Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations open up their on-premise data and application functionality to partner organizations, the Web, mobile apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of this new open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries.

In his 1966 book “The Psychology of Science,” American psychologist Abraham Maslow tackled the idea that those in the field of psychology needed to approach treatment from multiple perspectives, to take on new ideas, and not just continue using the same theories and techniques created by Freud and his followers so many years ago. Acknowledging that changing your point of view can be difficult, Maslow wrote “[I]t is tempting, if the only tool you have is a hammer, to treat everything like a nail.” We have all had this experience. We get so used to the way things have been done in the past, we sometimes don’t question the reasons for doing them.

OAuth is an emerging Web standard for authorizing limited access to applications and data. It is designed so that users can grant restricted access to resources they own—such as pictures residing on a site like Flickr or SmugMug—to a third-party client like a photo printing site. In the past, it was common to ask the user to share their username and password with the client, a deceptively simple request masking unacceptable security risk. In contrast to this, OAuth promotes a least privilege model, allowing a user to grant limited access to their applications and data by issuing a token with limited capability.

Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations open up their on-premise data and application functionality to partner organizations, the Web, mobile apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of this new open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries.

OAuth is an emerging Web standard for authorizing limited access to applications and data. It is designed so that users can grant restricted access to resources they own—such as pictures residing on a site like Flickr or SmugMug—to a third-party client like a photo printing site. In the past, it was common to ask the user to share their username and password with the client, a deceptively simple request masking unacceptable security risk. In contrast to this, OAuth promotes a least privilege model, allowing a user to grant limited access to their applications and data by issuing a token with limited capability.

The application programming interface (API) may be an old concept but it is one that is undergoing a transformation as, driven by mobile and cloud requirements, more and more organizations are opening their information assets to external developers.

Today, 75% of Twitter traffic and 65% of Salesforce.com traffic comes through APIs. But APIs are not just for the social Web. According to ProgrammableWeb.com, the number of open APIs being offered publicly over the Internet now exceeds 2000—up from just 32 in 2005. Opening APIs up to outside developers enables many technology start-ups to become platforms, by fostering developer communities tied to their core data or application resources. This translates into new reach (think Twitter’s rapid growth), revenue (think Salesforce.com’s AppExchange) or end user retention (think Facebook).

OAuth puts the user in control of delegating access to an API. This allows one service to integrate with another service on behalf of that user. The same social Web providers who popularized the pattern of exposing an API to enable third-party developers to enrich their platforms were the first ones to apply such delegated authorization mechanisms. OAuth was defined in 2006, to standardize mechanisms of this kind.

Since the early days of computing, developers have struggled to make applications communicate. Specialized protocols, such as COM+, CORBA, and even SOAP, emerged over the years, but none were sufficient to meet the need for scale, simplicity, and cross-language functionality.

APIs are the technology behind this approach. APIs allow developers to create an open architecture for sharing functionality and data between applications. APIs are like windows into an application—a direct conduit that leads straight into the core functionality and data residing in the heart of the app.