Posted on 02-26-2013
We closed up the API Strategy & Practice Conference (#APIstrat) last friday with a panel called APIs, Platforms and Ecosystem, where I moderated a healthy discussion with Tyler Stalder (@tylerstalder) of Singly, Seth Blank (@AntiFreeze) of YourTrove, Asif Rahman (@asifrahman) of Newscred, Orian Marx (@orian) of App.net, Travis Wallis (@traviswallis) of PeopleBrowsr around the very broad spectrum of APIs, platforms and the concept of ecosystems.
One of the questions I asked the group was, which of the three OAuth Legs is the most important?
To provide a quick primer for the portion of my audience that aren’t OAuth geeks:
OAuth is an open standard for authorization that provides a method for clients to access server resources on behalf of a resource owner
Ok, what does that mean? Think Twitter. Twitter is server. You are the owner of your tweet resources. When you authenticate anywhere using your Twitter ID, that website or app uses OAuth to get access to your tweets, via the Twitter platform. If you login to your Twitter account, click on settings and select apps from the left menu--these are apps and sites that have requested OAuth access your Twitter resources.
OAuth is a relationship between you, your platform provider and various sites and apps that want to access your data via the API. Sometimes these apps and your platform provider are one and the same, but the beauty of OAuth is that anyone can request access from you--access that you can revoke when you choose.
Back to the panel at API Strategy & Practice. Every panelist, except for Asif Rahman of Newscred said that the most important leg of oAuth is the end user. This made me happy because it shows that, at least at #APIstrat, people are concerned with the interest of the end user. This is healthy.
In reality, I worry that when platform discussions do occur, the conversation leans too much in favor of platform, then the developer, with very little to no involvement of the end user. Think of the Twitter ecosystem discussions since March of 2010. Rarely do you hear discussion about API access and ecosystem viability in the context of the end-users. Platforms and especially developers are very good at being very loud in these conversations.
The entire panel at #APIStrat agreed that we need more education for end-users about OAuth. Now that we have OAuth 2.0 settled (in some minds), we need to get down to business educating all three legs around the process of OAuth and its best practices, empowering all three parties to be aware, and participate in ongoing conversations about how we are producing, storing, sharing, selling, licensing and consuming resources via APIs.
We need to make sure API platform conversations have all three legs represented. The success of any platform will depend on a healthy balance between a platform, developers and the end-users--with oAuth 2.0 being the best model we have to make this happen to date.
Lets get to work.
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- Will You Add Me To API Evangelist And How To Spot The Cool Kids
- When I Remix APIs Using Swagger How Do I Deal With Authentication Across Multiple APIs
- It Takes A Team Of Evangelists To Raise An API
- Support For Only Two Creative Commons Licenses In The API Commons
- Machine Readable Terms of Service Didn't Read Applied To APIs Via APIs.json
- API Deployment For Non-Developers Using Zapier, Google Docs, and APISpark
- State of Hypermedia Today @ API Craft In Detroit
- Need A Formal API Standard For Your Government Agency? Fork 18Fs, And Make It Your Own!
- CORS Makes Your API Portable And Remix-able
- Chief Data Officer Needs To Make The Department Of Commerce Developer Portal The Center Of API Economy
- An API Definition As The Truth In The API Contract
- Look At Existing APIs In The Space Before Designing Your Own
- Libraries Hacked: UK Library API, Data And Technology Hacks
- Financial Data Aggregator Yodlee Looking For A Director of Developer Evangelism
- AutoDevBot Open Sources Their API Monitor
- Low Hanging Fruit For API Discovery In The Federal Government
- Looking At 77 Federal Government API Developer Portals And 190 APIs
- Applying APIs.json To API Discovery In The Federal Government
- The Power In API Discovery For APIs.json Will Be In The API URL Type
- Fixing The Machine Readability in API Commons
- Evolving How We Approach The API Lifecycle With APIMatic
- APIs Can Open Up Your Company To Outside Ideas
- APIs Are Often Just A Facade That Is Covering Up The Legacy View Of World
- A Mobile Developer Toolkit With The University Of Michigan APIs
- Kicking Off Image Manipulation API Work