Posted on 08-08-2014
I went through 77 federal government API developer portals a couple of weeks ago, as part of some API discovery work I’m doing with APIs.json. I ended up targeting 120 APIs that I will be generating of Swagger definitions, and API.json for their umbrella domain, or subdomain over the next couple months.
As I made my way through each of these developer areas, I began to realize that I would have to sign up for API keys at each of these developer areas. I’m sure some of the APIs will not require a key, but it is still potentially 77 separate API keys (I will let you know the final count when I know), that I will have to register for—the federal government needs a common, yet distributed API management strategy.
To augment this common, yet distribution API management strategy, I would like to be able to just use Github oAuth to ping an API provider, request my application keys, and using the Github API to then store them in a repository of my choosing. I store all of my API keys for my applications, in a central location that my apps can securely put to use, and in many cases these apps are already using a private Github repository as a centralized configuration location.
I shouldn't have to go through 77 separate API registration flows to get the API keys I need. I should be able to get API access in a programmatic way, using my existing Github account, and put Github oAuth to use in an authentication flow, getting the API keys I need in real time, in the location that I need them.
This API access workflow would allow me to quickly gain access to resources I need for my apps, and store all my API keys in a single, or across multiple Github repositories—potentially giving me a simple, but powerful way to manage all of my API keys, via Github.
Could someone please build this, so that government, and even the private sector APIs can install on their server, and provide me machine readable access to generate an API account, the API keys I need, and store them in one of my chosen Github repositories. I think it would make both API providers, and API consumers lives much easier. We could even develop some sort of trust layer in there based upon Github profiles, allowing API providers to assess new registrations, and provide didn’t levels of access, based upon their trust of a Github profile.
We are moving beyond the world where we use one or two APIs, we are now using 10 or 20 different APIs, or more, from multiple providers, and there needs to be a better solution for us to manage API key access. I really appreciate you building this, I just don't have the time ;-)
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- With Number Of APIs Continuing To Grow Account Automation Will Be Key
- History Of APIs: NOAA APIs Have Been RESTful For Over 20 Years
- Understanding More About The Web Communications Platform Respoke
- Swagger Definition Driven Sandbox And Simulation Data Templates For APIs
- Swagger API Definition Mapper
- Moving Beyond Just The PDF With A Single Page Report (SPR)
- Join Me For APIDays Berlin And APIStrat Europe This April 24th-25th 2015
- A Market For API Developer Credits
- Where Do Developers Get Idea That APIs Should Never Go Away?
- The Context.io API And Thinking Out Of The Box When Crafting APIs