Posted on 08-08-2014
I went through 77 federal government API developer portals a couple of weeks ago, as part of some API discovery work I’m doing with APIs.json. I ended up targeting 120 APIs that I will be generating of Swagger definitions, and API.json for their umbrella domain, or subdomain over the next couple months.
As I made my way through each of these developer areas, I began to realize that I would have to sign up for API keys at each of these developer areas. I’m sure some of the APIs will not require a key, but it is still potentially 77 separate API keys (I will let you know the final count when I know), that I will have to register for—the federal government needs a common, yet distributed API management strategy.
To augment this common, yet distribution API management strategy, I would like to be able to just use Github oAuth to ping an API provider, request my application keys, and using the Github API to then store them in a repository of my choosing. I store all of my API keys for my applications, in a central location that my apps can securely put to use, and in many cases these apps are already using a private Github repository as a centralized configuration location.
I shouldn't have to go through 77 separate API registration flows to get the API keys I need. I should be able to get API access in a programmatic way, using my existing Github account, and put Github oAuth to use in an authentication flow, getting the API keys I need in real time, in the location that I need them.
This API access workflow would allow me to quickly gain access to resources I need for my apps, and store all my API keys in a single, or across multiple Github repositories—potentially giving me a simple, but powerful way to manage all of my API keys, via Github.
Could someone please build this, so that government, and even the private sector APIs can install on their server, and provide me machine readable access to generate an API account, the API keys I need, and store them in one of my chosen Github repositories. I think it would make both API providers, and API consumers lives much easier. We could even develop some sort of trust layer in there based upon Github profiles, allowing API providers to assess new registrations, and provide didn’t levels of access, based upon their trust of a Github profile.
We are moving beyond the world where we use one or two APIs, we are now using 10 or 20 different APIs, or more, from multiple providers, and there needs to be a better solution for us to manage API key access. I really appreciate you building this, I just don't have the time ;-)
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- Beyond Public APIs In Government: Internal Access to Resources
- Can You Show Me The ROI On All Of This API Stuff Before We Commit
- In The Future APIs Will Be Default For All Cities
- No Public APIs Are Not Going Away Just Cause A Few BigCos Fumble At It
- Internal API Search Engine For Everyone At Your Company (Not Just Developers)
- If You Need Assistance With Your Healthcare API Strategy I Have The Person
- Explaining APIs To Senior Leadership: Access To Company Resources Without The IT Hassle
- A Conversation With @ijroth, @dorkitude, @antonyfalco, and @medjawii In The Next Generation API Stack Panel @APIStrat
- API Evangelist Thoughts On The Right To An API Key And Algorithmic Organizing
- Explaining APIs To Your Senior Leadership
- An API Evangelism Strategy To Map The Global Family Tree
- Thank You For Your API Evangelist Blog(s)
- Video From The Hypermedia Panel At API-Craft In Detroit Last Month
- Please Open Source Your API Before Shutting It Down
- Explaining My Work Around APIs In Higher Education To Institutions
- You Can Have An API Just By Choosing Products And Services That Have APIs
- Using Excel As An API Datasource And An API Client For The Masses
- Brewing Up Something Awesome With The Jive Software API
- Relationship Between APIs And Containers
- Real-time and Visualizations Will Be Key in Financial API Deployments
- Notification Focused Startups Within Leading API Ecosystems
- APIs That Do One Thing And Do It Well Like ZipLocate
- Which API Do I Need?
- The Expanding API Conference Landscape
- Ocotoparts Open Source Google Spreadsheet