CXO Challenge

CXO Challenge is a landmark study into the strategies and tools Australian organisations are employing to meet the needs of the digital consumer.

Below we profile the country's most influential technology and business executives and discuss disruptive innovation across key sectors of the Australian economy.

APIs: rivets for the composable enterprise

Expanding a savvy CIO's toolbox.

David Braue   |   June 25, 2015

Expanding a savvy CIO's toolbox.

The challenge of application integration has been a bugbear in computing modernisation for decades.

It defined the client/server revolution in the 1990s and drove explosive growth in any-to-any middleware - which then became a millstone for ERP overhauls - as integration of incompatible business systems single-handedly drove innumerable cost and schedule blowouts.

Web services protocols such as SOAP (Simple Object Access Protocol) – driven as they were by catalogues of defined application programming interfaces (APIs) – offered a workable solution, yet they also worked best with bespoke services rather than those built around legacy systems.

It is only in this decade, with web-based applications now well established and new cloud-based alternatives built from the ground up as web services, that the benefits of API-driven application architectures are shaping massive functional overhauls for some of Australia's largest enterprises.

No longer must systems be built from the ground up and maintained, updated and replaced by in-house teams that could lose key staff at any time.

Instead, the construction of API-based applications is driving the creation of services that are both better documented and intrinsically easier to modify to suit changing business requirements.

Lingua franca for the cloud

At a very high level, an API is simply a collection of application routines with a carefully specified set of methods for inputting and outputting data to those methods. 

APIs are typically well documented to explain the functions they offer and define the way requests are structured for them to work correctly.

They have played a role in bespoke software development for some time, allowing developers to add capabilities quickly to their software without having to build it from scratch.

With the rise of web services and cloud, the scope of APIs has become much broader: one web application might, for example, use an API to send a street address to a geospatial lookup service.

The response might variously consist of the name of the person or company at that address, a street-level image of the premises, a measure of its elevation, or its Australian Statistical Geography Standard (ASGS) details.

In this context, the API becomes the broker of information exchange between systems that might otherwise never know how to communicate.

Just as the adoption of Latin as the lingua franca of the ancient world enabled unprecedented cross-cultural trade and communications, the broad use of APIs has become a fundamental building block of the cloud-computing economy.

APIs are, for example, regularly used by e-commerce sites to process credit card transactions, which are sent for approval to a card issuer that returns an approval code based on its internal processing.

Social media services like Twitter and Facebook also rely heavily on APIs to allow access to their services from other sites, or from client applications running on desktop computers and mobile devices.

The Dick Smith experience

When Dick Smith CIO Paul Keen took up the reins of the then-struggling retailer in 2013, he found some pointy challenges awaiting him.

The nationwide retail business was still running on IBM AS/400 midrange servers that had been architected well before concepts like cloud or even internet were on the radar.

Keen and his team embarked on a complicated planning process, aware that the future of the company depended on its ability to provide a flexible online retail environment.

Over a process of months, Keen's team designed and built a software wrapper that encapsulated AS/400 key functions – translating data requests from external applications into commands the system could understand.

Its output was similarly processed to meet the requirements of external services, allowing them to interface with Dick Smith's core retail system as though it had been designed yesterday.

That system has subsequently supported a turnaround at the company, which has grown since it went public in late 2013.

Seamless interfaces to the system have made it easier for third parties to access current inventory information, enabling business initiatives such as a partnership with David Jones and integration with online merchants eBay and Catch Of The Day.

A new click and collect initiative - which lets users shop from home but pick up goods at a nearby Dick Smith outlet - was designed and implemented across 400 stores in just six weeks. 

Despite its modern user interface, click and collect ultimately triggers retail sales events in that very same AS/400 system.

“Legacy systems are easy to dismiss, but they're the gold of the organisation if you do the right thing by them,” Keen told iTnews' CXO Challenge.

“They only turn bad because people don't upgrade them, get scared about rolling out patches, and don't know how to deploy new code. If you keep them active, they can be great.”

The facilitator for this shot in the arm is the use of application programming interfaces (APIs). 

Empowered by growing innovation from cloud services, APIs have become the trigger for a reinvention of the way businesses execute critical functions to take advantage of modern online services.

Read on to find out how Australia Post freed its APIs to modernise its approach

The API Post-er child

Australia Post has been one of the biggest proponents of the API-driven enterprise, building up a massive catalogue of the code in recent years as it worked to slim down its conventional operations and reshape many of its core services as online information systems.

CIO Andrew Walduck is looking particularly closely at how re-using this code can give the organisation a web presence beyond its own e-commerce real-estate.

“I’m sure the technology vendors may disagree, but my theory is we don’t need any more technology. We have all the technology we need to create the next generation of services for our customers," he told iTnews as part of the CXO Challenge

“What we need to do is to rethink how we team and collaborate with other organisations to serve our customers."

AusPost now counts five externally available APIs that can be picked up by the e-commerce providers that drive volumes to its parcel business, having now added a delivery tracking widget and an automated address label generator to the publicly available suite.

Some have already been adopted by online shopping behemoth eBay, which has embedded the postage price calculator into it shopping cart.

“We want our products and services to be part of wherever our customers choose to do transactions,” Walduck said.

“Our digital strategy is about making our capabilities available to be integrated into the digital offerings of other organisations. That involves us modularising the capabilities we’ve got for consumption by others.”

Payment handling, electronic banking, payment transfers and other services are all internally managed by systems that are linked using a broad range of APIs that then go on to connect with AusPost's 26,000-device, $71 million delivery tracking service.

This is part of life in the new world. Walduck says such issues reflect the ongoing challenges of the push to turn monolithic organisations into flexible, customer-driven service providers.

“I hate technology for technology's sake,” he said.

"As an industry we haven't always done ourselves a lot of favours when it comes to talking about the explicit value you get from [technology].

"But we have completely redefined who the customer is – and it's an immensely exciting time as an industry to change the discussion we can have about our enterprise. But it really involves a lot of internal change to get there.”

The composable enterprise

The promise of API-driven architectural reinvention is growing every week as vendors find new ways to shift data-processing functions into the cloud.

Contact centre vendor Genesys, for example, recently extended its service to integrate seamlessly with Microsoft's Skype for Business product by writing part of its code to Microsoft's Unified Communication Managed API.

Online analytics vendor Qlik, for its part, offers APIs that allow web pages to incorporate its high-end analytics features.

Similarly, the development of APIs into the Dick Smith AS/400 system allowed Paul Keen's team to direct the AS/400 data feed to Amazon's Redshift service, a massively parallel data warehouse whose own APIs are now being used to manage the company's financials, inventory data, and more.

“The way we've been modernising our systems is to take functionality that existed in the AS/400 and select a best of breed solution to which we can integrate," Keen said.

"For example, rather than reporting using the AS/400 module we export that information through APIs into Redshift, where we can add an awful lot of CPUs for a low price as well as supplementing our data with online ratings, user reviews, and whatnot. Because it's in the cloud, it's closer to the customer.”

Over time, the burgeoning capabilities of cloud-hosted services are going to simplify the way organisations access best-of-breed solutions in the cloud.

Where they previously had to install and maintain such solutions on their own premises, leading-edge capabilities in areas like human resources, recruitment and financial processing become as easy to access as writing a few lines of code.

“APIs are clearly becoming a dominant part of the conversation when it comes to cloud computing,” Gartner's APAC research director Darryl Carlton said.

“It's breaking apart the monolithic ERP single-point solution into components.

“As soon as you do that, each of these applications have to be able to talk to each other in a convenient manner – and the only way to achieve that is by having common and consistent APIs. As you are no longer specifying the format of the data going between applications, you've got to conform to standard APIs.

"This is making it increasingly important for organisations to standardise, effectively, on open standards rather than proprietary standards.”

Victoria's La Trobe University recently took a big step in this direction.

It embraced SAP's cloud-based S/4HANA platform as a core element of a future IT infrastructure that will ultimately see the university's top 30 systems revisited and, through the extensive use of APIs that link various core systems with S/4HANA and each other, streamlined to boost operational speed for the future.

This approach will see greater leveraging of back-end systems to facilitate the development of a new services-based environment that's being designed to meet specific administrative and educational requirements for its 36,000 students.

La Trobe is just months into the first step of this process, which saw it integrate S/4HANA's cloud-based Simple Finance application into its existing environment.

The university will eventually move all its back-end systems into the cloud in this way, CIO Peter Nikoletatos said, and effective API management will be critical to making it all work in the long term.

“To me, the APIs are actually what's enhancing the ecosystem,” Nikoletatos told iTnews.

“The database is at the core of the ecosystem, but that ecosystem can be anything you want to bring into it.

“We've taken the opportunity to simplify our business processes. We've been looking at enterprise architecture mappings and how we are moving data around the place, and what APIs we would need to make this happen.

"It's game-changing, and it's really because of the speed at which all of this is happening.”

Open to the future

When used correctly, APIs not only break down the barriers between on-premise and SaaS applications, they can also become a catalyst for change both in the application environment and in terms of the burden on internal IT and development teams.

By using APIs to bring in external services rather than running them internally, IT teams can access cutting-edge functionality they might never have had the ability to integrate themselves.

Deployment of new technologies is not limited to those with the deep technical knowledge in the relevant area. Newer service suppliers can be swapped in for existing services simply by changing the APIs used to feed them data.

Areas such as user authentication and security are likely to become key drivers for reinvention since even outsourcing a simple credit card processing capability can alleviate the not-insignificant burden of PCI DSS compliance.

Facebook, Twitter and other services already offer APIs delivering their social media capabilities as a form of outsourced user login management. 

The shift to an API-based infrastructure also offers enterprises a way to protect their own data: by forcing all external data requests to come through a single gateway, businesses can more easily enforce access control rules that might, for example, prevent a competitor from exploiting the APIs to access live inventory and pricing information.

Yet the process is not without its complexity.

IT teams not only have to be educated in the services that are available and the APIs they offer, but need to keep track of the new architecture and the impact of telecommunications, downtime, periods of high demand and other issues that can impact overall service delivery.

Once key services are run by third parties but relied upon for the business to function, it's critical that the availability of APIs is monitored and any outages acted upon immediately.

“There are lots of different SaaS services we can leverage faster,” Dick Smith's Keen said.

“And there are so many interfaces now that our core competency is now less about building applications, and more about moving data very quickly and reliably between systems.

"But whatever you build, you need to monitor: knowing when that's not working is absolutely mandatory. If we can spot problems as soon as they happen, we can fix them before the customer ever notices.”

Multi page

More from the CXO Challenge

Vijay Solanki - Southern Cross Austereo

Australia's digital crescendo


Karen Wagner - Cardno

Tech SWAT teams kicking down the digital door


Carole Tokody - Cover-More Group

When does an insurance company turn into a software vendor?