DevOps practices are expanding beyond the realm of unicorn start-ups, making their way into the enterprise as large organizations look for faster, more efficient and reliable ways to get code from commit to customer. We recently sponsored a research study surveying 1,425 enterprise IT and business executives from around the world to learn more about their DevOps plans, practices and expectations. Register now to read the report.

The application programming interface (API) may be an old concept but it is one that is undergoing a transformation as, driven by mobile and cloud requirements, more and more organizations are opening their information assets to external developers.

Today, 75% of Twitter traffic and 65% of Salesforce.com traffic comes through APIs. But APIs are not just for the social Web. According to ProgrammableWeb.com, the number of open APIs being offered publicly over the Internet now exceeds 2000—up from just 32 in 2005. Opening APIs up to outside developers enables many technology start-ups to become platforms, by fostering developer communities tied to their core data or application resources. This translates into new reach (think Twitter’s rapid growth), revenue (think Salesforce.com’s AppExchange) or end user retention (think Facebook).

OAuth puts the user in control of delegating access to an API. This allows one service to integrate with another service on behalf of that user. The same social Web providers who popularized the pattern of exposing an API to enable third-party developers to enrich their platforms were the first ones to apply such delegated authorization mechanisms. OAuth was defined in 2006, to standardize mechanisms of this kind.

Since the early days of computing, developers have struggled to make applications communicate. Specialized protocols, such as COM+, CORBA, and even SOAP, emerged over the years, but none were sufficient to meet the need for scale, simplicity, and cross-language functionality.

APIs are the technology behind this approach. APIs allow developers to create an open architecture for sharing functionality and data between applications. APIs are like windows into an application—a direct conduit that leads straight into the core functionality and data residing in the heart of the app.

Mobility is taking today’s world by storm. By 2017, mobile apps will be downloaded more than 268 billion times, generating revenue of more than $77 billion — making apps one of the most popular computing tools for users across the globe. Understandably, the pressure to deliver diverse apps to external and internal audiences is felt universally across every enterprise.

The best practice for API security architecture is to separate out API implementation and API security into distinct tiers. Under this model, an API developer can focus completely on the application domain, ensuring that each API is well designed and promotes integration between different apps. CA API Gateway provides the API security administrator with complete control over access control, threat detection, confidentiality, integrity and audit across every API the organization publishes.

Mobile technology is revolutionizing the corporate IT landscape. Enterprises want to leverage mobile to maximize employee productivity, efficiency and availability. Meanwhile, employees are already taking the initiative by using their own personal mobile devices for business purposes. For enterprises, the benefits of enterprise mobility and the reality of the “bring-your-own-device” (BYOD) movement are becoming impossible to ignore.

The app, in many digital forms, mobile, cloud and the Internet of Things, has created the opportunity for enterprises to optimize interaction with employees, customers and business partners in fundamentally new ways. Choosing the right digital platform can be the difference between success and failure.

The mobile app has become “the” strategic initiative for all digital organizations attempting to drive business forward. “By 2017, mobile apps will be downloaded more than 268 billion times, generating revenue of more than $77 billion — making apps one of the most popular computing tools for users across the globe.”1 The app has become more than a simple method of communication. It is the new critical point of engagement, the face of the organization, and quite possibly the difference maker in customers staying or leaving. Getting the “user experience” (or UX) right in the eyes of the consumer is no longer a nice to have but fundamental to achieving success.

Across industry sectors, the boundaries of the traditional enterprise are blurring, as organizations open up their on-premise data and application functionality to partner organizations, the Web, mobile apps, smart devices and the cloud. APIs (application programming interfaces) form the foundation of this new open enterprise, allowing enterprises to reuse their existing information assets across organizational boundaries.

In his 1966 book “The Psychology of Science,” American psychologist Abraham Maslow tackled the idea that those in the field of psychology needed to approach treatment from multiple perspectives, to take on new ideas, and not just continue using the same theories and techniques created by Freud and his followers so many years ago. Acknowledging that changing your point of view can be difficult, Maslow wrote “[I]t is tempting, if the only tool you have is a hammer, to treat everything like a nail.” We have all had this experience. We get so used to the way things have been done in the past, we sometimes don’t question the reasons for doing them.

OAuth is an emerging Web standard for authorizing limited access to applications and data. It is designed so that users can grant restricted access to resources they own—such as pictures residing on a site like Flickr or SmugMug—to a third-party client like a photo printing site. In the past, it was common to ask the user to share their username and password with the client, a deceptively simple request masking unacceptable security risk. In contrast to this, OAuth promotes a least privilege model, allowing a user to grant limited access to their applications and data by issuing a token with limited capability.