Editor’s Note: Today’s guest post is by Sam Ramji, vice president of Sonoa Systems and former head of open source strategy for Microsoft. If you liked what you read, he has his own blog or you can follow him on Twitter. -MM
You’ve probably heard that Twitter’s API has been the primary driver for the fast growth and rapid morphing of Twitter’s service. You may know that eBay and Salesforce.com get over 60% of their usage via APIs. And in the last couple of months, you may have heard people at your company in marketing, business development, or software engineering talking about your own API. If not, you will soon.
If you’re in the retail industry, this is going to make you very busy for the next few years. APIs are a technology buzzword that basically equate to a new way to use the web. In the 90s every retailer went “online” to take advantage of the cost of sales and margin improvements that came from having an e-commerce channel. These sites enabled companies to “sell direct to millions of new customers”, and those who got online later had to race to catch up just to protect their businesses.
Now in the 2010’s there’s a new way to use the web – a-commerce, or commerce via APIs. Mobile app and web app developers can use APIs to build very cool new applications that look and behave totally unlike your core website, but use your commerce engine just like a regular affiliate. This lets them get to consumers who would never have come to your website, but love to use the app and therefore your company makes money.
While at first this may sound like nothing new, it turns out that there are a lot of new issues to manage.
The 10 New Factors of A-Commerce for IT Operations
1. Performance: API-driven demand patterns & load on infrastructure are really different from web-driven demand. Developers will often wrap a database object directly in an API rather than shielding it with a web page that limits the number of rows that will be returned; programs will use that API in unpredictable ways that will load your system differently. Added to that, many more new concurrent connections from thousands of new sources will be simultaneously hitting your backend servers.
2. Analytics: Channel sprawl is a good thing for margin, but tough on reporting. There are multiple channels that affiliates are coming through – iPhone apps, tablets, web apps – and you’ll need to provide a combined view on their activity. API traffic cannot be seen by Google Analytics or any existing web tool so you will need to figure this out.
3. Auditing: Recording the sources of the a-commerce transactions and integrating with affiliate management services to pay a-commerce partners is important. Payment disputes will happen and you need to have a trail of data to show what happened in your systems.
4. Seasonality: Preparing for holiday rush is critical in order to run a trustworthy a-commerce service. This requires not just performance forecasting and knowing what can be cached, but how to throttle low-value requests when high-value purchases are in the queue.
5. Security: The number of usernames and passwords are going to explode. Don’t make users and developers build a new username and password to use your system. By making OAuth the standard you can let users and developers log in using their Twitter or Facebook accounts. This will save you a ton of hassle managing password resets and angry users.
6. Protection: Prioritizing traffic between web visitors and API users – who has priority when your infrastructure is under load? Additionally, protecting against a-commerce threats requires filtering out XML header bombs, SQL injection attacks that come in via the API, and other new forms of attack.
7. Privacy: Ensuring that sensitive data isn’t exposed incorrectly requires knowing and controlling what customer and commerce data is leaving the firewall, staying in compliance, and ensuring PCI standards are met. In an API world, this data is hidden in XML and JSON formats which you will need to scan and manage.
8. Evolution: Unlike a website which is under your control, or under the terms of “caveat emptor” when you are being webscraped, now there are affiliates who are depending on the API working a certain way. When the development team changes their code and builds a new version of the API, you need to be prepared to manage apps that break.
9. Provability: SLAs multiply in this scenario. Make sure that you can prove that your service was up and responding when upper management comes looking for who to blame when things go wrong for a high-priority a-commerce affiliate.
10. Debugging: this used to be something that just the internal development team handled by themselves; you may or may not have been involved. Now there are a ton of new developers trying to figure out how to use your service, sending malformed requests, generating errors.
The specific combination of analytics, debugging, provability, and protection will come in extremely handy during the winter holiday season – being able to understand traffic spikes, identify misuse of your platform and removing that traffic while letting the good transactions continue to flow will be crucial in preventing downtime and maximizing revenue generating CPU cycles.
In the next articles in this series, we’ll dive deeper into each of the 10 issues listed above. Let us know which ones you’re most interested in and we’ll cover those first!
Sam brings over 15 years of industry experience in enterprise software, product development, and open source strategy. Prior to Sonoa, Ramji led open source strategy across Microsoft. He was a founding member of the AquaLogic product team and has built large-scale enterprise and Web-scale applications, leading the Ofoto engineering team through its acquisition by Kodak. Other experience includes hands-on development of client, client-server and distributed applications on Unix, Windows and Macintosh at companies ranging from Broderbund to Fair Isaac. Sam holds a Bachelor of Science degree in Cognitive Science from the University of California at San Diego, and is a member of the Institute for Generative Leadership.