coded and documented; how API distribution is managed; how API use can
be controlled by developers; and how data access is enabled and performance controlled.
• The term ‘API Economy’ was coined by API technology vendors eager to sell their wares
by describing how enterprises can expose data and applications to business partners and
consumers through APIs. E-commerce was an early driver for expanding API use. It called for
various business partners such as retailers, suppliers, banks and parcel carriers to integrate their
respective systems to execute an end-to-end ‘order-to-receipt’ business process.
The API Economy
2
• There are two sides to the API Economy, where APIs are considered as products.
Publishers create APIs, and can also be considered as ‘sellers’; consumers use or subscribe
to APIs, and can be considered as ‘buyers.’ The publish-and-subscribe business model is at
the heart of the API Economy. The tools and feature sets needed within API management
platforms will differ based on the unique needs of publishers and consumers.
• When analyzing the offerings of various vendors across the API market, we note several
architectural gaps in current API management technology of which buyers and investors
should be aware. They represent opportunities to enable competitive differentiation for
current API platform vendors or new entrants, and potential avenues for investment.
• Several related IT markets are in the process of convergence. Vendors offering application
development environments, DevOps frameworks, data and application integration
technology, PaaS and iPaaS offerings are reaching into each other’s domain. Common to
the technology needs of all are APIs and how best to manage them. We believe this will
likely trigger another round of venture funding and vendor acquisitions in 2015-16 similar
to what occurred in 2012-13.
1.3 METHODOLOGY
This report on the API Economy is based on a series of in-depth interviews with a variety of
stakeholders in the industry, including IT managers at end-user organizations across multiple
sectors, technology vendors, managed service providers, telcos and VCs. This research was
supplemented by additional primary research, including attendance at a number of trade
shows and industry events.
Reports such as this one represent a holistic perspective on key emerging markets in the
enterprise IT space. These markets evolve quickly, though, so 451 Research offers additional
services that provide critical marketplace updates. These updated reports and perspectives
are presented on a daily basis via the company’s core intelligence service – the 451 Market
Insight Service. Forward-looking M&A analysis and perspectives on strategic acquisitions
and the liquidity environment for technology companies are also updated regularly via the
Market Insight Service, which is backed by the industry-leading 451 M&A KnowledgeBase.
Emerging technologies and markets are also covered in additional 451 channels, including
Datacenter Technologies; Storage; Enterprise Platforms & Infrastructure Software;
Networking; Information Security; Data Platforms & Analytics; Development, DevOps &
Middleware; Social Business Applications; Service Providers; Cloud & IT Service Markets; European Services; Multi-Tenant Datacenters; Enterprise Mobility; and Mobile Telecom.
Beyond that, 451 Research has a robust set of quantitative insights covered in 451 products
such as ChangeWave, TheInfoPro, Market Monitor, the M&A KnowledgeBase and the Datacenter KnowledgeBase.
3
451 RESEARCH
All of these 451 services, which are accessible via the Web, provide critical and timely
analysis specifically focused on the business of enterprise IT innovation.
This report was written by Carl Lehmann, Research Manager, Enterprise Architecture, Integration & Business Process Management. Any questions about the methodology should
be addressed to Carl Lehmann at: [email protected].
For more information about 451 Research, please go to: www.451research.com
The API Economy
4
SECTION 2
APIs – Integrators and Business Enablers
APIs are bits of code designed to enable data to be exchanged between systems, applications and devices. Since the inception of cloud computing in 2006, the number and types
of APIs in use have exploded exponentially. For the most part this has been due to the need
to connect SaaS offerings with on-premises applications, and to power mobile applications with the data they need. In fact, APIs have limitless uses. Savvy enterprises and creative
developers use APIs to exchange data and integrate applications with business partners,
suppliers and customers. This helps create new business models and businesses, and it accelerates commerce transactions among trading partners. Examples are everywhere: The travel
and hospitality industries share data to book more guests. Retailers, product suppliers, banks
and shippers connect applications to enable online ordering and overnight product delivery.
Indeed, we truly would be lost if we couldn’t ask our smartphone to direct us to the nearest
barista. This is the new economy, and it is driven by many things, but its common denominator is a few bits of code that enable what some now call the ‘API Economy.’
2.1 WHAT ARE APIS, AND WHY ARE THEY IMPORTANT?
Modern cloud services, mobile applications, social media and embedded software in the
Internet of Things (IoT) are assembled from multiple bits of discrete code – building blocks, if
you will – that comprise a system or application. For the building blocks to function together
they must communicate and exchange data based on rules that describe how they work.
When in operation, they must execute consistently, within thresholds of performance, and
be controlled when variance or change occurs. In so doing, such bits of code become reusable services that can be called upon by other systems and applications.
Such is the role of an API. An API is a set of routines, protocols, instructions and tools for
building and integrating applications. APIs specify how software components exchange data
and interact. There are many types of APIs, such as those designed to handle data, transactions, application integration and user interfaces (UIs), among others.
Managing APIs is becoming important. Why? Because their numbers are expanding exponentially, caused by the proliferation of SaaS offerings and the imperative to link them with
on-premises applications; the expansion of mobile computing, social media and IoT devices;
the anticipated migration of IT from on-premises datacenters to hybrid clouds; and organizations’ desire to syndicate their content and integrate e-commerce systems (websites)
with affiliate partners. Managing APIs in a one-off fashion, as has traditionally been the
case, is now impractical. In 2005, there were fewer than 100 open APIs (meaning they were
published by organizations that were seeking firms and developers to integrate with their
data and applications). Today, that number has inflated into the tens of thousands.
5
451 RESEARCH
APIs are not new. They have long been used within enterprises as common behind-the-scenes
technology used to access databases, make queries and enable application-to-application
(A2A) integration behind firewalls. However, because the number and types of APIs continue to
grow and new uses are developing, a new set of IT challenges has emerged – how to manage
the quality of collaborative API design, development and performance; secure and enforce
usage policies; and monetize, audit and scale the deployment of APIs in and among enterprises, consumers and technology domains including smartphone apps, tablets, browsers,
middleware, legacy applications and anything else capable of HTTP.
Venture-backed API management vendors have appeared in recent years to tackle such challenges. Their platforms include capabilities to simplify and automate how APIs are designed,
coded and documented; how API distribution is managed; how API use can be controlled by
developers; and how data access is enabled and performance controlled.
Established IT vendors and service providers are realizing the importance of such technology.
Moreover, they are beginning to invest in development efforts and acquisitions to shore up
their product portfolios in response to the actions of their rivals, and how enterprises are now
pursuing digital channel relationships in the API Economy.
2.2 DEFINING THE API ECONOMY
Technological advances in cloud, mobile and social computing have caused many enterprises
to rethink how they deliver value to customers, how they extend their reach to new customers,
and how they can enter new markets. To be honest, however, few companies actually refer to
these efforts as means to participate specifically in an API Economy.
The term ‘API Economy’ was coined by API technology vendors eager to sell their wares
by describing how enterprises can expose data and applications to business partners and
consumers through APIs. E-commerce was an early driver for expanding API use. It called for
various business partners such as retailers, suppliers, banks and parcel carriers to integrate their
respective systems to execute an end-to-end ‘order-to-receipt’ business process. While APIs
play a vital role, other IT vendors with application- and data-related software will refer to the
phenomenon as the App Economy (because applications enable user interaction and transactions) and the Data Economy (because nothing happens without data). Of course, they’re all
right. However, the common denominator needed to tie all of these pieces together is increasingly becoming the API.
Perhaps the most successful example of the API Economy can be found among several highprofile brick-and-mortar and online retailers such as Lowes, Home Depot, Amazon and Zappos.
They use APIs to expose their website e-catalogs to their suppliers to exchange product and
pricing data. APIs also enable a distributed business process that allows online orders to be
taken, processed, paid and delivered across the retailer, supplier, bank and courier supply
chain. The retailers benefit by offering their customers a greater product selection (by linking
to supplier e-catalogs) without having to carry inventory costs. Suppliers benefit by exposing
The API Economy
6
their products at low cost to a broad range of retail channels, banks benefit through
credit card transaction fees and couriers increase their volume of package delivery.
Each participant in this supply chain generates revenue at low cost, all enabled through
various APIs that foment the API Economy.
2.2.1 API PUBLISHERS AND CONSUMERS
There are two sides to the API Economy: Parties that wish to expose data, applications
and services to third parties are API publishers, while parties that use the APIs are API
consumers. For example:
• Google developed and published an API that lets developers embed (consume)
Google Maps on Web pages and mobile devices.
• YouTube developed and published an API that lets developers integrate (consume)
YouTube videos into websites and applications.
• Twitter published an API that allows developers to access Twitter data, and another API
to interact with and search (consume) it.
• Amazon published its Product Advertising API to enable access to its product selection
and discovery capabilities, enabling companies to advertise and sell Amazon products
on their own websites.
When the APIs are paid for, the consumer becomes a subscriber. Indeed, the terms
‘consumer’ and ‘subscriber’ are used interchangeably by many. We prefer to make a
distinction between developers that pay to use APIs and those that do not. It becomes
important when APIs are developed as products and offered via the various business
models noted below.
Publishers can also be considered ‘sellers’ and consumers can be considered ‘buyers.’ The
publish-and-subscribe business model is at the heart of the API Economy. Moreover,
the tools and feature sets needed within API management platforms will differ between
developers that create and publish APIs, and those that consume or subscribe to them – a
topic we address later in our discussion of API lifecycle management.
2.2.2 API BUSINESS MODELS
Business models in the API Economy can be structured into four general classes: free to
use, pay to use, get paid to use, and by the use.
In a free-to-use model, APIs are freely made available to developers, typically to attract a
development community or promote APIs to incite various product/service cross-sell and
upsell opportunities for the API publisher.
7
451 RESEARCH
In the pay-to-use business model, the developer has to pay for the API. There are several
variations to this model:
• In a freemium variant, developers can access a basic version of the API for free and
later upgrade to a more comprehensive version that is unrestricted or is supported in
other ways.
• In a pay-as-you-go variant, developers only pay as the API is being used, or called. It is
a common model for cloud-based APIs, and in use cases that dynamically scale up or
down based on need or demand.
• In a call-based variant, developers’ payments are determined by the number of API
calls. API calls may be grouped into various call types and billed based on the type
(e.g., get, post, query, et al.) and/or usage volume (e.g., per 1,000, or 1 million API calls
per unit of time, typically monthly). Payment models based on usage volumes are also
sometimes referred to as a tiered pay-to-use business model.
• In the transaction fee variant, the API publisher earns a percentage from the
transaction fees executed via its API that are charged by the developer.
In the get-paid-to-use business model, the developer is paid by the API publisher based
on a revenue-sharing agreement for affiliate partner arrangements. It is typically used in
advertising and paid based on end-user actions, clicks and/or customer leads. It can be
structured as one-time fees or recurring fees for ongoing subscription customers.
The by-the-use model more broadly addresses various other ways of indirect payment or
revenue for things such as content acquisition, SaaS integration and content syndication.
The API Economy
8
SECTION 3
How Are APIs Created and Managed?
3.1 THE ANATOMY AND QUALITY OF AN API
To understand an API, it might be best to think of it as an instruction manual. The instructions include a protocol that describes how to establish communication between applications and services; methods to authenticate a valid data exchange; the structure of a
request message that calls out the operations to perform; techniques to process the operations and messages; the means to return a response; and how error handling works
should anomalies occur.
Most APIs perform a few basic operations or actions. They post data (create and/or
update), read data (e.g., make queries) and delete data. Collectively these operations
are affectionately referred to as ‘CRUD’ (Create, Read, Update and Delete). APIs are by no
means limited to these operations, but they represent the core actions most APIs perform.
Well-designed and documented APIs make it easier for developers to use such operations
to develop applications and fuel them with the data they need.
An API’s instructions may be embodied in an API contract that calls out the terms and
conditions that govern its use. A contract is a collection of metadata that describes various
characteristics of an API. It can include the purpose and function of its operations; the
messages that need to be exchanged to engage operations; data models used to define
the messages, including validation rules; the conditions under which the operations are
provided; and information about how and where the API can be accessed. API contracts
can also help codify the business relationships between trading partners that can call out
the business model, fees and terms for payment when APIs are sold as products and/or
when APIs are used to enable commerce transactions among trading partners.
The quality of API design has emerged as a critical issue because poorly designed APIs
are costly and labor-intensive to support, and are likely to go unused. Poorly designed
APIs fall prey to common oversights such as when API documentation uses ambiguous
language to describe the role and purpose of API functions, operations or actions; is overly
complex, making future changes to the API difficult; fails to use actions already available
via HTTP (as in RESTful API design – noted below) thus creating redundancy, overlap and
confusion, especially when using and interpreting errors codes; and/or is incomplete in
ways that cause developers to create their own workarounds to execute the operations
required. When an API is called, developers want to be able to predict what will happen.
Poor or incomplete documentation will require developers to read through the API code
itself, where they are likely to find and make mistakes with workarounds developed by trial
and error. Poorly designed APIs are likely to be overlooked by third-party developers. This
hinders a company’s ability to expose and monetize its data and services.
9
451 RESEARCH
A trend has emerged in recent years to address API design challenges and quality control. API
developers are making greater use of the API description languages noted in Section 3.3. Most
API management vendors support one or more of the description languages and/or have created
design and development tools of their own for such purposes. Indeed, these improved tools are
helpful and productive. However, many API developers today are also interested in simplifying
their efforts and making sure that the APIs they publish or consume are lightweight and minimize
IT resource overhead on the infrastructure upon which they execute. This has fomented a trend
toward a RESTful design preference for APIs.
3.1.1 SOAP VS REST
There are several protocols used for APIs today, including Simple Object Access Protocol (SOAP),
Representational State Transfer (REST), JavaScript, HTTP and XML-RPC. An API protocol defines a
set of rules for requesting information from a server using specific techniques.
SOAP and REST are the most widely deployed. Roughly 65% of APIs deployed today are developed using REST and 25% use SOAP. REST has become the protocol of choice among developers,
but it does not eliminate the need for SOAP. Choosing a protocol to craft an API depends on how
the API will be used.
SOAP was originally developed by Microsoft to replace older technologies that did not work well
on the Internet (e.g., Distributed Component Object Model [DCOM] and Common Object Request
Broker Architecture [CORBA]). SOAP relies exclusively on XML to provide messaging services.
It was also designed to support expansion, so it is capable of handling several Web Services
Standards (defined by W3C) such as WS-Addressing, WS-Policy, WS-Security, WS-Federation,
WS-ReliableMessaging, WS-Coordination and WS-AtomicTransaction, among others.
REST is described as a stateless, client-server, cacheable communications protocol. A ‘state’ is information that describes where the user is in an interaction. ‘Stateless’ means that the server does not
store any state information about what the client is doing. Rather, state is passed around to every
place that needs it. This is the ‘State Transfer’ part of REST. This distributes session management
workloads across all clients, and servers don’t become bogged down with handling state logic. For
example, when browsing ‘image 5’ in an image gallery, the client (browser) cannot simply send a
‘next’ request to the server. Rather, it must request ‘image 6’ because the server did not remember
the state of what was being viewed (image 5). The client maintains state information enabling
servers in so-called RESTful designs to be capable of handling millions of users.
The ‘client-server’ design of REST typically means a browser and a Web server are used. ‘Cashable’
means that clients can cache server responses, and because responses are cached, client-server
interactions can be reduced considerably, improving scalability and performance.
REST was created as a simplified alternative to other more complex protocols like SOAP. The four
common actions typically encoded in most APIs (i.e., CRUD) map directly to established HTTP
actions like Get, Post, Put and Delete. Rather than reinvent the wheel for such actions, REST just
makes better use of HTTP.
The API Economy
10 SOAP is needed in highly secure ecosystems like banking, for example. It supports security tools that most Web services do not need. SOAP also supports ACID (atomicity,
consistency, isolation, durability) transactions – technology that guarantee database
transactions are processed reliably. REST is limited by HTTP, which can’t provide twophase commit across distributed transactional systems. SOAP messaging techniques are
also more reliable. REST calls upon clients to address communication failures by retrying.
SOAP uses successful/retry logic and provides end-to-end reliability. REST supports many
different data formats such as JSON, whereas SOAP only supports XML. JSON usually is a
better fit for data, is more ‘readable’ by humans and parses faster.
We make note of these differences because REST is fast becoming the most popular
protocol for network applications development and integration, and in API designs.
Nevertheless, it is not practical in all cases, so support for SOAP will still be a requirement
for enterprises and vendors of API management platforms.
3.2 SERVICES-ORIENTED ARCHITECTURES
Many API management platforms originated from earlier SOA technologies. HTTP and
HTML Web-based applications are composed as sets of software objects and components
referred to as ‘Web services.’ SOA technology was originally developed to manage and
govern the creation, deployment and use of Web services to assure quality of function
and interoperability. SOA offerings from vendors were, by and large, application development environments that included design and execution governance practices and
controls. However, due to their cost and complexity, and because many enterprises had
already invested heavily in early integrated development environments (IDEs) and packaged business applications (e.g., ERP, CRM, supply chain management [SCM]), SOA stumbled in the market. But it did not fall. Rather, it is in a process of a metamorphosis.
APIs are akin to Web services. However, in many cases, they were developed independently, isolated from a system of rules that govern their designs and execution. As a
result, API quality, completeness, reliability, performance, documentation and change
management has been difficult and costly. The growing demand for and use of APIs has
spawned the need for API lifecycle management and is resurrecting SOA-based technology and platforms. In some ways, API management vendors can be considered nextgeneration SOA vendors. They help bring order to API design in ways very similar to how
SOA technology manages and governs Web and application services.
Several vendors early to the API market actually originated in the SOA market, such as
Akana (formerly SOA Software) and WSO2. But early SOA-based offerings lacked some of
the sharing (publish/subscribe), management and analytics unique to API deployment
and use. SOA vendors began to retrench with specialized API offerings, and new entrants
came to market such as 3scale, Apigee, Layer 7 (acquired by CA Technologies), Mashery
(acquired by Intel), MuleSoft and Vordel (acquired by Axway), among others. They sought
to bring to market a comprehensive platform for API lifecycle management. Essentially,
11 451 RESEARCH
API management technology embraces and complements SOA principles in application
development and in emerging DevOps (converged application development and IT operations) environments. It is becoming a critical platform upon which next-generation cloud,
mobile, social and IoT services will be developed.
3.3 API DESCRIPTION LANGUAGES
APIs can be written in many programming languages and be structured in many ways.
However, to be effective, they must be easily interpreted by the developers who use them to
access and expose data between systems and applications. As noted, many APIs are poorly
designed and documented, making them difficult to use and expensive to maintain. To
remedy these shortcomings, the open source community contributed to the development of
a series of API description languages.
At the heart of most vendors’ API management platforms is an API description language. API
description languages are a category of programming languages used by software developers for building applications that include APIs used to share data or functionality. They
include capabilities to describe endpoints, resources, HTTP methods and representations;
produce documentation and generate client software developer kits (SDKs); create server
skeletons, test suites and mock servers; and enable discovery, provide version controls and
facilitate security (among other functions).
APIs designed using an API description language are easier to manage, collaborate on
and use. API description languages were spawned from earlier predecessors designed
to construct Web services, namely WSDL and WADL. Web Services Description Language
(WSDL) was submitted to the W3C in 2001 by IBM, Microsoft and Ariba as an XML language
for describing Web services in conjunction with SOAP. Web Application Description Language
(WADL) was developed as an alternative to WSDL with specific support for RESTful Web
services. It was developed at Sun and submitted to the W3C in 2009 but not standardized by
the consortium. Neither of these were very ‘human-readable,’ making them difficult to use,
and as a result they were not widely adopted. WSDL is still used for SOAP-based services.
Several API description languages that have made improvements over WSDL and WADL are
in use today. The most common are Swagger (sponsored now by SmartBear), RAML (RESTful
API modeling language, sponsored by MuleSoft) and API Blueprint (sponsored by Apiary).
Swagger is the most widely used, followed by RAML. All are relatively new. The initial open
source commit for API Blueprint was in April 2013, and RAML was September 2013. Swagger
is more mature, committed in July 2011. Each has similar functionality but they differ in
several ways, most notably in the data formats they support. API Blueprint supports Markdown, RAML supports YAML and Swagger supports JSON.
The API Economy
12 Several other open source API description languages projects are also underway:
• ApiAxle sits in front of APIs and provides services such as rate limiting and key
authentication. It’s designed to be installed on-premises rather than in a cloud to enable
control over data ownership and costs.
• API Umbrella is an API management platform that automates access control, rate limiting,
documentation and analytics (among other features). APIs running on different servers or
written in different programming languages can be exposed at a single endpoint for the
API consumer. It acts as a layer above APIs so code doesn’t need to be modified to take
advantage of API Umbrella features.
• DreamFactory is a software package for mobile application developers. It functions as a
middleware platform that connects any data source to any device. It creates REST APIs
for legacy SQL databases, client SDKs for major development languages and server-side
scripting for customization and workflow.
• Kong was recently contributed to the open source community by Mashape. It’s an API
gateway that intermediates API communications between clients and (micro)services. It is
composed of a Kong Server – an nginx-based server (high-performance load balancing) for
receiving API requests – and Cassandra for storing operational data.
• Red Hat recently launched its open source apiman project for API management that will craft
an API design and configuration layer capable of high-speed runtime.
• Restlet is a RESTful Web API framework for the Java platform used for both server and client
Web applications.
• Tyk is a lightweight API gateway that enables developers to control access to APIs and record
detailed analytics on users and uses. Like ApiAxle, it sits in front of applications and manages
authorization, access control and throughput limits.
3.4 THE ANATOMY OF AN API LIFECYCLE MANAGEMENT PLATFORM
3.4.1 THE API LIFECYCLE
An API lifecycle, like many IT lifecycles, is composed of several phases. In general, these phases
include design, development, testing, integration, deployment, management, monitoring and
archiving/retiring. In cases where APIs are used to facilitate business partnerships, a monetization phase is needed to address how pricing models, usage contracts, billing and payments are
managed. Each phase calls out specific tasks:
• The design phase addresses the means to assure API design quality and consistency. It may
include the use of style guides, graphical tools for visualization, and collaborative editing and
approval processes.
13 451 RESEARCH
• The develop phase typically embodies agile-inspired and test-driven development (TDD)
practices emphasizing developer productivity through the use of tools such as design
templates, code samples, code generators and automated documentation.
• The test phase includes technology that can virtualize an API design in a test platform and
subject it to the rigors of execution under different use cases (e.g., mobile applications, peak
loads driven by social networking dynamics, diverse IoT environments).
• The integrate phase establishes API connectivity and commutations with applications,
systems and/or other APIs to execute data and process flows over networks and across
distributed systems.
• The deploy phase guides the release of the API; offers SDKs to developers; manages
developer on-ramping; helps issue server code; enables publication and subscription
(consumption) processes; controls versioning; and manages the framework for integration.
• The manage phase controls the execution of the API; assures authentication; and enforces
access control policies, security and control of API traffic via throttling (rate limits) of API calls.
• The monitor phase includes the means to enable debugging, capture usage and performance
metrics, and provide event management and remediation techniques.
• The monetize phase provides the means by which payment plans are structured, contractual
terms are captured and managed, and billing and payments are made.
• The archive/retire phase maintains the API as an asset in a repository for discovery and reuse.
A common strategy of most API management vendors is to extend their respective platforms
to enable as much API lifecycle management functionality as possible. In efforts to differentiate themselves, each vendor will define the API lifecycle differently to play to their strengths.
Some vendors choose to specialize in certain phases of API lifecycle management. For example,
Apiary focuses on the front-end design phases of API lifecycles using API Blueprint to help developers improve the quality of API designs. Other vendors choose to emphasize the security issues
of API management. For example, Intel acquired Mashery in April 2013 and packaged it with its
existing security/service gateway to deliver Intel Expressway API Manager, a secure, on-premises
gateway for API enablement. Also in April 2013, CA Technologies acquired Layer 7 Technologies
for similar reasons. Managed Methods also approaches the market from a cloud security perspective. Its Cloud Service Discovery offering finds the users and applications sharing data with cloud
services to expose vulnerabilities for the security and compliance.
Some vendors such as Informatica and Red Hat focus solely on the coding aspects of APIs, preferring to relegate the publication, execution and monetization tasks of API management to other
specialists such as Apigee and 3scale.
Still other vendors take different routes. Mashape has developed and API marketplace aspiring to
become the ‘eBay of cloud services.’ 3scale is addressing the challenges facing application developers that consume multiple APIs with a tool that enables them to track and comply with the
contractual variables tied to APIs from multiple publishers.
The API Economy
14 Indeed, all vendors will report at least some capabilities in API lifecycle phases where they
lack strength, and/or have established partnerships with various technology vendors to
shore up their capabilities.
3.4.2 API LIFECYCLE MANAGEMENT PLATFORM ARCHITECTURE
The technology needed to support all the API lifecycle phases calls for an API lifecycle
management platform to include the following architectural components:
• A design and development environment to craft APIs as code (may include support for
one or more API description language such as Swagger, RAML, API Blueprint, Restlet, etc.).
• Project management tooling to coordinate collaboration among distributed API
development teams and manage APIs throughout their lifecycle.
• Tools to test APIs under a range of use cases (Web, mobile, enterprise applications, IoT).
• Resources for developers via a portal for access to knowledgebase(s), marketplace(s) and
documentation for and about APIs.
• Capabilities that enable APIs to be published, discovered, downloaded and/or subscribed.
• Tools to secure API usage including identity, resource and access management (typically
implemented via an API gateway).
• Tools to manage, throttle and control API usage and network traffic.
• Technology to manage pricing models and monetize APIs in the form and billing and
payment services.
• Utilities for event management, alerting and remediation.
• Tools for reporting and system analysis (e.g., usage, performance, trends, traffic).
• Tools for analytics (customer behavior and digital channel performance).
• Digital channel relationship management that controls the business relationships among
trading partners that comprise a digital channel.
3.4.3 ARCHITECTURAL GAPS AND MARKET OPPORTUNITIES
The list above represents what we believe to be a comprehensive set of capabilities that
may compose an API lifecycle management platform architecture. Not all of these capabilities are required by developers and enterprises to engage the use of APIs, or participate
in the API Economy. Just as all vendors do not completely address all phases in an API lifecycle, no single vendor currently includes all these capabilities in its platform. That’s to be
expected, because not all customers are likely to require this breadth of functionality at
this still-nascent time in the market. Many enterprises are just in the early stages of understanding the value of APIs as flexible and adaptive integration technology. Others are only
now exploring the use of APIs as the means to create and build digital channel partnerships
and business models that define the API Economy.
15 451 RESEARCH
When analyzing the offerings of various vendors across the market, buyers and investors
should be aware of several architectural gaps in current API management technology.
They represent opportunities to enable competitive differentiation for current API platform vendors or new entrants, and potential avenues for investment.
Testing
Comprehensive testing capabilities are absent in most vendor offerings. APIs can be
applied in many ways and have virtually limitless variants when deployed for mobile,
social and IoT applications. Several API management vendors have partnered with SmartBear for its testing capabilities; among them are 3scale, Apiary, MuleSoft and WSO2.
Project Management
Most API vendors do not manage the API lifecycle using project management tooling.
Such tools are capable of automating lifecycle management, proactively tracking tasks
and reviews from cradle (concept) to grave (archive) as a process.
Asset Management
Some vendors offer capabilities to manage APIs as assets, but they are often limited
to version control, a services repository, or a catalog enhanced (in some cases) with
discovery and search techniques. Most APIs are not static. They are part of other systems,
applications and business processes that have many dependencies that require governance through portfolio management techniques and asset management controls.
Governance and asset management capabilities are lacking in several API management
vendor offerings. Exceptions can be found in SOA-based platforms such as from Akana
with its Lifecycle Manager offering, WSO2 with its middleware platform, and such IDEs as
IBM WebSphere, Oracle Fusion and SAP NetWeaver.
Predictive Analytics
Many vendor offerings also lack API analytics that can understand end-user behavior.
Such knowledge can be used to accelerate business opportunities, proactively act in real
time to deliver individualized services (e.g., cross-sell, upsell, promotions), and support
applications designed to improve business outcomes among the participants in a digital
channel. Apigee, Intel Mashery, and CA Layer 7 were early to market. Apigee acquired
predictive analytics vendor InsightsOne in January 2014; it is now offered as Apigee
Insights. Others will follow with similar technology.
Infrastructure Performance
APIs affect the performance of the infrastructure upon which they are called and execute.
Most vendors do not address such backend IT overhead issues when APIs are opened to
the public. Without proper preparation for peak loads and proper throttling analysis, APIs
can cripple serving infrastructure. Apigee recognized this and developed a backend-as-aservice offering in response.
The API Economy
16 Developer Productivity
Many API management vendors have yet to address the consumption side of API management. On average, a developer can use as many as 5 to 10 APIs from disparate publishers,
each with different contracts, pricing terms, usage and payment/monetization practices. As
noted earlier, 3scale recognized this challenge and has developed its APItools offering to
control the complexity associated from using APIs from multiple publishers.
Data Quality
Most API management vendors have overlooked the issue of data quality when using APIs.
More often than not they simply describe the means to expose and acquire data, relinquishing data quality management to other specialty firms. Singly (acquired by Appcelerator, a mobile backend-as-a-service [MBaaS] vendor) realized this and developed its App
Connection Platform to minimize the effort required to access, cleanse and normalize data
via APIs to make data usable.
The Internet of Things
Most API management vendors are only now considering the opportunity afforded in the
IoT markets by supporting the basic IoT protocols. In the world of IoT, several protocols have
been developed for specific purposes: For example, IoT devices or machines must communicate with each other (D2D or M2M); device data must be collected and sent to servers
(D2S); and servers have to share device data (S2S), possibly providing it back to devices,
analysis programs or people.
The protocols that enable these exchanges include:
• Message Queue Telemetry Transport (MQTT), a protocol for collecting device data and
communicating it to servers (D2S)
• Extensible Messaging and Presence Protocol (XMPP), a protocol for connecting devices
to people, an adaptation of D2S (i.e., people are connected to servers)
• Data Distribution Service (DDS), a fast bus for integrating intelligent machines (D2D)
• Advanced Message Queuing Protocol (AMQP), a queuing system designed to connect
servers (S2S)
• Constrained Application Protocol (CoAP), a Web transfer protocol used with constrained
nodes and networks, designed for M2M applications (e.g., smart energy and building
automation)
Only a few API management vendors are beginning to support the fundamental D2S protocols MQTT and CoAP. For example, in March Apigee launched Apigee Link for connecting
devices to the Internet using MQTT and CoAP protocols. Support for the remaining IoT
protocols is still being considered. IBM launched its Internet of Things Foundation, a fully
managed, cloud-hosted service enabling developers to derive value from IoT devices.
17 451 RESEARCH
Business Planning
Finally, from a business perspective, many business users within enterprises don’t understand
the value and importance of APIs and how they can be used to establish profitable business
relationships as promised by the API Economy. It takes education and a bit of hand-holding.
Mashery, Apigee and MuleSoft have picked up on this. Mashery has long offered API education services. Apigee established the API Institute that advises how businesses can integrate
via APIs to generate new lines of business and forms of revenue. MuleSoft has an impressive
developer outreach program. It acquired ProgrammableWeb, a news and information website/
service, to help educate both business and IT users about the goings-on of the API world.
The API Economy
18 SECTION 4
20 API Vendors to Watch
The following list of vendors is not meant to be exhaustive, but it includes 20 primary vendors
(listed alphabetically) that we have identified as being focused on the emerging API management market at large, and that we believe have the potential to shape the market in coming
years. The vendor list includes both startups and established industry veterans hailing from
several IT markets such as SOA platform vendors, data and application integration vendors,
platform-as-a-service (PaaS) providers and integration platform-as-a-service (iPaaS) providers.
Absent in this watch list (for now) are vendors that publish and consume APIs for specific development ecosystems, such as IoT middleware vendors and MBaaS vendors.
For the time being, all these markets are still somewhat independent, but all are in the process
of converging. The architecture, components and capabilities for various SOA-based application and services development, PaaS, iPaaS, API management, IoT middleware and MBaaS are
similar. Vendors in each market will attempt to broaden their footprint by adapting their platforms to enable a common framework capable of serving the needs of multiple markets. 451
Research will keep a close watch on this convergence as it occurs. You will note that several of
the vendors in this watch list have already begun to make moves in this direction.
3scale
FOUNDED: 2007 | TOTAL FUNDING: $4.0m (estimate)
Most API management platforms available today target API providers or publishers that want
to generate business opportunities by exposing their APIs to third parties. Other API management tools help application developers improve the quality of APIs to make it easier for developers to understand how to use the API and properly track its use. 3scale’s API Management
Platform enables such capabilities. Its APItools offering is designed for developers that struggle
to manage multiple APIs from multiple publishers in a single application. This is a relatively
new twist in the market – serving the consumers of APIs (rather than just publishers) with a
tool that enables them to track and comply with the contractual variables tied to APIs from
multiple publishers. We expect this to trigger a new round of innovation on the part of other
API management vendors to better address API consumers’ dilemma.
Akana
FOUNDED: 1998 | TOTAL FUNDING: $41.0m
SOA Software renamed itself Akana in March 2015 because the firm has expanded its offerings beyond its SOA platform origins. When APIs emerged as critical cloud services enablers,
the company recharged its strategy to include API management with new products such as API
Gateway, Community Manager and OAuth Server. In 2011 it announced its API Management
platform, which has been driving much of its recent engineering and marketing efforts. Akana
has been doing well in the market as the result of its API management strategy and platform. It
continues to accumulate customers and deepen relationships with those already established.
19 451 RESEARCH
Its API catalog will help it open up new opportunity in enterprises that have developed,
created and are using internal services and APIs for data and application integration but
have lapsed in the use of consistent SOA development practices. An internal catalog may
help establish fundamental SOA principles without much cost or effort. Akana is preparing
its platform to support big-data analytics and DevOps.
Apiary
Apiary’s strategy to sponsor, build out and productize the Blueprint API description language
is gaining traction in the market. It is nicely designed, easy to use and reasonably priced. Its
agile development approach to API lifecycle design is consistent with how enterprises are
exploiting agile programming techniques and gradually moving toward DevOps and continuous integration practices. Both such IT practices are on the rise in nearly all enterprises, and
Apiary’s product portfolio is likely to complement such efforts. Once the firm matures a bit
and proves itself in the market, it should represent a strong acquisition target; likely acquirers
would be those that seek to bolster their application development, DevOps, continuous integration or API management offerings with stronger design tooling.
Apigee
FOUNDED: 2004 | MARKET CAP: $428m
Apigee went public on April 23, 2015, opening at $20/share. Its stock at the time of this
writing is trading below the opening price. It is the first of the API management pioneers to
go public. Apigee has crafted through experience a succinct and realistic two-part strategy.
First, develop a sound API management technology platform that is attractive to application
and integration developers. Then, position it to help businesspeople build digital channel
partner relationships, and generate action from analytic insights derived from API data flow.
The latter analytic strategy can potentially help generate a perpetual revenue stream, if in
fact analytics insights drive incremental API calls. The company has strong partnerships with
notable firms such as Accenture, Equinix and SAP. It recently entered the IoT market with its
Apigee Link offering. Apigee is among the leaders in the API management space.
Axway
FOUNDED: 2001 | MARKET CAP: $408m
Axway, a B2B integration vendor, acquired Vordel in 2012 to add API management capabilities to its Axway 5 Suite that was composed of electronic data interchange (EDI), managed
file transfer (MFT), and operational intelligence tooling and services. Vordel added an API
Gateway for access and an API Portal for development, among other capabilities. Its traditional MFT- and EDI-based business model has been slow to adapt to cloud-based technologies, and it lacks an iPaaS offering that many of its rivals have embraced.
The API Economy
20 CA Technologies
FOUNDED: 1976 | MARKET CAP: $13.7bn
CA Technologies bought API management vendor Layer 7 Technologies in April 2013 for
$155m. CA’s strategy was to use Layer 7 to extend the functionality of both its existing
identity and access management portfolio, including SiteMinder, and its DevOps family,
including the LISA Service Virtualization suite. CA envisioned five applications for Layer 7’s
technology: to secure management of cloud, mobile and IoT initiatives; to externalize and
monetize API assets; to expand API developer networks; to use API governance to enforce
SLAs; and to secure API businesses through authentication, authorization, auditing and
threat protection. The technology has now been rebranded as CA API Management.
Cloud Elements
Cloud Elements offers a ‘one-to-many’ approach to API design and deployment. It enables
developers to use a single API to connect applications to many of the leading SaaS
providers in various categories such as documents, CRM and finance. It offers a layer of
abstraction that minimizes the number and types of APIs and connectors developers
have to use for application integration with, and across, like cloud services. Its technology
combines API management and integration capabilities that take the redundancies out of
integrating with multiple services of similar categories. It may represent a new architectural approach to hybrid IT integration strategy overall.
Dell Boomi
FOUNDED: 1984 | TOTAL FUNDING: Taken private in 2013 for $25bn
Dell acquired the SaaS integration vendor Boomi in November 2010 to help foment its
cloud strategy. At the time, Boomi’s platform had some API management capabilities,
but they were limited to Web services publishing. In 2012, the company introduced Atom
Workers, which helped ensure predictable performance levels for real-time data transfers.
This was followed in 2013 with capabilities to monitor, measure, secure, throttle and scale
published APIs. It recently announced that Boomi has extended its AtomSphere iPaaS
with a set of API lifecycle management capabilities. Dell Boomi API Management offers
features that enable users to create, publish and centrally manage APIs on-premises or in
clouds. Dell is reacting to both the explosive use of APIs by enterprises and the actions of
its rivals. The new API Management release will help Dell Boomi maintain its market leadership position as the iPaaS market evolves and converges with the API management
market. It also exposes the larger Dell Software group to new opportunities in hybrid
cloud integration, mobile application integration and IoT projects.
21 451 RESEARCH
DreamFactory
DreamFactory’s Services offering is an open source REST API platform, essentially an open source
backend for HTML5 and mobile applications. It is designed for developers to connect mobile,
desktop and IoT devices to any enterprise or public data source, without having to do the serverside work to build their own security or user management systems, and without having to customcreate their own REST APIs. As part of its strategy, DreamFactory is pitching its services platform to
become the default backend for the growing number of mobile applications that enterprises are
looking to create. It has made a good start developing the platform, building installers for key platforms and getting itself into a range of enterprise software marketplaces. DreamFactory does not
want to become a SaaS vendor of the platform and instead is hoping its larger partners, such as
Microsoft and IBM, will drive adoption. It has recently finished building installers for PaaS environments including IBM’s Bluemix and Cloud Foundry.
IBM
IBM originally entered the API management market in April 2012 with its Cast Iron API Cloud. Its
current API Management V4.0 offerings are composed of a family of products designed to create,
manage and securely share APIs. They include a developer portal for self-service application development and onboarding; means to curate existing internal or external APIs in a catalog; utilities
to manage applications and API plan subscriptions; and analytics and operational metrics to track
API usage and performance. IBM API Management capabilities can be found in its Bluemix PaaS,
WebSphere and DataPower offerings. IBM prefers to operate independently and has not as yet
worked with other API management vendors in the market to co-develop any interfaces/integrations to its DataPower products.
Informatica
FOUNDED: 1998 | MARKET CAP: Taken private in 2015 for $5.3bn
In June 2014, Informatica acquired StrikeIron primarily for its data quality management technology.
A residual benefit, which the integration vendor did not pick up on immediately, was the value
found in StrikeIron API management capabilities. The company has since added StrikeIron’s API
framework to its Informatica Cloud iPaaS to improve how APIs can be published and consumed. The
offering provides more comprehensive data-integration capabilities, includes process orchestration
and enables composite service creation (integrating multiple APIs into a composite service). Informatica isn’t interested in competing with other API management providers. On the contrary, it is
positioning to add value to platforms that manage APIs. As one would expect, the vendor believes
that publishing and consuming APIs requires strong integration capabilities with data sources. Its
approach complements the functionality of other API management platforms that offer features for
API cataloging, packaging and marketing; developer community management and portal; and API
measurement including reporting, billing and chargebacks. There may be some capability overlap
in the areas of API design, definition and development, but it will likely be inconsequential.
The API Economy
22 HP
The roots of HP’s API management offerings are grounded within its communications industry
portfolio of products and services. HP’s API management platform provides cloud services
enablement, M2M communications, network applications and call management. In 2013, it
began to take what it learned in the carrier markets and offer its API management capabilities to enterprises that are now using APIs more frequently for purposes of messaging (text
and content), charging and payments, and advertising and applications that include personalized recommendations (marketing). HP will still need to build out a different go-to-market
approach if it is to upsell to existing enterprise customers or even attract new ones. API
management is maturing nicely technically, but business users are still a bit confused and will
require education and hand-holding to learn how to use APIs to craft business partnerships
and generate new sources of revenue. HP will have to bolster its efforts in this regard.
Managed Methods
Managed Methods’ tech-savvy team sees newfound opportunity in the SOA foibles of the
past. It is not just trying to carve out a piece of the emerging API management market; it is
approaching enterprises that already have invested in and are using Web services and APIs
with a discovery tool. The firm is targeting IT and security professionals, helping them get a
handle on current in-place Web services and API use before they expose IT infrastructure to risk
when cloud services and mobile networks form hybrid clouds. All in all, it’s a good strategy that
can be backed up with upsell efforts to the rest of its API management portfolio.
MuleSoft
FOUNDED: 2006 | TOTAL FUNDING: $131m
MuleSoft is aggressively pursuing what it believes to be the most promising segment for
growth among the various data, application and cloud-integration markets – RESTful APIs.
Throngs of developers seek to learn how best to design and develop them. MuleSoft is feeding
the market a steady stream of resources and hoping to itself become a de facto firm for all
things API. It made available its developer tooling for the RAML open source language; these
tools (API Designer, API Console and API Notebook) are offered as a free service available on
MuleSoft’s APIhub and as an open source download. They are intended to assist developers
in building REST APIs by standardizing design patterns and using plain English to describe
them. This should help the firm continue its growth and drive revenue to its Anypoint offering.
While MuleSoft has been hard at work crafting its API strategy, its ESB and iPaaS rivals have
been adding process orchestration, data-quality management and big data integration to their
respective integration platforms – all high-value capabilities beyond API management that
MuleSoft may also have to address to maintain its established customer base.
23 451 RESEARCH
Oracle
FOUNDED: 1977 | MARKET CAP: $189bn
Oracle’s approach to API Management was based on its Oracle API Gateway, Enterprise Repository, Service Bus and SOA Suite that provided lifecycle management of APIs. In November
2014, Oracle announced that it will extend its API Management offering with an API Catalog
that provides the ability to simplify the publication of APIs that are developed in Oracle SOA
Suite and other sources. It integrates with Oracle Mobile Suite, a portfolio of products for
mobile enablement. The API Catalog harvests services in Oracle Fusion Middleware to allow
one-click publish and manage re-use across other consuming applications. It is SOAP- and
REST/JSON-compliant. In February 2015, Oracle released its API Manager, a product that
extends its Service Bus functionality providing a portal to manage APIs and browse analytics.
Red Hat
Red Hat views API management from two perspectives. At a base level, the company believes
it should enable capabilities for design and development, and secure access and control
based on policies via an API gateway. At a higher level, when it is used to nurture a community of developers and establish business relationships as part of the API Economy, other capabilities will be needed to manage API uses and monetize APIs as products. Red Hat’s apiman
open source project kicked off in January 2015 to address the former. In February 2015, the
company created a partnership with 3scale to address the latter. Red Hat admits that it is late
to the API management market, but it reports several proof-of-concept projects currently
under way with 3scale. Indeed, its customers are drawing Red Hat into the API market as part
of the broader discussion of the evolution of SOA and the JBoss Middleware platform.
Restlet
Restlet (the company) is bringing Restlet (the open source API framework for Java) to
market after roughly 100,000 developers have had a chance to use it over the past 10 years.
This is much along the same lines as Apigee with its support for the Blueprint API description language and MuleSoft with its backing of RAML. The difference with Restlet is that it’s
attempting to enable the framework with a broader spectrum of API lifecycle management
capabilities than most other rivals. Moreover, it wants to extend API publishing and consumption capabilities directly to nontechnical business users. It believes that more of them are
being charged with building greater value from information and application assets, and APIs
are the tools needed to expose such assets as consumable services. However, many business
personnel are just now being exposed to the API learning curve – something Restlet (like HP)
needs to be aware of and make efforts to flatten its slope and guide their ascendance.
The API Economy
24 SmartBear Software
FOUNDED: 1999 | TOTAL FUNDING: Undisclosed
SmartBear offers management software that supports the application-delivery processes
of development, testing, API readiness and user-experience monitoring across desktop,
Web and mobile platforms. Overall, API management vendors are building out their platforms to address as many of the capabilities required to manage API lifecycles as possible
(e.g., design, develop, test, integrate, deploy, manage, monitor and retire/archive). Testing
is not glamorous, but it is essential to enable quality code, especially under the range of
use cases to which various APIs will be subjected – e.g., Web services, mobiles devices,
hybrid cloud architectures, social media and analytics, and IoT. That means testing calls
for unique capabilities and skills that API management vendors don’t have the time,
resources or capital to duplicate. That’s why many are partnering with third parties to
enable high-quality API testing. SmartBear’s skills in application quality management, and
its unique focus on API testing in particular, make it the go-to vendor for such purposes
– for now. In March 2015, SmartBear acquired the Swagger API open source project
from Reverb Technologies. SmartBear is now the company behind the two most widely
adopted API open source initiatives, SoapUI and Swagger.
Talend
FOUNDED: 2006 | TOTAL FUNDING: >$100m
Talend is making headway on several fronts in preparation for an IPO (or perhaps another
liquidity event) sometime in 2016. It is expanding beyond its ESB and big data integration roots to enter new markets. It recently launched Talend Cloud, an iPaaS based
on Talend’s Unified Platform. The Version 1.0 offering will enable data integration as a
service that include its Flow Builder (a Web-based integration design tool), support for
batch and bulk data integrations, data-preparation tooling along with initial support
for big-data integrations, and a marketplace designed to attract open source communities by offering integration-flow templates to popular SaaS offerings (e.g., for CRM,
marketing, HR and others). Version 1.2 is planned for late summer 2015, and will accommodate customer feedback and enhancement requests, and include smarter data-preparation and mapping capabilities. Version 2.0 is targeted at the end of 2015 or perhaps into
2016, and is expected to enable real-time integrations and include Talend’s initial foray
into API management. At a high level, Talend’s API management capabilities will include
an API Studio for development; a Portal for documentation, publishing and marketing; a
Gateway for exchange and policy enforcement; and an API Manager that will include API
lifecycle management, billing and metering, partner administration and analytics.
25 451 RESEARCH
WSO2
WSO2’s product strategy is to create a unified application development and deployment framework via several related and interconnected open source platforms – one that
provides a common platform for cloud DevOps, application service governance, cloud
integration, runtime management, IT delivery, API management and mobile enablers. In
2012, it added API management to its open source software and App Factory PaaS. Its API
Manager enables API monetization, chargeback capabilities and analytics through monitoring. API Manager seems to be opening new doors for the firm that may attract considerable upsell potential. Its App Factory can appeal to organizations seeking an integrated
suite of application development and DevOps capabilities and can help manage development projects to rapid completion.
The API Economy
26 SECTION 5
Potential Acquirers and Targets
Many of the larger IT vendors (e.g., IBM, Oracle, SAP), midsized IT vendors (e.g., Software AG,
Red Hat) and cloud service providers (e.g., AWS, Google, Rackspace), among others, have only
recently awakened to the need for API management technology and the opportunity created by
the API Economy. We believe this to be true for two reasons. First, they were all too busy building
out their overall cloud strategy and architecture, engaged in pricing wars, and positioning to
leapfrog one another. Second, they believed the revenue opportunity from APIs and the API
Economy was not yet sufficient to warrant attention. This is now changing, as the following
market events can attest.
While the market is not yet sorted out, we believe it is near an inflection point. Enterprise enduser demand is on the rise. Nearly all enterprises rely on one or more SaaS offerings that require
integration with in-place systems. Most enterprises are investing in private clouds to supplement or supplant their on-premises datacenters, again requiring new means to integrate infrastructure. Mobile-first initiatives are driving the need for integrated development environments
and next-generation SOA platforms to enable the development of native applications specific
to a given mobile platform (e.g., iOS, Android, Microsoft). The social media phenomenon is now
influencing enterprise and business application design to include more collaborative ‘social’
qualities focused on outcomes and results. Early M2M) initiatives to intelligently automate the
operational technology (OT) that runs facilities, manufacturing operations, power plants and the
like have fomented new technology needed to enable the IoT.
These trends are driving API management to become an architectural precept. We believe in
the coming years it will be common within a variety of IT architectures and platforms including
application development environments, DevOps frameworks, data and application integration
technology, and nearly all types of cloud service – most notably in PaaS and iPaaS. This will likely
trigger another round of venture funding and vendor acquisitions similar to what occurred in
2012-13 (see Figure 1).
27 451 RESEARCH
FIGURE 1: DEALS INVOLVING API MANAGEMENT PLATFORM VENDORS, 2012-13
Source: 451 Research M&A KnowledgeBase, 2015
DATE
ANNOUNCED
ACQUIRER
TARGET
TARGET
FOUNDED
TARGET
REVENUE
ADVISORS
November 7,
2012
Axway
Vordel
1999
$13.5m
Mooreland Partners
(Vordel)
April 17, 2013
Intel
Mashery
2006
$10m
Stifel Nicolaus Weisel
(Mashery)
April 22, 2013
CA Technologies Layer 7 Technologies
2002
$35m
Jefferies & Company
(Layer 7)
April 23, 2013
MuleSoft
ProgrammableWeb
2005
Not disclosed Not disclosed
April 24, 2013
Intel
Aepona
1999
Not disclosed William Blair &
Company (Aepona)
October 23,
2013
Microsoft
Apiphany
2012
Not disclosed J. Moore Partners
(Apiphany)
5.1 MARKET EVENTS THAT MAY DRIVE M&A
Among the vendors noted in Section 4, several have engaged in substantive strategic initiatives in
2014 and in early 2015 that are shaping the future of the API markets and influencing vendor strategies, product roadmaps and investment patterns:
• Akana launched an API catalog and readied its platform as a big API data analytics engine. It
recently changed its name from SOA Software, partially to escape the stigma sometimes associated
with the SOA acronym, but more accurately to reflect a new identity that may help it distinguish
itself in the expanding API management market.
• Apigee went public on April 23, 2015. In its IPO filing it reported that total revenue for the company
grew from $27.6m in 2012 to $52.7m in 2014. However, losses have mounted from $8.3m in 2012
to $60.8m in 2014, and operating expenses increased from $24.8m in 2012 to $83.7m in 2014.
It also announced a partnership with SAP in 2014. Under the OEM and reseller agreement, SAP
will deliver an API management application built on Apigee’s Edge platform. The offering, SAP
API Management, is available as a cloud service on the SAP HANA Cloud Platform and also as
on-premises software.
• Citrix acquired Octoblu in December 2014 for its toolkit designed for the discovery, control and
management of any API-based software application, hardware device, appliance or social media
network. It acts as a broker to connect devices that run many disparate protocols across a common
platform, as well as offering services for orchestration, security, compliance and auditing.
• IBM funded the development of its own API management technology that is part of its Bluemix
application development PaaS, DataPower and Websphere development and MQ environments.
• Informatica acquired StrikeIron primarily for the latter’s data quality management technology and
services. It also had an API management platform that Informatica is now productizing and bringing
to market.
The API Economy
28 • Intel finalized its API branding strategy – the prior acquisitions of Mashery and Aepona became
Intel Mashery API Services.
• Managed Methods started life developing enterprise security and performance monitoring
tools, later morphing into the SOA market. In 2014, it launched its strategy for API discovery and
security and a fresh suite of API tools.
• Mashape, a ventured-backed API marketplace, open-sourced Kong, one of the core technologies
that power its service. It manages the API requests of the more than 140,000 developers who use
its service.
• Microsoft acquired Apiphany in late 2013 to API-enable Azure. Little was mentioned of the
acquisition, or of Microsoft’s API management strategy, until a year later when Azure API
Management became generally available in September 2014.
• Oracle upped the ante in the API management market, launching a new API Catalog in late
in 2014, and its API Manager (development portal) in February 2015. Both are intended to
supplement its SOA Suite and Service Bus.
• Restlet, a venture-backed startup, brought the Restlet open source API description language for
Java to market.
• Red Hat entered the API management market in early 2015 by kicking off its apiman open source
project and partnered with 3scale to establish a market presence.
• SmartBear acquired Swagger, making the application testing vendor a key player in both SOAPand REST-based services development.
5.2 POTENTIAL ACQUIRERS
All IT vendors include integration technology within their product portfolio in one form or another.
They must; without it, they would need to rely on the presence of a third party within a customer’s IT
portfolio to integrate their offerings with in-place systems. In many cases, though, these integration
offerings were not core components of the vendors’ product roadmap. They were sometimes afterthoughts, good enough to enable what was needed and help to close deals. With the emergence
of APIs as an integration architectural style, along with the business value they promise, vendors
now consider them a source of new competitive advantage. The following vendors could benefit by
including and/or expanding API management as part of their product strategy:
• Accenture is an investor in Apigee and is on the latter’s advisory board. It also partnered with
Apigee to offer API management capabilities and services to Accenture clients. It may see value in
other complementary technologies to the Apigee offerings.
• Alcatel-Lucent offers its own Open API Platform. It enables API monetization and optimization
software for telecommunication service providers to turn data and infrastructure into commercial
transaction platforms. Its core technology, apiGrove, was offered to the open source community
in September 2012. Alcatel-Lucent’s goal is to make apiGrove a core layer in a cloud infrastructure.
The firm may be interested in picking up technology vendors that have embraced it.
29 451 RESEARCH
• Axway needs to modernize in technology and infrastructure. While it already acquired
Vordel for API management, it may seek to expand by acquiring a complementary vendor
that also has an iPaaS offering and installed base.
• AWS does not currently offer API management services as part of its cloud offerings, but
indeed makes great use of them.
• BMC has extended its market footprint in application management, cloud lifecycle
management and DevOps but currently lacks an API management strategy or offering to
complement these capabilities.
• Equinix provides network connectivity and cloud interconnection services – it partnered
with Apigee for its API management service. It may consider other complementary options.
• Fujitsu is pressing to expand the global market share of its Cloud Integration Platform (CIP)
for hybrid cloud management and integration. It may consider adding API management to
help expand the value of CIP and its Interstage business operations software.
• Google makes extensive use of APIs as a publisher to expose advertising and analytics
models but does not currently go to market with any API management offering.
• Huawei is considering investment in various cloud infrastructures, and API management
may be part of its middleware strategy going forward.
• HP offers API management platform derived from its relationships with
telecommunications carriers. It market focus is somewhat narrow but will be expanding
into broader enterprise applications. Its Helion strategy for cloud computing will likely
create the need for broader API functionality.
• OpenText’s InfoFusion information-access platform enables users to discover, analyze and
act on enterprise information. Its components include integration connectors, content and
metadata enrichment. API management would be a natural extension to this platform to
assist in exposing and using enterprise content and information.
• SAP has an OEM reseller agreement with Apigee but may seek to expand its market
footprint via technology development or an acquisition of its own.
• SnapLogic has been making consistent market headway as an iPaaS provider. It recently
entered the market for big data integration. Many of its direct rivals such as MuleSoft,
Informatica and Talend have API management offerings – a fact that will likely drive
SnapLogic to eventually build out its own based on some of the emerging open source
technologies noted in this report.
• Software AG’s acquisition of LongJump, a cloud applications platform, is being positioned
as ‘webMethods AgileApps Cloud’ that also will likely require API development and
management as part of its product roadmap.
30 The API Economy
• TIBCO’s ActiveMatrix Lifecycle Governance Framework is essentially an API management
platform, but can use some updates to expose it more broadly to developer communities
and enable the publishing and management of API deployments. It could develop such a
capability, but an acquisition might shorten its time to market.
DevOps vendors are also likely to consider adding a variety of integration technologies to
link containerized applications and microservices as part of their respective platforms. Efforts
to create competitive differentiation may include the development or acquisition of API
management technology. The DevOps vendor landscape is getting crowded with companies including Automic, BitRock, BMC, CA Technologies, CliQr Technologies, CloudMunch,
CloudVelocity, DTO Solutions, ElasticBox, Electric Cloud, fluid Operations, HP, IBM’s UrbanCode, OutSystems, Plutora, QualiSystems, Ravello Systems, Rogue Wave, ScriptRock, Skytap,
Stackify, UShareSoft, XebiaLabs and ZeroTurnaround. Most are emerging vendors and have
little capital for acquisition – a condition that may change in the future.
5.3 POTENTIAL TARGETS
• 3scale provides a cloud API management platform to securely open, control, manage,
operate and monetize APIs. Capabilities include access control and security, contract
management and rate limits, analytics and reporting, billing and payment technology, an
API proxy, and a developer portal and documentation.
• Akana offers an Enterprise API Management suite that includes developer community
management, API security, traffic monitoring and quality of service management. The
firm originally approached the market offering SOA governance capabilities, and has since
shifted its strategic priority to emphasize API management.
• Apigee is now public, but it still represents a potential (but costly) acquisition target for
large acquirers seeking to buy market share and expertise.
• Appcelerator offers a mobile enterprise platform to deliver native apps, mobilize data and
provide real-time analytics. In 2013 it acquired Singly for its App Connection Platform, an
API integration management technology. Appcelerator represents a target for an acquirer
seeking to enter the mobile application development and API integration markets.
• Cloud Elements’ one-to-many approach to API design and deployment enables
developers to use a single API to connect applications to many of the leading SaaS
providers in various categories such as documents, CRM, finance and others. It offers a
unique means for developer productivity.
• Crosscheck Networks offers technologies for API performance testing. Many of the other
API management vendors that go to market with an API lifecycle management offering
often overlook testing as a part of the API lifecycle. Many such vendors partner with other
testing vendors. SmartBear has been a preferred choice for such partnership; however,
Crosscheck offers a viable alternative.
31 451 RESEARCH
• Managed Methods’ CloudGate is a hosted cloud API management and governance
offering that enables end-to-end control of Web-based services and APIs deployed in
public and private clouds. It enables users to design, monitor, secure and deliver APIs to
external partners and developers.
• Mashape offers an API e-commerce backed by the CEO of Amazon, Jeff Bezos, and Google
CEO Eric Schmidt’s Innovation Endeavors VC firm. It’s a suitable acquisition for firms that
seek technology to monetize and distribute APIs.
• MuleSoft’s product strategy is embodied in its Anypoint Platform, which is composed of
three pillars. Its on-premises SOA offering is anchored by Mule ESB; its cloud iPaaS offering
(MuleSoft refers to it as SaaS) is CloudHub; and its API Portal, along with its RESTful API
design tool RAML, enables the design, testing and publishing of APIs.
• Nevatech offers lifecycle management tools for services deployment and ongoing
management. It extends Microsoft SOA/API stack capabilities with an integrated
framework, is built on a Microsoft technology stack and serves Microsoft ecosystems.
• Restlet recently launched with a no-coding API lifecycle management platform designed
to enable anyone to become an API publisher or consumer.
• SnapLogic offers new and unique cloud-based application integration technology as an
iPaaS vendor, and has recently moved to enable big data integration. Its core technology,
we believe, is already API management-ready.
• StrongLoop’s LoopBack is an MBaaS capability composed of an API server and a variety of
cloud backend services accessible to developers through REST APIs.
• WSO2 offers a broad portfolio of application development and integration technologies. Its
API Manager is capable of publishing APIs, creating and managing a developer community
and routing API traffic. It leverages its integration, security and governance components
from the WSO2 Enterprise Service Bus, WSO2 Identity Server, WSO2 Governance Registry
and WSO2 Business Activity Monitor. Its broad product portfolio will command a hefty
market price, and is best suited for IT vendors that lack an application development and
integration architecture for their cloud and/or hosting services.
The API Economy
32 INDEX OF COMPANIES
3scale 10, 13, 15, 16, 18, 23, 28, 30
Fujitsu 29
Akana 10, 15, 18, 19, 27, 30
Google 6, 26, 29, 31
Alcatel-Lucent 28
Home Depot 5
Amazon 5, 6, 31
HP 22, 23, 29, 30
Apiary 11, 13, 15, 19
Huawei 29
Apigee 10, 13, 15, 16, 17, 19, 23, 27, 28, 29,
IBM 11, 15, 16, 21, 26, 27, 30
30
Appcelerator 16, 30
Ariba 11
AWS 26, 29
Axway 10, 19, 27, 29
BMC 29, 30
Boomi 20
CA Technologies 10, 13, 20, 27, 30
Citrix 27
Cloud Elements 20, 30
Crosscheck Networks 30
Dell 20
DreamFactory 12, 21
Equinix 19, 29
Informatica 13, 21, 27, 29
Intel 10, 13, 15, 27, 28
Layer 7 10, 13, 15, 20, 27
Lowes 5
Managed Methods 13, 22, 28, 31
Mashape 12, 13, 28, 31
Mashery 10, 13, 15, 17, 27, 28
Microsoft 9, 11, 21, 26, 27, 28, 31
MuleSoft 10, 11, 15, 17, 22, 23, 27, 29, 31
Nevatech 31
OpenText 29
Oracle 15, 23, 26, 28
ProgrammableWeb 17, 27
33 451 RESEARCH
Red Hat 12, 13, 23, 26, 28
Restlet 12, 14, 23, 28, 31
SAP 15, 19, 26, 27, 29
Singly 16, 30
SmartBear Software 11, 15, 24, 28, 30
SnapLogic 29, 31
Software AG 26, 29
StrikeIron 21, 27
StrongLoop 31
Sun 11
Talend 24, 29
TIBCO 30
Twitter 6
Vordel 10, 19, 27, 29
WSO2 10, 15, 25, 31
YouTube 6
Zappos 5

The API Economy

Transcription

Documents pareils

business

Defeating Windows Personal Firewalls

SOA et cloud

Free Software and the Double Life of Computing Professionals

CGI Enterprise Gateway

products portfolio 2015

Manage your digital life in your personal info

State of Marketing

studies

Seize the Cloud - EuroCloud France

Unix and Security: The Influences of History - Purdue e-Pubs