About 12 years ago, James Hirst and his partner had the idea to develop a new platform that reflected on current trends and would have the ability to make life easier for its users. It needed to be low cost, secure and scalable. And so, the Application Programming Interface (API) management platform Tyk was born. API is essentially software that enables two applications to communicate with one another. Hirst spoke to Software Testing News about the importance of API in IT and where he thinks it’s heading.
Where does an API gateway and management platform fit in with today’s IT world?
As you’d expect, being a provider of this we see it as being a pretty central piece of today’s tech world. And that’s because of the rise of organisations building services and building API’s. And that is growing very, very rapidly. So, an API gateway is now kind of a core component in most modern application architectures. If you’re building a big monolith or a service mesh or service-oriented architecture, at some point, all of those different services need to communicate and at some point in communication, you want to make sure that they’re communicating securely that they’re communicating correctly. Sometimes you need to help them communicate by transforming the interactions between them. And so, a gateway sits in the middle of all of that in some ways is a kind of a tactical glue component because you’re gluing together all the different bits in your ecosystem.
What is the main thing that prevents coders from being able to start from scratch?
There’s a couple of unwritten rules around building something that’s going to go into production. The first one is security. Don’t roll your own security because you’re going to be doing it wrong. Now, arguably, at one level, yes, a good engineer building a good application can build their own fairly robust security, but it’s not just whether it’s robust it’s whether it’s trusted by other organisations! If you can say we’ve got a gateway that sits here, that uses accepted security standards and sometimes quite complex security mechanisms like open ID connect or mutual TLS then the standard is trusted is in place and managed by something that is up to date is not going to go out of date and be circumvented over time.
The second piece is that there’s a tendency for organisations and engineers to kind of feel that they are [unique in their problems]. But a lot of what people are doing is already tried and tested. And in fact, there’s really no need to have multiple different people within an organisation tackling the same problem. So, we don’t want engineers and developers, wasting their time on repeatable tasks or thinking a few weeks of work into figuring out how to control who has access to something , or how much access they have, or killing for that access an API management platform or gateway can sit in front of the service you’re building and take care of all that commodity piece. And take care of it in a way that is shared with the rest of the organisation, so you can build a new service and say “I’ll just plug it behind this gateway and it means that I don’t need to worry about security authorization.”
What trends are you seeing in your industry right now?
We hopefully have the right kind of outlook on trends. Everyone is talking about microservices. And a few years ago, it was very much cutting-edge stuff. Now, big established organisations and governments are moving towards microservices, and that’s fantastic! [But] I think what we caution against is that some smaller organisations don’t need it. Yes, great, it’s hot if you’re a government who has to deal with millions of interactions, or if your Netflix or a global bank, it makes a lot of sense. But if you’re a team of 20 people [do you need it?].
The next trend we keep hearing about is Kubernetes. And again, we’re seeing some organisations putting some tentative steps in that direction. But the complexity it brings is massive and unless the problem you’re trying to solve is global scale heavyweight infrastructure stuff, then maybe you don’t need it right now.
What are your hopes for the future of API’s?
Martin, my co-founder CEO, described the ultimate end goal being that it should be as easy for APIs to bring up any data in the world in a meaningful way. Because the whole point of good well-structured, accessible API is that you’re making data and making services available. And if you can combine those APIs with machine learning and natural language processing then you end up with something like the Star Trek computer -something that has the ability to say, “what is this? Where is that?” and get that seamless interaction. You can see to an extent that in some spheres voice assistants are starting to do that and Google is doing it from a tech perspective. The better that those APIs that give access to services and data are, the more meaningful those responses can be.
And so ultimately, that’s where API’s can go and if you combine that with you know some form of standardisation (people talk about the Semantic Web and this kind of stuff), you can get the context, you can get the data and the layer in between the voice assistant, or whatever have, and can interpret that. That is quite an exciting prospect! I think if you look at the way that search results now use API’s now compared to even five years ago,it’s just completely revolutionising it! If I take my phone out and just do a search to find out how I’m going to my next meeting, I’ll do it straight into Google and it will query a map, and the map won’t just query traffic, bus routes and train availability, but it will check whether there are any delays, it can show the weather in the destination you’re going to. It’s all coming through from API’s. We’re seeing it in certain niches, but ultimately, we want that to cover everything and the potential for that is huge. And for us as an organisation it’s just an exciting place to be because we’re helping to connect systems and software and working with organisations to do that and to deliver great software built with API’s. This is great and we simply want to do more and get the word out.