Posted on 07-15-2014
I was looking through federal government APIs the other day, looking for the low hanging fruit, when it came to making government APIs more discoverable using APIs.json. During my initial work, I played with three separate APIs from www.usa.gov, which I think demonstrates the importance of CORS, and how opening it up for APIs, makes them more portable and remix-able.
When it comes to the the three APIs from www.usa.gov, I do not have control over the API itself, but I wanted to create a self contained, site that showcased the government APIs, and provide interactive API documentation generated using Swagger. I made sure all three of the APIs had machine readable API definitions using Swagger, then I setup a simple HTML page, which allowed anyone to play with each of the APIs.
This worked great until I reached the third API, which was at a different domain than the previous two, and didn't have CORS enabled. If you aren't familiar with CORS, or Cross-origin resource sharing (CORS), which is a mechanism that allows many resources on a web page to be requested from another domain outside the domain the resource originated from—behavior that you may want to control on a web page, but for an API it is something you want to encourage.
CORS being enabled, is the difference between an API being portable, and remix-able, and it being locked down to its original developer portal. If an API is RESTful and has CORS enabled, any outside party (like me), can generate a machine readable API definitions for it, and compose a developer experience, that that includes the API—with or without consent of the original API provider. While this might scare the shit out of some API providers, it is the future of API driven, application architecture.
You can't expect all developers to find your API developer portal, and APIs need to be more portable, allowing for remixing by other API providers, backend as a service providers, and anyone who wants to feature the API resource in their developer portal. CORS is a simple thing that you can enable for your APIs that will make a big difference in how your API is found, and integrated into other applications and systems.
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- My API 101 Workshop At @APIStrat In Chicago Next Week
- Some Advice For The Enterprise When Beginning Your API Journey
- Machine Readable API Definition Format Swagger Matures to 2.0
- How Do We Continue Moving Green Button Data And APIs Forward?
- Beyond Public APIs In Government: Internal Access to Resources
- Can You Show Me The ROI On All Of This API Stuff Before We Commit
- In The Future APIs Will Be Default For All Cities
- No Public APIs Are Not Going Away Just Cause A Few BigCos Fumble At It
- Internal API Search Engine For Everyone At Your Company (Not Just Developers)
- If You Need Assistance With Your Healthcare API Strategy I Have The Person
- Explaining APIs To Senior Leadership: Access To Company Resources Without The IT Hassle
- A Conversation With @ijroth, @dorkitude, @antonyfalco, and @medjawii In The Next Generation API Stack Panel @APIStrat
- API Evangelist Thoughts On The Right To An API Key And Algorithmic Organizing
- Explaining APIs To Your Senior Leadership
- An API Evangelism Strategy To Map The Global Family Tree
- Thank You For Your API Evangelist Blog(s)
- Video From The Hypermedia Panel At API-Craft In Detroit Last Month
- Please Open Source Your API Before Shutting It Down
- Explaining My Work Around APIs In Higher Education To Institutions
- You Can Have An API Just By Choosing Products And Services That Have APIs
- Using Excel As An API Datasource And An API Client For The Masses
- Brewing Up Something Awesome With The Jive Software API
- Relationship Between APIs And Containers
- Real-time and Visualizations Will Be Key in Financial API Deployments
- Notification Focused Startups Within Leading API Ecosystems