October 5, 2016
4 min read time

IoT’s Achilles heel: API call performance

Our CEO, Lars Larsson, recently contributed an article to Internet of Business, about APIs, essentially the glue that binds connected software applications together. His article addresses the Achilles' heel of IoT development: API call performance. While most companies haven't yet experienced a disaster as a result of ignoring API call performance, the horizon looks filled with not-too-distant performance implosions. Now is the time to secure scalable performance and faster-than-needed throughput for API management - not when it is already too late. 

The full article as it originally appeared on 30 September 2016 on Internet of Business follows, published with their kind permission:

When the mythical Greek character Achilles was a baby, it was foretold that he would die young. To make him invulnerable, his mother Thetis dipped him into the river Styx, holding on to his heel. In spite of his mighty strength, Achilles was killed in Troy by an arrow wound to his heel – the one place he was unprotected. There is a lesson here for technologists and business-folk alike when considering how we build the Internet of Things (IoT).

API management

When API Management tools were born more than 15 years ago, IoT was as distant as baby Achilles was from the Trojan Wars.  Fast forward to 2016 and APIs have become the glue that connects “Things” to the Internet. Companies access (or give access to) these things and the data they generate – both of which are growing at an astounding rate. IDC forecasts the installed base of IoT units to grow at a 17.5% CAGR over the forecast period to 28.1 billion in 2020.

Any organization looking for a secure and scalable environment in which to oversee and manage IoT processes needs API management tools. Most include basics such as security, auditing, logging, monitoring, throttling, metering and caching; others have a lot more bells and whistles.

Most API tools, however, overlook one critical factor: API call performance – the Achilles heel that can potentially kill an IoT implementation. When these tools first came to market they had very little to do as there were few APIs and even fewer connected devices out there. The numbers of API calls were often measured in hours.

You can’t afford to overlook API performance

Since then open source big data technologies have made storage available even to small businesses, and sensors can be placed on all manner of devices. Companies open up their platform to monetise their data. These all make APIs much busier, yet performance has only increased in baby-steps to a standard rate of about 200 calls per second.

This shortcoming in performance is overlooked in much the same way as Achilles’ heel was when he was bathed in the Styx. Most vendors quantify API call rates in days, not seconds. You might think 10 million API calls per day doesn’t sound too bad, but this only translates into a paltry 115 API calls per second. And this refers to peak, not steady-state traffic.

Before its time

Another reason why API call performance is overlooked is because the market has not yet arrived. The situation is comparable to the evolution of websites since the nineties. At first, websites had few objects and visitors so performance and scalability mattered less. This has changed dramatically over the last decade. Today increasingly impatient visitors penalise slow websites by leaving, some of whom never return. Ten years ago, Amazon discovered during A/B tests that every 100ms of latency cost them one percent in sales. If anything people have become more impatient over the last 10 years, therefore companies whose websites are just slightly faster will gain an advantage.

The same is about to happen in the IoT world. Two hundred API calls per second is already on longer fast enough for some companies – especially during peak traffic – and they can only scale by adding more costly hardware. It’s becoming apparent that IoT businesses and use cases in particular require much higher throughput than the standard rate.

IoT API call disasters

If the API management tool isn’t built for performance, it will slow down once the limit of a certain number of API calls is reached. For the IoT predictive maintenance or risk prevention use cases, where real-time is critical, the consequences could be disastrous. Devices with short lifecycles also require more API calls as they need to be updated frequently.

The Trojan Wars raged on for years. In a similar manner the proliferation of APIs and the importance of the API economy will go on for the foreseeable future. As it grows, so will the number of API calls to devices. Exceeding the API call limit will slow down services and result in bad user experiences.

To ensure your IoT baby doesn’t suffer the same fate as Achilles, I encourage you to evaluate your API management tool to ensure that performance for both peak and steady traffic is a top consideration and doesn’t risk cause your downfall in the future.

A final polish

Varnish Plus and Varnish API Engine are the common denominators among the world’s most popular websites and brands such as the New York Times, Vimeo, Tesco, Nikon and Tesla.

Learn more about how the Varnish API Engine can help you stay ahead of API traffic demands and ensure your readiness for the coming IoT revolution.

Read the API Engine white paper

Photo (c) 2010 William Warby used under Creative Commons license.