Modernize Your IBM i Using Other People’s Code

September 8, 2021 Daniel Magid

IBM i users are moving their applications to the leading edge quickly by connecting their RPG and COBOL code to the exploding number of publicly available APIs. In just the last few months here at Eradani, we have worked with customers who are providing the latest in shopping experiences by connecting their applications to Shopify, Wix, and Amazon. We have helped customers automate logistics and provide real time shipping information using APIs from UPS, USPS, Project44, Shipengine, and many others. Some of our finance industry companies are using APIs to get vehicle information and property information for loan documents and insurance.

The use cases are practically endless. IBM i users truly have the opportunity to dramatically modernize their applications in very short time by taking advantage of these APIs.

APIs can not only help you find new channels for revenue, they can also significantly reduce manual labor and operational costs. We had one customer tell us that using just one Amazon API, they were able to reduce the time it took them to perform a regular reconciliation process from 1.5 days to 5 seconds. In a great use case for IBM i developers, another customer of ours used APIs to connect their IBM i software change management system to Jira in the Cloud so they could see all their programming activity (checkouts, promotions, deployments, etc.) right from within their Jira tickets.

A list of IBM i objects and their current location in the development lifecycle appears in the middle of this Jira ticket. At the bottom is the history of all IBM i change management activity.

Easily Finding The Right APIs

If you are thinking of modernizing or adding new capabilities to your IBM i application, you might want to first ask: “Has anyone already written this?” A quick Google search can often tell you whether there is an API available to access the capability you need. For example, we have had customers find APIs that:

Allow them to easily send text messages to any phone number right from their IBM i (Twillio)
Verify addresses to ensure they have valid addresses in their database (UPS, USPS…)
Get latitude and longitude information from an address
Provide real time quotes and current shipment tracking (Project44, Shipengine, UPS, USPS, and many other transportation providers)
Provide vehicle information from scanned or entered VIN numbers
Provide insurance quotes
And many, many other capabilities

A simple web search can quickly tell you if there are publicly available APIs that you can use to enhance your IBM i functions. For example, just search on latitude and longitude APIs and you will find the Google Maps platform with a wide variety of tools for building APIs that get latitude and longitude for an address (or vice versa), calculate distances and identify fastest routes.

Advanced eCommerce And The IBM i

One of the fastest growing use cases we’ve seen are customers who want to provide a leading-edge shopping and order entry process for their customers. You no longer have to build your own ecommerce site to do that. With APIs, you can use providers like Amazon, Shopify, Magento, Wix, and others to provide you with all the latest in ecommerce capabilities.

In the finance industry, we have insurance customers that provide real time quotes from their IBM i’s via APIs and real estate customers and mortgage companies who use those quotes in their sales and loan servicing efforts.

Once you find APIs that will help you enhance your application, you need to review the requirements for using them. Most APIs will have authentication, Cipher suite and data formatting requirements. The good news is that many of these API providers have SDKs (Software Development Kits) in which they have already built much of the code you will need to talk to their APIs. These SDKs often have the authentication, data transformation, and error handling code you need to appropriately use the APIs. Once again, you can do a quick Google search to see if there is an SDK for the APIs you want to use.

Amazon strongly recommends you use its Software Development Kits (SDKs) when accessing its APIs. These SDKs can save you months of coding. And, since Amazon APIs are updated on a regular basis, they save you from significant maintenance headaches.

One thing that you will find is that most of these SDKs are provided in JavaScript, Java, or Python. They are not written in RPG. This is a good reason to look at using JavaScript for your IBM i API calls. If you call the APIs directly from RPG, you will have to write all the code yourself.

At Eradani, we have simplified API calls by including vendor SDKs in our predefined templates and providing an easy way to call that code right from RPG, COBOL, or CL. Eradani Connect will handle the process of translating from your programs to the web service call. Eradani Connect will then execute the web service call for you using the vendor’s SDK.

Tight API Security

Anytime you are connecting to an API, you must pay close attention to security requirements. Most public API providers have specific authentication methods and security protocols they will support. This has been an issue for many IBM i users because they are still using Basic Authentication and most providers have ended support for Basic Authentication because of its security vulnerabilities.

With Basic Authentication you are sending a user ID and password along with every API request. Unfortunately, every time you send a user ID and password over the wire there is the chance they will be discovered. To compound the problem, many users are encoding the credentials using 64-bit encoding rather than encrypting them. Anyone who knows the 64-bit encoding algorithm (it is publicly available) can decode these credentials.

Most API vendors and tool providers are deprecating support for Basic Authentication and requiring the use of more secure authentication methods.

Most API providers expect that you will be using JWTs (JSON Web Tokens) for authentication. With JWTs, the user id and password are sent once. The user is then given an encrypted token. From then on, the only thing sent up and down the line is the token. So, even if someone could intercept the communication, all they would get would be an unreadable string of characters. You can set timeouts for the JWTs so the user will be required to reauthenticate on a schedule you set.

In addition to using JWTs, many API providers will insist you get your identity validated by a trusted third party (for example, Facebook or Google). This is the basis of frameworks like OAuth for authentication. With OAuth, you are never sending a credential directly to the provider. Instead, you are verifying your identity with the trusted third party. The third party then provides you with a token and notifies the provider that the token is valid. Your communication with the provider is always done with these third-party tokens.

Websites like Trello use OAuth frameworks to provide for third-party authentication and sign on.

Fortunately, there are open source modules available that you can use to set up OAuth (and other frameworks) for authentication. If you are using open source for your calls, integrating these modules into your code is a simple process. (It would be very difficult to build and maintain an RPG version of OAuth2). With Eradani Connect, we include support for over 500 authentication and user identity frameworks so you don’t have to worry about this code at all.

When connecting to outside API providers, you must also ensure that you have the latest version of the Cipher suites being used for encryption. These Cipher suites include the current version of the encryption algorithms. They are updated frequently and yours must match the versions used by your providers. One of the problems IBM i users run into is that the Cipher suites on the IBM i are only updated in PTFs, Technology Refreshes, and full IBM i operating system releases. If you are running on an old version of the OS, your API calls may be rejected for mismatched Cipher suites. Once again, Eradani makes this easy as Eradani Connect automatically keeps itself up-to-date by regularly downloading the latest Cipher suites.

The Power Of Asynchronous Operations

One of the inherent problems of calling web services across the web is that those services may be unavailable or performing poorly when you call. You don’t necessarily want your entire business process waiting for one request to be fulfilled before it can start on the next. For example, we had a customer who needed to get latitude and longitude information from Google maps before running its price quoting algorithm on the IBM i. At peak times, they might be receiving hundreds of thousands of simultaneous requests. Performance would have been terrible if they had to process each of those requests serially.

In an asynchronous environment, you can send a request and then immediately send the next request without waiting. The system simply processes the results of the requests as they become available. If the provider cannot handle the volume of requests or their API is down, the IBM i can simply queue those requests until the API is ready. (Eradani Connect handles the asynchronous operations for you).

Asynchronous processing means you can handle very high volumes of requests reliably and quickly.

Data Transformation

JSON (JavaScript Object Notation) is the current standard method for passing data via APIs. When calling APIs you will need to transform your IBM i parameters and data structures into JSON (or XML). The results of the API call will typically be returned as JSON so you will need to translate the JSON back into RPG data structures and parameters. If you are using JavaScript for this process, it is drop dead simple. JSON is a JavaScript object. JavaScript understands JSON without parsing or searching. It takes just a couple lines of code to read a complex JSON message and extract from it just the fields you need.

Once you have the fields you need, you must ensure that they are transmitted to your IBM i applications with the correct types and lengths. Often, data coming from a web service has varying lengths and types. Your transformation process must ensure that those problems are resolved before sending the data to your backend RPG or COBOL applications.

Fortunately, Eradani Connect can handle these transformations for you. As an RPG or COBOL programmer, you will only need to deal with parameters and data structures. Eradani Connect handles the rest of the transformations for you.

Sample JSON output from a Google Maps call. Eradani Connect will automatically extract the data fields you need from this and transform it into parameters and data structures.

The issues I have identified here should not slow you down in taking advantage of the promise of APIs for your IBM i environment. APIs offer tremendous opportunities for productivity and growth. In today’s business environment, it will become increasingly difficult to compete without participating in the API economy. (In this article, we have really only covered calling out from the IBM i to public web services, we have not even touched upon all the value available by making your data and functions available to others via APIs.) At Eradani, we can help you easily overcome the challenges of API enablement and aid you in setting up a strategy for securely and effectively taking advantage of APIs with your IBM i.

Daniel Magid is founder and chief executive officer at Eradani.

This content is sponsored by Eradani.

This Issue Sponsored By

Table of Contents

Content archive

Recent Posts

Subscribe

Pages

Search