Computing devices connected to the cloud via APIsWe live in a Web 3.0 era. Cloud computing, mobile devices, enormous bandwidth capacity, and the Semantic Web have ushered in the next age of the WWW. The Web is nearly 10,000 days old now, and the predictions of Kevin Kelly (and others) have come true. The Web is now one, enormous, global computer. Our devices — be them phones, tablets, TVs, watches, glasses, etc. — are all portals into this single supercomputer, known as the Web. In the 9,215 days since the Web was invented, lightning-fast Internet access, widespread adoption of cloud computing, and everyday examples of the Semantic Web like Siri and Google Now have made Web 3.0 a reality. The most impactful change that has happened since Kelly’s Ted talk in 2007, where he predicted our current reality, has been the massive explosion of mobile devices. We were starting to see it then, but not like we are today. We now have devices for our devices! Cisco is predicting that this single, gigantic supercomputer will be made up of over 50 billion connected devices by 2020. It’s no wonder we’re hearing more and more about the Internet of Things (IoT).

The IoT is the part of the Internet that is made up of “uniquely identifiable embedded computing devices,” as Wikipedia states. Just like the World Wide Web runs over the Internet, so does the IoT. Similarly to how the Web is a mesh of computers, so too is the IoT. Like little portholes on a massive cruise ship, the billions of devices in the IoT give us access to exabyte upon exabyte of data. Without data and services, the little computers embedded in thermostats, house keys, baby monitors, trash cans, fire extinguishers, and store shelve are nearly worthless.

For the IoT to be useful, the devices that make up this mesh must be connected to the cloud. The way in which they do this is via APIs. Cloud-based services are the way in which the IoT is connected to data. APIs are the skybridge — IoT on one side, useful information and plentiful data crunching capabilities on the other. APIs make IoT useful, turning limited little things into powerful portals of possibilities.

APIs are Driving the Internet of Things

IDC predicts that the size of the IoT market will reach a whopping 7.1 trillion dollars by 2020. “IoT solutions are at the heart of IDC’s view of the … four pillars — mobility, social business, big data/analytics, and cloud — resulting in millions of applications available to billions of end points,” said Carrie MacGillivry, IDC Vice President of Mobile Services, IoT, and Network Infrastructure. With Cisco projecting that each person in the world at that time will connect 6 devices to the Web, it’s easy to see the market potential. This represents a huge opportunity for entrepreneurs. What’s especially interesting to us is that this market size is actually zero without APIs. APIs are the market enabler, in that the potential usefulness of (and thus demand for) IoT devices would be almost none without APIs.

APIs are the inter-connector which provide the interface between the Internet and the Things. JavaWorld’s Andrew Oliver calls APIs “the glue and interesting part where the Internet of Things starts to become useful and more than a buzzword.” APIs expose the data that enables multiple devices to be combined and connected to solve new and interesting workflows.

Solving Common IoT-related Challenges

As more and more devices are connected to the Net, however, certain recurring problems must be solved. We can either continue to address these over and over again, or we can develop common solutions and frameworks to the everyday challenges introduced by the IoT. An important part of solving these problems is addressed at the API layer. If we can make APIs interoperable, secure, scalable, well-documented, and discoverable, we have come a long way in solving many of the difficulties brought about by the IoT. We also need to find reusable ways of building secure and persistent, real-time communication between these cloud-based services and the little devices running on the IoT.

A good example of a group trying to solve the challenges on both the API- and device-side is the IoT Services and Frameworks project of the Eclipse Foundation. The group says that they “want to provide a set of services and frameworks that application developers can use for building M2M and IoT applications.” Eclipse is providing multiple such frameworks for building IoT Gateways. These open source offerings are useful because “IoT Gateways help manage the interaction between sensors and actuators, and the enteprise [sic] and cloud services. Implementing these types of gateways requires specialized knowledge in communication protocols, device management, software update, and hardware configurations,” writes the Eclipse group on their homepage. Rather than building such gateways over and over again, the Elipse Foundation believes it is better to create common, reusable IoT software like their incubator projects, Kura and Mihini.

The EU’s Internet of Things Architecture (IoT-A) is another example of the way in which we can solve common IoT-related challenges. The collaboration between the EU and various software vendors has produced a standard architectural design and starter-kit for ensuring interoperability between different devices. This architectural reference model is a scalable and secure solution intended to guide the design of protocols, interfaces and algorithms necessary to scale the IoT. The group identified similarities across different domains, systems, and application areas, and then designed the candidate architecture to suite all of these. This common framework will hopefully lead to increased collaboration and innovation.

Overcoming the Security Risks of the IoT

One impediment to this invention and newness is security. Besides interoperability, security is the biggest challenge to the success and acceptance of the IoT. Researchers at the University of Michigan recently showed how networked traffic lights are vulnerable to cyber attacks; hackers breached Internet-enabled baby monitors, harassing parents and young children; and U.S. Senator, Brian Schatz, sited a recent study that found 70% of all IoT devices are vulnerable to cyber attacks. As the IoT grows to include devices designed to safeguard life (e.g., baby monitors, car brakes, and traffic lights), insecurity becomes an untenable risk.

IETF, the standards body behind many of the Internet protocols we use every day, says in an information note that “the Internet and the IoT domain still do not fit together easily. This is mainly due to the fact that IoT security solutions are often tailored to the specific scenario requirements without considering interoperability with Internet protocols. On the other hand, the direct use of existing Internet security protocols in the IoT might lead to inefficient or insecure operation.” When the group analyzed the threats and vulnerabilities facing the IoT, they identified a large set of scary issues. With an extensive list of dangers facing all-IP networks of things, it is clear that this is a major obstacle to the growth of the IoT. The IETF presented a number of security profiles and next steps in defining security standards that will help us overcome these issues.

The IoT API Platform Play

Overcoming the challenges presented by the IoT is hard. There’s lot of protocols to know, computer engineering to do, odd legacy systems to deal with, and a bunch of bit twiddling. Providing an API that achieves critical mass is also really hard. There are additional protocols to learn, a different set of requirements to satisfy, and you will be coding at a much higher level. The differences are so great that you’ll essentially need two different teams — the IoT and Web API teams — complete with developers, testers, product owners, marketers, sales people, etc. Acquiring all this talent in house is one way to go, but there are other strategies.

A leaner approach would be to provide the very best IoT solution or the greatest API platform. Then, partner with others who have chosen the other alternative. Choose the former if your company is specialized in embedded programming, computer engineering, and has expertise and business opportunities in the IoT space. Use something like Eclipse’s IoT framework to provide a gateway service to your customers. Let them consume this rudimentary API, so they can incorporate it into their platform.

If you have expertise in building scalable Web applications but not computer engineering, take the API platform route. This is the harder of the two options, but it also has the biggest reward if you’re successful. In this strategy, you will need to balance a two-sided market. On the one hand, you’ll have a bunch of IoT companies and, on the other, you’ll have people who want to use those devices.

Visualisation of an API platform ecosystem

As a platform, you would add value on top of the IoT device suppliers and deliver that via an API. Additional value could include things like:

  • Searchability across multiple IoT device suppliers
  • A well-designed and documented API that is easier and cheaper to integrate
  • Valuable computations calculated using device data
  • Visualizations that span various IoT gateways

Examples of companies that have built API platforms around devices include Twilio, 46Elks, and Evercam. These API platform pioneers are standing in front of service providers that are exposing SMS capabilities and Closed Circuit TV (CCTV). This strategy is also being employed by various energy companies. They are working with various device manufacturers who have developed smart bulbs, plugs, meters, etc. and are exposing these as APIs. This API platform play is a greener business strategy for energy companies; some of them are seeing that the IoT, their brand strength, and customer bases put them in a great position to capitalize on the opportunities that smart cities present. This opportunity isn’t reserved for very large multinational energy companies, however. Twilio started small, and look at them now!


We are now using version 3 of the Web. In the 25 years since its inception, the Web has grown into a single, supercomputer. The billions of devices that are connected to it are peripherals that give us access to its extraordinary capabilities. With its unfathomable amounts of memory, CPU power, and hard drive space, we can use it to do things that were unimaginable a generation ago. Leveraging it to perform tasks and automate workflows now involves many different devices.

These devices are getting smaller and are being embedded into everything. This Web of things is presenting entrepreneurs with immense opportunities. To capitalize on this prospect, you must expose these devices via APIs. Using frameworks, patterns, and best practices that are being developed by open source groups, software vendors, and governments alike, the IoT is becoming more and more of a reality every day. As these reusable solutions take shape and the security and interoperability challenges are overcome, the next era of the Web will unfold. Opportunistic organizations have a chance right now to get out ahead.

The primary opportunities that are at hand are as an IoT gateway provider, an API platform, or both. The later is beyond hard, and something you should only grow into. The first two are the more feasible possibilities. The first — becoming an IoT gateway provider — is a good option if you have computer engineering and manufacturing capabilities. If you don’t, becoming an API platform in the best choice. This option also isn’t easy, and will require you to bring together two different markets in order to reach critical mass.

So, you tell us — What opportunities does the IoT present? What other frameworks exist for building IoT gateways? How else are APIs driving the Internet of Things? Who is creating awesome APIs for the IoT? Leave a comment here or let us know on Twitter or Facebook.

Jennifer Riggins

About Jennifer Riggins

Jennifer, as a marketer and writer, helps individuals and small businesses develop their vision and brand, turning it into an actionable, profitable future. She especially loves working with start-ups, SaaS and Spain-based innovators.

About Travis Spencer

Founder & CEO of Twobo Technologies and a co-founder of Nordic APIs. An American living in Sweden and specializing in API security.