Cloud APIs are emerging as a successful means of making cloud-based data centre resources and applications available to an array of web-connected devices in a flexible and cost-effective way.

Furthermore, IT organisations are increasingly adopting cloud APIs (Application Programming Interfaces) as a way of moving forward with their existing SOA (Service Oriented Architecture) and Web 2.0-based architectures. However, cloud API standards and technologies are still emerging, which means there is currently no standard way of creating or managing the way cloud resources get accessed by the end user.

Cloud APIs v SOA and Web 2.0

Fundamentally, cloud APIs have a different function to both SOA/ESB (Enterprise Service Bus) - which focuses on the enterprise’s software infrastructure (and has traditionally been delivered through monolithic, one-off application development) - and Web 2.0 - which connects the browser to back-end processes and applications and offers interactivity to the user.

The difference is that the cloud API’s speciality is to make cloud resources available to the end user via a web-based interface, offering application developers far more flexibility than the SOA/ESB approach, and enterprises themselves more flexibility in how they interact with their IT service providers, whether it’s Salesforce, Google or a private cloud provider.

The resources that cloud API’s make available come under three categories: infrastructure, services, and applications, and there are specific APIs for each.

Infrastructure APIs give access to resources such as virtual machines (VMs), providing the ability to provision, create, move and delete VM components, as well as configuring settings for security and networks, among other things. The term commonly used for these APIs is Infrastructure-as-a-Service (IaaS).

Service APIs, on the other hand, expose specific capabilities such as e-commerce, storage, databases messaging and mapping, and these services are commonly referred to as Platform-as-a-Service (PaaS). Google Search could perhaps be considered a PaaS.

As for Application APIs, similarly to Web 2.0, these provide the means to extend applications to the web, for programs such as CRM, ERP, social media and helpdesk, with these applications being delivered as Software-as-a-Service (SaaS). Salesforce is an example of SaaS, though there are countless others.

Cloud API pros and cons

The de facto public cloud API standard is the Amazon EC2 Web Services API, used by millions of organisations to provision servers and infrastructure services from Amazon, says Ivan Casanova, senior director, product marketing for TIBCO Software, which provides both SOA and cloud APIs.

Casanova explains that for managed and cloud service providers. “cloud APIs are the equivalent of e-commerce store fronts, but in a B2B context. Providers host the APIs and they enable users and subscribers to use the service that the API provides,” he said.

“What makes cloud APIs fundamentally different from Web 2.0 and SOA is that they are business-focused commercial gateways for pay-for-use services. Amazon charges a few cents per hour to use a server and the cash register is gated by the Amazon APIs - SOA and Web 2.0 are technologies - cloud APIs are business models,” he added.

For enterprises and service providers alike, the technical benefits of cloud APIs are similar to SOA because they offer abstraction and granularity, says Casanova. "This means that you can hide a lot of complexity behind the API - lots of computers to crunch numbers, lots of different software services to solve complex problems - using cloud APIs provides the same kind of abstraction that you find in SOA.”

He added: “Security is not a significant challenge for cloud APIs, as you can secure APIs with authentication, etc, and this is a pretty well-understood discipline. The hard part is scale. What happens when your service gets overrun, how do you enable your users to modulate usage, how do you scale the service?”

“Another big issue is backwards-compatibility; when users start using your service, the API becomes a binding technical contract between user and provider. If you want to change - moving the whole ecosystem lock-step to a new API can be a challenge.”

Mac Scott, associate director of KPMG CIO Advisory, thinks the benefits of cloud APIs include the fact that they offer clear boundaries, they’re non-ambiguous, are testable and reliable. “Having defined boundaries allows organisations to take functionality and data from a number of third-party systems and, using the APIs provided, build new functionality and interfaces which add value to existing systems.”

He added that the main downside is that once an API becomes mass-market, it also becomes more and more difficult to change. “I’m sure there are aspects of the Windows API that Microsoft would love to change, but backwards-compatibility becomes more of a problem as systems gain market share.”

Scott says these issues often only arise after the API becomes successful and wide scale, when the originators recognise some of the past flaws or potential improvements. “By that stage it’s too late to change without significant impact on API developers and users.”

Also, APIs can give the illusion of a well-designed platform sitting beneath the application, says Scott. API users need to try and establish whether the API is simply an embellishing tool for an old (and potentially poorly-performing) platform, or whether the platform has been designed with an API-based approach in mind from the start.

Emerging cloud APIs

Cloud APIs are still emerging, as cloud adoption matures, and many IT leaders are currently evaluating different standards and technologies.

Among these are REST (Representational State Transfer), SOAP (Simple Object Access Protocol), XML, JSON and JavaScript, which are already popular technologies for creating Web 2.0 apps, such as mashups, social networks, blogs and wikis.

Alongside these ‘open APIs’ are a number of vendor-specific and cross-platform cloud APIs, which tend to be more suitable for IaaS functions (such as provisioning VMs and accessing virtualised IT infrastructure resources).

These include VMware’s vCloud API for provisioning and managing applications running in private, public and hybrid clouds; and Oracle Cloud API (based on the Sun Cloud API), also for public and private clouds.

Then there is Red Hat’s Deltacloud API, a set of open APIs that can be used to move cloud workloads between different private and public cloud providers – a function that many cloud-using enterprises are looking for. The Rackspace Cloud API is another vendor technology, but it has now been open-sourced, and included as part of Rackspace’s OpenStack cloud operating system.

Open Standards

All of these vendors are in favour of creating cloud standards to facilitate interoperability between different clouds, and are working with bodies such as the Distributed Management Task Force (DMTF), the Open Cloud Consortium (OCC) and the Cloud Security Alliance (CSA).

Commentators say there is a big need for a single open API for cloud, moving forward. Bill Claybrook, president of analyst firm, New River Marketing Research, says many IT professionals fear that a lack of cloud computing standards could ‘lock them in’ to a particular cloud provider, or mean they can’t move VMs and data from one cloud to another.

Claybrook adds that users want a cloud API that’s like TCP/IP, the networking API, and is implemented in all cloud products and services and promotes transparent interoperability. “This would increase the confidence of prospective public cloud adopters, as they’d be able to leave their providers whenever they want. It would also eliminate the belief that it’s easy to get into the cloud but difficult to get out.”


Hosting company Memset is about to release a cloud API for its cloud portfolio. Memset’s development manager, Juan J. Martinez, points out that cloud architects are divided on which technology to use for their cloud API, and it ultimately depends on their definition of a cloud.

“Preconceived assumptions of what cloud is play an important role in the implementation of the APIs from a provider perspective. Would you use a SOAP-based API for your cloud? It is an important decision because SOAP is closely associated with enterprises, but it also has the stigma of SOA's failure,” says Martinez.

He adds that there is a rising trend in Web 2.0 development to use browser-based JavaScript and REST-based APIs, with the latter proving to be highly reliable tools for building web applications. REST interfaces are also easier to design and implement than SOAP ones, experts say.

This Java/REST approach could benefit Cloud APIs, says Martinez. An alternative to a well-defined combination of XML and SOAP could be “a RESTful JSON-based API”, he says. (Experts explain that JSON is designed for use with JavaScript, and is a lot simpler than XML. Browsers can consume larger amounts of JSON code more efficiently than XML; and the latest browsers provide native, safe support for encoding and decoding JSON.)

As a case in point, in 2009, Google made this very move away from SOAP and towards REST/JSON for its ubiquitous Search tool. As for Amazon’s S3 (Simple Storage Service) cloud-based storage service, the vendor provides both a REST-type API and a SOAP API, to keep both camps happy.

In summary, cloud APIs are emerging as a flexible and effective way to access and manage cloud resources, with enterprises, service providers and software vendors all developing their own APIs. As for the standards and technologies, that’s down to personal choice.