Understanding API management for mobile app security
By Darin_Pendergraft_Oracle on May 29, 2013
Earlier this month I heard a customer talk about his experience with a recent Oracle API Gateway (OAG) implementation. OAG sits between your back end systems and your mobile applications to monitor and manage the messages that flow back and forth. One of the key functions of OAG is it's ability to transform SOAP messages into other protocols, such as REST and JSON which are optimized for mobile applications. This means you can expose business systems and data with a minimum amount of coding - and therefore create mobile apps very quickly.
After listening to his presentation, I asked him, to identify some key points about OAG. Here is what he said:
- Time to market – I would suggest that you could deliver solutions faster because you could leverage existing software assets. In fact, delivering it fast but SECURE is the benefit. Sometimes, they are separate but I think it’s worth noting.
- New platform – New web paradigms such as web 2.0 (REST/JSON) can be tapped and be built on existing legacy solutions.
- Paradigm shift – The security layer just isn’t about security anymore. The presentation layer has shifted to client deployment so the security layer is now the business layer. It’s more of an integration layer for UI and Non-UI scenarios. I’m actually more a desktop developer so it’s old hat to me. It’ll be new for a lot web developers.
- Thin air – You can make a service or application out of thin air. This is against traditional coding styles but when you consider the value proposition, it’s hard to argue.
He was careful to point out, that OAG won't remove all coding tasks, and in fact he said that if you have a strong coding team, the end result would be event better.
Follow the link below to read more about OAG.