Every IBM i Shop Must Have An API Integration Strategy


The API economy is rapidly transforming the way business is being done as well as the way modern applications are built. Over the last few months, I have seen a marked increase in the number of calls we receive from IBM i users who tell us that their business partners and customers are demanding that they interact using APIs. To meet that demand, they must be able to consume APIs made available by their partners and provide APIs to their IBM i applications for others to use. At the same time, we hear from IBM i users who are looking to accelerate application development by integrating Open Source modules and enhanced capabilities into their RPG and COBOL applications via APIs.

Fortunately, a well-planned API strategy can meet both needs. Because APIs are meant to be universal connectors, they can allow you to use the same APIs to open up communications with partners and customers that you would use to add Open Source modules to your applications. Your strategy must cover performance requirements, security initiatives and technology choices.



Performance is important because to compete in today’s high speed business environment, you must be able to do business at the speed of machine-to-machine communications. Many companies will not even allow you to participate in their supply chain if you cannot support API communications. One of our transportation company customers told us that they get over one million requests for rate quotes every day. If they don’t respond quickly, their potential customers will just go elsewhere. They obviously couldn’t support that load if every quote had to be handled by a human being.

Performance is also important if you plan to take advantage of the power of open source in your applications. Using open source allows you to integrate prebuilt, often free components into your system. However, if you do that, it is critical that the call and response with the Open Source code is extremely fast and does not slow down your business processes. We worked with a customer who needed to call out to Google Maps for latitude and longitude information in the middle of an RPG process. By focusing on high performance APIs, they were able to successfully simulate 250,000 simultaneous API calls to that system with sub-second response time.



According to Gartner Group, by 2022 APIs will become the leading target for attacks on systems by malicious actors. It is critical that you ensure that all connections to your APIs are secure. You need to know who is accessing the API and specifically what they are authorized to do. Too many IBM i users currently rely on sending IBM i credentials on every API call using Basic Authentication. Basic Authentication is being deprecated by most of the major API providers because of the security flaws it exposes. IBM i users should be looking at encrypted token based security systems like JSON Web Tokens (JWTs) and third party authentication methods like OAuth (see our security webinar for more info on API security). You can even add multifactor authentication to your security safeguards.



When working with APIs that are connecting disparate applications, languages and platforms, you want to make sure you are using the right tools for the job. Every time I write a blog post about this, I get a response saying that you can do everything in RPG. And that is true. However, the question is: Should you do everything in RPG? Steve Will, the Chief Architect of IBM i in Rochester says that the future of application development on the IBM i is blended strategy. Use RPG/COBOL/CL/DB2 for your core business processing and use other languages for things like web services, Internet of Things connections, mobile and web interfaces because then you are using the right tool for each job.

For example, JavaScript is purpose built for web services. The common message format for web services is JSON which stands for JavaScript Object Notation. Since JSON is a JavaScript object, using JavaScript for web services dramatically simplifies message processing. In addition, many companies like Amazon, Shopify, UPS, FedEx and other companies who provide APIs write much of the code necessary to access their APIs for you. They do that in SDKs (Software Development Kits) using languages like JavaScript, Python and Java. They don’t typically provide SDKs in RPG. Using the SDKs can save you from building and maintaining thousands of lines of API code.

Performance, Security and Technology are just a few of the things to think about when planning your API strategy. If you are anxious to take advantage of the power and promise of APIs but are unsure how to get started or if you are looking to optimize the value of the APIs you have already built, check out our upcoming webinar on planning your API strategy. We will share real world use cases to highlight the best strategies for successfully implementing APIs in an IBM i environment.

Get the latest Eradani Blog posts sent to your email.