CORS Makes Your API Portable And Remix-able15 Jul 2014
I was looking through federal government APIs the other day, looking for the low hanging fruit, when it came to making government APIs more discoverable using APIs.json. During my initial work, I played with three separate APIs from www.usa.gov, which I think demonstrates the importance of CORS, and how opening it up for APIs, makes them more portable and remix-able.
When it comes to the the three APIs from www.usa.gov, I do not have control over the API itself, but I wanted to create a self contained, site that showcased the government APIs, and provide interactive API documentation generated using Swagger. I made sure all three of the APIs had machine readable API definitions using Swagger, then I setup a simple HTML page, which allowed anyone to play with each of the APIs.
This worked great until I reached the third API, which was at a different domain than the previous two, and didn't have CORS enabled. If you aren't familiar with CORS, or Cross-origin resource sharing (CORS), which is a mechanism that allows many resources on a web page to be requested from another domain outside the domain the resource originated from—behavior that you may want to control on a web page, but for an API it is something you want to encourage.
CORS being enabled, is the difference between an API being portable, and remix-able, and it being locked down to its original developer portal. If an API is RESTful and has CORS enabled, any outside party (like me), can generate a machine readable API definitions for it, and compose a developer experience, that that includes the API—with or without consent of the original API provider. While this might scare the shit out of some API providers, it is the future of API driven, application architecture.
You can't expect all developers to find your API developer portal, and APIs need to be more portable, allowing for remixing by other API providers, backend as a service providers, and anyone who wants to feature the API resource in their developer portal. CORS is a simple thing that you can enable for your APIs that will make a big difference in how your API is found, and integrated into other applications and systems.