Posted on 08-08-2014
I went through 77 federal government API developer portals a couple of weeks ago, as part of some API discovery work I’m doing with APIs.json. I ended up targeting 120 APIs that I will be generating of Swagger definitions, and API.json for their umbrella domain, or subdomain over the next couple months.
As I made my way through each of these developer areas, I began to realize that I would have to sign up for API keys at each of these developer areas. I’m sure some of the APIs will not require a key, but it is still potentially 77 separate API keys (I will let you know the final count when I know), that I will have to register for—the federal government needs a common, yet distributed API management strategy.
To augment this common, yet distribution API management strategy, I would like to be able to just use Github oAuth to ping an API provider, request my application keys, and using the Github API to then store them in a repository of my choosing. I store all of my API keys for my applications, in a central location that my apps can securely put to use, and in many cases these apps are already using a private Github repository as a centralized configuration location.
I shouldn't have to go through 77 separate API registration flows to get the API keys I need. I should be able to get API access in a programmatic way, using my existing Github account, and put Github oAuth to use in an authentication flow, getting the API keys I need in real time, in the location that I need them.
This API access workflow would allow me to quickly gain access to resources I need for my apps, and store all my API keys in a single, or across multiple Github repositories—potentially giving me a simple, but powerful way to manage all of my API keys, via Github.
Could someone please build this, so that government, and even the private sector APIs can install on their server, and provide me machine readable access to generate an API account, the API keys I need, and store them in one of my chosen Github repositories. I think it would make both API providers, and API consumers lives much easier. We could even develop some sort of trust layer in there based upon Github profiles, allowing API providers to assess new registrations, and provide didn’t levels of access, based upon their trust of a Github profile.
We are moving beyond the world where we use one or two APIs, we are now using 10 or 20 different APIs, or more, from multiple providers, and there needs to be a better solution for us to manage API key access. I really appreciate you building this, I just don't have the time ;-)
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- There Are Four API Design Editors To Choose From Now
- Sales, Onboarding And Support In A Self-Service API World
- An API For Developers To Access Their API Account Information
- My Continued Support As Signer Of Oracle v Google Amicus Brief From EFF
- Join Me Tomorrow For A Panel Discussion On API Ecosystems At SF MusicTech
- I Will Review Your API On API Evangelist if You Add An APIs.json File Plus A Machine Readable API Definition
- Hey, Why Isn't This (API) Free
- Resource Base API Monetization vs. Experience Based API Monetization
- Tracking On The Red Flags For API Monetization
- Project Idea: Codenvy-Like Containerized Spreadsheets