After some time in DC talking API governance I’m reminded that the “normals” are increasingly aware of public APIs, being able to actively discuss Facebook, Twitter, and other APIs, but are still very unaware of the larger mass of APIs that exist behind the mobile applications we are all dependent on. I don’t blame them, as many of the API providers I walk to who develop mobile APIs often do not fully see them either, leaving mobile APIs often un-secured, and operating in the shadows. Public APIs are easy to talk about, and I’m glad we’ve made progress in hing theelp “normals” be more aware, but we need to also be investing in more storytelling that helps bring mobile APIs out of the dark.
Most people, developer or non-developers just see a mobile application when looking at the icons available on our mobile devices. When I look at them, I just see APIs. The mobile applications are just a Hollywood facade, and it is APIs that move data and content back and forth between mobile phones and the platforms behind each application. It is APIs that broadcast our locations, access our cameras, and use our microphone and speakers. APIs are the plumbing behind the applications we depend on, but do not receive much of the conversation and attention when it comes to privacy, security, and the observability of our personal and professional data resources—this is a problem, and we need to invest more in helping educate folks about the API pipes just below the surface.
Even when APIs are hidden behind mobile applications they are still public APIs. Even though these APIs may not have not be published via a public developer portal, they still use public DNS and are accessible simply by running am mobile application through a proxy. These APIs should be receiving the same amount of attention, scrutiny, and auditing as any other public API. We should be having open discussion around how these APIs are secured, as well as the privacy, reliability, and observability of this critical API infrastructure. These aren’t private APIs, but somehow they keep living on in the shadows of the mobile applications we are putting to work each day on our mobile devices, and just do not get the scrutiny and discussion they deserve.
Developers are more than aware of the API infrastructure behind mobile applications, as they are responsible for making APIs so popular. However, business leaders at companies who are developing mobile applications, and business users who are generally API aware do not see this API iceberg that exists across the enterprise. In 2020 I will be spending more time educating business folks about the APIs that exist behind mobile applications, helping draw more attention to the security, privacy, and observability issues that exist. Leading more conversations around how we govern and engage in conversation around the valuable data and content flowing through the API pipes that are behind everything, driving our desktop, web, mobile, device, and network applications that litter our personal and professional lives.
