How to create effective API design for the IoT

brought to you by mule soft provider the industry-leading any point platform for api’s so I’m hoping I heard I’m a business developer technical strategy yada yadi API Academy of a company called layer 7 we are sharing a lot of things with other companies here on the on the floor we’re doing API management but my task really is more to look at how the future is gonna affect our product so that maybe two or three years down the road we still have products we can sell so topic of this talk is but you guys have heard of IOT right okay some some at least so Internet of Things right when I started talking about Internet of Things like in 2013 I was literally the first guy in the API field who was who was mentioning it summer came 2013 and in September it kind of you can actually see that on Google Analytics the the interest in IOT kind of kind of went up straight up and now essentially it says you can’t really escape that hype anymore because everything is IOT right Google buying nest for two billion and and I think IOT and chat apps are right now the hottest items so if you have a start-up right now build either either a chat apps or or something with IOT in it I think then your valuation in trying to kind of just those through the roof anyway the interesting thing is so my first slide when you talk about IOT I actually like to have this slide and you can read it for a second there’s another there’s an old Jewish saying right you asked three wise guys you know a question and you get four answers and similar with IOT right there are people who talk about IOT and then there are people who are looking for RIT and somehow they all can agree on that it’s called IOT but beyond that cisco talks about something which is completely different from what GE talks about and yadi yadi so IOT is just this this this wonderful canvas everyone can project their imagination and their dreams on but you will be hard-pressed to find what really IOT is so let’s let’s look at it a little bit from a technical side so the Internet of Things so and when you’re in your I assume most of you are technical when when you think about the internet right you think about topologies and and you know maybe everything talks to the cloud or maybe things kind of talk in domains with gateways and then you have an Internet of gateways and yadi yadi right so that’s kind of what we think of the Internet and then of course there are things you know and and I have yet to find an engineer who doesn’t kind of get big eyes about 3d printing and all that cool stuff you can do with it so that’s what we engineers think about things so but then when you go out and and talk to other people what they actually associate with in and of things is two things they have the internet to talk to each other to communicate to do Skype to do Facebook to do chat apps and then there are things and since we’re in London who knows the this it’s called good night land who knows this oh there two three okay um I gonna do a little little little psych pitch here there’s an awesome conference in beginning of December here for everyone who’s interested it’s called think monk it’s from a it’s from the read monk consultancy go there it’s really a complete different IT conference with a lot of designers and creative people anyhow this is where I where I stumbled across this this product I think they are now on Kickstarter or they have been in teacher it’s called good night them so why do I like this project to me good night lamp really kind of embodies what the Internet of Things for most people will be when it comes and it’s very simple right it’s a it’s a pair of houses right with lights in it but the the trick is that if this one is switched on the little ones is switched on and vice versa so the the designer who’s actually here in in London she put up an awesome YouTube video and so you have to imagine the scene is like a family where the kids are all out of the house right and they’re in in places and around the world different time zones etc so and as they go through their day all the kids have essentially the big the big lamp dinner right and as they go through that day they kind of tap it light goes on the kind of tap it light goes off maybe when they go to sleep they tap it and and the light goes

off and then correspondingly the little light goes on and off similarly and so on the parents place you have this there’s four or five little lights right and they go on and off as people go through their day and I thought personally that this was a great way of showing the potential of Internet of Things which is like what is more simple than light and touch right and connecting things and I thought the good night lamp is a great example in a very simple way about teaching us about presence about touch about light about seeing about other people but getting showing their presence in our lives and ultimately I think if we see how people use the Internet that’s how the Internet of Things will probably end up where the weather where products will come which actually will have commercial potential who kind of touch and who kind of loop into this into this human humaneness about about touch and seeing and presence so anyhow there was a little bit of a philosophical introduction so but this is a technical conference this is a API conference so how will the Internet of Things shape API design let’s get started first and we have had this in a bunch of presentations already probably everyone here including Stefan who is not technical can design an API very easily right it doesn’t in today’s time building an API is actually not rocket science anymore so but what is hard is effective API design and so what is it what does effective API design mean effective effective API design means it has to meet our business objective so now the next question is so what do you mean business objectives what does that what does that mean so if you have some kind of marketing background or business background you’re familiar with the concept of a value chain right how a product kind of moves from you know its original all the way where and in every step there’s value added in this and this is called the value chain and the one thing to notice with the API when you look at this right api’s are a means to an end and api’s give access to business assets and that could be services or data right Google Google Maps gives you access to data drill you gives you access to services so you have a business asset and then you have an API provider who provides access and this API provider doesn’t just provide the API access but it also includes things like service level agreements or end-user license agreement so it’s almost like a contract but the interesting thing now is that the API provider doesn’t actually talk to the end-user know the API provider talks to the developer so that the customer and I think this kind of nicely continues the theme of what we just heard here is the customer of the API is actually the developer not the end user right so when we talk about effective API design is we talk about design effective API design which means to developer it which is suitable for the developer not for your intended end Casa and customer and user but for the developer okay I see some some you’re still by the way I I have done this presentation before I’m more interested in interactions so if you’re disagreeing with me or your your-your-your you want to drill down you know just just please speak up so I think it’s much more we are a small enough group here to to have an interactive session and that actually is something I like personally more than so effective API design meeting our business objective our business objective is to be the best API for that developer okay now what does that do with Internet of Things so think about I think if you look at this list that’s probably what most developer would associate with engine of things it gotta be low power it got to be limited bandwidth many messages us and Kronus autonomous many connected application systems right if you probably go to a bunch of IOT conferences and and let people check up what are the characteristics of an often Internet of Things application or a system they will come up with some sort of similar list having similar attributes okay out of that there is a whole zoo of new protocols who want to replace HTTP for your means of transport

for your means of API right so right now we’re living in a world which is very fairly simple right if you’re working in big enterprises you’re probably having potentially some mq in there but everything else is kind of sitting on HTTP stuff if you step into the IOT world there’s this whole zoo of protocols who all claim for themselves that they’re going to be the HTTP for IOT and if anything if you kind of get a feel for all those protocols out of this presentation I will be happy so let’s go through it let’s go through of them let’s start with with the granddaddy of all protocols which is called XMPP it’s a protocol which was it’s an XML XML based protocol which was developed long time ago at least from an IT perspective and it’s actually a check protocol but what XMPP has done right and beginning was to have an extension mechanism so there’s a lot of extensions now to XMPP which cover IOT use devices and so the nice thing about IOT is is you can also look at the term web of things is that actually I applications often have the have similarities to chat applications think about your chat application right someone comes online well you get a little green signal on your on your on your chat box right that you now can talk to that person and you can talk and then that person goes offline again and suddenly that that light kind of disappears similarly with IOT devices right they they walk into a room and they disappear from a room or from from some kind of car a car enters a building and suddenly there’s a car the building can communicate with and vice versa so there’s a notion of presence there and if you look at the what the w3c right now is doing is they really map that very well into like what chat protocols used to do so we have XMPP on in as one of the protocols of choice when people talk about IOT applications interests interestingly enough XMPP gets a lot of detraction because it’s XML based and people feel like oh how can I possibly use XML in an embedded in an embedded device so our friends at IBM came up with something called mqtt it actually is not far from here and Hursley firstly naps which is the original home of mq they developed something called MQTT which is a very lightweight pops-up protocol very simple a few a few byte protocol hadler very and it has been open sourced through oasis so it’s now an oasis standard right now that is probably the most popular protocol you have within the IOT community both companies and and hobbyists are using mqtt for their connected x now let’s go all the way up coop who and who here has heard about coop protocol coax over ok so not to be outdone IETF a favorite a different protocol so IETF is another Standards Committee favored another protocol called co-op now co-op comes from the rest side so remember mqtt comes from IBM which with MQ pretty much invented the publish/subscribe protocols co-op comes from the rest side and it’s essentially rest over UDP it has a straight mapping between HTTP REST 2 to co-op rest but it also has a very interesting feature called an observer so you can observe something and then you get notified when something changes or again just kind of publish/subscribe pattern stomp I included stump just because you can find it actually it’s also open source it’s a text-based publish/subscribe protocol stomp you will probably not find many people actually deploying but I just wanted to show it because it’s it’s it’s brilliant in its in its simplicity it’s literally text um DDS from the open management group they are also an old protocol which has been used in medical and and logistics like train train networks etc they kind of it’s very interesting to watch right DDS kind of thought they are the the protocol of choice for embedded systems until IBM and Oasis kind of made that

huge push of establishing MQTT so DDS is now trying to race to get public awareness that they have been there first and they’re like a like an industrial protocol they are currently mostly in the in the medical in the defense and and logistics sector as an end-to-end protocol and then I came across an interesting protocol called wemp which is a WebSocket protocol which again combines RPC style with publish/subscribe and all of those protocols essentially claim that they’re much better than HTTP and they will be the protocols you should be learning about if you’re if you look into the future but I skipped over a slide which is if you thought that that is already kind of a zoo look at that so now you kind of there’s a whole world of new frameworks out there who claim that they are the next framework the next protocol slash service layer for IOT and and socket IO is probably the easier one WebSockets we know already and it’s very they’re very established but web RTC it came out of the again out of conferencing over the browser right web RTC is a great technology when you look at the at the demos but they still looking for that problem right and so now they are hoping to find to be the real time web for IOT the demos are awesome but as you can see they have a lot of competition who here knows meteor okay a few so that’s another protocol it’s a data what is it called EDA did data replication protocol DRP something so they have their own their own protocol to kind of do but real time web communication Couchbase and firebase it’s it’s a very interesting pattern so I was I was a hackathon and I was supposed to help the attendance with with api’s and I noticed that no one it was about mobile apps and I noticed that no one asked about api’s and so I kind of I felt a little bit useless and then B I started worrying if I’m like in on the wrong train and in the industry so I started talking to the mobile app developers and they said yeah yeah no I know API is but I don’t need it anymore I use CouchDB I said what do you mean use couchdb and says yeah I’m using the mobile client from CouchDB that gives me persistence and data synchronization and I don’t have to worry about it so what happened was that CouchDB is a database but what they where they hit gold was that they built a more client for iOS and Android and that would encapsulate both data persistency and eventual data synchronicity so they had a synchronization protocol running underneath so you could run your mobile app in offline mode which by the way is one of the things if you think about right a lot of IOT applications assume that you’re always online but here you have a mobile app which run which also can survive being in some of those spots where you don’t have connectivity it still works it still has some functionality and then when it gets connectivity can the persistence layer underneath simply synchronizes back to the to the to the to the main to the main back-end right so Couchbase firebase Cerner a similar model persistence layer which kind of hides connectivity data synchronization underneath anyone knows what that one is here that that model with with a hand kind of this it’s called fire chat it’s a very very fascinating it’s called the company is called open garden and what they do is true peer-to-peer connectivity meaning they don’t longer they rely for instance on phone to phone connectivity and they probably some of you at least are old enough to remember the times of glue tella and BitTorrent and and all those evildoers who were doing massive scalable peer-to-peer networks with the explicit purpose that there’s no central server which can be controlled and shut down and sued and something like this the using similar technology turns out iOS 7 actually has a peer-to-peer technology which you can use to build hop two hop networks with with iPhones they combine that with Android so there are cities like San Francisco or New York where you have enough critical mass of people using fire jet that you essentially have a true to honest scalable peer-to-peer network which is not hooked up to Wi-Fi or cellular or something but just simply

of running around with your phone and then they replicate essentially they relay information along those phones until they get to the next to the next hop where they can go into the internet so they just announced last week that they want to they have now reached critical mass that they want to switch that on as an IOT protocol or as an IOT network the interesting thing is that they essentially have a complete different topology which is very fluid but which you also can’t take out so easily right so it’s not a command and control not a central server cloud kind of but it’s essentially individual notes kind of connecting each other almost like a swarm network very fascinating technology you guys should look it up and of course there’s a lot of passion and I include that that was actually very relevant at the last sorry at the last epic on in San Francisco where people literally not at the at the conference but you know in inside where people were really kind of like oh you can’t use HTTP for IOT it’s so dumb you know and then someone this was back when Joe speed was actually working for IBM and Michael holdman who was an XMPP said oh yeah IBM I remember them os/2 was supposed to be the OS of the future right and the reason I put that up is really you have to realize that when you read about IOT there is so much marketing hype around it right where people saying this is it this is going to be the the right application and you kind of I want to empower you and educate you a little bit that you can look through this so when you look at those protocols it always is useful to kind of trace back where the money comes from so there is MQTT and Oasis are are promoting MQTT also the Eclipse Foundation is very heavily invested in in in MQTT Eclipse in general is technology agnostic but if you kind of look at where where Eclipse comes from it is clear that there’s some affinity to to IBM and and and it’s it’s marketing power co-op arm just bought the company which is commercializing coop so you can expect that arm will be pushing co-op as as the protocol of the future XMPP you find a lot of the old stand old guy and not old guys that’s wrong work but a lot of people who have invested already in XMPP from the old times they are promoting that etc so I just wanted you know when you look at this and you read about how MQTT is gonna rule the world and and you shouldn’t be investing in HDPE anymore think about who is saying it and why they potentially saying it okay so now I have a bunch of slides we’re actually one opposed if if there if I ot right now is kind of suffering of this kind of groupthink where everyone just runs in the same direction just because everyone else is running in that direction so and a very interesting discussion we a lot of the protocols claim that there’s so much less power and and and so less compute cycles then for instance HTTP there’s always this claim that HTTP is somehow too big too fat for embedded devices the fact is you know where are most of those IOT devices going to be especially for the consumer space well they’re going to be on you they’re going to be in your home they’re going to be in your office or they’re going to be in some kind of public infrastructure now chances are that in all of those places there’s either Bluetooth or Wi-Fi which pretty much eliminates the limited bandwidth problem right in addition everything which has a building around it probably has power right I have no power problem at home so this whole notion of that there needs to be that that it needs to be low-power I don’t know maybe there are special cases but I think in a large number of cases it will be just sitting in the power slot in a power plug like like a lot of other things many messages we come to that in a second and then many connected application systems um the the orthodoxy right now seems to be that everything has to talk to the cloud I don’t understand why you know if I have things at home why shouldn’t they just talk within the home right well why do I need crowd for that or if I have things like like a Fitbit right I mean why does that need to talk to the cloud why can’t I just talk to me I don’t care I don’t want to have my stats being being shown to other people or something there’s some actually some interesting exploits of people who were wearing their fitbit’s during activities in the evening or at the night which then we’re

clearly showing as spikes in there and they’re in there in that charge so you could you know there were some people pointing out and tweeting oh you know X Y & Z he had last night seemed to have had a fun night right so I don’t people to know that and by the way that was going to be interesting to see with the Apple watch and and stuff like this so but so many connected applications maybe they’re all within just domains right there’s a model where things just talk with each other in my home and then maybe there’s there’s a boundary gateway where an aggregate of that is shared with the next entity up which is maybe the building and then there’s and there’s another aggregate which shares it with a with a with a district or the core the city quarter or something right I don’t believe that everything has to talk to the cloud now and here we come actually to the – to hypermedia what I do think to trends which will impact a API design are those – as in Coronas and autonomous as in Cronus because things just happen right if you if you think about your phone right push notification well in a lot of cases push notification is actually something called a long pole your phone is actually polling the server if there’s a message for you right and they use some tricks they kind of stretch it all the way almost to the time out and then kind of do this again that’s not push notification that’s just the modified it looks like a push but it’s actually a poll right and that’s not scalable so a door should just tell me when it’s open I shouldn’t have to keep asking it hasn’t been open has it been open as a bit open so there is definitely going to be a trend towards pops up kind of patterns in the in the space versus the current request/response pattern of HTTP and autonomous is another fact there are a few companies out which seems to be ingenious and getting you to switch your phone every one or two years right brilliant I’m not going to do that with my toaster I’m not gonna do it with my washing machine I’m not going to do that with my frigerator etc right so as things get more embedded chances are the lifecycle the longevity of that of those products are different and so when you embed intelligence into those products they need to be able to live there for two three four five or something years right and this is actually where API and and I don’t know who has ever released an API into the public they are both a benefit and a curse right the moment people use that API you can’t just change it anymore right people get really really angry if you change your working API and versioning API I would say after the second or the third time you have done it it’s not fun anymore right so and this is actually where hypermedia comes in hypermedia would actually allow us to build api’s which are more change resistant right because in hypermedia I don’t know if you guys guys know how that works right in hypermedia you are not coding in the UI’s of the endpoints right you don’t put so much logic into the client but instead the logic reacts on what that what the reserver response tells you right Mike Amundsen who is part of my team he’s Riley hypermedia guy he actually has a great example it’s like a maze right imagine your API being like a maze you you have the resource in one state and now the resource or the room you’re in tells you where you can go next right you can go left or you can turn right so similar if it’s a washing machine you you get their status back from the from the washing machine it tells you you can switch me on or you can I don’t know it’s probably the only thing you can do so once it’s switched on it tells you so now in the response message it tells you I’m switched on you can now switch me off or you can pause me right or you can get status from me right and so the client would essentially be able to kind of walk that that API description to understand what it can do at that point so it reduces you take out hard-coded knowledge of the client and and put it in the interaction design of the API and that will ultimately enable you to build clients which are living longer and more change resistant then for instance our current design which changes every time you remove or at an endpoint yes hypermedia api’s yes there is Amazon just did there I was it called upstream app up something so there a bunch of of

api’s now there’s latest one from Amazon was a hyper media API and I tried to think that was even a project Nyota project which was having one I look it up and we can talk afterwards but fair enough hypermedia right now with like microservices is something which is heavily debated it’s it’s there’s a lot of papers and stuff but I think what scares people away from hyper media is just simply the amount of work you have to put into the client and I think we until we kind of see the first reference designs of clients you can kind of pick up from github fork them and just use them with maybe json-ld or hail or or uber or something like this probably hypermedia will still be a debated concept and not a really implemented concept but you know this talk is about the trends which going to impact us two or three years out and I think hyper media has a chance to address some of the challenges around autonomous clients who are long-living and have to be somewhat more change resistant okay so I touched on this Iranian right I kind of started to become very passionate about trying to puncture some of the myths some of the group thing in the IOT design which is you know is really everything outside where there is no power supply and no network connectivity etc or as most of the stuff people are proposing close to a power source and close to a Wi-Fi meaning we can use whatever we know today rather than invent inventing new technologies so this is some of the questions this is the thing right I still have a Fitbit my wife gave it to me some Christmas I don’t know why maybe she felt I was starting to grow in the wrong in the wrong directions um but and in the beginning the first two three months and actually this is confirmed by studies right in the first two or three months I I went and checked on the web if I if I you know looked at the stats in the graphs right and then it became less and less and then I didn’t use it and ever since I heard about those people who find out what other people did at night when they were wearing a Fitbit I have disabled that functionality I’m not wearing it at night anymore so don’t get your hopes up but I’m also and not using the web interface anymore because the Fitbit has a little interface which tells me you know how active I was during the day and to be honest that’s the job I want this thing to do I just want to either feel like okay I didn’t I I did enough today or the feeling like well maybe I should go for a walk around around the block you know I didn’t move much and that’s ultimately what I what I need what I want the Fitbit for but I don’t need to have it connected in the in the cloud and I think there’s a lot of products out there who don’t need to be connected in technology yet still provide some value to the user to to to to buy them the other thing a lot of messages right there seems to be a thinking that I can only do data analytics in the cloud right big data now a I have I have a problem with that when someone calls me a user and not a customer because usually a user is something I use to get data which I then sell to my customers aka the Google business model and I think if you look at the development of hardware actually compute power is getting cheaper and cheaper right until just came out with the with a with a with a new chip which is incredible powerful it’s an x86 then the the raspberry PI’s the Arduinos so the question is do you really always need to calculate it in the cloud or would it be more honest that you kind of provide value to the people who are using your service and ask them to pay for it rather than trying to sell that data to someone else so and this is actually the thing I I fear the most if you think about where we were like five or six years ago right we were in the store space and then came rest around and so why are we having we never had like swap conferences right no one no one was excited about web services that they would go out and build entire business models on it you’re agreeing or you disagree oh you saying that they were there okay so rested did a few things which were ingenious which and and they have to do with removing choice rather than adding

choice it it it gave you four verbs to act with right it didn’t allow you to do RPC style you know here’s my code I generate a whistle and now you go and and and create a client from it know it gave you four verbs and it gave you a UI four year for your endpoint description and by removing those those all the other bells and whistles we had in Web Services I think it actually created that breathing space where we could look at the interaction of that service and could redesign how we how we interact with that service right it’s this whole Ries or at this whole idea of a resource based API design so the reason why API is are so incredible successful today is is because just so much more simple to use and so much more intuitive to use but that didn’t come because we just did a better job no because we had to redesign every API you cannot write code which which natively fits that that API you kind of had to redesign it from the outside in or you had the chance to redesign it which makes it more simple more intuitive then web services RPC style API sever world and if you want to have a proof point look at Evernote API there using a complete different protocol it’s a it’s I don’t know if it’s protobuf I think they use protocol but the point is they have still an RPC style API you look at their list of functions and it’s huge they have like I don’t know 70 different functions I can call in their in their API and it’s incredible complex to figure out how to interact with the with it with the Evernote on that account so I have to I’m really concerned about that IOT essentially gets us back into RPC style interactions of code driven interactions which which takes away the very foundation of what made api’s work today which is simplicity self-service low barrier to use right and that’s really where I see the biggest concern that people will start building this closed ecosystems this this kind of closed gardens and hard to use api’s again like we had with with the web services days so if you ask you know what kind of advice I can give you in terms of what protocol to choose what API to choose for IOT I say remember effective API design look at the developer the maker you’re targeting choose what they would like to use so if they’re using javascript and Jason don’t give them a web service API right or at least do your homework and this is something you can look that up on Twitter it’s a called a concept called job to be done it was it came from Clayton Christensen at Harvard Business School and essentially people don’t buy people buy a product to get a job done so understand what is the job people want to get done through your API and we heard that from Adam here just now it’s eventually base your design choice your technology choices on the job those people want to get done through you not on your likings or the latest type or any of the other things people yeah so that’s my that’s my advice I hope I gave you a little bit of an overview what’s what’s out there right now what google it there’s a lot there’s a wealth of technology out there but again you know understand that there’s a lot of hype people want to be the next HTTP and wanna claim that they are right and to just kind of give you a counterweight there’s plenty of technologies out there in particular web hooks and stuff like this which even today with HTTP you can achieve a lot of the interaction designs we talked about like publish subscribe etc and so it doesn’t necessarily need to mean that you have to go for a new protocol stack or something new but you can also evaluate if some of the existing technologies around HTTP might just do the trick thank you for listening and enjoy your coffee and cake thank you brought to you by meal soft provider of the industry-leading any point platform for api’s