Software development for the cloud often involves coding against Platform as a Service (PaaS) services provided in the cloud. These PaaS services often are provided in tandem with Software as a Service (SaaS) websites, with Salesforce’s Force.com being a well-known example. But how can you leverage these PaaS services without becoming tripped up by security and service management?

The idea of using Web-based APIs is not a new one. In the past, we would have thought of it as screen-scraping a website. This was the enabling technology behind early sites for comparing airline prices from multiple airline sites, or combining search results from multiple search engines.

The problem with screen-scraping is that website owners didn’t necessarily want their sites turning into an API. They didn’t want their data to be harvested, so they tried to stop it. However, early measures, such as limiting access by client IP address, were easily defeated by tools.

Another issue is that screen-scraping is brittle; a small change in the site’s look or feel could break the data access methods. That’s where the concept of the managed Web API was born.

Web APIs would allow developers to write code to access a website programmatically, using HTTP GETs and parameters within query strings, but in a managed manner that benefits both the client and the service provider. For the client, a standard interface enables applications to be written to a well-defined interface, safe in the knowledge that the API will not change unpredictably. For the provider, management of the API through rate limiting puts a virtual “circuit breaker” on the API usage, preventing overuse by a single client.

Web APIs are PaaS services that allow a developer to use the Web as a platform, creating an application from pieces of functionality sourced from the cloud. Service providers can monetize their services by putting a usage and pricing model into place.

About Mark O Neill