Posted on 09-13-2013
George Reese has a very interesting post from last week over at O'Reilly. It is about an earlier post he did on the unpublished Tesla REST API. I'll let you read the post, "The Myth of the Private API"--I highly recommend it.
Reese talks about the mistakes made by Tesla, Phillips and other Internet of Things companies, when they take advantage of the power of web APIs, intending them to be private, but do not put any thought into what happens when you deploy APIs using the public without securing your API endpoints from unintended use.
I find a particular statement he made, fascinating:
I sincerely believe that ultimately there is no such thing as a private API for consumption over the public Internet.
After reading his post, I have to agree. I think many technology companies are just considering the Internet to be some sort of constant, magic transport layer for anything we want to use it for. I think this can be true to a point, but as the Intenret matures, we have slow down a bit and consider deeply the impact of our actions, and the way we use Internet enabled technology.
I wrote about a piece last week, which was about the first FTC case against an Internet of Things manufactuer, camera maker TrendNet--where much like Tesla, they took no considerations for the fact they were using the open Internet to drive their technology, and more importantly no thought regarding the privacy of their consumers.
The world of APIs fascinates me. It reminds me of the bug zappers, where we are attracted by the openness and power of web APIs, but as you get closer and closer to the API light, you can easily get burned or zapped by the very thing that drew you in.
I strongly believe in the power of web APIs, but I think there will be a lot of unintended consequences from opening up data, resources and the devices that surround us, over the public Internet. Make sure you are being thoughtful, and seriously considering security, privacy and the other potential repercussions of web APis before jumping in.
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- My Discussion Today With 6 Hypermedia Leaders At API-Craft in Detroit
- Getting To Know Jørn Wildt For The API Craft 2014 Detroit Hypermedia Panel
- Hypermedia Feels Like We Are Still Learning To Communicate With APIs
- Getting To Know Markus Lanthaler For The API Craft 2014 Detroit Hypermedia Panel
- Getting To Know Kevin Swiber For The API Craft 2014 Detroit Hypermedia Panel
- Getting To Know Steve Klabnik For The API Craft 2014 Detroit Hypermedia Panel
- New Indix API KickStart Program Reduces Costs For Developers
- Getting To Know Mike Kelly For The API Craft 2014 Detroit Hypermedia Panel
- A Shared, Distributed Experience(Metrics) Layer For The API Driven Application Stack
- Showcasing Your API Integrations With Other Platforms
- Increasing The Focus On APIs In Higher Education Is Important
- Getting To Know Mike Amundsen For The API Craft 2014 Detroit Hypermedia Panel
- The New StrongLoop API Server Provides A Look At Future Of API Deployment
- Models For API Driven Startups Built Around Public Data
- Will You Add Me To API Evangelist And How To Spot The Cool Kids
- When I Remix APIs Using Swagger How Do I Deal With Authentication Across Multiple APIs
- It Takes A Team Of Evangelists To Raise An API
- Support For Only Two Creative Commons Licenses In The API Commons
- Machine Readable Terms of Service Didn't Read Applied To APIs Via APIs.json
- API Deployment For Non-Developers Using Zapier, Google Docs, and APISpark
- State of Hypermedia Today @ API Craft In Detroit
- Need A Formal API Standard For Your Government Agency? Fork 18F's, And Make It Your Own!
- CORS Makes Your API Portable And Remix-able
- Chief Data Officer Needs To Make The Department Of Commerce Developer Portal The Center Of API Economy
- An API Definition As The Truth In The API Contract