How APIs and Microservices Reinvent the Connected Car

There’s an API and microservice ecosystem behind every connected car, helping to create today’s amazing driver experience.

Behind every “connected car” that rolls off the line is an extensive application architecture that plays a critical role in delivering the experience today’s drivers expect.

In episode one of the Last Adopter podcast series, The Computer in the Driveway, comedian Lewis Black and Ahmed Mahmoud, CIO of General Motors, talk about how the average new vehicle has more than 100 million lines of code—five times more than a Boeing 747 airliner.

But even this staggering number only scratches the surface because few pieces of modern technology rely more heavily on constant, reliable and ubiquitous networking than a connected car. From basic entertainment, navigation and mobile connectivity to diagnostics and remote operation, automotive connectivity requires manufacturers to integrate in-vehicle code with a broad range of APIs from industry, service, insurance, government and technology partners. So, behind those 100 million lines of code lie many, many more.

Car-to-Car Communications

Over the next few years, in-car telematics will expand even further to include implementations of vehicle infrastructure integration (VII), which will, for the first time, allow connected cars to communicate directly with each other—and possibly with sensors in the road itself. In other words, tomorrow’s vehicles will be even more connected than today’s.

This growing number of API endpoints—which have increased in scope and criticality, from entertainment and navigation to mission-critical driving features—creates a huge number of potential security, privacy and public safety vulnerabilities that automakers will have to address in the coming months and years. Today’s vehicle truly is a computer in the driveway—and any vehicle component that communicates externally is a potential attack vector for hackers.

Still, the benefits for drivers are simply too good to pass up. Today’s connected vehicles offer tremendous personal safety features, a wide range of entertainment options and innovative ways to improve maintenance and efficiency. In our podcast, comedian Black jokes that vehicles have become too complex and that he would like to go back to a “horse and buggy”—to which GM’s Mahmoud responds that after a couple of weeks, he would miss his Bluetooth connection, Wi-Fi, and Google Maps navigation.

API Management for Automakers

By now, it should be evident that the benefits offered by a connected car ecosystem are truly unique—but the underlying threat protection patterns required to secure them are not. Just like any vertical industry that needs to integrate and expose sensitive data to mobile endpoints, vehicle manufacturers must effectively create, deploy and manage connectivity points in the form of APIs. They must also protect these APIs against attack or hijack, provide seamless access for authorized users and optimize the speed and reliability of transactions.

Established protocols and patterns—such as building end-user authentication with OAuth and single sign-on into mobile apps that access vehicle features—should be considered the bare minimum required to protect the driver’s security and privacy. As more innovative features are rolled out faster than ever before, automakers are increasingly turning to software architectures based on APIs and microservices to create an agile business and accelerate their pace of development, while protecting both their digital systems and the personal safety of their customers.

In today’s digital economy, every business is—or will soon become—a software business. For auto manufacturers, that threshold has clearly been passed, and the computer in the driveway is a perfect example of how a century-old product has been reinvented by software.

David Chiu
By David Chiu | December 20, 2017

Related Products: