The API Evangelist Blog - 2017

This blog is dedicated to understanding the world of APIs and exploring the technology, business, and politics of APIs.


API Discovery Will Be About Finding Companies Who Do What You Need And API Is

20 December 2017
While I’m still investing in defining the API discovery space, and I’m seeing some improvements from other API service and tooling providers when it comes to finding, sharing, indexing, and publishing API definitions, I honestly don’t think in the end API discovery will ever be a top-level concern. While API design, deployment, management, and even testing and monitoring have floated to the top as primary discussion areas for API providers, and consumers, the area of API discovery never has quite become a priority. There is always lots of talk about API discovery, mostly about what is broken, rarely about what is needed to fix, with regular waves of directories, marketplaces, and search solutions emerging to attempting to fix the problem, but always falling short...

Basic API Design Guidelines Are Your First Step Towards API Governance

20 December 2017
I am working with a group that has begun defining their API governance strategy. We’ve discussed a full spectrum of API lifecycle capabilities that need to be integrated into their development practices, and CI/CD workflow, as well as eventually their API governance documentation. However, they are just getting going with the concept of API governance, and I want to make sure they don’t get ahead of themselves and start piling in too much into their API governance documentation, before they can get buy in, and participation from other groups. We are approaching the first draft of an API governance document for the organization, and while it has lofty aspirations, the first draft is really nothing more than some basic API design guidelines...

I Am Now Realizing That Streamdata.io Is Not Just For API Providers

20 December 2017
When I first started diving into what Streamdata.io does, and thinking of their role in the wider API landscape, I was pretty exclusively focused API providers. Meaning, if you are an API provider, depending on the resources you are serving up, you should consider augmenting it with a real time stream using Streamdata.io. This still holds true, but after using Streamdata.io more as a developer, it is becoming clear of Streamdata.io’s value in my toolbox as an API consumer, and thinking about how I can make my applications more efficient, real time, and event-driven. Right now, I’m just taking a wide variety of existing web APIs and running through the Streamdata.io proxy, and seeing what comes out the other end...

Understanding Server-Sent Events (SSE) As Part Of The API Landscape

20 December 2017
I’m continuing to break down the technology stack as I get to know my new partner Streamdata.io. Yesterday I wrote about their use of JSON Patch for returning partial responses of changes made to an API that has been proxied through the service, and today I want to focus on understanding Server-Sent Events (SSE), which Streamdata.io uses to stream those events in real time to any consumer. In my experience, SSE is a lesser known of the real time technologies out there, but is one that holds a lot of potential, so I wanted to spend some time covering it here on the blog. As opposed to technology that delivers a two-way stream, Server-sent events (SSE) is all about a client receiving automatic updates from a server via HTTP connection...

From CI/CD To A Continuous Everything (CE) Workflow

19 December 2017
I am evaluating an existing continuous integration and deployment workflow to make recommendations regarding how they can evolve to service their growing API lifecycle. This is an area of my research that spans multiple areas of my work, but I tend to house under what I call API orchestration. I try to always step back and look at an evolving area of the tech space as part of the big picture, and attempt to look beyond any individual company, or even the wider industry hype in place that is moving something forward. I see the clear technical benefits of CI/CD, and I see the business benefits of it as well, but I haven’t always been convinced of it as a standalone thing, and have spent the last couple of years trying understand how it fits into the bigger picture...

JavaScript Object Notation (JSON) Patch

19 December 2017
I’m continuing my studying into what my new partner in crime Streamdata.io does, and part of this research is understanding the details of their technology stack. Today’s work involves understanding their usage of JavaScript Object Notation (JSON) Patch. When you proxy any existing web API using Streamdata.io, the first thing you get back is a complete JSON representation of the response, but then with each change you just get back a JSON Patch response with only the details of what has changed. JSON Patch is used for expressing a sequence of operations to apply to a any JSON object or document and you’ll find used with the HTTP PATCH method. The introduction for JSON Patch from RFC [RFC4627] describes it this way: JavaScript Object Notation (JSON) [RFC4627] is a common format for the exchange and storage of structured data...

No More Scraping Of Banking Data In Europe According to PSD2, Only APIs

19 December 2017
Part of my partnership with http://streamdata.io centers around me investing more time into studying the banking industry, starting with the rollout of PSD2 in Europe next month. I’ll be working through each aspect of the regulations for the banking industry when it comes to APIs, but I wanted to highlight a recent change regarding scraping that is pretty monumental. In a recent press release from the European Commission they further clarified guidance for third party payment services providers (TPPs), and whether or not they can be scraping data from bank still, instead of using the APIs being mandated by the commission. Here is the section from the press release specifically addressing “what data can TPPs access and use via screen scraping”: PSD2 prohibits TPPs from accessing any other data from the customer payment account beyond those explicitly authorised by the customer...

Robust Public Storytelling Around Your API Process Is Sign Of Maturity

19 December 2017
Sharing stories around your API is something you hear me talk about a lot. Many of my readers like to let me know how they are serious API people, and my storytelling emphasis is silly. Just do APIs. Storytelling is unnecessary fluff. When in reality, storytelling has real, direct benefits on your business bottom line, but also have many other indirect aspects, and its presence is a sign of the overall health of an organization from my vantage point. When you are actively telling stories about your operations, in my experience, it is a sign of the overall maturity of your API process. I’m working through my storytelling around what Capital One is up to with their DevExchange, studying their approach to API governance, as well as the wider role they are playing in the banking, and even API regulation game here in the United States...

Definition-Driven API Lifecycle Instead Of Code-Driven API Deployment

18 December 2017
You hear a lot about being API design first out of the API echo chamber these days. I’m finding that concept to be challenging for many groups I’m working with due to some of uninformed perceptions around REST, leaving many unable to move towards a design first approach because they are worried if they are doing it correctly. I shifted my own thinking a while back to be more about define-first, requiring that I thoroughly define each API project before I begin moving it along whatever API lifecycle I’ve quantified for a project. One thing I’m finding pretty common across the enterprise groups who have adopted OpenAPI (fka Swagger) as part of their operations is that many aren’t truly using the API specification format to its full potential as an API definition, let alone applying across multiple stops along the API lifecycle...

What You Can Expect As A Client From SOAP To gRPC

18 December 2017
I’m working hard on what I consider to be my definition of a robust API deployment toolbox, and was enjoying the 100K perspective. As I explore, I wanted to share some of my thoughts about by you might expect to receive as a client in each of these scenarios. SOAP: You get what the vendor says we can send to you in very structured way. REST: Is this what you want? Let us know if it wasn’t via StackOverflow. Hypermedia: We are prepared to send you whatever we want at any point in the future. Microservices: You are just going get a little bit of this one thing. GraphQL: You get exactly what you want, you better know what to ask for! Websockets: Here you get that, and this, and that, and that… PubSub: You get only the topic you wish to subscribe to...

Reducing Polling Of Your Existing API Using Streamdata.io

18 December 2017
I’ve partnered with Streamdata.io, resulting in me getting more acquainted with their API solutions, and telling the story of that process here on API Evangelist. I figured I would dive right in and start with the basics of what Streamdata.io does–turning your existing web API into a real-time stream. Streamdata.io acts as a reverse proxy that translates REST API polling into a stream of data. Instead of constantly polling your API for changes, your API clients will poll Streamdata.io and get a JSON Patch update if anything has changed, and reducing the impact of the requests your clients will make to your API. When thinking about what Streamdata.io does it is easy to get caught up on the real time and streaming nature of what they do, but the most immediate value they bring to the table is about making your relationship with your API clients more efficient...

Streaming Data From The Google Sheet JSON API And Streamdata.io

18 December 2017
I am playing with Streamdata.io as I learn how to use my new partner’s service. Streamdata.io proxies any API, and uses Server-Sent Event (SSE) to push updates using JSON Patch. I am playing with making a variety of APIs real time using their service, and in my style, I wanted to share the story of what I’m working on, here on the blog. I was making updates to some data in a Google Sheet that I use to drive some data across a couple of my websites, and thought…can I make this spreadsheet streaming using Streamdata.io? Yes. Yes, I can. To test out my theory I went and created a basic Google Sheet with two columns, one for product name, and one for price. Simulating a potential product pricing list that maybe I’d want to stream across multiple website, or possibly within client and partner portals...

Cost Saving Analysis For Washington Metropolitan Area Transit Authority

11 December 2017
Even before I engaged with Streamdata.io on our current partnership, I was working with them to quantity the value they bring to the table with their service. As I was working on my story regarding the roubling terms of service changes From Washington Metropolitan Area Transit Authority (WMATA) data APIs, the Streamdata.io team was running a cost savings analysis on the WMATA APIs. This is where they take their web API, and see what they could save if they used Streamdata.io, and turned it into a streaming API. The Streamdata.io team took the WMATA Real-Time Bus PredictionsAPI, and assessed the efficiency gains for WMATA when it comes to their most demanding API consumers. Here are the bandwidth and CPU savings: Client Bandwidth (BW) Savings - 88% Server Bandwidth (BW) Savings - 99% Server CPU Savings - 87% Streamdata...

API Evangelist And Streamdata.io

11 December 2017
Some of you in my backchannels know that I’ve been shopping around for a job lately. I’m looking to make a shift in API Evangelist, as I’ve written about some (and will write about more), and I’m also looking for a shift in how I fund my world. During a multi-week search I opened up conversations about a couple of different roles, and one particularly interesting partnership came my way from a company I’ve been working with for a while now. I’ve entered into a partnership with the Streamdata.io team, to help them chart the course for their real-time, streaming, event-sourced future, and they’ll continue to invest in me being the API Evangelist. In the past I’ve had several partners at any one time, but moving forward I’m going to limit it to being with a single partner–changing the formula a little bit...

Warming Up API Providers We Are Targeting For Using Streamdata.io With

11 December 2017
My new partner in crime Damian Odoemena the technical account manager for Streamdata.io has said he is ready to work with me to deliver on the road map for the real-time streaming API. I explained to him that I will help fill his head with my knowledge of the API space, as well as be completely transparent around our strategy through storytelling here on API Evangelist. This is one of the reasons I jumped at the opportunity to partner with the team, because of their willingness to let me share what I do with the team, but also tell the story in real-time, streaming (pun intended) our day to day activities here on API Evangelist. I’ll be working 50% of my time on website copy, white papers, as well as evangelism and platform strategy for them, but the other 50% of the time I will be telling the story of what I did for them, here on the blog for me readers to learn from...

Will APIs Still Be Relevant?

06 December 2017
I named my blog, company, as well assumed my own title as “API Evangelist” in 2010. Every year since making that decision I’ve questioned it, and wonder if the concept and acronym will fade away. First of all, I have to admit its a bullshit concept in the first place. Its an acronym. It’s a pretty wide umbrella that allows us (me) to assemble a wide variety of technological concepts underneath. However, I made an investment in it, I was going to continue. I found some meaning that I was able to articulate to others, that would make an impact on businesses, organizations, institutions, and government agencies. It works. I am going to run with it, and in 2017, I’m renewing that perspective, and keeping it as my brand, title, and the central message I’m peddling in the tech sector...

The Shifting API Landscape

06 December 2017
I’ve been watching, and trying to move forward the API conversation across all business sectors for seven years now. I’m not a startup. I’m not an API service provider. I’m not steering an enterprise group. I’m not an investor. I’m a software architect and storyteller who saw the potential for leveraging web infrastructure to deliver data, content, media, and algorithms across the web, to our mobile phones, as well as the seemingly endless number of devices we are connecting to the Internet in our personal, professional, and industrial worlds. I’m not studying the landscape so I sell to it. I am studying the landscape so I can understand it. While most of my readers will not grasp that difference, it gives me a fundamentally different view of what is going on across the space...

What Is More Important? Having An API? Or Having A Well-Designed API?

05 December 2017
I got some expected flack this week for some stories on database to API deployments, and allowing folks to just auto-generate APIs from database structures. This approach is notorious for producing very badly designed APIs, which is something that just reflects whatever legacy infrastructure you have as a backend. It is something that drives many of API design, architects, and pundits crazy. Just do things properly!!! Follow good design practices! Put some thought into your API, and have some pride in this interface you are putting out there. All of this is easy for us to declare from our vantage point, but when your entrenched within an existing organization, battling for every movement forward, and often times just to not go backwards, this isn’t always the reality...

The Picture We Paint With The Stories We Tell Around Each API Version Release

05 December 2017
I fell down the rabbit hole of the latest Facebook version release, trying to understand the deprecation of their User Insights API. The story of the deprecation of the API isn’t told accurately as part of the the regular release process, so I found myself thinking more deeply about how we tell stories (or don’t) around each step forward of our APIs. I have dedicated areas of my API research for the road map, issues, and change log for API operations, because their presence tell a lot about the character of an API, and their usage I feel paints and accurate painting of each moment in time for an API. Facebook has a dedicated change log for their API platform, as well as an active status and issues pages, but they do not share much about what their road map looks like...

API Deployment Templates As Part Of A Wider API Governance Strategy

05 December 2017
People have been asking me for more stories on API governance. Examples of how it is working, or not working at the companies, organizations, institutions, and government agencies I’m talking with. Some folks are looking for top down ways of controlling large teams of developers when it comes to delivering APIs consistently across large disparate organizations, while others are looking for bottom ways to educate and incentivize developers to operate APIs in sync, working together as a large, distributed engine. I’m approach my research into API governance as I would any other area, not from the bottom up, or top down. I’m just assembling all the building blocks I come across, then began to assemble them into a coherent picture of what is working, and what is not...

Narrowing In On My API Governance Strategy Using API Transit To Map Out PSD2

04 December 2017
I’m still kicking around my API Transit strategy in my head, trying to find a path forward with applying to API governance. I started moving it forward a couple years ago as a way to map out the API lifecycle, but in my experience, managing APIs are rarely a linear lifecycle. I have been captivated by the potential of the subway map to help us map out, understand, and navigate complex infrastructure since I learned about Harry Beck’s approach to the London Tube map which has become the standard for quantifying transit around the globe. I am borrowing from Beck’s work, but augmenting for a digital world to try and map out the API practices I study in my research of the space in a way that allow them to be explored, but also implemented, measured, and reported upon by all stakeholders involved with API operations...

Being Able To See Your Database In XML, JSON, and CSV

04 December 2017
This is a sponsored post by my friends over at SlashDB. The topic is chosen by me, but the work is funded by SlasDB, making sure I keep doing what I do here at API Evangelist. Thank you SlashDB for your support, and helping me educate my readers about what is going on in the API space. I remember making the migration from XML to JSON. It was hard for me to understand that difference between the formats, and that you accomplish pretty much the same things in JSON that you could in XML. I’ve been seeing similarities in my migration to YAML from JSON. The parallels in each of these formats isn’t 100%, but this story is more about our perception of data formats, than it is about the technical details...

Facebook Quietly Deprecates The Audience Insight API Used To Automate

04 December 2017
According to AdWeek, Facebook is quietly shutting down its Audience Insights API by the end of the year. They have a statement from Facebook stating, “We have decided to focus marketers on our more broadly available Audience Insights tool, so we are winding down the Audience Insights API by end of year. We’ll continue testing different ways to provide valuable insights to advertisers and agencies through the tool and across other destinations on Facebook.” which I assume they got directly from Facebook, because I can find no other communication regarding the deprecation of the API through normal newsroom, or API change log channels. It could be that I’m missing it, but it is clear they are trying to minimize chatter around this...

The Conversational Interface Appetite For Data Via APIs

01 December 2017
This is a sponsored post by my friends over at SlashDB. The topic is chosen by me, but the work is funded by SlasDB, making sure I keep doing what I do here at API Evangelist. Thank you SlashDB for your support, and helping me educate my readers about what is going on in the API space. I spend a lot of time studying what is going on around bots on Twitter, Facebook, and Slack, as well as voice enablement like we see with Alexa, Google, and Siri. I lump these all under a research category called conversational interfaces. Conversational interfaces represent the next generation of API clients, with AWS Alexa being the most sophisticated example at how it will all work(eventually). While there are some interesting examples of conversational interfaces in action, for the most part they are still pretty simple, silly, and not providing much value...

How Do You Ask Questions Of Data Using APIs?

01 December 2017
I’m preparing to publish a bunch of transit related data as APIs, for us across a number of applications from visualizations to conversation interfaces like bots and voice-enablement. As I’m learning about the data, publishing it as unsophisticated CRUD APIs, I’m thinking deeply about how I would enable others to ask questions of this data using web APIs. I’m thinking about the hard work of deriving visual meaning from specific questions, all the way to how would you respond to an Alexa query regarding transit data in less than a second. Going well beyond what CRUD gives us when we publish our APIs and taking things to the next level. Knowing the technology sector, the first response I’ll get is machine learning! You take all your data, and you train up some machine learning models, put some natural language process to work, and voila, you have your answer to how you provide answers...

How To Say You Might Charge For API Access In The Future Without Being A Jerk

01 December 2017
I get it. It takes money to operate APIs. I’m a big advocate for making sure API providers, even public data API providers can sensibly charge for access to their valuable resources. I’m also painfully aware at how unrealistic a libertarian driven view of the web being open and free makes it very difficult to begin charging for data that has been historically free. However, I’m also a fan of helping API providers understand how they can communicate that they might / will be charging for access to data at some point in the future without being complete jerks about it. I see API providers regularly make the statement that they will begin charging for API access at some point in the future, but this particular story is driven from hearing it out of the Washington Metropolitan Area Transit Authority (WMATA) making changes to their terms of service, where one of the bullet points was that they would begin charging for access at some point...

SQL Statement Pass-Through Using Web APIs

30 November 2017
This is a sponsored post by my friends over at SlashDB. The topic is chosen by me, but the work is funded by SlasDB, making sure I keep doing what I do here at API Evangelist. Thank you SlashDB for your support, and helping me educate my readers about what is going on in the API space. I’m closely following the approach of GraphQL when it comes to making data resources more accessible by API consumers when developing applications. I think there is some serious value introduced when it comes empowering front-end developers with the ability to get exactly the data they need using a variety of querying structures. I enjoy studying up on different approaches to making different dimensions of a database to consumers and end-users, and found a pretty scrappy one from my friends over at SlashDB, with their SQL statement pass through...

The Average Person Will Never Care About APIs Until It Does Something

30 November 2017
I am always looking for ways to introduce people to the concept of APIs, and that they are right below everything digital you do in your daily life. Even with my prolific writing, and sharing on social media, the number of new converts to API awareness are relatively low. I’m alright with what I do not scaling. I’m in this for the long haul, not to sell products or services. I’m looking to help turn on the API light for people not because I want them building the next API, I want to help enlighten folks so that they can take more control over their digital presence, and push back on the platforms and algorithms that are increasingly dominating our lives. One thing I’ve learned about normal folks in my journey as the API Evangelist is that nobody will ever care about APIs until they do something meaningful in their lives...

Troubling Terms of Service Changes From Washington Metropolitan Area Transit

30 November 2017
I was turned onto a developing problem within the Washington Metropolitan Area Transit Authority (WMATA) around a recent terms of service change made around the transit data API by Technically DC. While the transit authority is saying the changes are business as usual and make sense for the platform, some of the developers, specifically one of the biggest API users MetroHero says the changes are targeting them specifically. MetroHero presented what they feel are the unreasonable changes to the WMATA API terms of service in a WMATA Board Meeting recently, focusing on four main areas: That no user or developer can mention “WMATA” in press releases without letting WMATA first review it...

Sorry Your API Effort Falls A Little Short For The APIs I Cover

29 November 2017
I get a lot of emails from companies asking me to look at their APIs. Too many for a one person operation like me to consider. I have to be picky about the APIs I’m taking a look at, and over time I’ve developed a set of criteria for determining how much energy I will invest in an API. Usually within about 2-3 minutes I can tell if it is an API I will be diving in deeper, or I will just be walking away and moving on with my work. The first thing that turns me off of an API is that it just isn’t interesting. I’ll land on the page and I can tell what it does, but it just doesn’t interest me. It doesn’t offer any value, or it is in a category that I’m just not eager to be thinking about and showcasing in my work...

AsyncAPI Is A Specification Format For Message-Driven APIs

29 November 2017
I’ve been learning about a new API definition format called AsyncAPI that allows you to define message-driven APIs in a machine-readable format. It is protocol-agnostic, which means you can use it for APIs that work over MQTT, AMQP, WebSockets, STOMP, and other real-time, and Internet of Things focused APIs. The specification format mirrors OpenAPI, making it pretty easy to get up to speed understanding what is going on. There are two primary concepts at play with the AsyncAPI: Messages - Consumer(s) communicate with your API via messages. A message is a piece of information two or more programs exchange. Most of the times to notify the other end(s) that, either an event has occurred or you want to trigger a command...

API Deployment Is About Publishing Them Wherever They Are Needed

29 November 2017
This is a sponsored post by my friends over at SlashDB. The topic is chosen by me, but the work is funded by SlasDB, making sure I keep doing what I do here at API Evangelist. Thank you SlashDB for your support, and helping me educate my readers about what is going on in the API space. I spun out a separate research area for API deployment, from my core API management research back in 2012 when companies were regularly asking me which of the API management providers they should be using to publish new APIs. At the time, none of them would help you actually publish your APIs, and there just wasn’t enough conversations going on around the subject. When I give talks which include my section on API deployment, some people still scratch their heads thinking there really isn’t that many options on the table–they deploy APIs wherever they’ve been deploying their APIs...

Making Your API Pricing Page Accessible To Everyone

28 November 2017
I’ve been talking with the folks over at Bitscoop about their integration platform as a service (iPaaS) offering. I would API mapping as a service, but that is another story. After talking with them, and going through their website, I wanted to focus on Bitscoop’s pricing page, which I feel reflects where API service pricing and plans are headed. There are three main areas of their pricing that I think are worth highlighting for accessing APIs at scale. Bitscoop is really priced for EVERYONE, with a simple free tier to get started using the platform. Next there are three tiers of access: developer, organization, and enterprise. It’s not as “ascendable” as I’d like it (smoother hop from tier to tier), but because Bitscoop clearly articulates how much additional calls are for each tier, the jump from tier to tier isn’t as painful...

The OpenAPI-Powered Mock API Server From Stripe

28 November 2017
I showcased Stripe’s OpenAPI definition the other week, so I wanted to also highlight a side effect of Stripe deciding to be OpenAPI-Driven. Stripe recently published an OpenAPI-powered mock server, allowing Stripe API consumers to test drive, and play with the Stripe API in a simulated environment. “It operates statelessly (i.e. it won’t remember new resources that are created with it) and responds with sample data that’s generated using a similar scheme to the one found in the API reference.” The Stripe Mock Server is written in Go, and is available on Github. You can rebuild the Stripe API mock server from an updated OpenAPI anytime. It is a pretty dead simple mock server that seems like should be standard practice for any API...

Getting A Handle On Our Database Schema Using APIs

28 November 2017
This is a sponsored post by my friends over at SlashDB. The topic is chosen by me, but the work is funded by SlasDB, making sure I keep doing what I do here at API Evangelist. Thank you SlashDB for your support, and helping me educate my readers about what is going on in the API space. When I take money from my partners, I am always looking for characteristics in their products and services that allow me to write honest stories about the solutions they provide. I can’t do this for all API companies that approach me, but the ones that are doing useful things, make it pretty easy for me. SlashDB helps me out on this front because they aren’t the shiny new startup doing APIs–they are the real world business helping other companies, organizations, institutions, and government agencies get a handle on their databases using APIs...

Multi-Region APIs Using AWS API Gateway

27 November 2017
I’ve been deploying two project using AWS API Gateway, Lambda, and Amazon RDS lately. I’ve become so sold on this approach to deploying APIs as part of this work, that I am evolving my own internal API process to use the same approach. The technical aspect of serverless plus the gateway definitely convinced me of the potential, but it was also the usage of AWS IAM which sealed the deal for me. I’m all too aware of how much my API security lacks as a one person shop, something that I also see reflected in my client operations, and I’d rather be offloading security to AWS than ending up taking the hit on it down the road. While deploying my project using AWS API Gateway, and Lambda, I was faced with the question regarding which zone I should be deploying the APIs in...

Hints of Banking API Regulations From CFPB With Consumer Authorized Financial Data Sharing And Aggregation Rules

27 November 2017
The Consumer Finance Protection Bureau (CFPB) has started laying out some consumer-authorized data sharing and aggregation rules to begin moving forward the banking data scraping conversation in (hopefully) a more production way. It is common knowledge that many financial focused (Fintech) companies regularly access consumers account data using their credentials, so that they scrape relevant account information from their bank, for use in a wide variety of 3rd party tools. This is a common practice that everyone in the industry knows about, understands is a potential security and privacy risk, but everyone looks the other way because it adds value to the consumer ecosystem. In a perfect world each bank would have a public API portal where Fintech aggregators could come and sign up for application keys, and get the authorization of users via OAuth, and obtain access to their banking data in a secure, and accountable way...

Making Sure You Operate In The Cloud Marketplaces As An API Service Provider

27 November 2017
This is a sponsored post by my friends over at SlashDB. The topic is chosen by me, but the work is funded by SlasDB, making sure I keep doing what I do here at API Evangelist. Thank you SlashDB for your support, and helping me educate my readers about what is going on in the API space. As the cloud giants like AWS, Microsoft, and Google continue to assert their dominance of the digital world, one aspect of their operations I’m watching closely has to do with their marketplaces. Google’s marketplaces are still very Android focused, but Amazon and Microsoft have shifted their recent editions of their marketplaces to be more cloud oriented, and accommodating a wide variety of applications, machine learning models, as well as APIs and API-focused services...

The Defensive Database Administrator And The Eager Blockchain Believer

21 November 2017
Think about the power that database administrators have in your organizations world? I’ve been working with databases since my first job in 1987. I’ve seen the power bestowed upon database administrators in organization after organization. They are fully aware of the power they control, and most other people in an organization are regularly reminded of this power. The defensive database administrator is always the biggest obstacle in the way of API teams who are often seen as a threat to the power and budgets that database groups command. This power is why databases are often centralized, scaled vertically, and are the backends to so many web, mobile, desktop, and server applications. I spend a significant amount time thinking about the power that database administrators wield, and how we can work to find more constructive, secure, and sensible approaches to shifting legacy database behaviors...

When You Believe Everything In Tech Is New And Nothing Repeats Itself

21 November 2017
I get regular waves of commenters and tweeters who like to point out the API patterns I’m covering in the API space, have all been done before. We tried discovery docs before they are called WSDL! That API discovery thing is called UDDI! RPC is nothing new! That isn’t new. We tried that before, and it didn’t work. I rarely ever engage with these folks, as this behavior is one pattern in behavior I actually do believe we SHOULDN’t be repeating and showcasing. I’m fascinated by the reasons someone would feel so strongly they need to respond. That something happened in the past, and because it didn’t work we shouldn’t try again today. That somehow the world of compute isn’t built upon, and remixed upon previous ideas that worked, and many that didn’t work until just the right conditions existed...

Day 2,638: APIs Are Dumb

21 November 2017
It is one of those weeks where writing API stories, and doing my API work is completely uninteresting, and my three year old self is throwing a temper tantrum when it comes to doing anything. APIs are dumb. Why the hell would I care about this aspect of technology? Most people don’t understand what the fuck I’m talking about, and people keep doing really dumb shit with them, instead of working on the problems that really matter. Why do I keep doing what I’m doing? Why don’t I just go get a real job, make some real money, and give a shit less? Great question! Most weeks I can just turn the API Evangelist persona on, and with a notebook full of ideas, and inbox full of questions, I begin writing the API blah blah blah...

Generating Operational Revenue From Public Data Access Using API Management

20 November 2017
This is part of some research I'm doing with Streamdata.io. We share a common interest around the accessibility of public data, so we thought it would be a good way for us to partner, and Streamdata.io to underwrite some of my work, while also getting the occasional lead from you, my reader. Thanks for supporting my work Streamdata.io, and thanks for support them readers! A concept I have been championing over the years involves helping government agencies and other non-profit organizations generate revenue from public data. It is a quickly charged topic whenever brought up, as many open data and internet activists feel public data should remain freely accessible. Something I don’t entirely disagree with, but this is a conversation, that when approached right can actually help achieve the vision of open data, while also generating much needed revenue to ensure the data remains available, and even has the opportunity to improve in quality and impact over time...

The Many Meanings Of "Do Not Make The Same Mistake As Twitter Did With Their

17 November 2017
I remember the first time I heard someone say that they didn’t want to make the same mistake as Twitter did with their API. It was from Pinterest. After that I heard the phrase uttered by many companies, with almost an entirely different meaning behind what the mistake was. Twitter is a darling of the API community when it comes to being the poster child for what not to do in the API space. I consider Twitter to be in the top 10 most important APIs out there, as well as being in the top ten APIs I wouldn’t want to be responsible for, and is a platform full of endless examples of how to do APIs right, and how to do them wrong. When some companies say this phrase, they mean they don’t want to make the mistake Twitter did by having an API at all–usually heard from executives...

API Management Is About Awareness And Control Over Our Digital Resources

17 November 2017
I’ve been diving into the fundamentals of API management as part of several projects I am working on. I am setting up API management for a single API project, as well as thinking through API management practices across many API implementations in a single industry. I also just had lunch with a friend at an API startup I work with who is looking to invest in me doing some further research and storytelling when it comes to API management. All of this is providing me with a great opportunity to step back and think about API management from the small detailed moving parts, all the way up to the industry, regulatory, and macro levels of managing digital resources online. API management is the oldest aspect of my research, and one I still think is one of the most critical aspects of doing APIs in my opinion...

We Love What You Do In The API Space But Could You Do It Our Way

17 November 2017
I hear it daily in my inbox, on Twitter, and via LinkedIn. We love what you do! We’ve followed your work for a while, and love your unique voice, and the way you tell stories on your blog. I’m not very good at accepting praise on my work, especially when I know that much of it isn’t sincere and genuine. Saying it casually to me is weird, and I am not sure why people feel like they should be saying it, but it is the folk who go the distance to say it, but then also try to change the way I am, after acknowledging over and over, that they like what I do. From running a major conference, to my everyday storytelling, I get waves of people who like what I’ve done historically, want to support and be part of it, but once engaged actively try to change the conversation, and change the tone of what I do...

My Basic YAML For Starter API Plans

17 November 2017
I started developing a machine readable format for describing the API plans and pricing for leading API providers a few years back. Eventually I’d like to see the format live alongside OpenAPI, Postman, and other machine readable API specifications within a single APIs.json index. I am looking to adequately describe the plans and pricing for APIs, which are often just as important as the technical details, in the same way we’ve describe the technical surface area of an API using OpenAPI for some years now. People love to tell me that I will never be able to do it, which only makes me want to do it more. I’m revisiting my work as part of work I’m doing on a clients project, which I’m also using to push forward my API portal and management toolbox...

Three Stripe OpenAPI Vendor Extensions

16 November 2017
As part of my work on my OpenAPI toolbox I am keeping an eye out for how leading API providers are using OpenAPI. One layer of this part of my research is understanding how teams are extending the OpenAPI specification, while also encouraging other companies to understand that they can extend the specification in the first place. I’m always surprised how many people I come across that say they do not use the specification because it doesn’t do everything they need. I alternatively feel like it is my responsibility to understand what the spec can do, and then bend it to do what I need it to using vendor extensions. I have been studying how payment provider Stripe has been crafting their OpenAPI throughout the week, while also understanding how they are applying it across their platform operations...

The Information You Get When Allowing Developers To Sign Up For An API Using

16 November 2017
I’m a big Github user. I depend on Github for managing all my projects, and Github Pages for the presentation layer around all my research. When anything requires authentication, whether for accessing an API, or gaining access to any of my micro apps, I depend on Github authentication. I have a basic script that I deploy regularly after setting up a Github OAuth application, which I use to enable authentication for my API portals and applications, handling the OAuth dance, and returning me the information I need for my system. After a user authenticates I am left with access to the following fields: id, avatar_url, gravatar_id, url, html_url, followers_url, following_url, gists_url, starred_url, subscriptions_url, organizations_url, repos_url, events_url, received_events_url, type, site_admin, name, company, blog, location, email, hireable, bio, public_repos, public_gists, followers, following, created_at, updated_at, private_gists, total_private_repos, owned_private_repos, disk_usage, collaborators, two_factor_authentication, and plan...

You Thinking I Mean REST When I Say API Is About Your Limited Views, Not Mine

16 November 2017
I’m fascinated by the baggage people bring to the table when engaging in discussions around technology with me. A common opener for many conversations with season technologists centers around REST not penciling out as everyone thought, failing to be the catch-all solution, and will quickly move to how I feel about some new technology (GraphQL, gRPC, Kafka, other) making my work irrelevant. I wish I had some quick phrase to help folks understand how this line of questioning demonstrates their extremely limiting views of the tech sector, as well as my work with APIs, but alas I find silence usually does the job in these situations–allowing everyone to quickly move. For me, application programming interface, or API, is all about finding the right interface for programming against for a specific application...

Stripe Elements And How We Organize Our API Embeddables

16 November 2017
I am setting up Stripe for a client, and I found myself browsing through Stripe Elements, and the examples they have published to Github. If you aren’t familiar, “Stripe Elements are pre-built rich UI components that help you build your own pixel-perfect checkout flows across desktop and mobile.” I put Stripe Elements into my bucket of API embeddables, which overlaps with my API SDK research, but because they are JavaScript open up a whole new world of possibilities for developers and non-developers, I keep separate. Stripe.js and supporting elements provides a robust set of solutions for integrating the Stripe API into your website, web or mobile application. You can choose the pre-made element, customize as you see fit, or custom build your own using the Stripe...

Form Posts As Gateway For Showing People They Can Program The Web Using APIs

15 November 2017
I am always looking for new avenues to help on-board folks with APIs. I’m concerned that folks aren’t quite ready for the responsibility that comes with a programmable web, and I’m looking for ways to help show them how the web is already programmable, and that APIs can help them take more control over their data and content online. A significant portion of my low hanging fruit API work centers around the forms already in use across websites, and how these forms are a doorway for data, and content that should also be available via an API. If information is already available on your website, and being gathered or displayed in response to a form on your website, it is a great place to start a conversation around providing an API that delivers the same functionality...

Deploy Low Hanging Fruit Rogue API Portals For Those Who Are Behind The Curve

15 November 2017
<p</p>The concept of rogue APIs isn’t anything new. Instagram started out as a rogue API, and many leading platforms who are less than open with their platforms have rogue APIs. They are usually APIs that have been reverse engineered from mobile applications, and published to Github for other developers to use. I’m looking to marry this concept with my low hanging fruit API work, where I help organizes start their API journey using data and content that is already on their website. Meaning, if it is already available on the web as table, form, or as CSV, spreadsheet, or other machine readable fie, it should be available via an API. As APIs are just the next step in the evolution, this is the logical place for the API journey to begin for many companies, organizations, institutions, and government agencies...

Headless CMS And The API Evolution Beyond WordPress

15 November 2017
I am a fan of what WordPress has done for the online world. I feel like it has enabled a lot of folks to take some control over their web presence, and in some situations even made programmers out of business people who never thought that is what they’d end up doing. Even with all the positive benefits of WordPress, it has had some significant negative side effects which I think warrant us to begin looking beyond the existing ecosystem–something I’m hoping the headless CMS, and static website movement can help fuel. I’m not anti-WordPress, but I think the movement has run its course, and we can do better when it comes to helping folks take control over their web presence, as well as avoid much of the security challenges we experience as a result of WordPress...

Twitter Finally Begins To Monetize Their APIs

15 November 2017
It has been a long time coming, but Twitter has finally started charging for premium access to their APIs. Until now, you could only access data via the free Twitter API with limitations, or pay to use Gnip at the enterprise level–nothing in between. I’ve long complained about how Twitter restricts access to our tweets, as well as the lack of transparency and honesty around their business model. I’ve complained so much about it, I eventually stopped writing about it, and I never thought I’d see the day where Twitter starts charging for access to their platform. While I have concerns about Twitter further limiting access to our data by charging for API access, their initial release has some positive signs that give me hope that they are monetizing things in a sensible way...

Glitch Is Where You Will Learn The Essential Human Side Of Operating Your API

14 November 2017
The biggest deficiency I see in the world of APIs is an ability to understand the human side of what we are all doing. The space is dominated by men, and people who have an understanding of, and deep belief in technology, over that of humans. The biggest problems APIs face across their life cycle is humans, and increasingly one of the biggest threats to humans is an API (ie. Twitter API automation & harassment, IoT device exploitation, Facebook advertising, etc.) APIs encounter human friction because their creators didn’t anticipate the human portion of the equation, and APIs often get used against humans because their creators again didn’t anticipate human nature, and how people might use their technology for doing harmful things...

The SEO Benefits Of Publishing Your API Operations To Github

14 November 2017
I’ve been operating 100% of my public presence for API Evangelist on Github for almost five years now. I really like the public layer of my world being static, but I also like the modularity that using Github repos for my projects have injected into my workflow. API Evangelist runs as almost 100 separate Github repositories, all using a common Jekyll template for the UI, making it look like you are always on the same API Evangelist website. Any website, application, data, or API begins as a Github repository in my world, and grows from there depending on how much energy I give a project during my daily work. When I first started doing all of this, I worried a little bit about the search engine optimization of my public websites...

Could I Please Get An API Discovery Tool That Evaluates An OpenAPI Diff

14 November 2017
I am increasingly tracking on OpenAPI definitions published to Github by leading API providers I track on. Platforms like Stripe, Box, New York Times are actively managing their OpenAPI definitions using Github, making them well suited for integration into their platform operations, API consumer scenarios, and even within analyst systems like what I have going on as the API Evangelist. Once I have an authoritative source of an OpenAPI, meaning a public URI for an OpenAPI that is actively being maintained by the API provider, I have a pretty valuable feed into the roadmap, as well as change log for an API. I feel like we are getting to the point where there are enough authoritative OpenAPIs that we can start using as a machine readable notification and narrative tool for helping us stay in tune with one or many APIs across the landscape...

I Added A Simple Bulk API For My Human Services Data API

14 November 2017
The core Human Services Data API allows for adding of organizations, locations, services, and contacts one by one using a single POST on the core API paths for each available resource. However, if you want to add thousands, or even hundreds of records, it can quickly become cumbersome to submit each of the calls, so I wanted to introduce a simple Human Services Bulk API for helping handle the adding of large quantity of data, on a one-time, or recurring basis. I know there job queuing solutions available out there, but my goal with this project is to focus on the API definition, as well as the backend system(s). For this round, I just want to get a simple baseline definition in place, with a simple API backend for orchestrating...

I Added A Taxonomy API To Support The Human Services Data API (HSDA)

13 November 2017

Stripes OpenAPI Is Available On Github In Version 3.0

12 November 2017
I can’t write about every API provider who publishes their OpenAPI to Github, there are just too many. But, I can write about the rockstar API providers who do though, and showcase what they are doing, so I can help influence the API providers who have not started publishing their OpenAPIs in this way. If you are looking for a solid example of a leading API provider publishing their OpenAPI to Github, I recommend taking a look at the payment provider Stripe. Their repository contains OpenAPI specifications for Stripe’s API, with multiple files available in the in the openapi/ directory: spec3.{json,yaml} - OpenAPI 3.0 spec. spec2.{json,yaml} - OpenAPI 2.0 spec. We’re continuing to generate this for now, but it will be deprecated in favor of spec3...

Locking Up Any Open Data Taxonomy Is Short Sighted In Todays Online

12 November 2017
I published a taxonomy API as part of my Human Services Data API (HSDA) work recently, and as part of the work I wanted it to support a handful of the human services taxonomies available currently. The most supported taxonomy available out there is the AIRS/211 LA County Taxonomy. It is a taxonomy in use by 211 of LA County, as well as owned and licensed by them. From what I gather, it is the most common format in use, and you can find licensing pages for it from other municipal 211 providers. Before you can download a copy of the taxonomy you have to agree to the license I’ve posted at the bottom of this post, something I was unwilling to do. Taxonomies shouldn’t be locked up this way...

I Can Keep Evangelizing The Same API Stories For The Next Decade In Government

10 November 2017
I spoke on a panel at the Red Hat, Fed Scoop Government Symposium in Washington D.C. yesterday. I had some great conversations with technology vendors, as well as government agencies about everything API. I enjoy being outside the Silicon Valley echo chamber when it comes to technology because I enjoy helping folks understand the basics of what is going on with the basics of APIs, over getting too excited over the latest wave of new technology, and a constant need to be moving forward before ever getting a handle on the problems on the table. It can be hard to to repeat some of the same stories I’ve been telling for the last seven years while in these circles, but honestly the process helps me refine what I’m saying, and continue to actively think through the sustained relevancy of the stories I’ve been telling...

Admitting There Is So Much I Do Not Understand Makes Be Better At APIs

10 November 2017
One of the reasons I’m so good at APIs is because I embrace how little I know. This rolling realization keeps my appetite wet when it comes to learning to things, and working hard to discover, and realize sensible API practices. I am comfortable with the fact that I do not know something. I enjoy coming up against things I do not understand, eager to learn more. However, I think there is one big difference in the way I approach technology from other developers, is that I’m not confident that I will ever be able to fully understand a particular domain, let alone think that technology, or specifically APIs are a solution to a specific set of problems within every domain. Many developers are overly confident in what they know...

Are People Ready For An Online API-Driven World That Is Programmable?

10 November 2017
I am struggling with helping some folks get beyond their API being just readable, and helping them understand the potential of having POST, PUT, and other writable aspects to their resources, making things much more programmable. My client has a firm grasp on the ability to GET data from their API and publish on websites. They also have the concept that they can GET other data from other 3rd party APIs, and display on their website alongside their data. Where they are struggling is that they can also add new data to their API, and update existing data they are making available via their API, and ultimately their website as well. This hurdle isn’t limited to any single project I’m working on...

You Can Lead A Horse To Water But You Cannot Make Them Drink--The API Edition

10 November 2017
I have seven years of API research available at apievangelist.com. I regularly publish short form, and long form versions of this information on my blogs on a weekly basis. I publish prototypes, demo websites and portals, and develop API training curriculum for use across a wide variety of industries. I regularly take versions of my API research, and rework, rebrand, and dial in to speak to a specific company, organizations, institution, agency, or industry. In many cases I make this information freely available, helping make sure it is available to those who need it. Despite all this work, many folks who are already doing APIs refuse to read, listen, and learn from what is already going on in the API space, and doomed to repeat the mistakes many of us have already made and learned from in our API journeys...

The Impact Of API Management On API Security

09 November 2017
This is a story from my latest API Evangelist API security industry guide. My partner ElasticBeam has underwritten my API security research, allowing me to publish a formal PDF of my guide, providing business and technical users with a walk-through of the moving parts, tools, and companies doing interesting things with API security. When I publish each guide, I publish each story here on the blog, helping build awareness around my research–this is a short one on API management. API management has done an amazing job in helping companies, organizations, institutions, and government agencies make their digital resources more available on-line in a secure way. Allowing API providers to require developers to sign up, obtain keys, and tokens which need to accompany all API calls...

Using APIs To Manage My APIs

09 November 2017
I’m going further down the AWS rabbit hole lately with my APIs. Historically my APIs ran on an AWS EC2 instance with leveraged Linux for the OS, Apache for the web server, and Slim for the RESTful framework of my APIs–all with an RDS MySQL backend. I’ve now evolved the EC2 instance to be spread across numerous AWS Lambda scripts, tied together into various stacks of APIs using AWS API Gateway. At first, I was hesitant to go further down the AWS rabbit hole, but the security benefits of AWS-driven solutions, as well as the API-driven aspects of operating my APIs, is slowly shifting my view of how I need to be managing my APIs. AWS RDS, Lambda, and API Gateway all have APIs. I’ve been spending the week developing Lambda scripts that help me manage my APIs, using the AWS APIs behind these three services, leveraging them to setup, configure, deploy, manage, and test my APIs...

Learning To Play Nicely With Others Using APIs

09 November 2017
This is a topic I talk about often, write about rarely, but experience on a regular basis doing APIs. It has to do with encounters I have with people in companies who do not know how to share and play nicely with other companies and people, and want to do APIs. For a variety of reasons these folks approach me to learn more about APIs, but are completely unaware of what it takes, and how it involves working with external actors. Not all of these APIs are public, but many of them involve engaging with individuals outside the corporate firewall, possess a heavy focus on the technical, and business of doing APIs, but rarely ever consider the human and more political aspects of engagements with APIs...

The Open Web Application Security Project (OWASP) And API Security

09 November 2017
This is a story from my latest API Evangelist API security industry guide. My partner ElasticBeam has underwritten my API security research, allowing me to publish a formal PDF of my guide, providing business and technical users with a walk-through of the moving parts, tools, and companies doing interesting things with API security. When I publish each guide, I publish each story here on the blog, helping build awareness around my research–this is a short one on OWASP. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software, with a mission to make software security visible, so that individuals and organizations are able to make informed decisions...

APIs And Other Ways Of Serving Up Machine Learning Models

08 November 2017
As with most areas of the tech sector, behind the hype there are real world things going on, and machine learning is one area I’ve been studying, learning, and playing withd what is actually possible when it comes to APIs. I’ve been studying the approach across each of the major cloud platforms, including AWS, Azure, and Google t push forward my understanding of the ML landscape. Recently the Google Tensorflow team released an interesting overview of how they are serving up Tensorflow models, making machine learning accessible across a wide variety of use cases. Not all of these are API specific, but I do think they are should be considered equally as part of the wider machine learning (ML) application programming interface (API) delivery approach...

The API Evangelist API Security Industry Guide

08 November 2017
This edition of my API security industry guide has been underwritten by ElasticBeam, who provides next generation API security, leveraging machine learning, and behavorial analysis that works with the existing web and API management solutions you already have in place across your API operations. I have been working on this resulting guide from my API security research for over a year now. Thanks to ElasticBeam I’ve finally gotten it out the door. As with all my industry guides, it is a work in progress, and something that will never be finished. I’ll keep taking what I’ve learned, and publishing in as a PDF every couple months, and receive the edits, and feedback from my readers and the wider community, then publish again...

I Appreciate This API Walk Through From Fannie Mae But Just Give Me The API!

08 November 2017
I came across the new Desktop Underwriter (DU) API from Fannie Mae which provides lenders a comprehensive credit risk assessment data that determines whether a loan meets Fannie Mae’s eligibility requirements. They have a slick new website for the project, with the tag line “building on certainty”, and a smooth HTML story to walk you through what the new DU API can do. While the API seems very exciting, and valuable, the whole production is missing one thing–the API! I am sure you have to be a partner to get access to the API, but you can tell the whole things is being led by people who have never actually used an API. Otherwise you would give us an API to actually use, and allow us to kick the tires...

Additional Call Pricing Info Are The Pressure Relief Valves For API Plans

08 November 2017
I’ve complained about unfair API pricing tiers several times over the last couple years, even declaring API access tiers irrelevant in a mult-API consumer world. Every time I write about this subject I get friends who push back on me that this is a requirement for them to generate revenue as a struggling startup. With no acknowledgement that their API consumers might also be struggling startups trying to scale consumption within these plans, only to reach a rung in the ladder they might not be able to actually reach. My goal in this storytelling isn’t to condemn API providers, but make them aware of what things look like from the other side, and that their argument essentially pulls up the ladder after they’ve gotten theirs–leaving the rest of us at the bottom...

When We Are Told That API Security Investments Will Affect Profitability

07 November 2017
I was listening to Mark Zuckerberg talk about how security investments will affect the platforms profitability on the Facebook earnings call this last week. This line of thinking sounds pretty consistent with what I’m hearing from other folks when it comes to why they haven’t been investing more into their API security. My challenge for this line of thought is about shutting down proactive security investments, and does not speak of responsive security investments–meaning after you’ve had a breach, or when there is other security investment. From a leadership perspective this view of security just doesn’t do it for me, and I’d push back, and require it consider what profitability will look like if we do not invest properly in security...

Hiding APIs In Plain Sight

07 November 2017
I’m always surprised by how secretive folks are. I know that it is hard for many folks to be as transparent as I am with my work, but if you are doing public APIs, I have a basic level of expectation that you are going to be willing to talk and share stories publicly. I regularly have conversations with enterprise folks who are unwilling to talk about what they are doing on the record, or allow me to share stories about their PUBLIC API EFFORTS!!! I get the super secret internal stuff. I’ve worked for the government. I don’t have a problem keeping things private when they should be, but the secretive nature of companies around public API efforts continues to keep me shaking my head. People within enterprise groups almost seem paranoid when it comes to people keeping an eye on what they are up to...

Postman As A Live Coding Environment In Presentations At APIStrat

07 November 2017
We just wrapped up the 8th edition of APIStrat in Portland, Oregon this last week. I’ll be working through my notes, and memory of the event in future posts, but thing that stood out for me was the presence of Postman at the event. No, I’m not talking about their booth, and army of evangelists and company reps on site–although this was the first time I’ve seen them out in such force. I’m talking about the usage of the API development environment by presenters, as a live coding environment in their talks, replacing the command line and browser for how you demonstrate the magic of APIs to your audience. On the first day of the conference I attended two separate workshops where Postman was the anchor for the talk...

Developing A Talent Pool Within Your API Community

07 November 2017
There are many reasons for having an API. The direct reason is to provide your partners and 3rd party developers access to your data, content, and algorithmic resources using the web. However, there are many indirect, and less obvious reasons for having an active API program at your company, organization, institution, or government agency. Things that you probably haven’t thought of, but the groups who are already doing APIs have known about these benefits for a while. One of these benefits is in the area of talent acquisition, and building relationships with, and identifying folks with the skills you are looking for. I remember the first time I heard the executives at Paypal say that they often hire out of their development community...

A Simple API Using AWS RDS, Lambda, and API Gateway

06 November 2017
I wrote about a simple API with AWS DynamoDB, Lambda, and API Gateway last week. I like this approach because of the simple nature of AWS DynamoDB. One benefit of going this route is that you can even bypass Lambda, as the AWS API Gateway can work directly with AWS DynamoDB API. I’m just playing around with different configurations and pushing forward my understanding of what is possible, and this week I switched out the database in this with AWS RDS, which opens up the ability to use MySQL or Postgres as the backend for any API. For this example, I’m using a simple items database, which you can build with this SQL script after you fire up an RDS instance (I’m using MySQL): Next I wanted to have the basic CRUD operations for my API...

API Security Beginning To Outweigh My Vendor Lock-In Concerns

06 November 2017
I’ve been on the AWS train since day one. I’ve been integrating Amazon S3 and EC2 into my business(es) since they first launched a decade ago. While the platform has faithfully provided my storage and compute for over a decade I’ve always been wary of vendor lock-in. After a decade long ride on Microsoft (1998-2008), I felt pretty burned. Then recently after a similar decade long ride on Google (2005-2015), I felt burned, but in a different way. After a decade on AWS I’m nervous, but I don’t feel as burned, however I’d say there is one aspect of doing business online that is making me put aside some of my concerns regarding vendor lock-in on AWS, and even on Google, and Azure–SECURITY...

An Example Of How Every API Provider Should Be Using OpenAPI Out Of The Slack

06 November 2017
The Slack team has published the most robust and honest story about using OpenAPI, providing a blueprint that other API providers should be following. What I like most about approach by Slack to develop, publish, and share their OpenAPI, is the honesty behind why their are doing it to help standardize around a single definition. They publish and share the OpenAPI to Github, which other API providers are doing, and I think should be standard operating procedure for all API providers, but they also go into the realities regarding the messy history of their API documentation–an honesty that I feel ALL API providers should be embracing. My favorite part of the story from Slack is the opening paragraph that honestly portrays how they’ve got here: “The Slack Web API’s catalog of methods and operations now numbers nearly 150 reads, writes, rights, and wrongs...

I Like The Scope Of The AWS SDK for JavaScript

02 November 2017

My Response On The Department Of Veterans Affairs (VA) RFI For The Lighthouse

26 October 2017
I am working with my partners in the government API space (Skylight, 540, Agile Six) to respond to a request for information (RFI) out of the Department of Veterans Affairs (VA), for what they call the Lighthouse API Management platform. The RFI provides a pretty interesting look into the way the government agency which supports our vets is thinking about how they should be delivering government resource using APIs, but also how they play a role in the wider healthcare ecosystem. My team is meeting today to finalize our response to the RFI, and in preparation I wanted to prepare my thoughts, and in my style of doing things, involves publishing them here on API Evangelist. You can read the whole RFI, but I’ll provide the heart of it, to help set the table for my response...

We Are All Using APIs

25 October 2017
When I talk to ordinary people about what I do as the API Evangelist, they tend to think APIs don’t have much of anything to do with their world. APIs exist in a realm of startups, technology, and make believe that doesn’t have much to do with their ordinary lives. When trying to make the connection with folks on airplanes, in the hotel lobby, and at the coffee shop, I always resort to the most common API-driven thing in all of our lives–the smart phone. Pulling out my iPhone is the quickest way I can go from zero to API understanding, with almost anyone. When people ask what an API is, or how it has anything to do with them, I always pull out my iPhone, and say that all of the applications on the home page of your mobile phone use APIs to communicate...

I Am Talking About Jekyll As A Hypermedia Client At APIStrat in Portland OR

25 October 2017
Static website, and headless CMS approaches to providing API driven solutions have grown in popularity in recent years. Jekyll has been leading the charge when it comes to static website deployment, partly due to Github being behind the project, and their adoption for Github Pages. I’ve been pushing forward a new approach to using Jekyll as a hypermedia client to help deliver some of my API training and curriculum, and as part of this work I’m giving a talk at APISTrat next week on the concept. APIStrat is a great forum for this kind of project, helping me think through things in the form of a talk, the opportunity to share with an audience, and get immediate feedback on its viability, which I can then use to push forward my thinking on this aspect of my API work...

Helping Business Users Get Over Perceived Technical Gaps When It Comes To API

25 October 2017
Every single API project I’m working on currently has one or more business users involved, or specifically leading the work. With every business user, no matter how fearless they are, there is always a pretty heavy perception that some things are over their head. I see this over and over when it comes to API design, and the usage of OpenAPI to define an API. I’ve known a handful of folks who aren’t programmers, and have learned OpenAPI fluently, but for the most part, all business users tend to put up a barrier when it comes to learning OpenAPI–it lives in the realm of code, and exists beyond what they are capable of. I get that folks are turned off by being exposed to code. Learning to read code takes a significant amount of time, and with the more framework, libraries, and other layers, you can find yourself pretty lost, pretty quickly...

A Suite Of Human Services API Definitions Using OpenAPI

25 October 2017
I’m needing to quantify some of the work that has occurred around my Human Services Data Specification work as part of a grant we received from Stanford. The grant shas helped us push forward almost three separate revisions of the API definition for working with human services data, and one of the things I’m needing to do is quantify the work that has occurred specifically around the OpenAPI definitions. At this point the specification is pretty verbose, and is now spanning multiple documents, making it difficult to quantify and share within an executive summary. To help support I wanted to craft some language that could help introduce the value that has been created to a non-technical audience...

Some New API Evangelist Art

24 October 2017
When I first started API Evangelist I spent two days trying to create a logo. I then spent another couple days trying to find a service to create something. Unhappy with everything I produced, I resorted to what I considered a temporary logo, where I just typed a JSON representation of the logo, mimicking what a JSON response for calling a logo through an API might look like. Seven years later, the logo has stuck, resulting in me never actually invested any more energy into my logo. The API Evangelist imagery is long overdue for an overhaul. I stopped wearing the logo on my signature black t-shirts a couple years back, and I do not want to reach the 10 year mark before I actually do anything new...

The API Portal Outline For A Project I Am Working On

24 October 2017
I am working through a project for a client, helping them deliver a portal for their API. As I do with any of my recommendations with my clients, I take my existing API research, and refine it to help craft a strategy to meets their specific needs. Each time I do this it gives me a chance to rethink some of my recommendations I’ve already gathered, as well as learn from new types of projects. I’ve taken the building blocks from my API portal, as well as my API management research, and have taken a crack at organizing them into an outline that I can use to guide my current project. Here is a walk through of the outline I’m recommending as part of a basic API portal implementation, to support a simple public API: Overview - / - Everything starts with a landing page, with a simple overview of what an API does...

AWS API Gateway Export In OpenAPI and Postman Formats

24 October 2017
I wrote about being able to import an OpenAPI into the AWS API Gateway to jumpstart your API the other day. OpenAPI definitions are increasingly used for every stop along the API life cycle, and being able to import an OpenAPI to start a new API, or update an existing in your API gateway is a pretty important feature for streamlining API operations. OpenAPI is great for defining the surface area of deploying and managing your API, as well as potentially generate client SDKs, and interactive API documentation for your API developer portal. Another important aspect of this API lifecycle is being able to get your definitions out in a machine readable format as well. All service providers should be making API definitions a two-way street, just like Amazon does with the AWS API Gateway...

Your API Road Map Helps Others Tell Stories About Your API

24 October 2017
There are many reasons you want to have a road map for your API. It helps you communicate with your API community where you are going with your API. It also helps you have a plan in place for the future, which increases the chances you will be moving things forward in a predictable and stable way. When I’m reviewing and API I don’t see a public API road map available, I tend to give them a ding on the reliability and communication for their operations. One of the reasons we do APIs is to help us focus externally with our digital resources, which communication plays an important role, and when API providers aren’t communicating effectively with their community, there are almost always other issues right behind the scenes...

APIs Reduce Everything To A Transaction

23 October 2017
My partner in crime Audrey Watters crafted a phrase that I use regularly, that “APIs reduce everything to a transaction”. She first said it jokingly a few years back, but is something I regularly repeat, and think about regularly, as I feel it profoundly describes the world I study. I like the phrase because of its dual meaning to me. If I say it with a straight face, in different company, I will get different responses. Some will be positive, and others will be negative. Which I think represents the world of APIs in a way that show how APIs are neither good, bad, or neutral. If you are an API believer, when I describe how APIs reduce everything to a transaction, you probably see this as a positive...

Budget API Management Using Github

23 October 2017
I am always looking for the cheapest, easiest ways to get things done in the world of APIs. As a small business owner I’m always on the hunt for hacks to get done what I need, and hopefully make things easier for my users, while keeping things free, or at least minimally priced for my business. When it comes to my simplest of APIs, where I’m not looking to fully manage, but I do want anyone using them to authenticate, and pass in API keys, so that I can track on their use. In some cases I’m going to bill against this usage, but for the most part I just want to secure, and quantify their consumption. The quickest and dirtiest way I will enable authentication for any API is using Github...

A Simple API With AWS DynamoDB, Lambda, and API Gateway

23 October 2017
I’ve setup a few Lambda scripts from time to time, but haven’t had any dedicated project time to push forward API serverless concepts. Over the weekend I had a chance to deploy a couple of APIs using AWS DynamoDB, Lambda, and API Gateway, lighting up some of the serverless API possibilities in my brain. Like most areas of the tech sector, I think the term is dumb, and there is too much hype, but I think underneath there is some interesting possibilities, at least enough to keep me playing around with things. Right now my primary API setup is Amazon Aurora (MysQL) backend, with API deployed on EC2, using Slim API framework in PHP. It is clean, simple, and gets the job done. I use 3Scale, or Github for the API management layer...

API Monetization Framework As Introduced By AWS Marketplace

23 October 2017
I am learning about the AWS Marketplace through the lens of selling your API there, adding a new dimension to my API monetization and API plan research. I’ve invested a significant amount of energy to try and standardize what I learn from studying the pricing and plans for the API operations of the leading API providers. As I do this work I regularly hear from folks who like to tell me how I’ll never be able to standardize and normalize this, and that it is too big of a challenge to distill down. I agree that things seem too big to tame at the current moment, but with API pioneers like AWS, who have been doing this stuff for a while, you can begin to see the future of how this stuff will play itself out...

API Management Dashboard: The Provider View

20 October 2017
I’m helping some clients think through their approach to API management. These projects have different needs, as well as different resources available to them, so I’m looking to distill things down to the essential components needed to get the job done. I’ve taken a look at the API consumer account basics as well as their usage, and next I want to consider the view of all of this from the API provider vantage point. For both of my current projects, I’m needing to think about the UI elements that deliver on API management elements from the API provider perspective. To help me think though the UI elements needed for helping manage the essential elements of managing APIs I wanted to create a simple list of each screen that will be needed to get the job done...

Selling Your AWS API Gateway Driven API Through The AWS Marketplace

20 October 2017
I am getting intimate with AWS API Gateway. Learning about what it does, and what it doesn’t do. The gateway brings a number of essential API management elements to the table, like issuing keys, establishing plans, and enforcing rate limits. However, it also lacks many of the other active elements of API management like billing for usage, which is an important aspect of managing API consumption for API providers. With AWS, things tend to work like legos, meaning many of their services work together to deliver a larger picture, and I’ve been learning more about how AWS API Gateway works with the AWS Marketplace to deliver some of the business of API features I’m looking for. Here is the blurb from the AWS API Gateway documentation regarding how you can setup AWS API Gateway to work with AWS Marketplace, making your API available for sale as a SaaS service: After you build, test, and deploy your API, you can package it in an API Gateway usage plan and sell the plan as a Software as a Service (SaaS) product through AWS Marketplace...

API Management Dashboard: The Consumer View

20 October 2017
I’m helping some clients think through their approach to API management. These projects have different needs, as well as different resources available to them, so I’m looking to distill things down to the essential components needed to get the job done. I’ve taken a look at the API consumer account basics as well as their usage, and next I want to consider the view of all of this from the API provider vantage point. For both of my current projects, I’m needing to think about the UI elements that deliver on API management elements from both the API provider and consumer levels. I’ve already tackled the API provider view, next up is the API consumer view. To help me think though the UI elements needed for helping manage the essential elements of managing API consumption for developers I wanted to create a simple list of each screen that will be needed to get the job done...

API Developer Account Usage Basics

20 October 2017
I’m helping some clients think through their approach to API management. These projects have different needs, as well as different resources available to them, so I’m looking to distill things down to the essential components needed to get the job done. I spent some time thinking through the developer account basics, and now I want to break down the aspects of API consumption and usage around these APIs and developer accounts. I want to to think about the moving parts of how we measure, quantify, communicate, and invoice as part of the API management process. Having A Plan We have developers signed up, with API keys that they’ll be required to pass in with each API call they make. The next portion of API management I want to map out for my clients is the understanding and management of how API consumers are using resources...

API Developer Account Basics

20 October 2017
I’m helping some clients think through their approach to API management. These projects have different needs, as well as different resources available to them, so I’m looking to distill things down to the essential components needed to get the job done. The first element you need to manage API access is the ability for API consumers to be able to sign up for an account, that will be used to identify, measure usage, and engage with each API consumer. Starts With An Account While each company may have more details associated with each account, each account will have these basics: account id - A unique identifier for each API account. name - A first name and last name, or organization name...

The Tractor Beam Of The Database In An API World

19 October 2017
I’m an old database person. I’ve been working with databases since my first job in 1987. Cobol. FoxPro. SQL Server. MySQL. I have had a production database in my charge accessible via the web since 1998. I understand how databases are the center of gravity when it comes to data. Something that hasn’t changed in an API driven world. This is something that will make microservices in a containerized landscape much harder than some developers will want to admit. The tractor beam of the database will not give up control to data so easily, either because of technical limitations, business constraints, or political gravity. Databases are all about the storage and access to data. APIs are about access to data...

Adding Ping Events To My Webhooks And API Research

19 October 2017
I am adding another building block to my webhooks research out of Github. As I continue this work, it is clear that Gthub will continue to play a significant role in my webhook research and storytelling, because they seem to be the most advanced when it comes to orchestration via API and webhooks. I’m guessing this is a by-product of continuous integration (CI) and continuous deployment (CD), which Github is at the heart of. The API platforms that have embraced automation and orchestration as part of what they do, always have the most advanced webhook implementations, and provide the best examples of webhooks in action, which we can all consider as part of our operations. Today’s webhook building block is the ping event...

Using APIs To Enrich The Data You Have In Spreadsheets

19 October 2017

Importing OpenAPI Definition To Create An API With AWS API Gateway

19 October 2017
I’ve been learning more about AWS API Gateway, and wanted to share some of what I’m learning with my readers. The AWS API Gateway is a robust way to deploy and manage an API on the AWS platform. The concept of an API gateway has been around for years, but the AWS approach reflects the commoditization of API deployment and management, making it a worthwhile cloud API service to understand in more depth. With the acquisition or all the original API management providers in recent years, as well as Apigee’s IPO, API management is now a default element of major cloud providers. Since AWS is the leading cloud provider, AWS API Gateway will play a significant role into the deployment and management of a growing number of APIs we see...

Most API Developers Will Not Care As Much As You Do

18 October 2017
I believe in the potential of what APIs can do, and care about learning how we can do things right. Part of it is my job, but part of it is me wanting to do things well. Master my approach to delivering APIs, using my well-rounded API toolbox. Reading the approach of other leading API providers, and honing my understanding of healthy, and not so healthy practices. I thoroughly enjoy studying what is going on and then applying it across what I do. However I am reminded regularly that most people are not interested in knowing, and doing things right–they just want things done. As many of us discuss the finer details of API design, and the benefits of one approach over the other, other folks would rather us just point them to the solution that will work for them...

API Design Maturity At Capital One

16 October 2017
API design is something that many have tried to quantify and measure, but very few ever establish any meaningful way of doing so properly in my experience. I’ve been learning about the approach to API governance from the Capital One DevExchange team, and found their approach to defining API design maturity pretty interesting. I’m mostly interested in their approach because it speaks to actual business objectives, and aren’t about the common technical aspects we see API design being quantified across the community each day. Capital One breaks things down into five distinctive layers that offer value to any organization doing APIs. Starting at the bottom of their maturity period, here are the levels of maturity they are measuring things by: Functional - Doing the basics, providing some low-level functionality, and nothing more...

AdWords API Release and Sunset Schedule For 2018

16 October 2017
APIs are not forever, and eventually will go away. The trick with API deprecation is to communicate clearly, and regularly with API consumers, making sure they are prepared for the future. I’ve been tracking on the healthy, and not so healthy practices when it comes to API deprecation for some time now, but felt like Google had some more examples I wanted to add to our toolbox. Their approach to setting expectations around API deprecation is worthy of emulating, and making common practice across industries. The Google Adwords API team is changing their release schedule, which in turns impacts the number of APIs they’ll support, and how quickly they will be deprecating their APIs. They will be releasing new versions of the API three times a year, in February, June and September...

Operating Your API Portal Using Github

16 October 2017
Operating on Github is natural for me, but I am regularly reminded what a foreign concept it is for some of the API providers I’m speaking with. Github is the cheapest, easiest way to launch a public or private developer portal for your API. With the introduction of Github Pages, each Github repository is turned into a place to host any API related project. In my opinion, every API should begin with Github, providing a place to put your API definition, portal, and other elements of your API operations. If you are just getting going with understand how Github can be used to support your API operations, I wanted to provide a simple checklist of the concepts at play, that will lead you being able to publish your API portal to Github...

The Basics Of API Management

16 October 2017
I am developing a basic API management strategy for one of my client’s API. With each area of their API strategy I am taking what I’ve learned monitoring the API sector, but pausing for a moment to think about again, and then applying to their operations. Over the years I have separated out many aspects of API management, distilling it down to a core set of elements that reflect the evolution of API management as its evolved into a digital commodity. It helps me to think through these aspects of API operations in general, but also applying to a specific API I am working on, helping me further refine my API strategy advice. API management is the oldest area of my research. It has spawned every other area of the lifecycle I track on, but also is the most mature aspect of the API economy...

Air, An Asthma API

12 October 2017
You don’t find me showcasing specific APIs often. I’m usually talking about an API because of their approach to the technology, business, or politics of how they do APIs. It just isn’t my style to highlight APIs, unless I think they are interesting, and delivering value that is worth talking about, or possibly reflecting a meaningful trend that is going on. In this case it is a useful API that I think brings value, but also provides an example of an API I can showcase to non-developer folks as a meaningful example of an API. The API I’m talking about today, is the Air API, an asthma API from Propeller, which provides a set of free tools to help people understand current asthma conditions in their neighborhoods...

Bots, Voice, And Conversational APIs Are Your Next Generation Of API Clients

12 October 2017
Around 2010, the world of APIs began picking up speed with the introduction of the iPhone, and then Android mobile platforms. Web APIs had been used for delivering data and content to websites for almost a decade at that point, but their potential for delivering resources to mobile phones is what pushed APIs into the spotlight. The API management providers pushed the notion of being multi-channel, and being able to deliver to web and mobile clients, using a common stack of APIs. Seven years later, web and mobile are still the dominant clients for API resources, but we are seeing a next generation of clients begin to get more traction, which includes voice, bot, and other conversational interfaces...

Everything Is Headless In A Decoupled API World

12 October 2017

Obfuscating The Evolving Code Behind My API

12 October 2017
I’m dialing in a set of machine learning APIs that I use to obfuscate and distort the images I use across my storytelling. The code is getting a little more hardened, but there is still so much work ahead when it comes to making sure it does exactly what I needed it to do, with only dials and controls I need–nothing more. I’m the only consumer of my APIs, which I use them daily, with updates made to the code along the way, evolving the request and response structures until they meet my needs. Eventually the APIs will be done (enough), and I’ll stop messing with them, but that will take a couple months more of pushing forward the code. While the code for these APIs are far from finished, I find the API helps obfuscate and diffuse the unfinished nature of things...

Provide An Open Source Threat Information Database And API Then Sell Premium

11 October 2017
I was doing some API security research and stumbled across vFeed, a “Correlated Vulnerability and Threat Intelligence Database Wrapper”, providing a JSON API of vulnerabilities from the vFeed database. The approach is a Python API, and not a web API, but I think provides an interesting blueprint for open source APIs. What I found interesting (somewhat) from the vFeed approach was the fact they provide an open source API, and database, but if you want a production version of the database with all the threat intelligence you have to pay for it. I would say their technical and business approach needs a significant amount of work, but I think there is a workable version of it in there. First, I would create a Python, PHP, Node...

Their Security Practices Are Questionable But Their Communication Is

11 October 2017
I study the API universe every day of the week, looking for common patterns in the way people are using technology. I study almost 100 stops along the API lifecycle, looking for healthy practices that companies, organizations, institutions, and government agencies can follow when dialing in their API operations. Along the way I am also looking for patterns that aren’t so healthy, which are contributing to many of the problems we see across the API sector, but more importantly the applications and devices that they are delivering valuable data, content, media, and algorithms to. One layer of my research is centered around studying API security, which also includes keeping up with vulnerabilities and breaches...

The gRPC Meetup Kit

11 October 2017
I wrote about Tyk’s API surgery meetups last week, and adding a new approach to our API event and workshop toolbox, and next I wanted to highlight the gRPC Meetup Kit, a resource for creating your own gRPC event. gRPC is an approach out of Google for designing, delivering, and operating high performance APIs. If you look at the latest wave of APIs out of Google you’ll see they are all REST and/or gRPC. Most of them are dual speed, providing both REST and gRPC. gRPC is an open source initiative, but very much a Google led effort that we’ve seen picking up momentum in 2017. While I am keeping an eye on gRPC itself, this particular story is about the concept of providing a Meetup kit for your API related service or tooling, providing an “In a Box” solution that anyone can use to hold a Meetup...

The API Coaches At Capital One

11 October 2017
API evangelism and even advocacy at many organizations has always been a challenge to introduce, because many groups aren’t really well versed in the discipline, and often times it tends to take on a more marketing or even sales like approach, which can hurt its impact. I’ve worked with groups to rebrand, and change how they evangelize APIs internally, with partners, and the public, trying to ensure the efforts are more effective. While I still bundle all of this under my API evangelism research, I am always looking for new approaches that push the boundaries, and evolve what we know as API evangelism, advocacy, outreach, and other variations. I was introduced to a new variation of the internal API evangelism concept a few weeks back while at Capital One talking with my friend Matthew Reinbold(@libel_vox) about their approach to API governance...

Explore, Download, API, And Share Data

10 October 2017
I’m regularly looking through API providers, service providers, and open data platforms looking for interesting ways in which folks are exposing APIs. I have written about Kentik exposing the API call behind each dashboard visualization for their networking solution, as well as CloudFlare providing an API link for each DNS tool available via their platform. All demonstrating healthy way we can show how APIs are right behind everything we do, and today’s example of how to provide API access is out of New York Open Data, providing access to 311 service requests made available via the Socrata platform. The page I’m showcasing provides access 311 service requests from 2010 to present, with all the columns and meta data for the dataset, complete with a handy navigation toolbar that lets you view data in Carto or Plot...

Connecting Service Level Agreements To API Monitoring

10 October 2017
Monitoring your API availability should be standard practice for internal and external APIs. If you have the resources to custom build API monitoring, testing, and performance infrastructure, I am guessing you already have some pretty cool stuff in place. If you don’t, then you should not be reinventing the wheel out there, and you should be leveraging one of the existing API monitoring services out there on the market. When you are getting started with monitoring your APIs I recommend you begin with uptime and downtime, and once you deliver successfully on that front, I recommend you work on API performance, and the responsiveness of your APIs. You should begin with making sure you are delivering the service level agreement you have in place with your API consumers...

Algorithmic Observability Should Work Like Machine Readable Food Labels

10 October 2017
I’ve been doing a lot of thinking about algorithmic transparency, as well as a more evolved version of it I’ve labeled as algorithmic observability. Many algorithmic developers feel their algorithms should remain black boxes, usually due to intellectual property concerns, but in reality the reasons will vary. My stance is that algorithms should be open source, or at the very least have some mechanisms for auditing, assessing, and verifying that algorithms are doing what they promise, and that algorithms aren’t doing harm behind the scenes. This is a concept I know algorithm owners and creators will resist, but algorithms observability should work like food labels, but work in a more machine readable way, allowing them to be validated by other external (or internal) systems...

A Guest Blogger Program To Create Unique Content For Your API

10 October 2017
Creating regular content for your blog is essential to maintaining a presence. If you don’t publish regularly, and refresh your content, you will find your SEO, and wider presence quickly becoming irrelevant. I understand that unlike me, many of you have jobs, and responsibilities when it comes to operating your APIs, and carving out the time to craft regular blog posts can be difficult. To help you in your storytelling journey I am always looking for other stories to help alleviate your pain, while helping keep your blog active, and ensure folks will continue stumbling across your API, or API service, while Google, or on social media. Another interesting example of how to keep your blog fresh came from my partners over at Runscope, who conducted a featured guest blog post series, where they were paying API community leaders to help “create an incredible resource of blog posts about APIs, microservices, DevOps, and QA...

Treating Your APIs Like They Are Infrastructure

09 October 2017
We all (well most of us) strive to deliver as stable of an API presence as we possibly can. It is something that is easier said than done. It is something that takes caring, as well as the right resources, experience, team, management, and budget to do APIs just right. It is something the API idols our there make look easy, when they really have invested a lot of time and energy into developing a agile, yet scalable approach to ensuring APIs stay up and running. Something that you might able to achieve with a single API, but can easily be lost between each API version, as we steer the ship forward. I spend a lot of time at the developer portals of these leading API providers looking for interesting insight into how they are operating, and I though Stripe’s vision around versioning their API is worth highlighting...

Learning About API Governance From Capital One DevExchange

09 October 2017
I am still working through my notes from a recent visit to Capital One, where I spent time talking with Matthew Reinbold (@libel_vox) about their API governance strategy. I was given a walk through their approach to defining API standards across groups, as well as how they incentivize, encourage, and even measure what is happening. I’m still processing my notes from our talk, and waiting to see Matt publish more on his work, before I publish too many details, but I think it is worth looking at from a high level view, setting the bar for other API governance conversations I am engaging in. First, what is API governance. I personally know that many of my readers have a lot of misconceptions about what it is, and what it isn’t...

Publishing Your API Road Map Using Trello

09 October 2017
I consider a road map for any API to be an essential building block, whether it is a public API or not. You should be in the business of planning the next steps for your API in an organized way, and you should be sharing that with your API consumers so that they can stay up to speed on what is right around the corner. If you want to really go the extra mile I recommend following what Tyk is up to, with their public road map using Trello. With the API management platform Tyk, you don’t just see a listing of their API road map, you see all the work and conversation behind the road ma using the visual collaboration platform Trello. Using their road map you can see proposed features, which is great to see if something you want has already been suggested, and you can get at a list of what the next minor releases will contain...

Communication Strategy Filler Using Sections Of Your API Documentation

09 October 2017
</a> Coming up with things creative things to write about regularly on the blog, and on Twitter when you are operating an API is hard. It has taken a lot of discipline to keep posts going up on API Evangelist regularly for the last seven years–totaling almost 3K total stories told so far. I don’t expect every API provider to have the same obsessive compulsive disorder that I do, so I’m always looking for innovative things that they can do to communicate with their API communities–something that Amazon Web Services is always good at providing healthy examples that I feel I can showcase. One thing the AWS team does on a regular basis is tweeting out links to specific areas of their documentation, that helps users accomplish specific things with AWS APIs...

Publish, Share, Monetize Machine Learning APIs

06 October 2017
I’ve been playing with Tensor Flow for over a year now, specifically when it comes to working with images and video, but it has been something that has helped me understand what things looks like behind the algorithmic curtain that seems to be part of a growing number of tech marketing strategies right now. Part of this learning is exploring beyond Google’s approach, who is behind Tensor Flow, and understand what is going on at AWS, as well as Azure. I’m stil getting my feet wet learning about what Microsoft is up to with their platform, but I did notice one aspect of the Azure Machine Learning Studio emphasized developers to, “publish, share, monetize” their ML models. While I’m sure there will be a lot of useless vapor ware being sold within this realm, I’m simply seeing it as the next step in API monetization, and specifically the algorithmic evolution of being an API provider...

Thinking About Why We Rate Limit Our APIs

06 October 2017
I am helping a client think through their API management solution at the moment, so I’m working through all the moving parts of how, and why of API management solutions. The API management landscape has shifted since the last time I helped a small company navigate the process of getting up and running, so I wanted to work through each aspect and think critically before I make any recommendations. My client has a content API, which isn’t very complex, but possesses some pretty valuable data they’ve aggregated, curated, and are looking to make available via a simple web API. It is pretty clear that all developers will need a key to be access the API, but I wanted to pause for a moment and think more about API rate limiting...

The API Management Landscape Has Shifted More Than I Anticipated

06 October 2017
It is interesting to take a fresh look at the API management landscape these days. It has been a while since I’ve looked through all the providers to see where their pricing is at, and what they offer. I’d say the space has definitely shifted from what things looked like 2012 through 2015. There are still a number of open source offerings, which there weren’t in 2012, but the old guard has solidly turned their attention to the enterprise. There are the cloud solutions like Restlet, ad SlashDB which really help you get up and running from existing data sources in the cloud, but for this particular project I am looking for a simple proxy and connector approach to deploying on any infrastructure, and they don’t quite fit the requirements...

A Couple More Questions For The Equifax CEO About Their Breach

06 October 2017
Speaking to the House Energy and Commerce Committee, former Equifax CEO Richard Smith pointed the finger at a single developer who failed to patch the Apache Struts vulnerability. Saying that protocol was followed, and a single developer was responsible, shifting the blame away from leadership. It sounds like a good answer, but when you operate in the space you understand that this was a systemic failure, and you shouldn’t be relying on a single individual, or even a single piece of scanning software to verify the patch was applied. You really should have many layers in place to help prevent breaches like we saw with Equifax. If I was interviewing the CEO, I’d have a few other questions for him, getting at some of the other systemic and process failures based upon his lack of leadership, and awareness: API Monitoring & Testing - You say the scanner for the Apache Struts vulnerability failed, but what about other monitoring and testing...

How API Evangelist Works

05 October 2017
I’ve covered this topic several times before, but I figured I’d share again for folks who might have just become readers int he last year. Providing an overview of how API Evangelist works, to help eliminate confusion as you are navigating around my site, as well as to help you find what you are looking for. First, API Evangelist was started in the summer of 2010 as a research site to help me better understand what is going on in the world of APIs. In 2017, it is still a research site, but it has grown and expanded pretty dramatically into a network of websites, driven by a data and a content core. The most import thing to remember is that all my sites run on Github, which is my workbench in the the API Evangelist workshop...

Teaching My Client Three Approaches To Modular UI Design Using Their APIs

05 October 2017
I am working with a client to develop a simple user interface on top of a Human Services Data API (HSDA) I launched for them. They want a basic website for searching, browsing, and navigating the organizations, locations, and services available in their API. A part of this work is helping them understand how modular and configurable their web site is, with each page, or portion of a page being a simple API call. It is taking a while for them to fully understand what they have, and the potential of evolving a web application in this way, but I feel like they are beginning to understand, and are taking the reigns a little more when it comes to dictate what they want within this new world. When I first published a basic listing of human services they were disappointed...

Show The API Call Behind Each Dashboard Visualization

05 October 2017
I am a big fan of user interfaces that bring APIs out of the shadows. Historically, APIs are often a footnote in the software as a service (SaaS) world, available as a link way down at the bottom of the page, in the settings, or help areas. Rarely, are APIs made a first class citizen in the operations of a web application, which really just perpetuates the myth that APIs aren’t for everybody, and the “normals” shouldn’t worry their little heads about it. When in reality, EVERYBODY should know about APIs, and have the opportunity to put them to work, so we should stop burying the links to our APIs, and our developer areas. If your API is too technical for a business user to understand what is going on, then you should probably get to work simplifying it, not burying it and keeping it in developer and IT realm...

Big Data Is Not About Access Using Web APIs

05 October 2017
I’m neck deep in research around data and APIs right now, and after looking at 37 of the Apache data projects it is pretty clear that web APIs are not a priority in this world. There are some of the projects that have web APIs, and there a couple projects that look to bridge several of the projects with an aggregate or gateway API, but you can tell that the engineers behind the majority of these open source projects are not concerned with access at this level. Many engineers will counter this point by saying that web APIs can’t handle the volume, and it shows that the concept isn’t applicable in all scenarios. I’m not saying web APIs should be used for the core functionality at scale, I’m saying that web APIs should be present to provide access to the result state of the core features for each of these platform, whatever that is, which something that web APIs excel at...

APIs Used To Give Us Access To Resources That Were Out Of Our Reach

04 October 2017
I remember when almost all the APIs out there gave us developers access to things we couldn’t ever possibly get on our own. Some of it was about the network effect with the early Amazon and eBay marketplaces, or Flickr and Delicious, and then Twitter and Facebook. Then what really brought it home was going beyond the network effect, and delivering resources that were completely out of our reach like maps of the world around us, (seemingly) infinitely scalable compute and storage, SMS, and credit card payments. In the early days it really seemed like APIs were all about giving us access to something that was out of our reach as startups, or individuals. While this still does exist, it seems like many APIs have flipped the table and it is all about giving them access to our personal and business data in ways that used to be out of their reach...

API Providers Should Provide Observability Into Government Developer Accounts

04 October 2017
I’ve talked about this before, but after reading several articles recently about various federal government agencies collecting, and using social media accounts for surveillance lately, it is a drum I will be beating a lot more regularly. Along with the transparency reports we are beginning to see emerge from the largest platform providers, I’d like to start seeing more observability regarding which accounts, both user and developer are out of government agencies. Some platforms are good at highlighting how government of all shapes and sizes are using their platform, and some government agencies are good at showcasing their social media usage, but I’d like to understand this from purely an API developer account perspective...

Letting Go In An API World Is Hard To Do

04 October 2017
I encounter a number of folks who really, really, really want to do APIs. You know, because they are cool and all, but they just can’t do what it takes to let go a little, so that their valuable API resources can actually be put to use by other folks. Sometimes this happens because they don’t actually own the data, content, or algorithms they are serving up, but in other cases it is because they view their thing as being so valuable, and so important that they can’t share it openly enough, to be accessible via an API. Even if your APIs are private, you still have to document, and share access with folks, so they can understand what is happening, and have enough freedom to put to use in their application as part of their business, without too much constraint and restrictions...

Sharing Top Sections From Your API Documentation As Part Of Your

04 October 2017
I’m always learning from the API communication practices from out of the different AWS teams. From the regular storytelling coming out of the Alexa team, to the mythical tales of leadership at AWS that have contributed to the platform’s success, the platform provides a wealth of examples that other API providers can emulate. As I talked about last week, finding creative ways to keep publishing interesting content to your blog as part of your API evangelism and communications strategy is hard. It is something you have to work at. One way I find inspiration is by watching the API leaders, and learning from what they do. An interesting example I recently found out of the AWS security team, was their approach to showcasing the top 20 AWS IAM documentation pages so far in 2017...

Clearly Designate API Bot Automation Accounts

03 October 2017
I’m continuing my research into bot platform observability, and how API platforms are handling (or not handling) bot automation on their platforms, as I try to make sense of each wave of the bot invasion on the shores of the API sector. It is pretty clear that Twitter and Facebook aren’t that interested in taming automation on their platforms, unless there is more pressure applied to them externally. I’m looking to make sure there is a wealth of ideas, materials, and examples of how any API driven platform can (are) control bot automation on their platform, as the pressure from lawmakers, and the public intensifies. Requiring users clearly identify automation accounts is a good first place to start...

Looking At The 37 Apache Data Projects

03 October 2017
I’m spending time investing in my data, as well as my database API research. I’ll have guides, with accompanying stories coming out over the next couple weeks, but I want to take a moment to publish some of the raw research that I think paints an interesting picture about where things are headed. When studying what is going on with data and APIs you can’t do any search without stumbling across an Apache project doing something or other with data. I found 37 separate projects at Apache that were data related, and wanted to publish as a single list I could learn from. Airvata** - Apache Airavata is a micro-service architecture based software framework for executing and managing computational jobs and workflows on distributed computing resources including local clusters, supercomputers, national grids, academic and commercial clouds...

Temporal Logic of Actions For APIs

03 October 2017
I’m evolving forward my thoughts on algorithmic observability and transparency using APIs, and I was recently introduced to TLA+, or the Temporal Logic of Actions. It is the closest I’ve come to what I’m seeing in my head when I think about how we can provide observability into algorithms through existing external outputs (APIs). As I do with all my work here on API I want to process TLA+ as part of my API research, and see how I can layer it in with what I already know. TLA+ is a formal specification language developed by Leslie Lamport, which can be used to design, model, document, and verify concurrent systems. It has been described as exhaustively-testable pseudocode which can provide a blueprint for software systems...

Database To Database Then API, Instead Of Directly To API

03 October 2017
I am working with a team to expose a database as an API. With projects like this there can be a lot of anxiety in exposing a database directly as an API. Security is the first one, but in my experience, most of the time security is just cover for anxiety about a messy backend. The group I’m working with has been managing the same database for over a decade, adding on clients, and making the magic happen via a whole bunch of databases and table kung fu. Keeping this monster up and running has been priority number one, and evolving, decentralizing, or decoupling has never quite been a priority. The database team has learned the hard way, and they have the resources to keep things up and running, but never seem to have them when it comes to refactoring it and thinking differently, let alone tackling the delivery of a web API on top of things...

The Waves Of API Driven Bots Invading Our Shores

02 October 2017
As each wave of technology comes crashing on the shores of the API space you’ll mostly find me silent, listening and watching what is happening. Occasionally you’ll hear me grumble about the aggressiveness of a single wave, or how unaware each wave is of the rest of the beach, or of the waves that came before them. Mostly I am just yelling back to the waves that claim, “we are going to change the beach forever”, and “we are the wave that matters, better than all the waves that came before us”. Mostly, it is the hype, and the unrealistic claims being made by each wave that bothers me, not the waves themselves. I do not think that technology won’t have an impact on the beach. I just think that us technologists tend to over-hype, and over-believe in the power each wave of technology, and that we do not consider the impact on the wider beach, and the amount of sand that ends up in everything...

The CA Acquisition Of Runscope

02 October 2017
You won’t find me talking about the acquisition of API startups very often. I’m just not a fan of the game. I am not anti-venture capital, but I find the majority of investment in the API startup ecosystem works against everything we are trying to do with APIs. In my opinion, VC investment shouldn’t be the default, it should be an exception. There are other ways to build a business, and I see too many useful API tools get ruined while playing this game. With that said, I tend to not cover the topic, unless I get really pissed off, or the occasional investment or acquisition that I feel will result in a positive result. Last week we saw the Runscope acquisition by CA. This is an acquisition that doesn’t leave me concerned...

Learning About API Design With Resources That Matter To You

02 October 2017
I have been helping my partner in crime Audrey Watters (@audreywatters) evolve her data work as part of her Columbia Spencer Education Journalism Fellowship, where she is publishing a wealth of ed-tech funding data to Github. I worked with her to evolve the schema she is using across the Google Sheet, and YAML data stores she is using. Something that will autogenerate APIs (well dynamic JSON) based upon the filename, and the fields she chooses as part of her data stores. I just planted the seeds, and she has been cranking away creating repos, and building data stores since this last summer. She mentioned to me recently that she thought she had been being consistent in her naming conventions across her work, but had recently noticed some inconsistencies–realizing the importance of a consistent design and schema across the projects, something that really could become problematic at scale if she hadn’t caught...

OpenAPI Definitions For Entire Schema.org Vocabulary (Do Not Reinvent Wheel)

02 October 2017
I am preparing my Schema.org Github repo with a variety of data sources for use across my API tooling and other projects. I’m trying to get better at using a common vocabulary, and not reinventing the wheel each time I start a new project. Schema.org has the most robust vocabulary of shared schema available today–so I am using this existing work as the core of mine. I am slicing and dicing the schema.org vocabulary into several formats that I can use in my OpenAPI-driven editors, and other tooling. I took the JSON-LD representation for Schema.org, and published it as a simpler JSON schema definition format that can be applied quickly to an OpenAPI. It isn’t perfect, and you lose a lot of the semantics in the process, but I think it still provides an important base for API designers, architects, and developers to use across their OpenAPI...

The API Stack For Disrupting The World

29 September 2017
I know people don’t understand why I’m so obsessed with APIs. Sometimes I ask the same question. When I began in 2010, it was 75% about my belief in the good that APIs can do, and 25% about pushing back on the bad things being done with APIs. In 2017, it is 15% about the good, and 85% about pushing back on the bad things that APIs can do. API driven platforms are being used for some pretty shady things these days, and increasingly they are a force for disruption, and not about making the world a better place. With this in mind, I wanted to take a moment to highlight the API stack right now that is being used to disrupt the world around us. These are the APIs that have shifted the political landscape in the U...

Developing The Ability To Repeat The Same API Stories Over And Over

29 September 2017
After seven years of telling stories on API Evangelist I’ve had to repeat myself from time to time. Honestly, I repeat myself A LOT. Hopefully I do it in a way that some of you don’t notice, or at least you are good at filtering the stories you’ve already heard from your feed timeline. My primary target audience is the waves of new folks to the world of APIs I catch with the SEO net I’m casting and working on a daily basis. Secondarily, it is the API echo chamber, and folks who have been following me for a while. I try to write stories across the spectrum, speaking to the leading edge API conversations, as well as the 101 level, and everything in between. Ask anyone doing API evangelism, advocacy, training, outreach, and leadership–and they’ll that you have to repeat yourself a lot...

Tyk Is Conducting API Surgery Meetups

29 September 2017
I was having one of my regular calls with the Tyk team as part of our partnership, discussing what they are up to these days. I’m always looking to understand their road map, and see where I can discover any stories to tell about what they are up to. A part of their strategy to build awarness around their API management solution that I found was interesting, was the API Surgery event they held in Singapore last month, where they brought together API providers, developers, and architects to learn more about how Tyk can help them out in their operations. API surgery seems like an interesting evolution in the Meetup formula. They have a lot of the same elements as a regular Meetup like making sure there was pizza and drinks, but instead of presentations, they ask folks to bring their APIs along, and they walk them through setting up Tyk, and deliver an API management layer for their API operations...

API Design Industry Guide: GraphQL, A Query Language For APIs

29 September 2017
This post is from the latest copy of my API Evangelist API Design Industry Guide, which provides a high level look at the API design layer of the industry. Providing a quick look at the services, tools, and some of the common building blocks of API design. The guide is heavily rooted in REST and hypermedia, but is working to track on the expansion of the space beyond just these formats. My industry guides change regularly, and I try to publish the articles from them here on the blog to increase their reach and exposure. GraphQL is a query language designed by Facebook to build client applications using a flexible syntax and provide a system for describing the data requirements and interactions required by each application...

API Design Industry Guide: gRPC, Open Source RPC Framework

28 September 2017
This post is from the latest copy of my API Evangelist API Design Industry Guide, which provides a high level look at the API design layer of the industry. Providing a quick look at the services, tools, and some of the common building blocks of API design. The guide is heavily rooted in REST and hypermedia, but is working to track on the expansion of the space beyond just these formats. My industry guides change regularly, and I try to publish the articles from them here on the blog to increase their reach and exposure. gRPC is a high-performance open source remote procedure call (RPC) framework that is often used to deploy APIs across data centers that also supporting load balancing, tracing, health checks and authentication...

How Do We Help Folks Understand That APIs Are A Journey?

28 September 2017
I was hanging out with my friend Mike Amundsen (@mamund) in Colorado last month and we ended up discussing folks uncertainty with APIs. You see, many folks that he has been talking to were extremely nervous about all the unknowns in the world of APIs, and were looking for more direction regarding what they should be doing (or not doing). Not all people thrive in a world of unknown unknowns, and not even in a world of known unknowns. Many just want a world of known knowns. This is something that makes the API landscape a very scary thing to some folk, and world where they will not thrive and be successful unless we can all begin to find a way to help them understand that this is all a journey...

API Design Industry Guide: The Restlet Platform Story

28 September 2017
This post is from the latest copy of my API Evangelist API Design Industry Guide, which provides a high level look at the API design layer of the industry. Providing a quick look at the services, tools, and some of the common building blocks of API design. The guide is heavily rooted in REST and hypermedia, but is working to track on the expansion of the space beyond just these formats. My industry guides change regularly, and I try to publish the articles from them here on the blog to increase their reach and exposure. Restlet began as an open source Java API framework over a decade ago and has evolved into an API studio, client, and cloud platform with an API design core. At the center of the API lifecycle management platform is its API designer which gives you a visual view of an API and an OpenAPI or RAML view, providing a machine readable accounting of each API’s contract...

APIStrat And The OpenAPI Initiative

28 September 2017
We are getting closer to APIStrat in Portland, Oregon, October 31st through November 2nd. So I’m going to keep crafting stories that help convince you should be there. It is the first APIStrat conference as an OpenAPI event, operated by the Linux Foundation events team. Steve and I are still playing a big part, and will be MC’ing, but like OpenAPI, APIStrat has grown to the point where we need to let it become more than just something Steve, myself, and the 3Scale team can execute by ourselves. APIStrat has always been a place where we gather and talk about OpenAPI, going back to when it was affectionately known as Swagger. Tony, and the team have spoken before, and there has been many other sessions, workshops, and keynotes involving the API specification format...

Thinking Beyond Just Distributed API Scale Towards Federated API Scale

27 September 2017
You hear a lot about doing APIs at scale in our space. Many folks dismiss web APIs because they feel they won’t scale, and aren’t performing at the scale they envision. The majority of these discussions focus on how do you scale large operations of Twitter, Facebook, or Google scope. A single organization operating API infrastructure at scale, distributed across many geographical regions, supporting millions of users. There are plenty of discussions going on regarding the technology, business, and politics of doing APIs at this scale. I find myself thinking in similar ways, but more federated version of this, where the latest technology might not always be the right answer. My Human Services Data API (HDSA) work is the best example I have of this...

API Design Industry Guide: Application-Level Profile Semantics (ALPS)

27 September 2017
This post is from the latest copy of my API Evangelist API Design Industry Guide, which provides a high level look at the API design layer of the industry. Providing a quick look at the services, tools, and some of the common building blocks of API design. The guide is heavily rooted in REST and hypermedia, but is working to track on the expansion of the space beyond just these formats. My industry guides change regularly, and I try to publish the articles from them here on the blog to increase their reach and exposure. Current API design focusses on using schema to help quantify the payload of the request and response structure of our APIs. JSON Schema, MSON, and other data specifications have emerged to help us quantify the bits we are passing back and forth with APIs...

A Reminder To Always Have A Plan B For Our API Related Github Infrastructure

27 September 2017
I had a scare this last weekend regarding my Github infrastructure. My Github organization for API Evangelist was flagged as SPAM and taken down. The Github organization contains almost 100 repositories that I use across my platform. These repositories drive the public side of my research, but also contain YAML files that are used in automation across my entire platform, and network of websites. At about 12:00 PM on Saturday, everything came to a screeching halt, with all the data I depend on to make things go around becoming unavailable. I have backups of all the data, and the website templates that produce the public side of API Evangelist. I also have a plan B in place for setting up a Jekyll instance that runs on Amazon EC2, but I hadn’t ever actually ran any drills on plan B...

The Value of API Driven Events

27 September 2017
I am spending a lot of time lately thinking about event sourcing, evented architecture, real time, and webhooks. I’m revisiting some of the existing aspects of how we move our bits around the Internet in real time and at scale as part of existing conversation I am having, as well as some projects I’m working on. I recently wrote about making sense of API activity with webhook events, and as I’m crafting a list of meaningful events for my Human Services Data API (HSDA) work, I’m thinking about how these events reflect the value that occurs via API platforms. As I’m going through the different APIs I’m exposing via a platform, I am working to identify and catalog events in which folks can subscribe to using webhooks...

Caching For Your API Is Easier Than You Think And Something You Should Invest

27 September 2017
I’m encountering more API providers who have performance and scalability concerns with their APIs, who are making technical procurement decisions (gateways, proxies, etc) based upon these challenges, but have not invested any time or energy into planning and optimization of caching for their existing web servers that are delivering their APIs. Caching is another aspect of HTTP that I keep finding folks have little or no awareness of, and do not consider more investment in it to assist them in alleviating their scalability and performance concerns. There was a meeting I attended a couple weeks back where an API implementation was concerned about a new project for bulk loading and syncing of data between multiple external systems and their own, because of the strain it put on their database...

API Design Industry Guide: API Stylebook

26 September 2017
This post is from the latest copy of my API Evangelist API Design Industry Guide, which provides a high level look at the API design layer of the industry. Providing a quick look at the services, tools, and some of the common building blocks of API design. The guide is heavily rooted in REST and hypermedia, but is working to track on the expansion of the space beyond just these formats. My industry guides change regularly, and I try to publish the articles from them here on the blog to increase their reach and exposure. Arnaud Lauret (@arno_di_loreto), the API Handyman (@apihandyman), has been developing an API Stylebook that provides a collection of resources for API designers. It is a brilliant aggregation of thirteen API design guides from Atlassian, Cisco, Cloud Foundry, Google, Haufe, Heroku, Microsoft, PayPal, Red Hat, The White House, and Zalando...

Keeping The Web API Layer In Kafka With A REST Proxy

26 September 2017
I’m slowly learning more about Kafka, and the other messaging and data streaming solutions gaining traction in the API space. If you aren’t on the Kafka train yet, “Kafka is used for building real-time data pipelines and streaming apps. It is horizontally scalable, fault-tolerant, wicked fast, and runs in production in thousands of companies.” I’m still learning about how Kafka works, and with no real production experience, it is something that is taking time. As part of my conversations on the subject, I was introduced to Confluent, a platform version of Kafka, which is the quickest way I have seen to get started with real-time data streams. As part of the Confluent offering I noticed they have a REST proxy, which you can find the API documentation here, and the code for the Kafka REST proxy on Github...

Why Does AWS Charge By Usage And Other APIs Still Use Plans?

26 September 2017
Amazon Web Services recently updated their billing for EC2 instances to be by the second, which I really like, because I’ll fire up an instance and run for minutes, then shut things down. I’m just looking to process patent downloads, or other intensive workload projects. Beyond just EC2, the rest of Amazon’s platform is still very usage based. Meaning, you get charged for whatever you use, with unit pricing for each resource designed to compliment how it gets put to use. You get charged for the hard costs of compute, storage, and bandwidth, but you also see per message, job, entry, and other types of billing depending on the type of resource being delivered via API. With this model for doing APIs, I’m wondering why so many API providers still have access plans and tiers...

APIs Are Not Just About Mobile, Make Sure You Are Considering The Bigger Picture

26 September 2017
When I started API Evangelist in 2010, API usage in mobile phones was the biggest factor contributing to me quitting my job, and becoming a independent voice for all APIs. I was being asked to deliver APIs to drive mobile applications on the iPhone, and while helping run technology for Google I/O I saw an increased need for resources to be delivered to this emerging platform. I knew that APIs were going to play an essential role in ensuring data, content, and algorithms could be put to use in mobile applications. Even with the importance of mobile, it wasn’t the only reason I knew that APIs were going to be important, which is something that still resonates today. In 2007, I saw the growing importance of social media APIs, and how messaging, images, and video were being made more distributed using APIs...

Concerns Around Working With The API Evangelist At Large Organizations

26 September 2017
I know that I make some tech companies nervous. They see me as being unpredictable, with no guarantees regarding what I will say, in a world where the message should be tightly controlled. I feel it in the silence from many of the folks that are paying attention to me at large companies, and I’ve heard it specifically from some of my friends who aren’t concerned with telling me personally. These concerns keep them from working with me on storytelling projects, and prevent them from telling me stories about what is happening internally behind their firewall. It often doesn’t stop employees from telling me things off the record, but it does hinder official relationships, and on the record stories from being shared...

Latest Copy Of The API Evangelist API Design Industry Guide

25 September 2017
I’ve been struggling to get the latest edition of my industry guides out the door. I have a new Adobe Indesign format which I really like as a constraint, but is also pushing my desktop publishing skills. What is really kicking my ass though, is the editing. This latest copy was professionally edited, but I ran out of money to pay him on future guides, and I ended up making some slight changes to this one as well. I am very self-conscious of my grammar and spelling mistakes. I’m capable of editing my own stuff, and my grammar and spelling is high quality. The problem is that I’m too close to the content, and with each edit I make changes, which then introduce new mistakes. Also my brain moves too fast sometimes, and I just make silly mistakes, and overlook things by just reading it the way my brain intended...

Considering The Future Of The OpenAPI Initiative

25 September 2017
I’m a member of the OpenAPI Iniative (OAI). I’m not very active on the governance or marketing, but I enjoy hanging out in the hallways of the Slack channel, and being part of the conversation. I’m pretty confident in the core group’s ability to steer the direction of the specification, and leave my influence to be more about storytelling externally, and planting seeds in the minds of folks who are putting the API specification to use. I have a much different style to influencing the API space than many of the companies I share membership within the OAI–it is just my way. I am working with more groups to help them craft, maintain, and evangelize around a specific OpenAPI definition, for use in a specific industry...

Data Streaming In The API Landscape

25 September 2017
I was taking a fresh look at my real time API research as part of some data streaming, and event sourcing conversations I was having last week. My research areas are never perfect, but I’d say that real time is still the best umbrella to think about some of the shifts we are seeing on the landscape recently. They are nothing new, but there has been renewed energy, new and interesting conversation going on, as well as some growing trends that I cannot ignore. To support my research, I took a day this week to dive in, have a conversation with my buddy Alex over at the TheNewStack.io, and the new CEO of WSO2 Tyler Jewell around what is happening. The way I approach my research is to always step back and look at what is happening already in the space, and I wanted to take another look at some of the real time API service providers I was already keeping eye on in the space: Pubnub - APIs for developers building secure realtime Mobile, Web, and IoT Apps...

Talking With More Federal Agencies About API Micro Consulting

25 September 2017
I have been having more conversations with federal agencies as part of my work with my Skylight partners about API related microconsulting. One recent conversation, which I won’t mention the agency, because I haven’t gotten approval, involved bug bounties on top of an API they are rolling out. The agency isn’t looking for the regular technology procurement lifecycle around this project, they are just looking for a little bit of research and consulting to help ensure they are on the right track when it comes to hardening their API approach. Micro consulting like this will usually not exceed $5,000.00 USD, and will always be a short term commitment. From my vantage point micro consulting will always be API related, and in this particular case involves studying how other API providers in the private sector are leveraging bug bounties to help harden their APIs either before they go public, or afterwards in an ongoing fashion...

Providing Embeddable API Integrations For Non-Developers With Zapier

25 September 2017
I’m regularly working to make APIs more accessible to non-developers, and Zapier is the #1 way I do this. Zapier provides ready-to-go API integration recipes for over 750 APIs, providing IFTTT-like functionality, but in a way that actual pays the whole API thing forward (Zapier has APIs, IFTTT does not). One of the benefits of having APIs is you can build embeddable tooling on top of them, and Zapier has some basic embeddable tools available to anyone, with some more advanced options for partners via their partner API. Using the Zapier basic embeddable widget you can list one or many Zaps, providing recipes for any user to integrate with one or many APIs, that can be embedded into a web page, or within an application: <script type="text/javascript" src="https://zapier...

I Am A Professional In My Industry, Where Should I Begin With APIs?

22 September 2017
A regularly question I get from business folks out in the space, is regarding where they should start with APIs. My world is usually broke into two areas: 1) Providing APIs, and 2) Consuming APIs. I’d say that these business folk I keep coming across could easily span both of these areas, making it significantly more complicated to help them understand where they should be getting started with APIs. With the API landscape being so wide, and APIs becoming so ubiquitous across many industries, helping someone onboard to the concept can get pretty complex and confusing pretty quick. I always try to prime the pump with my API 101 material, and encourage folks to learn about the history of APIs...

Not Everyone Needs API Scale, Some Just Need API

22 September 2017
I know that catering to the enterprise is where the money is at. I know that playing with all the cool new containerized, event sourcing, continuously integrated and deployed solutions are where you can prove you know your stuff. However, in my world I come across so many companies, organizations, and government agencies that just need things to work. They don’t have the skills, resources, or time to play with everything cool, and really could just use some better access to their data and content across their business, with trusted partners, and maybe solicit the help of 3rd party developers to help carry the load. Many of the conversation I am having within startup and tech circles often focus on scale, and the latest tech...

That Point Where API Session Management Become API Surveillance

21 September 2017
I was talking to my friends TC2027 Computer and Information Security class at Tec de Monterrey via a Google hangout today, and one of the questions I got was around managing API sessions using JWT, which was spawned from a story about security JWT. A student was curious about managing session across API consumption, while addressing securing concerns, making sure tokens aren’t abused, and there isn’t API consumption from 3rd parties who shouldn’t have access going unnoticed. I feel like there are two important, and often competing interests occurring here. We want to secure our API resources, making sure data isn’t leaked, and prevent breaches. We want to make sure we know who is accessing resources, and develop a heightened awareness regarding who is accessing what, and how they are putting them to use...

The Concept Of API Management Has Expanded So Much the Concept Should Be

21 September 2017
API management was the first area of my research I started tracking on in 2010, and has been the seed for the 85+ areas of the API lifecycle I’m tracking on in 2017. It was a necessary vehicle for the API sector to move more mainstream, but in 2017 I’m feeling the concept is just too large, and the business of APIs has evolved enough that we should be focusing in on each aspect of API management on its own, and retire the concept entirely. I feel like at this point it will continue to confuse, and be abused, and that we can get more precise in what we are trying to accomplish, and better serve our customers along the way. The main concepts of API management at play have historically been about authentication, service composition, logging, analytics, and billing...

I Am Not A Card Carrying Restafarian I Just Believe In The Web

21 September 2017
I am always surprised at the folks who I meet for the first time who automatically assume I’m all about the REST. It is always something that is more telling about the way they see the world (or don’t), than it ever is about me as THE API Evangelist. It is easy to think I’m going to get all RESTY, and start quoting Roy, but I’m no card carrying RESTafarian, like my buddy Darrel Miller (@darrel_miller) (not that is what Darrel does ;-). Really the only thing I get passionate about is making sure we are reusing the web, and I am pretty much be a sellout on almost everything else. I am just looking to understand how folks are exposing interfaces for their digital resources using the web, making them available for use in other applications...

Getting Beyond OpenAPI Being About API Documentation

21 September 2017
Darrel Miller has a thought provoking post on OpenAPI not being what he thought, shining a light on a very important dimension of what OpenAPI does, and doesn’t do in the API space. In my experience, OpenAPI is rarely what people think, and I want to revisit once slice of Darrel’s story, in regards to folks generally thinking OpenAPI (Swagger) as being all about API documentation. In 2017, the majority of folks I talk to think OpenAPI is about documenting your APIs–something that always makes me sad, but I get it, and is something I regularly work to combat this notion. First, and foremost, OpenAPI is a bridge to understanding and being able to communicate around using HTTP as a transport, and our greatest hope for helping developers learn their HTTPs and 123s...

Using Jekyll As A Hypermedia Client

20 September 2017
I am picking up some of my past work, so that I can move forward in a new way. A while ago, I began working on my subway map API to help me articulate aspects of the API lifecycle, and provide a “vehicle” for helping folks explore some often complex API concepts, in a way that would incrementally introduce them to new ideas. I used the subway map as an analogy because it has been historically used to help folks understand complex systems, and help them navigate it, even if they don’t fully understand everything about it. I gave a talk at @APIStrat in Austin, TX on this subject, but something I haven’t moved forward in over a year. My new approach to using the subway map model is still using hypermedia (Siren), but I’m not wanting a single API to control the data for every client...

Looking To 2024, What Do APIs Look Like?

20 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. I’m not a big fan of predictions. It is a game that analysts and investors play to try and shape the world they want to see. I’m usually focused on shaping the world I want to see by understanding where we are, how we got here, and making incremental shifts in our behavior today. I tend to think that technology futurists are more about ignoring the past, and being in denial about today, than they are ever about what is happening in the future...

What Are The Unsolved Problems In The API Space?

20 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. There are always endless numbers of fabricated unsolved problems in the API space. These are unsolved problems that are usually unsolved because they were just made up to get someone to buy a new service or product. They aren’t real problems. Technology is good at being applied to make believe problems, vendor fabricated problems, and solving real problems created by the last couple of waves of technology...

What Were The Main API Developments In 2017

20 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. The main API development in 2017 has been the continued shift towards mainstream API adoption. The concept has been moving outside of the tech sector for a couple years now, but in 2017 it is very clear that it’s not just something startups are doing. This is having a profound shift in how we talk about APIs, and how we approach the API lifecycle...

What APIs Excite Me And Fuels My Research And Writing

19 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. The number API that gets me out of bed each day, with an opportunity to apply what I’ve learned in the API sector is with the Human Services Data API (HSDA). Which is an open API standard I am the technical lead for which helps municipalities, and human service organizations better share information that helps people find services in their communities...

Who Are The Most Influential People And Companies To Keep An Eye On In API

19 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. When it comes to the most influential people and companies in the API space that I am keeping an eye on, it always starts with the API pioneers. This begins with SalesForce, eBay, and Amazon. Then it moves into the social realm with Twitter and Facebook. All of these providers are still moving and shaking the space when it comes to APIs, and operating viable API platforms that dominate in their sector...

What Has Been The Biggest Change In The Industry Since I Started API

19 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. The biggest change in the industry since I started doing API Evangelist in 2010 is who is doing APIs. In 2010 it was 95% startups doing APIs, with a handful of enterprise, and small businesses doing them. I’d say over the last couple years the biggest change is that this had spread beyond the startup community and is something we see across companies, organizations, institutions, and government agencies of all shapes and sizes...

What Is The Biggest Challenge For Big Companies Doing APIs?

19 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. The biggest challenge for big companies doing APIs is always about people and culture. Change is hard. Decoupling things at large companies is difficult. While APIs can operate at scale, they excel when they do one thing well, and aren’t burdened with the scope, and complexity of much of the software systems we see already operating within large companies...

What Is The Role Of An Influencer In The API Industry?

18 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. The idea of an influencer in the API space will mean many things to many different people. I have pretty strong opinions about what an influencer should do, and it is always something that should be as free of product pitches as it possibly can. Influencing someone in the API space should mean that you are not just influencing their decision to buy your product or service...

Why Did We Need The API Evangelist?

18 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. You needed the API Evangelist because there was nobody paying attention to the big picture of the API space. Sure, there are many vendors who pay attention to the big picture, and there are analysts who are paid to pay attention to the bigger picture to help validate the vendors, but there is nobody independent...

Why Was My Week of API Rants So Well Received?

18 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. A couple weeks back I spent the entire week ranting on API Evangelist, instead of my usual lineup of API stories. Normally these types of stories end up on KinLane.com, or my rants edition, and usually don’t get tweeted out. I’m just venting. However on this particular week, I had enough people “piss in my cheerios”, that I felt the space needed to hear my rants, instead of the usual “nice guy” tone I tend to take on here...

What It Was About Web APIs That First Captured My Attention?

18 September 2017
I am spending two days this week with the Capital One DevExchange team outside of Washington DC, and they’ve provided me with a list of questions for one of our sessions, which they will be recording for internal use. To prepare, I wanted to work through my thoughts, and make sure each of these answers were on the tip of my tongue–here is one of those questions, along with my thoughts. In the spring of 2010 I was ready for a career shift. I was running North American event for SAP, and had also taken up running events for Google, which included Google I/O and Developer Days. I was the VP of Technology, and made all the decisions around usage of tech, from email blasts, to registration, session scanning, and follow-up reporting...

Regulations Creeping In On AI, ML, Cognitive, And Other Fronts

15 September 2017
I wrote an piece earlier today about not fearing AI, but possessing a significant amount of concern when it comes to the people behind. I figured I’d continue with the trend on this Friday afternoon, and talk about the coming regulations when it comes to artificial intelligence (AI), machine learning (ML), and everything cognitive, intelligent, and algorithmic. I am not fully a believer in regulations being the only solution, but I know they are the solutions that bigcos tend to pay attention to. Which is why they spend so much money to distort, and bend them to what they want to see in their industries. We are entering a phase of the Internet where there are going to an increased number of calls for regulations...

Sensibly Thinking About Where Technology Ends And The Human Part Begins With

15 September 2017
Our team at a hackathon I’m participating in this week is working on a data aggregation tool for helping merge multiple hurrican shelter data sources from Irma in Florida. While the need for the data is winding down, the use case for the tool could be something that lives on, and could help communities in the future. This projects aggregates multiple data sources for shelters from FEMA, municipal, and sources pulled together by volunteers. Our team is focused on aggregating, and doing as much heavy lifting to automatically merge and cleanse the data as they can, but then at the right moment render it for humans to step in and finish the work. I was impressed with the balance struck by the team...

I Do Not Fear AI, I Fear The People Doing AI

15 September 2017
There is a lot of FUD out there when it comes to artificial intelligence (AI) and machine learning (ML). The tech press enjoy yanking people’s chain when it comes to the dangers of artificial intelligence. AI is coming for your jobs. AI is racist, sexist, and biased. AI will be lead to World War III. AI will secure and protect us from the bad out there. AI will be the source of all of our worries, and the solution to all of our worries. I’m interested in the storytelling around all of this, and I’m fascinated by the distracting quality of technology when it comes to absolving the humans behind of doing bad things. We have the technology to make this black boxes more observability and accountable...

I Will See You At APIStrat In Portland This November

15 September 2017
We are putting the finishing touches on the schedule for APIStrat in Portland, OR, October 31st through November 2nd. We have all the workshops, sessions, and keynotes dialed in (not all keynotes announced, wink, wink), and it is all just about making sure y’all show up and participate in the conversation. This is my 2nd favorite part of the event, the build-up for the big day(s). This is the 8th APIStrat we’ve done, and it is the first one we’ve done as part of the Linux Foundation, and with the OpenAPI Initiative. I’m excited. Make sure and take a look at the session schedule. We received over 165 submissions, and had a program committee of almost 30 people vote to decide with 60 would be accepted...

Using 3rd Party APIs To Break You Out Of Your Enterprise Bubble

14 September 2017
I’m participating in a hackathon in Princeton, New Jersey as part of my work on the Human Services Data API (HSDA). We are at a large enterprise financial group’s office, as part of a three day social good hackathon / code sprint. Everybody participating is taking time off from their normal day job as back-end or front-end programmer, and business analyst, to build something for the greater good. Since it is an enterprise developer group the concept of a hackathon is somewhat new to them, and is the first time they’ve worked on external projects, instead of an internally focused hackathon event. I’m enjoying watching the two teams working on human services projects be forced out of their bubble...

Lost In API Transit

14 September 2017
I got on the New York Subway today heading for Penn Station to catch a train (New Jersey Transit) out to Princeton for a hackathon. As I was navigating my way through Metropolitan Transit Authority (MTA) and the New Jersey Transit I was thinking about my usage of API transit instead of API lifecycle. The number one response I had to this concept from readers was in regards the cognitive load experienced when you first look at a subway map that represents API infrastructure, and would anyone even know what I was talking about. It’s true, when you first look at any of the API subway maps I’ve created so far, you scratch your head to figure out what they mean. I haven’t spent a lot of time making them coherent, but I am also just getting going with the work...

A Sample OpenAPI 3.0 File To Get Started

13 September 2017
I am investing more time into my Schema.org work, alongside my learning about OpenAPI 3.0. I’m pretty excited about the components object, and I want to push forward some of my Schema.org dictionary ideas, to help folks get better at reusing common schema throughout their work. Schema.org is the most robust vocabulary out there, and we shouldn’t be reinventing the wheel in this area. I know the most important reason that folks aren’t using is that they either don’t know about it, or they are just lazy. I figure if I create some ready to go schema in an OpenAPI 3.0 components object, maybe people will be more inclined to put common schema to use. To share my components I need basic OpenAPI 3...

Kubernetes JSON Schema Extracted From OpenAPI

13 September 2017
I’ve been doing my regular trolling of Github lately, looking for anything interesting. I came across a repository this week that contained JSON Schema for Kubernetes. Something that is interesting by itself, but I also thought the fact that they had autogenerated the individual JSON Schema files from the Kubernetes OpenAPI was worth a story. It demonstrates for me, the growing importance of schema in all of this, and shows that having them readily available on Github is becoming more important for API providers and consumers. Creating schema is an important aspect of crafting an OpenAPI, but I find that many API providers, or the consumers who are creating OpenAPIs and publishing them to Github are not always investing the time into making sure the definitions, or schema portion of them are complete...

VersionEye SDK Security Notifications

13 September 2017
I’ve written about VersionEye a couple of times. They help you monitor the 3rd party code you use, keeping an eye on dependencies, license violations, and security issues. I’ve written about the license portion of this equation, but they came up again while doing my API security research, and I wanted to make sure I revisited what they were up to in this aspect of the API lifecycle, floating them up on my radar. VersionEye is keeping an eye on multiple security databases and helps you monitor the SDKs you are using in your application. Inversely, if you are an API provider generating SDKs for your API consumers to put to use, it seems like you should be proactively leverage VersionEye to help you be the eye on the security aspects of your SDK management...

Webhook Delivery Headers From Github API

13 September 2017
I am continuing my learning about Webhooks, and Github keeps my notebook full with interesting building blocks we can use when crafting our own webhook strategies. I’m not using everything I’m learning from Github in my current strategy, but I like adding each of these building blocks to my webhook research, so that I can use in future guides that I publish. Today’s post overlaps two areas of my research into webhooks, and how headers are being used by a variety of API providers. Github is using HTTP headers as part of the webhook response, providing the recipients of webhooks with more information about what is happening with each outgoing request. They are providing three custom headers along with each payload: X-GitHub-Event - Name of the event that triggered this delivery...

Machine Readable Definitions For All Things API, Including Your Bots

12 September 2017
Every aspect of my business runs as either YAML or JSON. This blog post is YAML stored on Github, viewed as HTML using Jekyll. All the companies, services, tooling, building blocks, patents, and other components of my research all live as YAML on Github. Any API I design is born, and lives as an OpenAPI YAML document on Github. Sure, much of this will be imported, exported, and exported with a variety of other tools, but the YAML and JSON definition is key to every stop along the life cycle of my business, and the work that I do. It isn’t just me. I’m seeing a big shift in how many platforms, services, and tooling operate, with often times YAML, and still in many situations it has JSON, XML, and CSV at its core...

OpenAPI 3.0 Tooling Discovery On Github And Social Media

12 September 2017
I’ve been setting aside time to browse through and explore tagged projects on Github each week, learning about what is new and trending out there on the Githubz. It is a great way to explore what is being built, and what is getting traction with users. You have to wade through a lot of useless stuff, but when I come across the gems it is always worth it. I’ve been providing guidance to all my customers that they should be publishing their projects to Github, as well as tagging them coherently, so that they come up as part of tagged searches via the Github website, and the API (I do a lot of discovery via the API). When I am browsing API projects on Github I usually have a couple of orgs and users I tend to peek in on, and my friend Mike Ralphson (@PermittedSoc) is always one...

My Favorite Part Of OpenAPI 3.0 Is The Components Object

12 September 2017
There were a number of changes made to the structure of Open API in the move to version 3.0 that I am a fan of, but if I had to point at a single seismic shift that I think will move the conversation forward it is the components object. According to the specification the components object, “holds a set of reusable objects for different aspects of the OAS. All objects defined within the components object will have no effect on the API unless they are explicitly referenced from properties outside the components object.” It is the store for for all the common and reusable aspects of defining, and designing your APIs–which will have huge benefits on how we are doing all of this. Here is the laundry list of what you can put into your OpenAPI 3...

The US Postal Service Wakes Up To The API Management Opportunity In New Audit

12 September 2017
The Office Of Inspector General for US Postal Service published an audit report on the federal agencies API strategy, which has opened their eyes to the potential of API management, and the direct value it can bring to their customers, and their business. The USPS has some extremely high value APIs that are baked into ecommerce solutions around the country, and have even launched an API management solution recently, but until now have not been actively analyzing and using API usage to guide them in any of their business planning decisions. According to the report, “The Postal Service captures customer API usage data and distributes it to stakeholders outside of the Web Tools team via spreadsheets every month...

Always Being Prepared For An API Future That May Not Come

11 September 2017

API Education Is Needed But Rarely Prioritized In The Current Environment

11 September 2017
I wrote about this in a mean way during my rant week, but I wanted to bring up the topic of education and training when it comes to APIs in a more constructive way this week. Amidst the regular requests I get for API architects, developers, product managers, and evangelists I am reminding many companies that they will often need to hire for these roles internally, training and grooming existing employees, as finding seasoned veterans in any of these areas will prove to be difficult. I wish I had my own API school, where I was helping train waves of qualified employees, but sadly most of the folks with existing skills are employed. The challenge of investing in API training and education doesn’t stop with your immediate team, this is something that needs to occur in most cases company-wide...

Making Sure Definitions In OpenAPI Are Robust For Use In Schema Validation

11 September 2017
I’m working on v1.2 of my Human Sevices Data API (HSDA), and with this wave of work I’m making sue there is a functional API for validating all JSON that gets posted as the body in requests, as well as when it gets returned as part of API responses. To drive my validator I’m using JSON schema, which I already have defined as part of the OpenAPI definition for the project. I want to reuse, and build on top of this work, but I found the definitions for my OpenAPI to be pretty deficient in much of the details I am needing to validate the request and response bodies of my HSDA APIs. The process has showed me the importance of making sure the definitions portion of my OpenAPIs are as robust as I can...

Version 1.2 Draft Of The Human Services Data API

11 September 2017
I have been working on the next version of the Human Services Data API (HSDA) OpenAPI lately, taking all the comments from the Github repository, and pushing forward the specification as far as I can with the minor v1.2 release. I have the Github issues organized by v1.2, and have invested time moving forward the OpenAPI for the project, as well as my demo site for the effort. With this release I am focusing on six main areas, based upon feedback from the group, and what makes sense to move forward without any non-breaking changes: /complete - add an /everything to each core resource, allowing access to all sub resouces. query - Shifting query parameter to be array, allowing for multiple fields to be queried...

When I Look At The Landscape Of API Services & Tooling I See The Future Of

08 September 2017
There are a number of API service and tooling providers that I still get excited about in the space. 3Scale, Restlet, Runscope, and Tyk - to begin with my sponsors! ;-) ;-) ;-) However, there are others like Postman, APIMATIC, Materia, OAuth.io, Stoplight, Apicurio, API Platform, API Umbrella, Github, API Science, and others that keep me thinking good thoughts about the things that API service providers are doing. However, I also see a lot of services and tooling that are simply playing the startup game, and have more to do with investment, then they do about APIs. It is these services and tools I see as the next generation of technical debt. When you bundle the vendors who are usually chasing trends as part of their investment and exit strategy, and really don’t care about truly helping you solve your technical, and business challenges, with your existing problems, you are just multiplying your problems...

I Wish I Had Time To Tell That API Story

08 September 2017
If you have followed my work in the API space you know that I consider myself an API storyteller before I ever would an API evangelist, architect, or the other skills I bring to the table. Telling stories about what folks are up to in the space is the most important thing to me, and I feel it is the most common thing people stumble across, and end up associating with my brand. You hear me talk regularly about how important stories are, and how all of this API thing is only a thing, because of stories. Really, telling stories is the most important you should be doing if you are an API provider or API service provider, and something you need to be prioritizing. I was talking with a friend, and client the other day about their API operations, and after they told me a great story about the impact their APIs were making I said, “you should tell that story”! Which they responded, “I wish I had time to tell that story, but I don’t...

Responding To A Webhook

08 September 2017
There are many details of doing APIs you don’t think about until you either a) gain the experience from doing APIs, or b) learn from the API providers already in the space. When you are just getting going with your API efforts you pretty much have to rely on b), unless you have the resources to hire a team with existing API experience. Which many of my readers will not have the luxury to do, so they need as much helping learning from the pioneers who came first, wherever they can. One of the API pioneers you should be learning from is the payment API provider Stripe. I’ve been studying their approach to webhooks lately, and I’ve managed to extract a number of interesting nuggets I will be sharing in separate blog posts...

Cloud Marketplace Becoming The New Wholesale API Discovery Platform

08 September 2017
I’m keeping an eye on the AWS Marketplace, as well as what Azure and Google are up to, looking for growing signs of anything API. I’d have to say that, while Azure is in close second, that AWS is growing faster when it comes to the availability of APIs in their marketplace. What I find interesting about this growth is it isn’t just about the cloud, it is about wholesale APIs, and as it grows it quickly becomes about API discovery as well. The API conversation on AWS Marketplace has for a while been dominated by API service providers, and specifically the API management providers who have pioneered the space: 3Scale CA WSO2 Akana Strong Loop After management, we see some of the familiar faces from the API space doing API aggregation, database to API deployment, security, integration platform as a service (iPaaS), real time, logging, authentication, and monitoring with Runscope...

Automatically Generating OpenAPI From A YAML Dataset Using Jekyll

07 September 2017
I was brainstorming with Shelby Switzer (@switzerly) yesterday around potential projects for upcoming events we are attending, looking for interesting ideas we can push forward, and one of the ideas we settled in on, was automatically generating OpenAPIs from any open data set. We aren’t just looking for some code to do this, we are looking for a forkable, reusable way of doing this that anyone could potentially put to work making open data more accessible. It’s an interesting idea that I think could have legs, and compliment some of the existing projects I’m tackling, and would help folks make their open data more usable. To develop a proof of concept I took one of my existing projects for publishing an API integration page within the developer portal of API providers, and replaced the hand crafted OpenAPI with a dynamic one...

Why I Like A Service Mindset Over A Resource Focus When It Comes To APIs

07 September 2017
I am currently crafting a set of services as part of my Human Sevices Data API (API) work. The core set of services for organizations, locations, and services are grouped together as a single service, as this is what I was handed, but all the additional APIs I introduce will be bundled as separate set of individual services. Over the last couple of weeks I’ve introduced seven new services, with a handful more coming in the near future. I’m enjoying this way of focusing on services, over the legacy way that is very resource focused, as I feel like it lets me step back and look at the big picture. When I was defining the core API for this work I was very centered on the resources I was making available (organization, locations, and services), but once I took on a service mindset I began to see a number of things I was missing...

All Federal Government Public API Projects Should Begin With A Github Repo

07 September 2017
I’m gearing up for a conversation about the next edition of the FOIA API, and in preparation I’ve created an OpenAPI definition to help guide the conversation, which I drafted based upon the specifications published to Github by the FOIA API team at 18F. This was after spending some time reading through the FOIA recommendations for the project, which is also published to Github. Having the project information available on Github, makes it easy for analysts like me to quickly get up to speed on what is going on, and provide valuable feedback to the team. In my opinion, EVERY government API should start with a Github repo flushing out the needs and requirements for the project, exactly like 18F is doing as part of their FOIA work...

An OpenAPI Contract For The Freedom Of Information

07 September 2017
Today’s stories are all based around my preparation for providing some feedback on the next edition of the FOIA.gov API. I have a call with the project team, and want to provide ongoing feedback, so I am loading the project up in my brain, and doing some writing on the topic. The first thing that I do when getting to know any API project, now matter where it is at in it’s lifecycle, is craft an OpenAPI, which will act as a central contract for discussions. Plus, there is no better way, short of integration, to get to know an API than crafting a complete (enough) OpenAPI definition. After looking through the FOIA recommendations for the project, I took the draft FOIA API specification and crafted this OpenAPI definition: The specification is just for a single path, that allows you to POST a FOIA request...

When To Build Or Depend On An API Service Provider

06 September 2017
I am at that all too familiar place with a project where I am having to decide whether I want to build what I need, or depend on an API service provider. As an engineer it is always easy to think you can just build what you need, but the more experience you have, you begin to realize this isn’t always the smartest move. I’m at that point with API monitoring. I have a growing number of endpoints that I need to make sure are alive and active, but I also see an endless road map of detailed requests when it comes to granularity of what “alive and active” actually means. At first I was just going to use my default cron job service to hit the base url and API paths defined in my OpenAPI for each project, checking for the expected HTTP status code...

Github OAuth Applications As A Blueprint

06 September 2017
I was creating a very light-weight API management solution for one of my projects the other day, and I wanted to give my API consumers a quick and dirty way to begin making calls against the API. Most of the API paths are publicly available, but there were a handful of POST, PUT, and DELETE paths I didn’t want to just have open to the public. I didn’t feel like this situation warranted a full blown API management solution like Tyk or 3Scale, but if I could just let people authenticate with their existing Github account, it would suffice. This project has it’s own Github organization, with each of the APIs living as open source API repositories, so I just leveraged Github, and the ability to create Github OAuth applications to do what I needed...

Azure Matching AWS When It Comes To Serverless Storytelling

06 September 2017
I consume a huge amount of blog and Twitter feeds each week. I evaluate the stories published by major tech blogs, cloud providers, and individual API providers. In my work there is a significant amount of duplicity in stories, mostly because of press release regurgitation, but one area I watch closely is the volume of stories coming out of major cloud computing providers around specific topics that are relevant to APIs. One of these topics I’m watching closely is the new area of serverless, and what type of stories each providers are putting out there. Amazon has long held the front runner position because AWS Lambda was the first major cloud provider to do serverless, coining the term, and dominating the conversation with their brand of API evangelism...

"Keeping Things One Dimensional To Go From API To Spreadsheet In One Step"

06 September 2017
I have been working on the next version of my human services work, which provides a way for cities to make information about organizations, locations, and services available on the web. Part of the feedback from the community around what was missing from the last version, was the number of API calls you needed to make to get a complete representation of a resource, and its sub-resources, as each API response was one dimensional. An example would be that you could get a list of locations, but to get at the list of services you had to make a separate API call. This wasn’t a lapse in API design, it was a result of the schema being born out of a CSV format, and me working to stay true to the original design, and usage of the schema...

Just Waiting The GraphQL Assault Out

05 September 2017
I was reading a story on GraphQL this weekend which I won’t be linking to or citing because that is what they want, and they do not deserve the attention, that was just (yet) another hating on REST post. As I’ve mentioned before, the GraphQL’s primary strength seems to be they have endless waves of bros who love to write blog posts hating on REST, and web APIs. This particular post shows it’s absurdity by stating that HTTP is just a bad idea, wait…uh what? Yeah, you know that thing we use for the entire web, apparently it’s just not a good idea when it comes to exchanging data. Ok, buddy. When it comes to GraphQL, I’m still watching, learning, and will continue evaluating it as a tool in my API toolbox, but when it comes to the argument of GraphQL vs...

A New Minimum Viable Documentation(MVD) Jekyll Template For APIs

05 September 2017
I am a big fan of Jekyll, the static content management system (CMS). All of API Evangelist runs as hundreds of little Jekyll driven Github repositories, in a sort of microservices concert, allowing me to orchestrate my research, data, and the stories I tell across all of my projects. I recommend that API providers launch their API portals using Jekyll, whether you choose to run on Github, or anywhere else using the light-weight portable solution. I have several Jekyll templates I use to to fork and turn into new API portals, providing me with a robust toolbox for making APIs more usable. My friend and collaborator James Higginbotham(@launchany) has launched a new minimum viable documentation (MVD) template for APIs, providing API provides with everything they need out of the gate when it comes to a presence for their API...

API Evangelist Is A Performance

05 September 2017
I think I freaked a couple of folks out last week, so I wanted to take a moment and remind folks that API Evangelist is a performance. Sure, it is rooted in my personality, and I keep it as true to my view of the world of APIs as I can, but it is just a performance I do daily. When I sit down at the keyboard and research the world of APIs I am truly (mostly) interested in the technology, but when I craft the words you read here on the blog I am performing a dance that is meant to be interesting to the technology community in a way that draws them in, but then also gives them a swift kick in the pants when it comes to ethics of the technology, business, and politics of doing all of this. Sure, my personality shines through all of this, and I’m being genuine when I talk about my own battles with mental illness, and other things, but please remember API Evangelist is a performance...

Acknowledging The Good In The API Space

05 September 2017
With such a dark week of blog posts last week I wanted to make sure and start this week off with a brighter post, talking about the good I see in the API space. It can be easy to find than some of the darker things I talked about, but after seven years doing this I see enough good things going on in the API community, that I keep doing this performance I call API Evangelist. It can be easy to rant and rave about the bad, but I find it takes a lot of work to identify the good things going on in the cracks, as they rarely get the attention of the mainstream tech community propaganda engine. First, there are some really smart folks who truly care about human beings and are dedicated to the world of APIs...

The Why (And End) Of The Unhinged (Decoupled) API Evangelist Rant Week

01 September 2017
I know many of you are thinking Kin Lane has lost his marbles (again). In reality, I lost them last week for a couple days because someone really pissed me off, then after a couple more folks pissing in my Cheerios, I checked out last week (this happens from time to time). This week I am actually feeling quite fine after moving to NYC from LA, but the posts for the last couple of days are from my notebook entries made while in a dark place last week. Normally, these posts would never see the light of day, but I’m feeling like they probably should this week. Its no secret, I’m fairly sure I’d be classified in the bi-polar realm (never been diagnosed), something I’ve thoroughly enjoyed since I was a teen, but for the last 20 years is something I’ve had 96% control of...

The Fact That You Do Not Know Who I Am Shows You Live In A Silo

01 September 2017
Don’t who know who I am? I am the API Evangelist. Ok, I know this post is dripping with ego. However, it is the last post in my week of API rants, and I’m just pumped from writing all of these. These types of posts are so easy to write because I don’t have to do any research, and real work, I just write, putting my mad skills at whitesplaining and mansplaining to work–tapping into my privilege. So I’m going to end the week with a bang, and fully channel the ego that has developed along with the persona that is API Evangelist. However, there is a touch of truth to this. If you are operating an API today, and you do not know who I am, I’m just going to put it out there–you live in a silo...

You Think You Are So Smart You Did Not Conduct Any Due Diligence Before Launching

01 September 2017
You know your API stuff. You know it so well, you don’t even need to look at other APIs. There is no reason to Google and look for other APIs because your stuff is that good. Your idea came to you in a flash, and you worked for an entire weekend to bring to life. Your a genius. Everyone has told you so. This stuff just comes to you, and as long as you are left alone, the magic just happens. If people just stay out of your way, do not burden you with outside influences, and unnecessary concerns, you will keep rolling out amazing APIs that everyone will love and need. You consume books, and digest endless blog posts and white papers recommended by your trusted network of friends. You don’t ever notice authorship...

You Have No API Imagination, Creativity, Or Sensibility

01 September 2017
I know you are used to people telling you that you are creative, and your ideas are great, but I’m here to tell you they aren’t. You lack any imagination, creativity, or sensibility when it comes to your APIs. Some of it is because you are personally lacking in these areas, part of it is because you have no diversity on your team, but it is mostly because you all are just doing this to make money. As creative as you think doing a startups is, they are really just about making money for your bosses, and investors–not a lot of imagination, creativity, or sensibility is required. You could invest the time to come up with good ideas for applications and stories on your blog, but you really don’t want to do the work, or even stand out in the group...

Your Lack Of Investment In API Education Will Be The End Of Your API Service

31 August 2017
Your API service is the next big thing. It is something that every API provider will be needing, and you are confident it will be something that makes the API management space look like a momentary trend. You have a SaaS, as well as an open source edition, and have invested thousands of hours into your website, documentation, and you even have an API. Everything is CI/CD ready, and you speak fluent OpenAPI. You have all the bases covered, and adoption with the first wave of users has been great, and the sales numbers are meeting all the project. There is just one thing, you haven’t invested anything into the educational resources for your customers, and the companies they work for. After a year of operation you are so confident in your team, and the services and tools you have, you feel like this is a sure thing...

Admit It You Do Not Respect Your API Consumers And End Users

31 August 2017
Just admit it, you could care less about your API consumers. You are just playing this whole API game because you read somewhere that this is what everyone should be doing now. You figured you can get some good press out of doing an API, get some free work from developers, and look like you are one of the cool kids for a while. You do the song and dance well, you have developed and deployed an API. It will look like the other APIs out there, but when it comes to supporting developers, or actually investing in the community, you really aren’t that interested in rolling up your sleeves and making a difference. You just don’t really care that much, as long as it looks like you are playing the API game...

The API Space Is In The Tractor Beam Of The Cloud Giants Now

31 August 2017
A growing number of SMBs, SMEs, and other institutions, organizations, and government agencies are launching APIs, but the age APIs as the core product will thin, and those that do emerge and operate independently will be increasingly absorbed into the cloud platforms they operate on. The tractor beam of AWS, Google, and Azure are becoming to strong for us API providers to resit. We use their platforms to deploy and manage our APIs, we’ve ceded control over our operations to their clouds, it is just a matter of time before each of the APIs we depend on are assimilated into the cloud machine. Sure, we’ll still get access to valuable resources that we couldn’t launch ourselves, things like Google Maps, and resources at scale like Amazon EC2...

APIs Will Just Get More Unreliable As Funding Becomes More Volatile

31 August 2017
People love to point out that APIs are unreliable. You can’t depend on them. They go away at any point, and they just aren’t something you want to be building your business on top of. When in reality APIs aren’t reliable it is the business, people, and investment behind them. The reality of the startup game is that us API consumers aren’t actually the customer, we are just numbers in a larger game where startup founders and their investors are looking for enterprise customers to purchase their startup getting the desired exit. The API is just about attracting consumers, who will do the legwork to bring in users, adding to the value of a company. As the startup funding landscape continues to dry up, shift, and evolve towards more riskier and volatile versions of investment like ICOs, things are only going to get worse...

Your APIs Are An Invasive Species

30 August 2017
We tend to look at APIs as something we opt into. As an API consumer we choose to integrate with these external APIs. We made a conscious decision to put an API to work. We navigate our way to their API portals, learn about an API from its documentation, and take back what we know along with a handful of URIs, and bake the APIs into our internal systems and applications. When in reality we are just worker bees sent to find pollen, and bring the pollen back to the hive, unaware that the pollen contains an invasive species, and rarely do we ever think too deeply about why we are doing all of this–just following orders. We are told by our coworkers, the tech blogosphere, and by API providers that we need these things...

You Like What I Do As The API Evangelist? Sure, I Will Do More Work For Free!

30 August 2017
I get regular emails from folks telling me how much they love what I do, then asking me to work for free. I’m totally happy for folks to inform me about their company, products, case studies, and other API goings on with their company. This is the bread and butter for my storytelling on API Evangelist–please keep it coming. However, the folks who ask me to work for free, what are you thinking? Where does this ethic come from in the tech sector, where folks expect you to work for their startup for free? It is something that has really gotten to ridiculous levels. Join our webinar. Write a story for our blog. Contribute to a white paper. Join our podcast. Speak at our event. Teach a workshop...

Sorry The Stock Options For Your API Startup Do Me More Harm Than Good

30 August 2017
I’m really honored that some of my partners are kind enough to offer me a piece of the action in their companies, in exchange for what I do. I really am. However, going forward I’m going to have to decline any stock options in exchange for work, or advising, because it really doesn’t pencil out for me. I know it is the currency you are working with, getting investment in exchange for options, and trying to get knowledge, talent, and other forms of investment in exchange as well. I trust it will work out in your favor, but from my vantage point, there really is no upside in the game. I regularly receive accusations of having and agenda because of real or perceived interest in companies, so with this hit on my brand, and the lack of return from the historic stock options I’ve had historically, it just doesn’t work out...

I Realize That This Is A Hit On Your API Budget, But It Is My Rent For This

30 August 2017
I am the first to admit that I suck at the money game. I just don’t care. Don’t get me wrong, I’ve made a significant amount of money in my career, and command a phat six figure salary when I’ve done the job thingy, and I don’t have a problem asking for a decent rate when I’m consulting. It is just that I don’t care about climbing the money ladder, because I realized in my early 20s that it was never enough. I’ve had business partners run off with hundreds of thousands of dollars in cash, screw me out of the equity in multiple companies, and I’ve experienced what people will do to get at that next rung of the ladder. I quickly saw that you are never happier with each rung you climb, and often times you end up much unhappier the higher up you go–which is why I stay where I am at...

Holding Little Guys More Accountable Than We Do VCs And Bigcos

30 August 2017
I spend a lot of time defending my space as the API Evangelist. I’ve had lengthy battles with folks in the comments of my blog for defending women, charging for my services, being pay for play, having secret agendas, and much more. I’ve had my site taken down a handful of times (before I made static on Github Pages), because I stood up for my girlfriend, or just joined in on the wrong (right) cause. When you have been doing this as long as you have, you see the size of the armies of tech bros that are out there, waiting to pounce. It is why I don’t share links to Reddit or Hacker News anymore. I stopped sharing to DZone for same reason, but they’ve since cleaned up their community, brought in some great talent (including women), and I’ve started syndicating there again...

Your Microservices Effort Will Fail Just Like Your API And SOA Initiatives

29 August 2017
You are full steam ahead with your microservices campaign. You’ve read Martin Fowlers blog post, and talked about the topic with your team for the last six months. After a couple pilot projects, you are diving in, and have started decoupling the monolith of systems that you depend on to operate your business each day. You have mapped out all the technical details of all code, and backend systems in play, and have targeted about 30% of existing systems for reworking using a microservices strategy. Yet, despite all your planning, your microservices effort will still fail just like your API efforts, and its predecessor the SOA initiative did. Despite all your research, planning, and eye for the technical detail in about 7 months everything will begin to slow, and by month 10 you will begin to get very, very frustrated...

The Reason For Your API Security Breach: You Did Nothing

29 August 2017
You just got three separate calls, and countless emails alerting to the fact that you just had a major security breach. You don’t know the extent of the damage yet, but it looks like they got into your primary customer database via the APIs you depend on for all your mobile applications. You are sitting in your office chair, sweating, and trying to figure out how this happened. I will tell you, it is because you have done nothing. You have de-prioritized security at every turn, resulting in an open door for any hacker to walk through. Not only have you done nothing, you actually worked against anyone who brought up the topic of API security. You would respond: We don’t have the time. We don’t have the budget...

Extract As Much Value As You Can From Your API Community And Give Nothing Back

29 August 2017
You are in a sweet spot. You got a fat six figure job in the coolest department of your company, building out your API platform. You have a decent budget (never as much as you want) to throw hackathons, run Google and Twitter ads, and you can buy schwag to give away at your events. Sure there is a lot of pressure to deliver, but you are doing pretty well. All you gotta do is convince 3rd party developers to do thing with your companies APIs, develop web, mobile, voice, and other applications that generate buzz and deliver the return on investment your bosses are looking for. It is all about you and your team. Let’s get to work growth hacking! Attract as may new users as we can, and convince them to build as much as we possibly can...

The Reason Your API Sucks Is There Are No Women And People Of Color On Your

29 August 2017
I know that many of you are insecure about your APIs. You aren’t transparent with your numbers, and many aspects of your API operations. You are stressed out because you built it, and nobody came. You were able to artificially inflate your new user numbers, and API calls through paid campaigns, and bot activity, but nobody is using it, and you just can’t figure out why. You are asking yourself why don’t anyone see the value your API brings to the table? Why aren’t you getting the traction you thought you would get when you first came up with the idea? You aren’t getting any traction with your API because it sucks. It was a bad idea. Nobody wants it. It sucks because it doesn’t provide any value in a highly competitive space, and you naively thought that if you built it everyone would come...

Your Internal Dysfunction Is Not My API Problem

28 August 2017
You hear a lot of discussion regarding public API vs private API. From my vantage point there is only web APIs that use public DNS, but I find that folks hung up on the separation usually have many other hangups about things they like to keep behind the firewall, and under the umbrella of private. These are usually the same folks who like to tell me that my public API stories don’t apply to them, and when you engage these folks in any ongoing fashion you tend to find that they are looking to keep a whole lot of dysfunction out of view from the public, and all the talk really has very little to do with APIs. I spend my days studying the best practices across the leading API providers, and understanding what is working and what is not working when it comes to operating APIs...

API Rants vs. API Research

28 August 2017
I know many of you read my blog for the valuable nuggets of information extracted from my regular research into the world of APIs. I spend a great deal of time sifting through very boring, mundane, and sometimes valuable API related goings on. I have managed to muster the energy each week for the last seven years to sift through thousands of feeds, Tweets, and Github repositories looking for nuggets of API wisdom, best practices, and sometimes bad practices, to share here on the blog. Some weeks I find this an easy task, something I really enjoy the process, but most weeks it is a chore–some weeks I don’t give a shit at all. This is one of those weeks. Well, last week was too, but instead of NO blog posts, this week I’m going to shift things up so that I can get on track...

Disaster API Rate Limit Considerations

28 August 2017
This API operations consideration won’t apply to every API, but for APIs that provide essential resources in a time of need, I wanted to highlight an API rate limit cry for help that came across my desk this weekend. Our friend over at Pinboard alerted me to someone in Texas asking for some help in getting Google to increase the Google Maps API rate limits for an app they were depending on as Hurricane Harvey: Hey @google @googlemaps @googlemapsapi can you please remove the limit on api access for @atxfloods? This is an emergency and we rely on it.— Jen Savage (@savagejen) August 27, 2017 The app they depended on had ceased working and was showing a Google Maps API rate limit error, and they were trying to get the attention of Google to help increase usage limits...

This Weeks Troubling API Patent

28 August 2017
I found myself looped into another API patent situation. I’m going to write this up as I would any other patent story, then I will go deeper because of my deeper personal connection to this one, but I wanted to make sure I called this patent what it is, and what ALL API patents are–a bad idea. Today’s patent is for an automatch process and system for software development kit for application programming interface: Title: Automatch process and system for software development kit for application programming interface Patent# : US 20170102925 A1 Abstract: A computer system and process is provided to generate computer programming code, such as in a Software Development Kit (SDK). The SDK generated allows an application to use a given API...

County Level Marijuana Regulation In California Using APIs

22 August 2017
Counties across the State of California are scrambling to get everything in order now that marijuana is legal, and the 3rd party vendors working with the state are using an API to try and bridge the regulatory needs of each county, as they look to regulate the brand new industry. It sounds like the marijuana regulatory API isn’t 100% ready for prime time, but it is interesting to hear that state is looking to “mitigate the burden of counties” when it comes to production of marijuana using APIs. I have been curating news about APIs in use across the growing marijuana industry, but this is the fist story I’ve written on the subject. Now that I’m seeing APIs use as part of the regulatory engine for the industry, things are getting a little more real, and not just be about finding seeds, stores, and other industry data...

Looking At Facebook Blueprint As I Study API Training Programs

22 August 2017
I am preparing a training section of my API Evangelist research, and part of the process involves learning about what other API providers and API service providers are up to in this area. On my list to look through is Facebook Blueprint, their training area for the platform. The courses present there aren’t specifically for the Facebook API, and is targeting primarily business uses, but the approach translates to API focused training materials, and showcases what is a priority for Facebook when it comes to educating their platform consumers. As part of my API training research I want to understand the building blocks employed by Facebook so that I can apply as part of my API Evangelist training efforts, and help other API providers and service providers apply as part of their operations as well...

Considering How Machine Learning APIs Might Violate Privacy and Security

22 August 2017
I was reading about how Carbon Black, an endpoint detection and response (EDR) service, was exposing customer data via a 3r party API service they were using. The endpoint detection and response provider allows customers to optionally scan system and program files using the VirusTotal service. Carbon Black did not realize that premium subscribers of the VirusTotal service get access to the submitted files, allowing an company or government agency with premium access to VirusTotal’s application programming interface (API) can mine those files for sensitive data. It provides a pretty scary glimpse at the future of privacy and security in a world of 3rd party APIs if we don’t think deeply about the solutions we bake into our applications and services...

Thank You Tony

22 August 2017
Tony Tam, the creator of the OpenAPI specification, formerly known as Swagger, has announced he will be exiting his role at OAI and SmartBear. Tony says the specification is in good hands with Ron Ratovsky (@webron), Darrel Miller (@darrel_miller), and others in the OAI. Tony doesn’t give any hints about what he’ll be up to, but will be walking away from his baby entirely. I have given Tony a hard time during the transition from Wordnik to SmartBear, and the creation of the OpenAPI, but I am a huge fan of what he has done, and super bummed to see him go–hoping he won’t leave the API community completely. There are many building blocks that go into doing APIs and OpenAPI, or Swagger, is the most significant single building block that has emerged in the seven years I’ve been doing API Evangelist...

The First Question When Starting An API Is Always: Should We Be Doing This?

21 August 2017
I was doing some more work on my list of potential female speakers from the API space. I have some slots to fill for @APIStrat, and I saw another API event was looking for suggestions when it came to speakers. A perfect time to invest some more cycles into finding female API talent. Twitter and Github is always where I go for discovery. I picked up where I left off working on this last time, turned on my search tools that use the Twitter and Github API, and got to work enriching the algorithm that drives my API talent search. Next up on my task list was to deploy a name microservice, that would help me filter Twitter and Github users by gender. I’m interested in API folks of all type, but for this round I need to be able to weight by female...

Making Sense Of API Activity With Webhook Events

21 August 2017
I was doing some webhooks research as part of my human services work and I found myself studying the types of events used as part of webhook orchestration for Github, Box, Stripe, and Slack. Each of the event type lists for each of these platforms tell a lot about what is possible with each API, and the webhooks that get triggered as part of these events show what is important to developers who are integrating with each of these APIs. These event type lists really help make sense of the API activity for each of these APIs, providing a nice list to follow when developing your integration strategy. What I really like as I look through each of these webhook event lists is that they are usually in pretty plain language, describing events that matter, not just row updates with a timestamp...

API Foraging And Wildcraft

21 August 2017
I was in Colorado this last week at a CA internal gathering listening to my friend Erik Wilde talking about APIs. One concept he touched on was what he called API gardening, where different types of API providers approached the planting, cultivating, and maintenance of their gardens in a variety of different ways. I really like this concept, and will be working my way through the slide deck from his talk, and see what else I can learn from his work. As he was talking I was thinking about a project I had just published to Github, which leverages the Google Sheets API, and the Github API to publish data as YAML, so I could publish as a simple set of static APIs. I’d consider this approach to be more about foraging and wildcrafting, then it is about tending to my API garden...

API Deployment Comes In Many Shapes And Sizes

21 August 2017
Deploying an API is an interesting concept that I’ve noticed folks struggle with a little bit when I bring it up. My research into API deployment was born back in 2011 and 2012 when my readers would ask me which API management provider would help them deploy an API. How you actually deploy an API varies pretty widely from company to company. Some rely on gateways to deploy and API from an existing backend system. Some hand-craft their own API using open source API frameworks like Tyk and deploy alongside your existing web real estate. Others rely on software as a services solutions like Restlet and Dreamfactory to connect to a data or content source and deploy an API in the clouds. Many folks I talk with simply see this as developing their APIs...

HTTP Status Codes And The Politics Of APIs

18 August 2017
The more I learn about the world of APIs, the more I understand how technology, business, and politics are all woven together into one often immovable monolith. Many things in the world of APIs seem purely like a technical thing, but in reality they are wrapped in, and wielded intentionally and unintentionally as part of larger business, and sometimes a personal agenda. An example of this can be found with the presence, or lack of presence with HTTP status codes, which the default status is usually 200 OK, 404 not found, or 500 internal error. While these seem like very granular technical details of whether or not an HTML, XML, CSV, or JSON document is returned or not as part of a single web request, there usage often dictates what is happening behind the firewall, and often times more importantly, what is not happening...

The Patent Application Information Retrieval Bulk Data API

17 August 2017
I stumbled across the Patent Application Information Retrieval Bulk Data API from the US Patent Office the other day. It provides a much more usable approach to getting at patent information than what I am using at the moment. Right now I am downloading XML files and searching for the occurrence of a handful of keywords. If I want to make a change I have to fire up a new AWS instance, change the code, and reprocess the downloaded files. The Patent Application Information Retrieval Bulk Data API gives me a much more efficient interface to work with. The Patent Application Information Retrieval Bulk Data API contains the bibliographic, published document and patent term extension data tabs in Public PAIR from 1981 to present, with some additional data dating back to 1931...

Testing Out The Concept Of API Transit Instead Of API Lifecycle

17 August 2017

Where Are All The API Focused Agencies?

17 August 2017
Earlier this week at the CA API Academy virtual gathering I spoke at in Boulder CO, the question around why there aren’t more API focused agencies came up. We were talking about the need for consulting services around common areas of API operations like design, deployment, management, testing, as well as training around API lifecycle related topics. We are seeing some movement in the area of API focused agencies, but not enough to cover the current demand. We are seeing full service shops like APIvista, and Good API emerge. There is also movement on the agency level when it comes to integration platform as a service (iPaaS), over at Left Hook Digital, helping companies leverage Zapier, and integrate with API platforms...

The 85 Stops Along The API Lifecycle That I Track On

16 August 2017
I am preparing a talk for tomorrow, and I needed a new list of each stop along the API lifecycle, and since each of my project exist as Github repositories, and are defined as a YAML and JSON data store, I can simply define a new liquid template for generating a new HTML listing of all the stops along the API lifecycle–after generating this list I figured I’d share here as a story. Here are the 85 stops along the API lifecycle landscape from my vantage point as the API Evangelist: Definitions Design Versioning Hypermedia DNS Low Hanging Fruit Scraping Database Deployment Rogue Microservices Algorithms Search Machine Learning Proxy Virtualization Containers Management Serverless Portal Getting Started Documentation Frequently Asked Questions Support Communications Road Map Issues Change Log Monitoring Testing Performance Caching Reliability Authentication Encryption Vulnerabilities Breaches Security Terms of Service (TOS) Surveillance Privacy Cybersecurity Reclaim Transparency Observability Licensing Copyright Accessibility Branding Regulation Patents Discovery Client Command Line Interface Bots Internet of Things Industrial Network IDE SDK Plugin Browsers Embeddable Visualization Analysis Logging Aggregation iPaaS Webhooks Integrations Migration Backups Real Time Orchestration Voice Spreadsheets Investment Monetization Plans Partners Certification Acquisitions Evangelism Showcase Deprecation I’m always presenting my API lifecycle research as a listing, or in a linear fashion...

Wildcard Webhook Events

16 August 2017
I have been studying the approach of a variety of webhook implementations in preparation for an API consulting project I’m working on. Even though I’m very familiar with how webhooks works, and confident in my ability to design and develop a solution, I’m ALWAYS looking to understand what leading API providers are up to, and how I can improve my knowledge and awareness. With his round of research, Github has provided me with several webhook nuggets for my API storytelling notebook. One of their web features I though was the notion of a wildcard webhook event: Wildcard Event - We also support a wildcard (*) that will match all supported events. When you add the wildcard event, we’ll replace any existing events you have configured with the wildcard event and send you payloads for all supported events...

The Importance Of API Stories

16 August 2017
I am an API storyteller before am an API architect, designer, or evangelist. My number one job is to tell stories about the API space. I make sure there is always (almost) 3-5 stories a day published to API Evangelist about what I’m seeing as I conduct my research on the sector, and thoughts I’m having while consulting and working on API projects. I’ve been telling stories like this for seven years, which has proven to me how much stories matter in the world of technology, and the worlds that it is impacting–which is pretty much everything right now. Occasionally I get folks who like to criticize what I do, making sure I know that stories don’t matter. That nobody in the enterprise or startups care about stories...

API Kindergarten For Business And IT Leaders

16 August 2017
I’m working on a number of API courses and lessons lately. Some of these are API 101 courses, while others are more advanced courses for the seasoned API provider, and consumer. As I think about what is needed when it comes to classes and workshops across the API sector, I’m considering doing an API Kindergarten series, where business and IT leaders can learn the basics of doing business with APIs. The curriculum for the API kindergarten program include hands on lessons on how to play nicely, get along with others, the importance of sharing, and helping them learn the important soft skills like not shitting your pants. I’m always surprised at the lack of basic skills by company, organizational, institutional, and government leadership when it comes to the essentials of why APIs work, and think a little primer on things might help some realize they shouldn’t be doing APIs in the first place, or maybe prevent some major crisis down the road...

The ElasticSearch Security APIs

15 August 2017
I was looking at the set of security APIs over at Elasticsearch as I was diving into my API security research recently. I thought the areas they provide security APIs for the search platform was worth noting and including in not just my API security research, but also search, deployment, and probably overlap with my authentication research. Authenticate API - The Authenticate API enables you to submit a request with a basic auth header to authenticate a user and retrieve information about the authenticated user. Clear Cache API - The Clear Cache API evicts users from the user cache. You can completely clear the cache or evict specific users. User Management APIs - The user API enables you to create, read, update, and delete users from the native realm...

Which Platforms Have Control Over The Conversation Around Their Bots

15 August 2017
I spend a lot of time monitoring API platforms, thinking about different ways of identifying which ones are taking control of the conversation around how their platforms operate. One example of this out in the wild can be found when it comes to bots, by doing a quick look at which of the major bot platforms own the conversation around this automation going on via their platforms. First you take a look at Twitter, by doing a quick Google search for Twitter Bots: Then you take a look at Facebook, by doing a quick Google search for Facebook Bots: Finally take a look at Slack, by doing a quick Google search for Slack Bots: It is pretty clear who owns the conversation when it comes to bots on their platform...

Where To Begin With Webhooks For The Human Services Data API

15 August 2017
I am getting to work on a base set of webhook specification for my human services data API work, and I wanted to take a fresh drive through a handful of the leading APIs I’m tracking on. I’m needing to make some recommendations regarding how human services data APIs should be pushing information via APIs, as we as providing APIs. Webhooks are fascinating to me because they really are just APIs in reverse. Webhooks are just an API request, where the target URL is a variable, allowing an API call to be made from a platform, to any target URL, on an triggering events, or on a schedule as a job. Here are six of the API providers I took a look at while doing this webhook research: Box Gumroad Venmo Github Stripe Slack All of these API providers offer webhooks, allowing developers to create an API call that will be fired off when a specific event occurs...

Addressing Bulk API Operations As Separate Set Of Services

15 August 2017
Part of the feedback I’ve received from the Human Services Data API (HSDA) evolution from v1.0 to v1.1 was that the API didn’t allow for volume or bulk GET, POST, PUT, or DELETE. This was intentionally in the incremental release which focused on just making sure the API reflected 100% of the surface are for the Human Services Data Specification (HSDS). I wanted to separate out the needs of bulk API consumers, so that I could think about it separately from the more simple, micro-use integrations the default Human Services Data API would accommodate. I don’t want the industrial grade needs of database and system administrators overriding the simple access needs of other individual API consumers...

Decoupling The Business Of My Human Services Microservice

14 August 2017
I’ve been looking at my human services API work through a microservices lens, triggered by the deployment of a reduced functionality version of the human services implementation I was working on this week. I’m thinking a lot about the technical side of decoupling services using APIs, but I want to also take a moment and think about the business side of decomposing services, while also making sure they are deployed in a way that meets both the provider and consumer side of the business equation. My human services microservice implementation is in the public service, which is a space where the business conversation often seems to disappear behind closed doors, but in reality needs to be front and center with each investment (commit) made into any service...

Some Microservice Thoughts Around My Human Services API Work

14 August 2017
The Human Services Data API I have been working on is about defining a set of API paths for working with organizations, locations, and services that are delivering human services in cities around the world. As I’m working to evolve the OpenAPI for the Human Services Data API (HSDA), I’m constantly mindful of bloat, unnecessary expansion of features, and always working to separate things by concern. My thoughts have evolved this due to a hackathon I attended this week in San Francisco where a team at Optmizely worked to decouple an existing human services application from its backend and help teach it to speak Human Services Data Specification (HSDS)–allowing it to speak a common language around the services that us humans depend on daily...

Investing The Time To Learn API Best Practices So You Do Not Reinvent The

14 August 2017
I was on a call the other day with a group of people who are in the trenches of organizations and companies working hard to deliver human services in cities around the country. We were meeting to kick of the design phase of a new type of API, and after they shared all their thoughts via project documentation, they were asking me to help identify examples of best practices from the space. The group felt they didn’t have the time, or the awareness of what is going on to be able to identify the best practices that already exist across the space. This is one of the reasons I stay out of the weeds of individual projects. I may help define, design, and even shadow the deployment and management, but I work hard to avoid the tractor beam of ongoing projects so that I can pay attention to the bigger picture and help share stories about what I’m seeing...

API Platform FAQ And QA Responsibility

14 August 2017
The discussion around whether or not you should be hosting your own questions and answers (QA) and frequently asked questions (FAQ) for your API has continued, with many of the leading API pioneers asserting responsibility over the operations of these important API resources. Amazon noticed that answers about their platform on Quora and Stack Exchange were usually out of date and often just plain wrong, prompting them to launch their own QA solution. I have written about using API providers using Stack Overflow for may years now. It the last few years I’ve had my readers push back on this for a variety of reasons, from the Stack Overflow community being primarily a white male bro-fest, to finding things being unreliable, out of date, and often a pretty hostile and unfriendly place for people to try and learn about APIs...

Link Relation Types for APIs

11 August 2017
I have been reading through a number of specifications lately, trying to get more up to speed on what standards are available for me to choose from when designing APIs. Next up on my list is Link Relation Types for Web Services, by Erik Wilde. I wanted to take this informational specification and repost here on my site, partially because I find it easier to read, and the process of breaking things down and publishing as a posts helps me digest the specification and absorb more of what it contains. I’m particularly interested in this one, because Erik captures what I’ve had in my head for APIs.json property types, but haven’t been able to always articulate as well as Erik does, let alone published as an official specification...

About api.data.gov

11 August 2017
I’m going to borrow, modify, and improve on the content from api.data.gov, because it is an important effort I want my readers to be aware of, because I want more of them to help apply educate other federal agencies regarding why it is a good idea to bake api.data.gov into their API operations, and help apply pressure until EVERY federal agency is up and running using a common API management layer. Ok, so what is api.data.gov? api.data.gov is a free API management service for federal agencies. Our aim is to make it easier for you to release and manage your APIs. api.data.gov acts as a layer above your existing APIs. It transparently adds extra functionality to your APIs and helps deal with some of the repetitive parts of managing APIs...

Embeddable API Tooling Discovery With JSON Home

11 August 2017
I have been studying JSON Home, trying to understand how it sizes up to APIs.json, and other formats I’m tracking on like Pivio. JSON Home has a number of interesting features, and I thought one of their examples was also interesting, and was relevant to my API embeddable research. In this example, JSON Home was describing a widget that was putting an API to use as part of its operation. Here is the snippet from the JSON Home example, providing all details of how it works: JSON Home seems very action oriented. Everything about the format leads you towards taking some sort of API driven action, something that makes a lot of sense when it comes to widgets and other embeddables. I could see JSON Home being used as some sort of definition for button or widget generation and building tooling, providing a machine readable definition for the embeddable tool, and what is possible with the API(s) behind...

A Hack Day Event To Help The Link-SF App Speak Human Services Data

11 August 2017
I went up to San Francisco on Wednesday to participate in a social good hack day at Optimizely. They held their event at their downtown offices, where 20+ employees showed up to hack on some social good projects. Open Referral and our partner Benetech had suggested Human Services Data Specification (HSDS) as a possible project, which resulted in us being one of the hack projects for the event. The Open Referral Human Services Data Specification (HSDS) team consisted of five Optimizely developers. Derek Hammond - Software Engineer Michael Fields - Software Engineer Zachary Power - Software Engineering Intern Quinton Dang - Software Engineer Asa Schachar - Engineering Manager The overall strength of the team leaned toward being front-end web and mobile developers, so we decided to “forward engineer” the Link-SF application, which provides a simple web or mobile application to help folks find a variety of human services in a handful of categories like food, housing, hygiene, medical, and technology...

Image Logging With Amazon S3 API

10 August 2017
I have been slowly evolving my network of websites in 2017, overhauling the look of them, as well as how they function. I am investing cycles into pushing as much of my infrastructure towards being as static as possible, minimizing my usage of JavaScript wherever I can. I am still using a significant amount of JavaScript libraries across my sites for a variety of use cases, but whenever I can, I am looking to kill my JavaScript or backend dependencies, and reduce the opportunity for any tracking and surveillance. While I still keep Google Analytics on my primary API Evangelist sites, as my revenue depends on it, whenever possible I keep personal projects without any JavaScript tracking mechanisms...

Patent Number 9325732: Computer Security Threat Sharing

10 August 2017
The main reason that I tend to rail against API specific patents is that much of what I see being locks up reflects the parts and pieces that are making the web work. I see things like hypermedia, and other concepts that are inherently about sharing, collaboration, and reuse–something that should never be patented. This concept applies to other patents I’m seeing, but rather than being about the web, it is about trust, and sharing of information. Things that shouldn’t be locked up, and exist within realms where the concept of patents actually hurt the web and APIs. Today’s patent is out of Amazon, who are prolific patenters of web and API concepts. This one though is about the sharing of security threat sharing...

My Focus On Public APIs Also Applies Internally

10 August 2017
A regular thing I hear from folks when we are having conversations about the API lifecycle, is that I focus on public APIs, and they are more interested in private APIs. Each time I hear this I try to take time and assess which parts of my public API research wouldn’t apply to internal APIs. You wouldn’t publish your APIs to pubic API search engines like APIs.io or ProgrammableWeb, and maybe not evangelizing your APIs at hackathons, but I’d say 90% of what I study is applicable to internal APIs, as well as publicly available APIs. With internal APIs, or private network partner APIs you still need a portal, documentation, SDKs, support mechanisms, and communication and feedback loops...

Observability In Botnet Takedown By Government On Private Infrastructure

10 August 2017
I’m looking into how to make API security more transparent and observable lately, and looking for examples of companies, institutions, organizations, politicians, and the government are calling for observability into wherever APIs are impacting our world. Today’s example comes out of POLITICO’s Morning Cybersecurity email newsletter, which has become an amazing source of daily information for me, regarding transparency around the take down of bot networks. “If private companies cooperate with government agencies - for example, in the takedown of botnets using the companies’ infrastructure - they should do so as publicly as possible, argued the Center for Democracy & Technology ...

Continuous Integration And Deployment For Government Procurement

09 August 2017
I was reading the Open by Default Portal Procurement Pilot for the Treasury Board of Canada, where section 6, Licensing states: “To support the objectives of the open government initiative, the Solution must be open source and licensed in accordance with the Massachusetts Institute of Technology License (“MIT License”). Under the resulting contract, the Contractor will be required to deposit the Solution’s source code on the GitHub platform (https://github.com) – under the MIT License.” This just seems like the way it should be for all government technology solutions. I’ve heard the naysayers in federal government say that proprietary software is the best route, but if it drives public infrastructure, in my opinion the code should be publicly available in this way...

An Open Source API Security Intelligence Gathering, Processing, And

09 August 2017
I was reading about GOSINT, the open source intelligence gathering and processing framework over at Cisco. “GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches alert data with additional confidence, context, and co-occurrence. This means that you are applying research from third parties to your event data to identify similar, or identical, indicators of malicious behavior.” The framework is written in Go, with a front-end in JavaScript frontend, and usage of APIs as threat intelligence sources. When you look at configuration section on the README for GOSINT, you’ll see information for setting up threat intelligence feeds, including Twitter API, Alien Vault the Open Threat Community API, VirusTotal API, and the Collaborative Research Into Threats (CRITS)...

Open Sourcing Your API Like VersionEye

09 August 2017
I’m always on the hunt for healthy patterns that I would like to see API providers, and API service providers consider when crafting their own strategies. It’s what I do as the API Evangelist. Find common patterns. Understand the good ones, and the bad ones. Tell stories about both, helping folks understand the possibilities, and what they should be thinking about as they plan their operations. One very useful API that notifies you about security vulnerabilities, license violations and out-dated dependencies in your Git repositories, has a nice approach to delivering their API, as well as the other components of their stack. You can either use VersionEye in the cloud, or you can deploy on-premise: versioneye-core - Models, Services & Mails for VersionEye crawl_r - VersionEye crawlers implemented in Ruby...

A Fresh Look At The Embeddable Tools Built On The Twitter API

09 August 2017
Over the years I have regularly showcased Twitter as an example API driven embeddable tools like buttons, badges, and widgets. In 2017, after spending some time in the Twitter developer portal, it is good to see Twitter still investing in their embeddable tools. The landing page for the Twitter embeddables still provides the best example out there of the value of using APIs to drive data and content across a large number of remote web sites. Twitter has distinct elements of their web embeddables: Tweet Button - That classic tweet button, allowing users to quickly Tweet from any website. Embedded Tweets - Taking any Tweet and embedding on a web page showing its full content. Embedded Timeline - Showing curated timelines on any website using a Twitter embeddable widget...

Patent #9397835, Web of trust management in a distributed system

08 August 2017
I found a couple more API patents in my notebook that I wanted to get published. I try to take time regularly to publish the strangest API related patents I can find. Today’s patent is out of Amazon, which I find to be a fascinating outlet for patent storytelling. It isn’t squarely in the realm of APIs like some of my others, but I think tells a fascinating story by itself, showing how the web and the concept of a patent are colliding. Title - Web of trust management in a distributed system Number - 9397835 Owner - Amazon Technologies, Inc. Publication Date - 2016-07-19 Application Date - 2014-05-21 Abstract - A web of trust is used to validate states of a distributed system. The distributed system operates based at least in part on a domain trust...

HTTP as a Substrate

08 August 2017
I am spending a significant amount of time reading RFCs lately. I find the documents to be very cumbersome to read, but the more you read, the more tolerant you become. When I browse through RFCs I’m always reminded of how little I actually know about the web. In an effort to push forward my education, and maybe yours along the way, I’m going to be cherry picking specific sections of the interesting RFCs I’m digesting here on the blog. Today’s RFC is 3205, filed under Best Current Practice”, and is on the use of HTTP as a Substrate. _Recently there has been widespread interest in using Hypertext Transfer Protocol (HTTP) [1] as a substrate for other applications- level protocols. Various reasons cited for this interest have included: familiarity and mindshare, compatibility with widely deployed browsers, ability to reuse existing servers and client libraries, ease of prototyping servers using CGI scripts and similar extension mechanisms, authentication and SSL or TLS, the ability of HTTP to traverse firewalls, and cases where a server often needs to support HTTP anyway...

API Message Integrity with JSON Web Token (JWT)

08 August 2017
I don’t have any production experience deploying JSON Web Tokens (JWT), but it has been something I’ve been reading up on, and staying in tune with for some time. I often reference JWT as the leading edge for API authentication, but there is one aspect of JWT I think is worth me referencing more often–message integrity. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. JWT can not only be used for authentication of both message sender/receiver, it can ensure the message integrity as well, leveraging a digital signature hash value of the message body to ensure the message integrity during transmission...

Reducing Developers To A Transaction With APIs, Microservices, Serverless,

08 August 2017
A topic that keeps coming up in discussions with my partner in crime Audrey Watters (@audreywatters) about our podcast is around the future of labor in an API world. I have not written anything about this, which means I’m still in early stages of any research into this area, but it has come up in conversation, and reflected regularly in my monitoring of the API space, I need to begin working through my ideas in this area. A process that helps me better see what is coming down the API pipes, and fill the gaps in what I do not know. Audrey has long joked about my API world using a simple phrase: “reducing everything to a transaction”. She says it mostly in jest, but other times I feel like she wields it as the Cassandra she channels...

My URL Shortener Is Just An API With Postman As My Client

08 August 2017
I have my own URL shortener for API Evangelist called apis.how. I use it to track the click through rates for some of my research projects, and partner sponsorships. I’ve had the URL shortener in operation for about two years now, and I still do not have any type of UI for it, relying 100% on Postman for adding, searching, and managing the URLs I am shortening, and tracking on. My URL shortener just hasn’t raised to a level of priority where I’ll invest any time into an administrative interface, or dashboard for my URL shortener. I used Bitly and Google for a while, but I really just needed a simple shortening with basic counts, nothing more. When I bought the domain I launched a handful of API endpoints to support, allowing me to add, update, search, and remove URLs, as well as track the click throughs, and query how many clicks a link received for each mont...

The Subtle Ways In Which Power Asserts Itself In Face Of API Engagements

07 August 2017
I’m rarely surprised by, but still often caught off guard by the subtle ways in which power asserts itself when faced with change the introduced by API projects. In my 30 years as a database professional I’ve seen numerous overt, covert, and subversive ways in which existing holders of power (data), but I often still get blindsided by the creative, and subtle ways in which folks defend what they already have, and work to keep things from changing. While doing unfunded work to define industry level API specifications, and help move forward the API conversation in multiple industries, I’ve been encountering two pockets of friction I want to understand better, so I can develop some sort of grease, that might make things smoother...

Slow Moving Ransomware As The New Business Model

07 August 2017
I was reading about the difficulties the City of New York was having when it comes to migrating off of the Palantir platform, while also reading about the latest cybersecurity drama involving ransomware. I’m spending a lot of time studying cybersecurity lately, partly because they involve APIs, but mostly because it is something that is impacting every aspect of our lives, including our democracy, education, and healthcare. One thing I notice on the cybersecurity stage, is that everything is a much more extreme, intense, representation of what is going on in the mainstream tech industry. Ransomware is software that gets installed on your desktop or servers and locks up all your data until you pay the software developer (implementor) a ransom...

API Industry Standards Negotiation By Media Type

07 August 2017
I am trying to help push forward the conversation around the API definition for the Human Services Data Specification (HSDS) in a constructive way amidst a number of competing interests. I was handed a schema for sharing data about about organizations, locations, and services in a CSV format. I took this schema and exposed it with a set of API paths, keeping the flat file structure in tact, making no assumptions around how someone would need to access the data. I simply added the ability to get HSDS over the web as JSON–I would like to extend to be HTML, CSV, JSON, and XML, reaching as wide as possible audience with the basic implementation. As we move forward discussions around HSDS and HSDA I’m looking to use media types to help separate the different types of access people are looking for using media types...

Providing Code Citations In Machine Learning APIs

07 August 2017
I was playing around with the Style Thief, an image transfer API from Algorithmia, and I noticed the citation for the algorithm behind. The API is an adaptation of Anish Athalye’s Neural Style Transfer, and I thought the algorithmic citation of where the work was derived from was an interesting thing to take note of for my machine learning API research. I noticed on Algorithmia’s page there was a Bibtex citation, which referenced the author, and project Github repository: @misc{athalye2015neuralstyle, author = {Anish Athalye}, title = {Neural Style}, year = {2015}, howpublished = {\url{https://github.com/anishathalye/neural-style}}, note = {commit xxxxxxx} } This provides an interesting way to address citation in not just machine learning, but with open source driving algorithmic APIs in general...

When You See API Rate Limiting As Security

04 August 2017
I’m neck deep into my assessment of the world of API security this week, a process which always yields plenty of random thoughts, which end up becoming stories here on the blog. One aspect of API security I keep coming across in this research is the concept of API rate limiting as being security. This is something I’ve long attributed with API management service providers making their mark on the API landscape, but as I dig deeper I think there is more to this notion of what API security is (or isn’t). I think it has more to do with API providers, than companies selling their warez to these API providers. The API management service providers have definitely set the tone for API security conversation(good), by standing up a gateway, and providing tools for limiting what access is available–I think many data, content, and algorithmic stewards are very narrowly focus on security being ONLY about limiting access to their valuable resources...

Including API Dependencies Within Your API Definition

04 August 2017
I was learning about Pivio, a discovery specification for microservices the other day, and found their focus on microservice dependency to be pretty interesting. API dependencies has been an area I have found myself increasingly thinking about, as well as tracking on in my API research. I’m pretty close to publishing a project dedicated to understanding API, and microservices dependencies, which would overlap with containers, serverless, and other aspects of the API lifecycle that are all about breaking down the monolith. Each service definition using Pivio has a depends_on object, which allows for defining both internal and external service dependencies. Here is a snippet from a sample Pivio document to help articulate this interesting feature: This is where you can start connecting the cords between all of your services, something that is applicable to any APIs, whether you’ve drank the microservices kool-aid or not...

Understanding The Words We Use To Describe Machine Learning APIs

04 August 2017
I spend a lot of time trying out new APIs, working to understand what it is they do, or do not do. I have a pretty robust way of looking at APIs, profiling the company, and the APIs they offer, but when I’m wading through the marketing content, API documentation, and other resources, I am regularly stumped by the language that is used to describe what an API does. Honestly, this problem isn’t exclusive to machine learning APIs, but with the recent explosion in artificial intelligence, machine learning, deep learning, cognitive and other types of algorithmic voodoo, the words being used seem to have gone to entirely new levels. I am interested in understanding what it is an API does. I want to go from zero to understanding in 2...

When Describing Your Machine Learning APIs Work Extra Hard To Keep Things

03 August 2017
I’m spending a significant amount of time learning about machine learning APIs lately. Some of what I’m reading is easy to follow, while most of it is not. A good deal of what I’m reading is technically complex, and more on the documentation side of the conversation. Other stuff I come across is difficult to read, not because it is technical, but because it is more algorithmic marketing magic, and doesn’t really get at what is really going on (or not) under the hood. If you are in the business of writing marketing copy, documentation, or even the API design itself, please work extra hard to keep things simple and in plain language. I read so much hype, jargon, fluff, and meaningless content about artificial intelligence and machine learning each day, I take pleasure anytime I find simple, concise, and information descriptions of what ML APIs do...

Plugin Infrastructure For Every Stop Along The API Lifecycle

03 August 2017

API Discovery Using JSON Home

03 August 2017
I’m have finally dedicated some time to learning more about Home Documents for HTTP APIs, or simply JSON Home. I see JSON Home as a nice way to bring together the technical components for an API, very similar to what I’ve been trying to accomplish with APIs.json. One of the biggest differences I see is that I’d say APIs.json was born out of the world of open data and APIs, where JSON Home is born of the web (which actually makes better sense). I think the JSON Home description captures the specifications origins very well: The Web itself offers one way to address these issues, using links [RFC3986] to navigate between states. A link-driven application discovers relevant resources at run time, using a shared vocabulary of link relations [RFC5988] and internet media types [RFC6838] to support a “follow your nose” style of interaction - just as a Web browser does to navigate the Web...

Different Search Engines For API Discovery

03 August 2017
I was learning about the microservices discovery specification Pivio, which is a schema for framing the conversation, but also an uploader, search, and web interface for managing a collection of microservices. I found their use of ElasticSearch as the search engine for their tooling worth thinking about more. When we first launched APIs.json, we created APIs.io as the search engine–providing a custom developed public API search engine. I hadn’t thought of using ElasticSearch as an engine for searching APIs.json treated as a JSON document. Honestly, I have been relying on the Github API as the search engine for my API discovery. Using it to uncover not just APIs.json, but OpenAPI, API Blueprint, and other API specification formats...

Microservice Discovery Using Pivio

03 August 2017

Understanding Global API Performance At The Multi-Cloud Level

02 August 2017
APIMetrics has a pretty addictive map showing the performance of API calls between multiple cloud providers, spanning many global regions. The cloud location latency map “shows relative performance of a standard, reference GET request made to servers running on all the Google locations and via the Google global load balancer. Calls are made from AWS, Azure, IBM and Google clouds and data is stored for all steps of the API call process and the key percentiles under consideration.” It is interesting to play with the destination of the API calls, changing the region, and visualizing how API calls begin to degrade to different regions. It really sets the stage for how we should start thinking about the deployment, monitoring, and testing of our APIs...

Learning About Real-Time Advertising Bidding Transparency Using Ads.txt

02 August 2017
I was learning about real-time bidding transparency using Ads.txt from Lukasz Olejnik. The mission of the ads.txt project is to “increase transparency in the programmatic advertising ecosystem. Ads.txt stands for Authorized Digital Sellers and is a simple, flexible and secure method that publishers and distributors can use to publicly declare the companies they authorize to sell their digital inventory.” While Ads.txt isn’t an API, it is an open, machine readable definition that is working to make advertising more transparent and observable to everyone, not just people in the ad-tech space. Ads.txt works similar to robots.txt, and is a simple text file that lives in the root of a domain, listing the companies that have permission to sell advertising...

When Cities Use A Common API Definition To Report Non-Emergency Issues

02 August 2017
I am taking a deeper look at Open311, as part of some wider municipal level API research and development I am doing. I am going to be helping evolve an OpenAPI for the project, as well as JSON schema for the API and underlying data model. As I’m working my way through the Open311 portal reacquainting myself with the open format for reporting of non-emergency issues within cities, I came across the list of cities who have implemented Open311, and get a glimpse at what the future of APIs at the city level can be. When you land on the Open311 GeoReport v2 Servers listing page you get a table of the twenty-one cities who have published an Open311 API, with the name, country, API discovery document, API key request location, documentation, production and sandbox environment URLs...

Making Sure Your API Service Connects To Other Stops Along The API Lifecycle

02 August 2017
I am continuing my integration platform as a service research, and spending a little bit of time trying to understand how API providers are offering up integrations with other APIs. Along the way, I also wanted to look at how API service providers are doing it as well, opening themselves up to other stops along n API lifecycle. To understand how API service providers are allowing their users to easily connect to other services I’m taking a look at how my partners are handling this, starting with connected services at Runscope. Runscope provides ready to go integration of their API monitoring and testing services with twenty other platforms, delivering a pretty interesting Venn diagram of services along the API lifecycle: Slack - Slack to receive notifications from Runscope API test results and Traffic Alerts...

Craft An OpenAPI For An Existing Threat Intelligence Sharing API Specification

01 August 2017
I wrote about the opportunity around developing an aggregate threat information API, and got some interest in both creating, as well as investing in some of the resulting products and services that would be derived from this security API work. As part of the feedback and interest on that post, I was pointed in the direction of the Structured Threat Information Expression (STIX), a structured language for cyber threat intelligence, and Trusted Automated Exchange of Intelligence Information (TAXII), and transport mechanism for sharing cyber threat intelligence. This is why I write about my projects openly like this, so that my readers can help me identify existing approaches for tackling whatever I am focusing on...

U.S. Energy Information Administration Excel Add-In and Google Add-On

01 August 2017
I was looking through a number of federal government API implementations last week in preparation of a talk I did in Washington DC. The result of research like this is always a notebook full of interesting stories to tell about what federal agencies are up to with APIs. Today’s story is out of the U.S. Energy Information Administration (EIA), with their Excel Data Add-In and Google Add-On tooling which allows you to download energy data from EIA’s data API and economic data from the St. Louis Federal Reserve’s Economic Data (FRED) API directly into your spreadsheet(s). I’m regularly looking out for innovative uses of spreadsheets when it comes to deploying, as well as consuming APIs, because I believe it is the best way we have to turn average business users into API consumers, by piping in data into the environment they are already using each day...

API SDK Licensing Notifications Using VersionEye

01 August 2017
I have been watching VersionEye for a while now. If you aren’t familiar, they provide a service that will notify you of security vulnerabilities, license violations and out-dated dependencies in your Git repositories. I wanted to craft a story specifically about their licensing notification services, which can check all your open source dependencies against a license white list, then notify you of violations, and changes at the SDK licensing level. The first thing I like here, is the notion of an API SDK licensing whitelist. The idea that there is a service that could potentially let you know which API providers have SDKs that are licensed in a way that meets your integration requirements...

The Trusted Automated Exchange of Intelligence Information (TAXII)

01 August 2017
I recently wrote about the opportunity around developing an aggregate threat information API, and got some interest in both creating, as well as investing in some of the resulting products and services that would be derived from this security API work. As part of the feedback and interest on that post, I was pointed in the direction of the Trusted Automated Exchange of Intelligence Information (TAXII), as one possible approach to defining a common set of API definitions and tooling for the exchange of threat intelligence. The description of TAXII from the project website describes it well: Trusted Automated Exchange of Intelligence Information (TAXII) is an application layer protocol for the communication of cyber threat information in a simple and scalable manner...

Professional API Deployment Templates

31 July 2017
I wrote about the GSA API prototype the other day. It is an API prototype developed by the GSA, providing an API that is designed in alignment with GSA API design guidelines, complete with an API portal for delivering documentation, and other essential resources any API deployment will need. The GSA provides us with an important approach to delivering open source blueprints that other federal agencies can fork, reverse engineer and deploy as their own custom API implementation. We need more of this in the private sector. We need a whole buffet of APIs that do a variety of different things, in every language, and platform or stack that we can imagine. Need a contact directory API, or maybe a document storage API, URL shortener API–here is a forkable, downloadable, open source solution you can put to work immediately...

Making The Business Of APIs More Modular Before You Do The Tech

31 July 2017
I have been immersed in how APIs are being done in the federal government for the last week or so, looking for positive API behavior I can showcase and focus on in my storytelling. I was walking through each step of my API lifecycle, sizing up the federal government for each area I track the private sector on when it comes to APIs. I was taking a look at the areas of microservices, containerization, and serverless. You know the modularization of IT infrastructure in government? I couldn’t find much rubber meeting the road when it comes to microservices or containerization in my research, but I did see hints of modularizing the business aspects of doing APIs in the federal government. Over at 18F you can find some interesting discussion around micro-procurement, “a procurement model that breaks what would traditionally be a large, monolithic contract into several shorter-term, lower dollar amount contracts...

You See Duplicate Work While I See Common Patterns

31 July 2017
Someone asked me on Twitter recently how I deal the duplicate work required to manage a large volume of OpenAPIs. All the same things you have to do when crafting the headers, parameters, responses, and schema across every OpenAPI you are crafting. My response was that I don’t see these things as repetitive or duplicate work, I see these things as common patterns across the resources I am making available. They main reason I think they seem repetitive is the tooling we are currently using needs to play catch up, and help us better apply common patterns across all our APIs–dealing with the duplicate, repetitive work for us. I’m confident that open source API design tooling like Apicurio are going to help us better manage the common patterns we should be applying across our OpenAPIs...

Balancing Domain Expertise With The Disruptive Power Of Upstarts Who Do APIs

31 July 2017
APIs aren’t good, or bad, nor are they neutral. APIs do the bidding of their providers, and sometimes their consumers. In my experience APIs are more often used for bad than they are ever used for good, something I try to be as vocal as I can about, while working hard to shine a light on the good that is possible. After many years of trying to help folks understand APIs, one of the biggest challenges I face involves the unrealistic rhetoric of startups. The overoptimistic vision and promises of what APIs will do, coupled with an an often limiting awareness of the challenges and complexity of industries where APIs are targeting, making for a pretty toxic, non-cooperative environment for actually getting anything done...

State of APIs In The Federal Government

27 July 2017
This is my talk from Washington DC with Steve Willmott of 3Scale by Red Hat about transforming enterprise IT with containers, APIs, and integration, where I assess the current state of APIs in the federal government, and the opportunity in the private sector when it comes to working with government data. API Evangelist My name is Kin Lane. I am the API Evangelist. I have studied the technology, business, and politics of Application Programming Interfaces, or more commonly known as APIs, full time since 2010. I spend time looking through the growing number of APIs available today, as well as the evolving group of service providers selling their solutions to API providers. I take what I learn across the space and publish as over 80 independent research projects that I run on Github, covering a growing number of stops along the API lifecycle...

We Have A Hostile CEO Which Requires A Shift In Our API Strategy

26 July 2017
As I work my way through almost one hundred federal government API developer portals, almost 500 APIs, and 133 Github accounts for federal agencies the chilling effect of the change of leadership in this country becomes clear. You can tell the momentum across hundreds of federal agency built up over the last five years is still moving, but the silence across blogs, Twitter accounts, change logs, and Github repos shows that the pace of acceleration is in jeopardy. When you are browsing agency developer portals you come across phrases like this, “As part of the Open Government Initiative, the BusinessUSA codebase is available on the BusinessUSA GitHub Open Source Repository.” With the link to the Open Government Initiative leading to a a page on the White House website that has been removed–something you can easily find on the Obama archives...

A Lack Of Communication Around Federal Government APIs

25 July 2017
I personally understand the challenges with communicating publicly when you work for the federal government. It is one of the top reasons I do not work in federal government anymore. It would kill me if I couldn’t blog each day without friction–it is how I create and ideate. Even with this understanding I find myself regularly frustrated with the lack of communication by owners of APIs across federal government agencies. There are numerous agencies who do successfully communicate around their APIs and open data projects, but the majority of APIs I come across have little, or no communication around their API operations. Have a blog, Twitter, or Github account might seem like a nice to have, but in reality they are often the only sign that anyone is home, and an API is reliable, and make the the difference between choosing to integrate with an API, or not...

API Management Across All Government Agencies

25 July 2017
This isn’t a new drum beat for me, but is one I wanted to pick it up again as part of the federal government research and speaking I’m doing this month. It is regarding the management of APIs across federal government. In short, helping agencies successfully secure, meter, analyze, and develop awareness of who is using government API resources. API management is a commodity in the private technology sector, and is something that has been gaining momentum in government circles, but we have a lot more work ahead to get things where we need them. The folks over at 18F have done a great job of helping bake API management into government APIs using API Umbrella, resulting in these twelve federal agencies: BusinessUSA...

Adding Vulnerability Disclosure To My API Building Block Recommendations

25 July 2017
I am working through the almost 100 federal government agency developer portals and the almost 500 APIs that exist across these agencies, looking for the good and bad of APIs in government at this level. One of interesting building blocks I’ve stumbled across, that I would like to shine a light on for other public and private sector API providers to consider in their own operations is a vulnerability disclosure. I feel that 18F description of their vulnerability disclosure says it best: As part of a U.S. government agency, the General Services Administration (GSA)’s Technology Transformation Service (TTS) takes seriously our responsibility to protect the public’s information, including financial and personal information, from unwarranted disclosure...

I Am Speaking On State Of APIs In Federal Government Thursday In DC

25 July 2017
I am joining my friend Steve Willmott in DC this week to talk about federal government APIs. We will be gathering at Tysons’ Biergarten between 1:30 and 5:00 PM this Thursday to talk APIs. Both Steve and I will be speaking individually, with some QA, and a happy hour afterwards as an opportunity for more discussion. I am looking forward for the opportunity to hanging with my friend Steve, as the last time we’ve hung out and spoke together was APIStrat in Boston, but at APIStat we are always running a conference, and not actually focused on our views of the APIs space. So, I am eager to learn more detail about what 3Scale is up to as part of the Red Hat machine, and specifically some of the containerization, microservices, and virtualization discussions they are leading lately...

Federal Government APIs In A Trump Administration

24 July 2017
I haven’t written much about APIs in the federal government since the election. I’m still having conversations, and investing time into monitoring what is going on in the federal government, but honestly in the name of self-care I have to turn my head from what is going on with the current administration. It’s no secret that I’m not a Trump supporter, and honestly I have trouble not getting angry with Trump supporters when it comes to making the federal government more transparent and observable with data and APIs. The current tone the administration is taking when it comes to transparency, observability, and accountability will take us decades to recover from, making conversations about federal government APIs very difficult to have in many scenarios...

The Hack Education Gates Foundation Grant Data Has An API

24 July 2017
I have been helping my partner in crime Audrey Watters (@audreywatters) adopt my approach to managing data project(s) using Google Sheets and Github, as part of her work on ed-tech funding. She is going through many of the leading companies, and foundations behind the funding of technology used across the education sector, and doing the hard work of connecting the dots behind how technology gets funded in this critical layer of our society. I want Audrey (and others), to be self-sufficient when it comes to managing their data projects, which is why I’ve engineered it to use common services (Google Sheets, Github), with any code and supporting elements as self-contained as possible–something Github excels at when it comes to managing data, content, and code...

Finding Things I Want To Write About When APIs Are Dumb

24 July 2017
You ever wake up some days, and find yourself not caring about APIs, or much else in the realm of technology? No? Well, I do. Regularly. I find myself in this headspace on this fine Monday morning, and without a weeks worth of stories scheduled, it is a very bad place to be as the API Evangelist. Part of this problem is me–I am a pain in my ass. However, a another portion of it is just about staying motivated, engaged, and producing compelling (ha) content on a regular basis for the blog, and other projects I’m working on. There are almost a hundred stories in my notebook and all of them seem really, really dumb to me this morning. I can’t seem to muster up the energy to take any of them and turn into even a three paragraph API blah blah blah story...

First Handful Of Lessons Using My Google Sheet Github Approach

24 July 2017
With my recent shift to using Google Sheets as my data backend for my research, and my continued usage of Github as my data project publishing platform, I started pushing out some new API related lessons. I wanted to begin formalizing my schema and process for this new approach to delivering lessons with some simple topics, so I got to work taking my 101, and history of APIs work, and converting them into a multi-step lesson. Some of my initial 101 API lessons are: API 101 (Website) (Github Repo) (Google Sheet) - Just a general overview of what is API, targeting average user. API Provider 101 (Website) (Github Repo) (Google Sheet) - Working to evolve an opening pitch to would be API providers...

Requiring ALL Platform Partners Use The API So There Is A Registered

21 July 2017
I wrote a story about Twitter allowing users to check or uncheck a box regarding sharing data with select Twitter partners. While I am happy to see this move from Twitter, I feel the concept of information sharing being simply being a checkbox is unacceptable. I wanted to make sure I praised Twitter in my last post, but I’d like to expand upon what I’d like to see from Twitter, as well as ALL other platforms that I depend on in my personal and professional life. There is no reason that EVERY platform we depend on couldn’t require ALL partners to use their API, resulting in every single application of our data be registered as an official OAuth application. The technology is out there, and there is no reason it can’t be the default mode for operations...

Structured Threat Information Expression (STIX)

21 July 2017
I wrote about the opportunity around developing an aggregate threat information API, and got some interest in both creating, as well as investing in some of the resulting products and services that would be derived from this security API work. As part of the feedback and interest on that post, I was pointed in the direction of the Structured Threat Information Expression (STIX), as one possible schema for definining and sharing the information I’m talking about. Here is a quick summary of STIX is from the website: Structured Threat Information Expression (STIX™) is a language for describing cyber threat information in a standardized and structured manner to enable the exchange of cyber threat intelligence (CTI)...

Misconceptions About What OpenAPI Is(nt) Still Slowing Conversations

21 July 2017
I’ve been pushing forward conversations around my Human Services Data API (HSDA) work lately, and hitting some friction with folks around the finer technical details of the API. I feel the friction around these API conversations could be streamlined with OpenAPI, but with most folks completely unaware of what OpenAPI is and does, there is friction. Then for the handful of folks who do know what OpenAPI is and does, I’m seeing the common misconceptions about what they think it is slowing the conversation. Let’s start with the folks who are unaware of what OpenAPI is. I am seeing two main ways that human services data vendors and implementations have conversations about what they need: 1) documentation, and 2) code...

Charles Proxy Generated HAR To OpenAPI Using API Transformer

20 July 2017
I was responding to Jean-Philippe M. (@jpmonette) tweet regarding whether or not I had moved forward my auto generation of OpenAPIs from traffic captured by Charles Proxy. It is one of many features of my internal systems I have not gotten around to finishing, but thankfully he actually answered his own question, and found a better solution than even I had–using my friends over at API Transformer. I had been exploring ways for speeding up the process of generating OpenAPI specs for the APIs that I’m reviewing, something that becomes very tedious when working with large APIs, as well as just profiling the sheer number of APIs I am looking profile as part of my work. I haven’t been profiling many APIs lately, but the approach Jean-Philippe M...

100K View Of Bot Space From The API Evangelist Perspective

20 July 2017
I had a friend ask me for my thoughts on bots. It is a space I tend to rant about frequently, but isn’t an area I’m moving forward any meaningful research in, but it does seem to keep coming up and refuses to ever go way. I think bots are a great example of yet another thing that us technologists get all worked up about and think is the future, but in reality, while there will only be a handful of viable use cases, and bots will cause more harm, than they ever will do any good, or fully enjoy a satisfactory mainstream adoption. First, bots aren’t new. Second, bots are just automation. Sure, there will be some useful automation implementations, but more often than not, bots will wreak havoc and cause unnecessary noise...

Managing Platform Terms of Service In A Site Policy Repository

20 July 2017
Github is releasing an update to their platform Terms of Service and Corporate Terms of Service. Guess what platform their are using to manage the evolution, and release of their terms of service? Github of course! They are soliciting feedback, along with clarifications and improvements to their terms of service, with an emphasis on helping making things more readable! #nice Github has provided a deadline for everyone to submit comments by the end of the month, then they’ll spend about a week going through the comments before making any changes. It provides a pretty useful way for any platform to manage their terms of service in a way that gives the community a voice, and provides some observability into the process for everyone else who might not feel confident enough to chime in on the process...

The Plivo Support Portal And Knowledge Base

20 July 2017
I’m always watching out for how existing API providers are shifting up their support strategies in their communities as part of my work. This means staying into tune with their communications, which includes processing their email newsletters and developer updates. Staying aware of what is actually working, and what is not working, based upon active API service providers who are finding ways to make it all work. Plivo opted out to phase out direct emails at the end of the month, and pushing developers to use the Plivo support portal, and the ticketing system. The support portal provides a knowledge base which provides a base of self-service support before any developer actually uses the support ticketing system to: Create, manage, respond to and check the status of your support ticket(s) Select improved ticket categories for more efficient ticket routing and faster resolution Receive resolution suggestions from our knowledge base before you submit a ticket to help decrease resolution time Email only support isn’t always the most optimal way of handling support, and using a ticketing system definitely provides a nice trail to follow for both sides of the conversations...

More Investment In API Security

19 July 2017
I’m getting some investment from ElasticBeam to turn up the volume on my API security research, so I will be telling more stories on the subject, and publishing an industry guide, as well as a white paper in coming weeks. I want my API security to become a first class area of my API research, along side definitions, design, deployment, management, monitoring, testing, and performance. Much of my API security research is built on top of OWASP’s hard work, but honestly I haven’t gotten very far along in it. I’ve managed to curated a handful of companies who I’ve come across in my research, but haven’t had time to dive in deeper, or fully process all the news I’ve curated there...

The Most Important Aspect Of The API Discussion Is Learning To Think Outside

19 July 2017
There are many good things to come out of doing APIs properly. Unfortunately there are also many bad things that can come out of doing APIs badly, or with misaligned expectations. It is easy to focus on the direct benefits of doing APIs like making data resources available to partners, or maybe developing a mobile application. I prefer looking for the more indirect benefits, which are more human, more than they are ever technical. As I work with different groups on a variety of API definitions and strategies, one very significant part of the process I see, is people being forced to think outside their box. APIs are all about engaging around data, content, and algorithms on the web, with 3rd parties that operate outside your box...

Does Your Platform Have An Integrations Page?

19 July 2017
I’m continuing to come across more dedicated integration pages for the API platforms I’m test driving, and keeping an eye on. This time it is out of spreadsheet and database hybrid AirTable, that allows you to easily deploy an API complete with a portal, with a pretty robust integrations page for their platform. Airtable’s dedicated integrations page is made easier since they use Zapier, which helps them aggregate over 750+ APIs for possible integration. Airtable is pretty slick all by itself, but once you start wiring it up to some of the other API driven platforms we depend on, it becomes a pretty powerful tool for data aggregation, and then publishing as an API. I don’t understand why a Zapier-driven API integrations page isn’t default for every API platform out there...

Containerized Microservices Monitoring Driving API Infrastructure

19 July 2017
While I track on what is going on with visualizations generated from data, I haven’t seen much when it comes to API driven visualizations, or specifically visualization about API infrastructure, that is new and interesting. This week I came across an interesting example in a post from Netsil about mapping microservices so that you can monitor them. They are a pretty basic visualization of each database, API, and DNS element for your stack, but it does provide solid example of visualizing not just the deployment of database and API resources, but also DNS, and other protocols in your stack. Netsil microservices visualization is focused on monitoring, but I can see this type of visualization also being applied to design, deployment, management, logging, testing, and any other stop along the API lifecycle...

One API Development Partner Every API Provider Should Have

18 July 2017
Yet another reason to be making sure Zapier is part of your API operations–issue management. Zapier is now providing an important window into how people are integrating with your API(s)–now any public API connected to Zapier can see filtered, categorized feedback from their users with Zapier Issues, and use that information to improve upon their APIs and integrations. This is the biggest movement I’ve seen in my API issues research since I first started doing it on April of 2016. Zapier Issues doesn’t just provide you with a look at the issues that arise within API integrations (the bad news), it also provides you with a feedback look where you can engage with Zapier users who have integrated with your API, and hear feature requests (the good news), and other road map influencing suggestions...

Specialized Collections Of Machine Learning APIs Could Be Interesting

18 July 2017
I was learning more about CODEX, from Algorithmia, their enterprise platform for deploying machine learning API collections on premise or in the cloud. Algorithmia is taking the platform in which their algorithmic marketplace is deployed on and making it so you can deploy it anywhere. I feel like this is where the algorithmic-centered API deployment is heading, potentially creating some very interesting, and hopefully specialized collections of machine learning APIs. I talked about how the economics of what Algorithmia is doing interests me. I see the potential when it comes to supporting machine learning APIs that service an image or video processing pipeline–something I’ve enjoyed thinking about with my drone prototype...

Diagramming The Components Of API Observability

18 July 2017
I created a diagram of the politics of APIs sometime ago that has really held true for me, and is something I’ve continue to reference as part of my storytelling. I wanted to do a similar thing to help me evolve my notion of API observability. Like the politics of APIs, observability overlaps many areas of my API life cycle research. Also like the politics of APIs, observability involves many technical, business, and legal aspects of operating a platform online today. Here is my first draft of a Venn diagram beginning to articulate what I see as the components of API observability: The majority of the API observability conversation in the API space currently centers around logging, monitoring, and performance–driven by internal motivations, but done in a way that is very public...

HTTP Status Codes Are An Essential Part Of API Design And Deployment

18 July 2017
It takes a lot of work provide a reliable API that people can depend on. Something your consumers can trust, and will provide them with consistent, stable, meaningful, and expected behavior. There are a lot of affordances built into the web, allowing us humans to get around, and make sense of the ocean of information on the web today. These affordances aren’t always present with APIs, and we need to communicate with our consumers through the design of our API at every turn. One area I see IT and developer groups often overlook when it comes to API design and deployment are HTTP Status Codes. That standardized list of meaningful responses that come back with every web and API request: 1xx Informational - An informational response indicates that the request was received and understood...

Writing API Stories That Speak To But Also Influences Their View Of Technology

17 July 2017
I know that some of my friends who follow API Evangelist shake their heads when I talk about API business models, partner programs, and many of the business sides of API operations. Much of my work will have an almost delusional attraction towards the concept of an API. Heavily doused in a belief in technology as a solution. This isn’t accidental. This is API Evangelist. A persona I have developed to help me make a living, and help influence where we go (or don’t go) with technology. I am delusional enough to think I can influence change in how the world uses technology. I’m borderline megalomaniac, but there really is not sufficient ego to get me quite all the way there. While still very, very, very minor, I feel I have influenced where technology has flowed over my seven years as the API Evangelist...

Bot Observability For Every Platform

17 July 2017
I lightly keep an eye on the world of bots, as APIs are used to create them. In my work I see a lot of noise about bots usually in two main camps: 1) pro-bot - bots are the future, and 2) anti-bot - they are one of the biggest threats we face on the web. This is a magical marketing creating formula, which allows you to sell products to both sides of the equation, making money off of bot creation, as well as bot identification and defense–it is beautiful (if you live by disruption). From my vantage point, I’m wondering why platforms do not provide more bot observability as a part of platform operations. There shouldn’t be services that tell us which accounts are bots, the platform should tell us by default, which users are real and which are automated (you know you know)...

Making All Sub-Resources Available Within The Core Set Of Human Service APIs

17 July 2017
I had recently taken the Human Services Data Specification (HSDS) and exposed it as a set of API paths that provide access to about 95% of the schema, which we are calling the Human Services Data API (HSDA). When you make a call to the /organizations/ path, you receive an array collection of organizations that each match the HSDA organization schema. The same applies when you make a call to the /locations, /contacts, and /services, opening up access to the entire schema–minus three objects I pushed off until future releases. After the core set of API paths /organization, /service, /location, /contact, there are a set of sub-resources available across those as it makes sense–including /phone, /programs, /physical_address, /postal_address, /regular_schedule, /holiday_schedule, /funding, /eligibility, /service_area, /required_document, /payment_accepted, /language, /accessiblity_for_disabilities, and /service_at_location_id...

Learning More About Amazon Alexas Approach to APIs And Skills Development

16 July 2017

Quantifying The Difference Between Human Services Data Specification (HSDS)

13 July 2017
To help quantify the move from version 1.0 to 1.1 of the Human Services Data API (HSDA) definition I took the existing Ohana API and created an OpenAPI definition to describe what was present in version 1.0 of the HSDA. Then I took version 1.1 of the Human Services Data Specification (HSDS) and made sure as much of HSDS was returned as part of API responses, as well as allowing adding, updating, and deleting across the schema. During the vendor API review portion of our process I took the documentation for four of the vendors APIs and created OpenAPI for each of them. I then laid all the vendor OpenAPIs alongside the current draft I had of the HSDA definition. I then consider each path, the parameters, body, and responses for inclusion as part of the HSDA definition...

Moving The Human Services API Specification From Version 1.1 to 1.2

13 July 2017
I am preparing for the recurring governance meeting for the Open Referral Human Services Data API standard–which I’m the technical lead for. I need to load up every detail of my Human Services Data API work into my brain, and writing stories is how I do this. I need to understand where the definition is with v1.1, and encourage discussion around a variety of topics when it comes to version 1.2. Constraints From Version 1.0 To v1.1 I wasn’t able to move as fast as I’d like from 1.0 to 1.1, resulting in me leaving out a number of features. The primary motivation to make sure as much of the version 1.1 of Human Services Data Specification (HSDS) was covered as possible–something I ended up doing horizontally with new API paths, over loading up the core paths of /organizations, /locations, and /services...

Challenges When Aggregating Data Published Across Many Years

12 July 2017
My partner in crime is working on a large data aggregation project regarding ed-tech funding. She is publishing data to Google Sheets, and I’m helping her develop Jekyll templates she can fork and expand using Github when it comes to publishing and telling stories around this data across her network of sites. Like API Evangelist, Hack Education runs as a network of Github repositories, with a common template across them–we call the overlap between API Evangelist, Contrafabulists. One of the smaller projects she is working on as part of her ed-tech funding research involves pulling the grants made by the Gates Foundation since the 1990s. Similar to my story a couple weeks ago about my friend David Kernohan, where he was wanting to pull data from multiple sources, and aggregate into a single, workable project...

20K, 40K, 60K, and 80K Foot Levels Of Industry API Design Guidance

12 July 2017
I am moving my Human Services Data API (HSDA) work forward and one of the top items on the list to consider as part of the move from version 1.1 to 1.2 is all around the scope of the API design portion of the standard. We are at a phase where the API design still very much reflects the Human Services Data Specification (HSDS)–basically a very CRUD (Create, Read, Update and Delete) API. With version 1.2 I need to begin considering the needs of API consumers a little more, looking to vendors and real world practitioners to help understand what the next version(s) of the API definition will/should contain. The most prominent discussion in the move from version 1.1 to 1.2 centers around scope of API design at four distinct levels of this work, where we are looking to move forward a variety of API design concerns for a large group of API consumers: Data Scope / Filtering - Discussions around how to filter data, allowing API consumers to search across the contents of any HSDA implementation, getting exactly the data they need, no more, no less...

Providing Solid Examples That API Consumers Can Learn From Like Slack App

12 July 2017
People often learn through example. Before I’d ever consider myself a software engineer, I’d consider myself a reverse software engineer. 93% of what I know has been extracted from the work of others. Even with 7% being of my own creation, it is always heavily influenced by the work of others. People emulate what they know, what they see, and use. This is why as an API provider you should be showcasing best practices, positive examples, and healthy blueprints of what API consumers could (should) be doing. You can see this in action with Slack’s best practice blueprints page, where they provide six blueprints of applications that API consumers should be learning from. Slack doesn’t just provide a title, description and image of example applications, it is truly a blueprint–providing diagrams, links to documentation, code samples, and other essential knowledge you will need to successfully develop an application on Slack...

A Zapier Advocate And Dedicated API Resources Page For Your Company

12 July 2017
I am spending time going through some of the most relevant APIs I know of online today, working to create some 101 training materials for average folks to take advantage of. I’m looking through these APIs: Twitter, Google Sheets, Github, Flickr, Instagram, Facebook, YouTube, Slack, Dropbox, Paypal, Weather Underground, Spotify, Google Maps, Reddit, Pinterest, NY Times, Twilio, Stripe, SendGrid, Algolia, Keen, Census, Yelp, Walgreens. I feel they are some of the most useful solutions in the average business person who is API curious. With these new lessons I’m trying to continue my work evangelizing APIs amongst the normals, helping them understand what APIs are, and what is possible when you put them to work...

Each Airtable Datastore Comes With Complete API and Developer Portal

11 July 2017
I see a lot of tools come across my desk each week, and I have to be honest I don’t alway fully get what they are and what they do. There are many reasons why I overlook interesting applications, but the most common reason is because I’m too busy and do not have the time to fully play with a solution. One application I’ve been keeping an eye on as part of my work is Airtable, which I have to be honest, I didn’t get what they were doing, or really I just didn’t notice because I was too busy. Airtable is part spreadsheet, part database, that operates as a simple, easy to use web application, which with a push of a button, you can publish an API from. You don’t just get an API by default with each Airtable, you get a pretty robust developer portal for your API complete with good looking API documentation...

When You Publish A Google Sheet To The Web It Also Becomes An API

11 July 2017
When you take any Google Sheet and choose to publish it to the web, you immediately get an API. Well, you get the HTML representation of the spreadsheet (shared with the web), and if you know the right way to ask, you also can get the JSON representation of the spreadsheet–which gives you an interface you can program against in any application. Articles I curate, the companies, institutions, organizations, government agencies, and everything else I track on lives in Google Sheets that are published to the web in this way. When you are viewing any Google Sheet in your browser you are viewing it using a URL like: https://docs.google.com/spreadsheets/d/[sheet_id]/edit Of course, [sheet_id] is replaced with the actual id for your sheet, but the URL demonstrates what you will see...

Either You Own The Conversation Around Your APIs Or Someone Else Will

11 July 2017
I was looking at how many of the top mobile applications in the iTunes story actually had a public API presence, and was finding it very telling what came up in the Google search results for each company when I searched [company name] + API. It tells a lot about how a company sees the world, when they don’t have a public API presence, but they have a very public mobile application that uses APIs. An example of this is with Tinder, where the top listings are all Github rogue API repositories, when you Google “Tinder API”. Tinder doesn’t own the conversation when it comes to their own APIs. While the Tinder APIs are public, and well documented, Tinder prefers acting like they are private–they aren’t...

Locking Down Drones And IoT Devices By Manufacturers

11 July 2017
I have been following stories about, as well as personally experiencing DJI restricting where their drones can fly, going beyond just warning you about restricted areas and actually locking down or restricting your drone capabilities. So it was interesting to also read a post in Motherboard about the company also locking down drones to prevent against hacking, modifying, and tweaking your DJI drones as you wish. Drones for me are a poster child for the entire Internet of Things (IoT), and I think DJI’s approach is a sign of what is to come for all Internet connected devices. In coming years, there will be a lot that the IoT community can learn from the drone space. From the technical to regulatory, drones will be pushing forward conversations about our networks, cameras, security, privacy, surveillance, and corporate and government control over us, and our devices...

Github Serverless

10 July 2017
I run the entire front-end of my online presence using Github. All my API Evangelist research lives as open repositories on Github, with the website running Jekyll, hosted on Github Pages. My front-end is all HTML, JavaScript, and CSS, that leverages YAML data, and displayed using Liquid. It provides me a nice way to offload the public side of my operations to Github. I am increasingly doing this with all of my data, by publishing it as YAML, and rendering a dynamic (static) API representation in JSON–all done with the same approach I’m using to publish my website(s). You can get at all of the data I use across my API research in a single API Evangelist developer portal, which just aggregates all of the JSON APIs I’ve published across my network almost 100 Github repositories, and supporting sites...

Having The Right Communications Pipeline For Your API Platform

10 July 2017
My friend Matthew Reinbold, formerly of Vox Pop, and now the Lead for the Capital One API Center of Excellence, as well as the maintainer of web API events has shifted his blogging platform to use Github, using Jekyll. Ok, yawn, why is this news? Someone is shifting the underlying platform for their blog. Well, first Matt is one of the leading API practitioners in the space, who is also a storyteller. Second, his approach highlights a set of tools that other API providers should be considering for their API communications pipeline. Matt is using a pretty potent formula for his communications platform in my opinion, with a handful of essential ingredients: Github - Using a Github repository as the open source folder for your website...

Being First With Any Technology Trend Is Hard

10 July 2017
I first wrote about Iron.io back in 2012. The are an API-first company, and they were the first serverless platform. I’ve known the team since they first reached out back in 2011, and I consider them one of my poster children for why there is more to all of this than just the technology. Iron.io gets the technology side of API deployment, and they saw the need for enabling developers to go serverless, running small scalable scripts in the cloud, and offloading the backend worries to someone who knows what they are doing. Iron.io is what I’d consider to be a pretty balanced startup, slowly growing, and taking sensible amounts of funding they needed to grow their business. The primary area I would say that Iron...

Opportunity To Develop A Threat Intelligence Aggregation API

10 July 2017
I came across this valuable list of threat intelligence resources and think that the section on information sources should be aggregated and provided as a single threat intelligence API. When I come across valuable information repos like this my first impulse is to go through them, standardize and upload as JSON and YAML to Github, making all of this data forkable, and available via an API. Of course if I responded to every impulse like this I would never get any of my normal work done, and actually pay my bills. A second option for me is to put things out there publicly in hopes that a) someone will pay me to do the work, or b) someone else who has more time, and the rent paid will tackle the work...

When JSON Schema Is Seen As Power

07 July 2017
In a 30 year career as a database professional I’ve seen some extraordinary ways in which owning and controlling data is associated with power. Those who have the data leverage it against those who do not have it. Losing control means losing power, so people do whatever they can to stay in control, protecting the spreadsheets and databases at all costs. After 30 years of seeing this play out over and over again, I thought I’d seen it all, but sadly in an API era I’m just seeing new incarnations of data being wielded by those in power. I recently came across an example where a company was holding back a series of JSON schema for a variety of public datasets, and standards in use as part of some government systems...

The Essential API Elements In My World

06 July 2017
In 2017 there seems to be an API for just about everything. You can make products available via an API, messing, images, videos, and any of the digital bits that make up our lives. I still get excited by some new APIs, but APIs have to have real usage, and deliver real value before I’ll get too worked up about them. I’m regularly looking down the list of my digital bits thinking about which are the most important to me, which ones I’ll keep around, and the services I’ll adopt to help me define and manage these bits. This process has got me thinking really deeply about what I’d consider to be the three most important types of APIs in my life: Compute - In my world compute is all about AWS EC2 instances, but when I think about it, Github really handles the majority of the compute for my front-end, but EC2 is the scalable compute for the backend of my world that is driving my APIs...

OpenAPI Leading The Open Banking API Conversation

06 July 2017
I’ve been looking through the ecosystems of banking API platforms trying to understand the technical, business, and political approach of banks when it comes to the API conversation. While Capital One is definitely leading the conversation in the U.S., I’ve also been looking to better understand what is happening around the PSD2 banking API conversation in the EU and UK. I was pleased to find OpenAPI present in the OpenBankProject PSD2 API Explorer, as well as leading the specification standards conversation over at Open Banking in the UK. The existence of the OpenAPI allows analysts like me to quickly load up the OpenAPI in an API client like Postman or Restlet, and become more intimate with what paths, and definitions are available–developing my awareness of where banking API standards are headed...

Does Your API Sandbox Have Malicious Users?

06 July 2017
I have been going through my API virtualization research, expanding the number of companies I’m paying attention to, and taking a look at industry specific sandboxes, mock APIs, and other approaches to virtualizing APIs, and the data and content they serve up. I’m playing around with some banking API sandboxes, getting familiar with PSD2, and learning about how banks are approaches their API virtualization–providing me with an example within a heavily regulated industry. AS I’m looking through Open Bank Project’s PSD2 Sandbox, and playing with services that are targeting the banking industry with sandbox solution, I find myself thinking about Netflix’s Chaos Monkey, which is “a resiliency tool that helps applications tolerate random instance failures...

Standardizing and Templatizing API Design Editor Validation Tips

06 July 2017
I’ve been playing with Apicurio, the open source API design editor I’ve been waiting for, and saw a potential opportunity for design time collaboration, instruction, and feedback loop. When you are designing an API in Apicurio it gives you alerts based upon JSON schema validation of the underlying OpenAPI, providing a nice visual feedback loop–forcing you to complete your API definition until it properly validates. Visual alerts and feedback based upon JSON schema validation isn’t really new or that interesting–you see it in the Swagger Editor, and many other JSON tooling. Where I see an opportunity is specifically when it comes to an open source visual API design editor like Apicurio, and when the JSON schema engine for the validation responses is opened up as part of the architecture...

Enhancing Your API SEO

05 July 2017
One question I’m regularly getting from my readers is regarding how you can increase the search engine optimization (SEO) for your APIs–yes, API SEO (acronyms rule)! While we should be investing in API discoverability by embracing hypermedia early on, I feel in its absence we should also be indexing our entire API operations with APIs.json, and making sure we describe individual APIs using OpenAPI, the world of web APIs is still very hitched to the web, making SEO very relevant when it comes to API discoverability. While I was diving deeper into “The API Platform”, a VERY forward leaning API deployment and management solution, I was pleased to see another mention of API SEO using JSON-LD (scroll down on the page)...

A Bot That Actually Does Useful Things For Me

05 July 2017
I’m not a fan of the unfolding bot universe. I get it, you can do interesting things with them–the key word being interesting. Most of what I’ve seen done via Twitter, Facebook, and Slack Bots really isn’t that interesting. Maybe it’s that I’m old and boring, or maybe because people aren’t doing interesting things. When you hear me complain about bots, just remember it isn’t because I think the technology approach is dumb, it’s because I think the implementations are dumb. After several dives into the world of bots, looking to understand how bots are using APIs, I’ve found some interesting Twitter bots, and an even smaller number of Slack bots I found to be useful–I have yet to find an interesting Facebook Bot...

An API Change Log And Road Map Visualization

05 July 2017
I saw a blog post come across my feeds from the analysis and visualizaiton API provider Qlik, about their Qlik Sense API Insights. It is a pretty interesting approach to trying visualize the change log and road map for an API. I like it because it is an analysis and visualization API provider who has used their own platform to help visualize the evolution of their API. I find the visualization for Qlik Sense API Insights to be a little busy, and not as interactive as I’d like to see it be, but I like where they are headed. It tries to capture a ton of data, showing the road map and changes across multiple versions of sixteen APIs, something that can’t be easy to wrap your head around, let alone capture in a single visualization...

Bringing The API Deployment Landscape Into Focus

05 July 2017
I am finally getting the time to invest more into the rest of my API industry guides, which involves deep dives into core areas of my research like API definitions, design, and now deployment. The outline for my API deployment research has begun to come into focus and looks like it will rival my API management research in size. With this release, I am looking to help onboard some of my less technical readers with API deployment. Not the technical details, but the big picture, so I wanted to start with some simple questions, to help prime the discussion around API development. Where? - Where are APIs being deployed. On-premise, and in the clouds. Traditional website hosting, and even containerized and serverless API deployment...

The Growing Importance of Geographic Regions In API Operations

29 June 2017
I have been revisiting my earlier work on an API rating system. One area that keeps coming up as I’m working is around the availability of APIs in a variety of regions, and the cloud platforms that are driving them. I have talked about regional availability of APIs for some time now, keeping an eye on how API providers are supporting multiple regions, as well as the expanding world of cloud computing that is powering these regional examples of providing and consuming APIs. I have been watching Amazon rapidly expand their available regions, as well as Google and Microsoft racing to catch up. But I am starting to see API providers like Digital Ocean providing APIs for getting at geographic region information, and Amazon provides API methods for getting the available regions for Amazon EC2 compute–I will have to check if this is standard across all services...

Electronic Submission of Injury and Illness Records to OSHA

29 June 2017

Making An Account Activity API The Default

29 June 2017
I was reading an informative post about the Twitter Account Activity API, which seems like something that should be the default for ALL platforms. In today’s cyber insecure environment, we should have the option to subscribe to a handful of events regarding our account or be able to sign up for a service that can subscribe and help us make sense of our account activity. An account activity API should be the default for ALL the platforms we depend on. There should be a wealth of certified aggregate activity services that can help us audit and understand what is going on with our platform account activity. We should be able to look at, understand, and react to the good and bad activity via our accounts...

Shared Publishing Of Data and API Projects, Portals, and Dashboards Using

29 June 2017

Electronic Submissions of Injury and Illness Records to OSHA Using API

29 June 2017

Algorithmic Observability In Predictive Policing

28 June 2017
As I study the world of APIs I am always on the lookout for good examples of APIs in action so that I can tell stories about them, and help influence the way folks do APIs. This is what I do each day. As part of this work, I am investing as much time as I can into better understanding how APIs can be used to help with algorithmic transparency, and helping us see into the black boxes that often are algorithms. Algorithms are increasingly driving vital aspects of our world from what we see in our Facebook timelines, to whether or not we would commit a crime in the eyes of the legal system. I am reading about algorithms being used in policing in the Washington Monthly, and I learned about an important example of algorithmic transparency that I would like to highlight and learn more about...

Continue To Explore Restaurant Menu as an Analogy for API Copyright and

28 June 2017
While working on my feedback to the EFF for the first response to the Oracle v Google API copyright case, one of the stories I published used the restaurant menu as an analogy for API copyright. This example was used in the most recent response by Google’s lawyers as they defended themselves in court, and as I’m working on my API patent research, I wanted to revisit this analogy, in the same way, helping focus attention on why API patents are such a bad idea. Building on my previous analogy, as a restaurant, imagine your restaurant specialty is delivering meat-centric dishes. Your burgers and steaks are da bomb! You literally have several “secret sauces”, some unique preparation processes, as well as some very appealing ways of naming and describing your dishes...

API Preparation At The Bureau For The 2020 Census

28 June 2017
I was reading about what the Census is doing to prepare for the 2020 census over at GCN. I’ve been invested in what they are doing at Census for some time now, so it makes me happy to see where they are headed with their preparation for the 2020 census. From what I’ve read, and what I’ve seen with their existing API efforts, they have really taken API to heart and are working to bake APIs into everything they do. According to GCN: Through the site’s application programming interface, users will be able to download and manipulate the data to serve their own purposes; ensuring that the API can drive all of data.census.gov’s core functions means outside users will have more power as well...

Highlighting Algorithmic Transparency Using My Algorotoscope Work

28 June 2017

I Have Two APIs I Am Interested In And I Am Not A Developer--What Do I Do?

28 June 2017
My friend David Kernohan (@dkernohan) emailed me the other day asking me for some advice on where to get started working with some data APIs he had been introduced to. This is such a common question for me, and surprisingly seven years into API Evangelist they are questions I still do not have easy answers for. Partly because I spend the majority of my time writing about providing APIs, but also because API consumption is often times inconsistent, and just hard. David provided me with two sources of data he wanted to work, which I think help articulate the differences between APIs, that can make things hard to work with when you are just getting started with any API. Let’s break down the two APIs he wants to work with: UNISTATS Description: Compare official course data from universities and colleges...

The Open Service Broker API

27 June 2017
Jerome Louvel from Restlet introduced me to the Open Service Broker API the other day, a “project allows developers, ISVs, and SaaS vendors a single, simple, and elegant way to deliver services to applications running within cloud-native platforms such as Cloud Foundry, OpenShift, and Kubernetes. The project includes individuals from Fujitsu, Google, IBM, Pivotal, RedHat and SAP.” Honestly, I only have so much cognitive capacity to understand everything I come across, so I pasted the link into my super secret Slack group for API super heroes to get additional opinions. My friend James Higginbotham (@launchany) quickly responded with, “if I understand correctly, this is a standard that would be equiv to Heroku’s Add-On API? Or am I misunderstanding? The Open Service Broker API is a clean abstraction that allows ‘services’ to expose a catalog of capabilities, as well as the ability to create, use and delete those services...

API Environment Portability

27 June 2017
I was reading the post from Runscope on copying environments using their new API. I was looking through the request and response structure for their API, it looks like a pretty good start when it comes to what I’d call API environment portability. I’m talking about allowing us to define, share, replicate, and reuse the definitions for our API environments across the services and tools we are depending on. If our API environment definitions shared a common schema, and API like Runscope provides, I could take my Runscope environment settings, and use them in my Stoplight, Restlet Client, Postman, and other API services and tooling. It would also help me templatize and standardize my development, staging, production, and other environments across the services I use...

Patent #US 20170153932: Adapting Legacy Endpoints To Modern APIs

27 June 2017
I made my API patent inventory a little more explorable this week, allowing me to more easily discover new and interesting patents that will affect the world of APIs, which I can include in my research. An interesting patent from eBay quickly floated up to the top as a questionable idea for a patent. Adapting legacy endpoints to modern APIs: Example methods and systems are directed to adapting legacy endpoints to modern application protocol interfaces (APIs). A legacy endpoint may provide a powerful and complex API. A modern application may desire access to the legacy endpoint. One or more layers may be added between the modern application and the legacy endpoint. Each layer may provide a different API...

I Published 60K Patents To Github As Part Of My API Patent Research

27 June 2017
I’ve been migrating from my own homebrew CMS system over the last couple of weeks, ditching it for a variety of existing services, balancing my operations across a diverse set of platforms I’ve identified as useful. I’m using Github and Jekyll to manage my content system, storing thinks like blog, news, notes, and patents there. Github repos are well suited for storing this type data for free (if it is public), and Jekyll is well suited for helping me manage small to large repositories of content I need to use across my platform. This last week I migrated 60K patents I had filtered out of all the XML dumps of patents I downloaded, between the years of 2005 and 2016. I filtered out any patent with API or application programming interface in the title, abstract, or body of the patent...

Three New API Industry Groups On The Horizon

26 June 2017
Along with the growth of industry level API events for machine learning, healthcare, and beyond, I’m starting to see the emergence of more API specific working groups, something I’ve been asking for, for some time now. The API universe is expanding and we will need API specialists with domain expertise to help push forward the conversations in leading industries like healthcare, banking, education, transportation, and beyond. I’ve been keeping an eye out for any movement within industries beyond FHIR and PSD2, and now I”m adding three more efforts to my list: Artificial Intelligence - NTT DOCOMO’s new docomo AI Agent Open Partner Initiative to facilitate collaborative development of all-new offerings implemented with a service-agnostic, device-agnostic speech interface based on AI Agent API, a newly developed artificial intelligence (AI) application programming interface (API) that DOCOMO plans to incorporate into a new AI agent service to be launched in early fiscal 2018...

Healthcare API Interoperability At HL7 FHIR Dev Days In Amsterdam

26 June 2017
I wrote about a machine learning specific API event a couple weeks back, and today I wanted to highlight the growth of conferences dedicated to FHIR, or the Fast Healthcare Interoperability Resources. FHIR is larger than just it’s API, but it is one very important example of how APIs and open industry API specifications can help move forward the API conversation in large industries. As part of my healthcare API research, I bookmarked HL7 FHIR DEVDAYS 2017, a conference dedicated to standardizing healthcare APIs, and increasing interoperability across the global healthcare system. I went through the three-day schedule for the conference, following speakers on Twitter, and learning more about what being presented when it came to healthcare interoperability–expanding my awareness of what is going on when it comes to connecting healthcare systems and pushing forward this important API definition...

Budget Transparency At The County Level With Open Data And APIs

26 June 2017
As we find ourselves darker times when it comes to transparency within the federal government in the United States, I’m always on the hunt for any positive signs of transparency at the other levels of government. I can usually depend on my friends over at Socrata to help out, and they came through this week with a story on Douglas County, Kansas publishing their budget online. “This week, Douglas County, Kansas, home to 117,000 residents, launched an Open Budget site, which provides the public with access to one of the county’s most crucial documents: the annual operating budget.” Jill Jolicoeur, Assistant to the County Administrator stated that “our goal is for Open Budget to replace the time-intensive process of developing and publishing the annual budget in a hard-copy format...

The Competitive Advantage Of API Agility Over Any Secret Sauce

26 June 2017
I was talking to a VC about one of my favorite API upstarts the other day, and one of the closing questions I received was if the API upstart had a secret sauce that made their position defensible. To which I responded, no…but they are API first, and API definition-driven in everything they do, so they will ultimately move faster than any competitor can. Agility is one of the classic things you hear people tell companies regarding why they should be doing APIs. The benefit is definitely overused and overstated in situations it shouldn’t be, but when APIs are fully embraced, and done properly, the agility is real. I’ve seen companies be able to shift, pivot, and add new features in a fraction of the time of their competitors, allowing them to in new ways that nobody had intended just months before–APIs allow for the type of shape shifting you need to remain competitive in today’s environment...

I Would Love To Reference Github Data Across Repos With [org].data.[object]

22 June 2017
I am a big fan of Jekyll and Github when it comes to managing data-driven projects. All of my research runs on Github, and I use Jekyll to serve up YAML and JSON representations of my research for a variety of purposes. I store all data that supports my research in the _data folder for each research project’s repository. From there I will create HTML, Atom, and JSON representations for use in my API Evangelist storytelling. When I am referencing any YAML data store I have in the _data folder I just use site.data.[object] to reference it. From there I can loop through collections, filter and show fields and other elements on the page using Liquid syntax. I love having all the data at my fingertips, but I’m thinking about the next step of data management at scale, as I work to build more data-driven repositories, housed within Github organizations, I want to be able to reach outside of each repo, into other repos stored within a single organization...

API Plans Are Not Sustainable For My Small Business

22 June 2017
I’ve already written about how I just don’t like class pricing tiers for API consumption, but I want to keep beating this drum until service providers hear what I’m singing. I think pricing tiers worked well to onboard the world with SaaS but for an API-driven world we a lot more flexibility and scalability when it comes to t he business model. As a small business I just can’t take another monthly payment, without some deep consideration, and bank account consultation. I’m looking at the ImageOptim API, which is already a desktop tool I use, but the opportunity to automate my image optimization is very appealing. However, their entry level pricing tier is $9 a month for $1,000.00 calls...

Patent US9639404: API Matchmaking Using Feature Models

21 June 2017
Here is another patent in my series of API related patents. I’d file this in the category as the other similar one from IBM–Patent US 8954988: Automated Assessment of Terms of Service in an API Marketplace. It is a good idea. I just don’t feel it is a good patent idea. Title: API matchmaking using feature models Number: 09454409 Owner: International Business Machines Corporation Abstract: Software that uses machine logic based algorithms to help determine and/or prioritize an application programming interface’s (API) desirability to a user based on how closely the API’s terms of service (ToS) meet the users’ ToS preferences. The software performs the following steps: (i) receiving a set of API ToS feature information that includes identifying information for at least one API and respectively associated ToS features for each identified API; (ii) receiving ToS preference information that relates to ToS related preferences for a user; and (iii) evaluating a strength of a match between each respective API identified in the API ToS feature information set and the ToS preference information to yield a match value for each API identified in the API ToS feature information set...

Validating My API Schema As Part of My API Security Practices

21 June 2017
I am spending more time thinking about the unknown unknowns when it comes to API security. This means thinking beyond the usual suspects when thinking about API security like encryption, API keys, and OAuth. As I monitor the API space I’m keeping an eye out for examples of what might be security concerns that not every API provider is thinking about. [I found one recently in ARS Technica, about the Federal Communication Commission (FCC) leaking the email addresses through the CC API for anyone who submitted feedback as part of any issues like the recent Net Neutrality discussion. It sounds like the breach with the FCC API was unintentional, but it provides a pretty interesting example of a security risk that could probably be mitigated with some basic API testing and monitoring, using common services like Runscope, or Restlet Client...

Making Machine Learning Accessible To Spreadsheet Power Users

21 June 2017
My friends over at Algorithmia are up to some good things–making their algorithms available within a spreadsheet. Algorithmia has created a set of open source scripts and walkthrough to help you inject the algorithms from their marketplace into your Google Spreadsheets. They have seven useful algorithms to inject into spreadsheets: Linear Detrend – removes increasing or decreasing trends in time series Autocorrelate – used to analyze the seasonality of a time series Outlier Detection – flags unusual data points Forecast – predict a given time series into the future Summarizer – creates a text summary by extracting key topic sentences Social Sentiment Analysis – assigns sentiment ratings of “positive”, “negative” and “neutral” Count Social Shares – returns the number of times that URL has been shared on various social media sites The Google scripts are available on Github, thanks to the hard work of Ken Burcham...

I Am Working With Elastic Beam To Help Define API Security

21 June 2017
Security is the number one concern companies, organizations, institutions, and government agencies have when I’m talking with them about doing APIs. Strangely it is also one of the most deficient, and underinvested areas of API operations. Companies are just learning to design, deploy, and manage their APIs, and monitoring, testing, and security are still on the future road map for many API providers I know. Security is one of the important areas I’ve been trying to find more time and resources to invest into my research, and I’ve been on the hunt for interesting providers to partner with when it comes to defining security as it applies to APIs. There are a number of web and infrastructure security companies out there, but there aren’t enough that are only focused on just APIs...

Internet As Example Of Markets Working Things Out

20 June 2017
Is this writing? Rural Broadband Mobile Not worth investing Left behind Vote in people who make it worst.

API Wrappers To Help Bring Machine Learning Into Focus

20 June 2017
I was taking a look at the Tensorflow Object Detection API, and while I am interested in the object detection, the usage of API is something I find more intriguing. It is yet another example of how diverse APIs can be. This is not a web API, but an API on top of a single dimension of the machine learning platform TensorFlow. “The TensorFlow Object Detection API is an open source framework built on top of TensorFlow that makes it easy to construct, train and deploy object detection models.” It is just a specialized code base helping abstract away the complexity of one aspect of using TensorFlow, specifically for detecting objects in images. You could actually wrap this API with another web API and run on any server or within a single container as a proper object recognition API...

Tightly Coupled To Our Mobile Phones

20 June 2017
I had ditched my phone last year after being with AT&T for just shy of 20 years. Not having a phone made me realize how much you need a phone number to exist online these days. Facebook, Twitter, Google, all needed me to have a phone number which I can verify from time to time, to keep my accounts active. In addition to just needing it for an account, I also need it regularly to secure my world via two-factor authentication. Sometimes I need it for SMS, but mostly I just need the authenticator app–both requiring at least having the mobile device in my presence. I’m not very tightly coupled with my phone, but it feels like it increasingly like it is always coupled to me. I’m guessing that if it isn’t our mobile phones, in the future there will always be at least one device we will be required to have as part of our identity, and be helping us secure both our physical and digital worlds...

The General Services Administration API Strategy Considers How To Generate Revenue

20 June 2017
The General Services Administration(GSA) has an API strategy, which describes “GSA’s future direction for agency­wide API management including design, development, architecture, operations, and support, and security.” Ok, let’s pause there. I want to point out that this isn’t just an API design guide. That is a portion of it, but it also touches on some of the most obvious (deployment), and the most critical aspects (security) of API operation–important stuff. The objectives for the GSA crafting an API strategy are: ­* Harness API management to maximize customer value and technical efficiencies. ­* Adopt industry best practices with API design, development, and management. ­* Consider opportunities for revenue through API offerings...

The Unknown Unknowns Of API Security

20 June 2017
I am trying to wrap my head around the next steps in the evolution of API security. I am trying to help separate some of the layers of what we collectively call API security, into some specific building blocks I can reference in my storytelling. I’m ramping up my API security research as I onboard a new API service provider partner, and will have more resources to invest in the API security discussion. Let’s start with the easy “Known Knowns”: Encryption - Using encryption across all aspects of API operations from portal to base URL. API Keys - Making sure everyone who is accessing an API is keying up and passing along with each request. OAuth - Getting more granular with access by applying OAuth when there is access to 3rd party data and content...

The Six Dimensions Of API Patents I Dwell On

19 June 2017
Each story I publish about API patents will usually get a comment, Tweet, LinkedIn, or other comments letting me know that the owner of the patent is only doing it in a defensive pattern. I fully grasp that this is the predominant stance when it comes to defending a patent portfolio, but I prefer seeing six dimensions to this discussion–looking beyond this single position. When thinking about why a patent exists I see it in six dimensions: Idea - That someone has an idea, thinks it is theirs and feels that this should exist as a patent. Patent- That some have the resources to craft the patent application, and file it with the patent office. Filing - That the patent authority thinks an idea is patent-worthy, and something that should be approved...

I Would Like To See More API Test Drives

19 June 2017
The Azure Marketplace has the ability to test drive anything that is deployed in the Azure Marketplace. As someone who has to sign up for an endless number of new accounts to be able to play with APIs and API services, I’m a big fan of the concept of a test drive–not just for web applications, or backend infrastructure, but specifically for individual APIs and microservices. From the Azure site: Test Drives are ready to go environments that allow you to experience a product for free without needing an Azure subscription. An additional benefit with a Test Drive is that it is pre-provisioned - you don’t have to download, set up or configure the product and can instead spend your time on evaluating the user experience, key features, and benefits of the product...

Three Rules Of My API Communication Strategy

19 June 2017
Communicating effectively around API operations is the number one illness I see across the API space. Engineers are good at writing code and devopping their way to a usable API, but often fall short when it comes to telling the story of what the API does, and consistently beating this drum until people become familiar with what is going on. An effective API communication strategy is more art than it is science, and I’d like to share three of my rules when it comes to telling stories on the API Evangelist platform. Honesty - Be honest with yourself, you’re readers, and those you are writing about. If you can’t find a way to be honest in your writing go find a new job–it won’t be sustainable...

IDK Is Always The First Step To API Integration

19 June 2017
I spend a lot of time trying to figure out what technology does. I read press releases, pitch emails, documentation, and marketing materials trying to get an idea of what is possible. While many of the APIs I come across are intuitive, and just make sense there is still a significant portion of them that leave me scratching my head regarding what it even does. As developers, it can be easy to think about the SDKs you will need to support API integration with your API, but I think you are making a lot of assumptions about your consumers when you focus your initial energy here. The first step in any API integration begins with IDK and not the SDK. When a potential API consumer comes across your API, the first question to be answered is: what does this API do? If the answer is I Don’t Know (IDK), we have a problem...

Data Access and API Strategy in the European Union

17 June 2017
http://dret.typepad.com/dretblog/2017/06/data-access-and-api-strategy-in-the-european-union.html

Publishing Your API In The AWS Marketplace

16 June 2017
I’ve been watching the conversation around how APIs are discovered since 2010 and I ave been working to understand where things might be going beyond ProgrammableWeb, to the Mashape Marketplace, and even investing in my own API discovery format APIs.json. It is a layer of the API space that feels very bipolar to me, with highs and lows, and a lot of meh in the middle. I do not claim to have “the solution” when it comes to API discovery and prefer just watching what is happening, and contributing where I can. A number interesting signals for API deployment, as well as API discovery, are coming out of Amazon Marketplace lately. I find myself keeping a closer eye on the almost 350 API related solutions in the marketplace, and today I’m specifically taking notice of the Box API availability in the AWS Marketplace...

Serverless Blueprints For Your API

16 June 2017
Serverless is spreading across the API sector, and is something that leading API providers are beginning to embrace as part of their operations. I saw an interesting example of this out of AWS and Box lately, with the announcement of Lambda blueprints and code for integrating with the Box API via the AWS platform. The Box serverless blueprints show you how to call the Box APIs and connect a Box webhook to a Lambda function via the Amazon API Gateway–providing some pretty interesting use cases for using Box via serverless functions: Manage User Authentication with Box Platform using Amazon Cognito – How to use Amazon Cognito to power a login page for application users. Add Deep Learning-based Image Recognition to your Box App with Amazon Rekognition – How to build an image tagging application that is powered by Amazon Rekognition...

Github Helping Set The Bar For Your API Community Code Standards

16 June 2017
Github has released an interesting new feature to help users better manage some of the community elements of the repositories they use to manage code, definitions, data, and content across API operations. For each repository, you now have a community profile tab, where you’ll see a checklist showing how your project compares to Github recommended community standards. If you are lacking one of these common elements, it gives you an option to quickly add one of the missing pieces. I still have some repositories where I don’t properly have licensing dictated, even a handful without a README (I know). Almost none of my repositories have a code of conduct or contributing agreement. The new feature adds another task to my list of maintenance items I’ll be tackling to help standardize the projects I manage on Github (which is everything I do)...

Zooming Out To The 100K Level Then Back To API Sea Level With OpenAPI And APIs.json

15 June 2017
I’m wrestling with the different levels of conversations I’m having around my human services API work. Some of my audience are more technical and are pushing for discussion at the granular level, while other parts of my audience are more about the business of things at the 100K. I appreciate these types of projects, but when there are many different conversations going on at many different levels, it is a lot of work to wrestle things into something coherent that everyone involved will appreciate. One day I’m thinking about which individual fields are required, then next I will considering how multiple human services API integrators will be syndicating and sharing information between clusters of human service API implementations...

A Community Approval Dimension When Adding, Updating, And Deleting Via API

15 June 2017
One of the projects I’m working on as part my Human Services API work is trying to define the layer that allows developers to add, update, and delete data via the API. We ultimately want to empower 3rd party developers, and external stakeholders to help curate and maintain critical human services data within a community, through trusted partners. The Human Services API allows for the reading and writing of organizations, locations, and services for any given area. I am looking to provide guidance on how API implementors can allow for POST, PUT, PATCH, and DELETE on their API, but require approval before any changing transaction is actually executed. Requiring the approval of an internal system administrator to ultimately give the thumbs up or thumbs down regarding whether or not the change will actually occur...

My API Communication Stack For The Human Services API Specification

15 June 2017
I’m refining my approach to moving forward the discussion around the Human Services Data Specification and API in an attempt to include more vendors and implementors in the conversation. Part of this work is to streamline how we move forward an increasing number of conversations regarding the schema and API definition. I am looking help solidify our communication strategy around the human services API, and help make clear which channels participants can tune into: Github - Github Issues is where the specific conversation around a variety Slack - A variety of Slack channels for discussing the evolution of API. Blog - Storytelling via API Evangelist, and specific project level blogs...

The GSA API Standards With A Working Prototype API And Portal

14 June 2017
One way to help API developers understand API design is to provide them with a design guide, helping set a standard for how APIs should be designed across an organization or group. Another way to help developers follow best practices when it comes to API design is to provide them with a working example they can follow when developing their API(s). In my experience people learn API design best practices through following what they know–emulating what they see. Hang on to that thought, cause now I’m going to blow your mind. Guess how API providers learn how to provide API design guide and working examples? By showcasing working examples of companies, institutions, and government agencies publishing API design guides, working APIs, and portal prototypes...

The Yes I Would Like To Talk Button When Signing Up For An API Platform

14 June 2017
There are never enough hours in the day. I have an ever growing queue of APIs and API related services that I need to play with for the first time, or just make sure and take another look at. I was FINALLY making time to take another look at the RepreZen API Studio again when I saw that they were now supporting OpenAPI 3.0. I am still driving it around the block, but I thought the second email I got from them when I was signing up was worth writing about. I had received a pretty standard getting started email from them, but then I got a second email from Miles Daffin, their product manager, reminding me that I can reach out, and providing me with a “Yes I Would Like To Talk Button”. I know, another pretty obvious thing, but you’d be surprised how a little thing like this can actually break us from our regular isolated workspace, and make the people behind an API, or API related service more accessible...

The Successes And (Mostly) Failures Of A Developer Evangelist

14 June 2017
I am a big fan of companies who share their API journey publicly. The comment I hear from readers, as well as attendees of @APIStrat often, is that they want to hear more honest stories from API practitioners regarding every stop along the API lifecycle from defining to deprecation. I encourage API providers to actively share their stories publicly on their blog, and even semi-privately via email newsletters. Ash Hathaway (@ash_hathaway) over at Stich Data asked me what I thought about her doing an evangelism email newsletter based on her experiences–to which I responded with, “hell yeah, it is a great idea!”. So she has launched The Evangelism Compendium, the successes and (mostly) failures of a developer evangelist email newsletter...

Proprietary Views Of Your Taxonomy

14 June 2017
I’ve been investing a lot more energy into open data and APIs involved with city government, something I’ve dabbled in as long as I’ve been doing API Evangelist, but is something I’ve ratcheted up pretty significantly over the last couple of years. As part of this work, I’ve increasingly come across some pretty proprietary stances when it comes to data that is part of city operations–this stuff has been seen as gold, long before Silicon Valley came along, with long lines of folks looking to lock it up and control it. Helping civic data stakeholders separate the licensing layers around their open data and APIs is something I do as the API Evangelist. Another layer I will be adding to this discussion is around taxonomy...

Setting The Rules For API Automation

13 June 2017
Twitter released some automation rules this spring, laying the ground rules when it comes to building bots using the Twitter API. Some of the rules overlap with their existing terms of service, but it provides an interesting evolution in how platform providers need to be providing some direction for API consumers in a bot-driven conversational landscape. They begin by laying the ground rules for automation using the Twitter API: Do! Build solutions that automatically broadcast helpful information in Tweets Run creative campaigns that auto-reply to users who engage with your content Build solutions that automatically respond to users in Direct Messages Try new things that help people (and comply with our rules) Make sure your application provides a good user experience and performs well — and confirm that remains the case over time Don’t! Violate these or other policies...

I Wish USA Facts Had A More Sophisticated API Embeddable And Sharing Strategy

13 June 2017
I love what the folks over at USAFacts have done with their effort to educate everyone regarding how the US works (or doesn’t). I commend Steve Ballmer for the money he’s put into the project and the obviously huge amount of work they have put into making some pretty complex things understandable. However, I just have one critique: I wish they had an API, accompanied with a more sophisticated sharing and embeddable approach to publishing the wealth of valuable information contained within the site. You can share links to specific sections of USAFacts, but it is just a generic image with a link to each area of the site. The site is exactly what we need in a Trump era, and is full of valuable factoids about how things work, but we need more eye candy for sharing, and the ability to share more granular level details about what is contained within the project...

More Evangelism Will Be Needed To Move Banking API Conversation Forward

13 June 2017
I was reading what’s behind the hold up of API adoption at credit unions and I’m reminded (again) of the critical need for API evangelists in the space. I am not talking about advocates for a single API, but more evangelists that reflect my mission as the API Evangelist, but dialed in for specific industries. To set the stage for you, let me share why I started API Evangelist seven years ago. I began writing about the business, and eventually the politics of APIs because I saw the potential with APIs, but I also saw that things were not evolving as fast as they could because technologists were dominating the API conversation. We needed more discussion around the business of doing APIs, and many of the finer political details like security, terms of service, branding, and other concerns of the business leaders who actually controlled the purse strings that would move the space forward at the speed and scale everyone desired...

Revisiting GraphQL As Part Of My API Toolbox

12 June 2017
I’ve been reading and curating information on GraphQL as part of my regular research and monitoring of the API space for some time now. As part of this work, I wanted to take a moment and revisit my earlier thoughts about GraphQL, and see where I currently stand. Honestly, not much has changed for me, to move me in one direction or another regarding the popular approach to providing API access to data and content resources. I still stand by my cautionary advice for GraphQL evangelist regarding not taking such an adversarial stance when it comes to the API approach, and I feel that GraphQL is a good addition to any API architect looking to have a robust and diverse API toolbox. Even with the regular drumbeat from GraphQL evangelists, and significant adoption like the Github GraphQL API I am not convinced it is the solution for all APIs and is a replacement for simple RESTful web API design...

Recent API Paths

12 June 2017
I was learning about a new API path for the document platform Box, that was designed specifically for showing recently updated objects. I think that the concept of having API paths dedicated to showing recently changed elements makes sense, helping eliminate the need for API consumers to learn about which parameters are needed to achieve their immediate goals, helping expose useful aspects of the platform through API design. As an API consumer, it can be a lot of work to get at the meaningful and relevant context of an API Platform if you do not know all the right knobs and levers to pull on. This is where API design comes in handy, helping surface the most relevant and contextual aspects of what is going on...

Tweeting Out Your API Forum Conversations

12 June 2017
It is a lot of work to keep the API evangelism drumbeat going each day on your blog, Twitter, and other social media channels you use for your API operations. Each Tweet, Facebook or LinkedIn Post is one possible signal that might reach existing developers, or possibly reach a potentially new API consumer–educating them about what your API does. My friends over at the Oxford Dictionaries APIs are getting really good at this API evangelism song and dance, and one of the tactics in their toolbox is regularly Tweeting out relevant threads from their API forum. It is a great way to expose conversations that are going on within your API support forum, and help make other developers aware that these conversations are going on in a way that will also boost your overall SEO, making your API support operations more visible to the public...

If Oracle Wants To Be Taken Seriously With Its API Campaign It Needs To Drop

12 June 2017
<,/p>Oracle is investing a serious amount resources to become a contender in the API space lately. [They've acquired Apiary](http://apievangelist.com/2017/01/19/oracle-acquiring-apiary/), and are beating a regular PR drum regarding API design, deployment, management, and everything API. The tech giant shows up on my API monitoring daily with new waves of messaging about how it is the platform of choice when it comes to APIs. The problem is these are always from meaningless outlets who publish every press release they get, not the sources the community looks to for answers. The company is facing an uphill battle because it is extremely late to the game, but also because of it's ongoing API copyright lawsuit against Google...

I Like The Apicurio Road Map

09 June 2017
I have been learning more about Apicurio, which is the open source API design editor I have been waiting for. There are a number of things I’m interested in when it comes to Apicurio, but one side element that caught my attention was their road map. I am a big fan of encouraging folks to share their roadmap. It is an important part of helping establish a shared future between API provider and API consumer. Apicurio is an API tool, without any APIs (yet), but the roadmap purpose remains the same. I like how Apicurio shares their tech preview, beta, and 1.x plan, in a coherent and organized way–you do not have to be a developer to understand what they are planning. As I was using Apicurio I had a lot of questions about what it didn’t do...

The APIs.json For Trade.gov

09 June 2017
There are a growing number of API providers who have published an APIs.json for their API operations, providing a machine-readable index of not just their API, but for their API entire operations. My favorite example to use in my talks and conversations when I’m showcasing the API discovery format is the one for the International Trade Administration at developer.trade.gov. The International Trade Administration (ITA) is the government agency that “strengthens the competitiveness of U.S. industry, promotes trade and investment, and ensures fair trade through the rigorous enforcement of our trade laws and agreements”, provides an index of where you can find their developer portal, documentation, terms of service, as well as a machine readable OpenAPI for their trade APIs...

Temporary Interaction Limits

08 June 2017
I spend a lot of time thinking about API rate limits. How they can hurt API providers, or as my friend Tyler Singletary (@harmophone) says incentivize creativity. I think your view on rate limits will vary depending on which side of the limit you stand, as well as your own creative potential and limitations. I agree with Tyler that they can incentivize creativity, but it doesn’t mean that all limitations imposed will ultimately be good, or all creativity will be good. I found myself contemplating Github’s recent introduction of temporary interaction limits which means “maintainers can temporarily limit who can comment, create pull requests, and open issues among existing users, collaborators, and prior contributors...

KDL: A Graphical Notation for Kubernetes API Objects

08 June 2017
I am learning about the Kubernetes Deployment Language (KDL) today, trying to understand their approach to defining their notion of Kubernetes API objects. It feels like an interesting evolution in how we define our infrastructure, and begin standardizing the API layer for it so that we can orchestrate as we need. They are standardizing the Kubernetes API objects into the following buckets: Cluster - The orchestration level of things. Compute - The individual compute level. Networking - The networking layer of it all. Storage - Storage behind our APIs. This has elements of my API lifecycle research, as well as a containerized, clustered, BaaS 2.0 in my view. Standardizing how we define and describe the essential layers of our API and application infrastructure...

Patents As A Measure Of Individual Success

08 June 2017
I read a lot of patents as part of my work as the API Evangelist, and I tend to stalk and tune into the social media accounts of some of the authors. I have noticed that some of them work at large companies, and are counting each patent they file and are announcing each one like it is a badge of honor. I’m fascinated by this. Each company’s approach to showcasing or downplaying their patent portfolio tells a lot about the company, something that I feel trickles down to each individual author. The theater of showcasing the number of patents is fascinating to me. I’m not saying it’s a bad thing, just something I think is worthy of more discussion in the modern age. I don’t showcase the number of patents I have filed because 1) I don’t have any patents 2) I cannot afford to file any patents 3) I don’t showcase my ideas, I showcase things I do and the stories I tell...

The Support Elements Of Your API Service Level Agreement

08 June 2017
Zendesk gave me some valuable building blocks to add to both my API support and API service level agreement research, with their support SLA. This is why I keep an eye on not just how API providers are handling their support, but also how leading support software as a service API providers are setting the bar for how we do support. The Zendesk support SLA provides us with some valuable information about setting a service level objective, developing support SLA workflow, dealing with a breach, and even some key performance indicators (KPIs) to help you measure success. I will be taking the bullet points from each area and adding to the overlap of my API support and service level research, and I’ll even begin flushing out my API breach research with its first handful of building blocks regarding how to handle a really bad situation...

Patent US 8954988: Automated Assessment of Terms of Service in an API Marketplace

08 June 2017
I’m reading a lot of API patents lately trying to understand the variety of approaches these “innovative” patent authors are using to help define the API space. Many of the API patents I have historically objected to tend to patent the technical detail that make the web work or significantly contributes to the integration benefits that an API delivers. Today’s patent does all of this but is focused on patenting the legal details that are needed to make this whole API thing work at scale. Title: Automated assessment of terms of service in an API marketplace Number: 08954988 Owner: International Business Machines Corporation Abstract: An embodiment of the invention comprising a method is associated with an API marketplace, wherein one or more API providers can each supply an API of a specified type, and each provider has a set of ToS for its API of the specified type...

APIs For Monitoring The Performance Of Your APIs

07 June 2017
I am a big fan of API providers who also have APIs. It may sound silly to say, but you would be surprised how many companies are selling services to API providers and do not actually have an API themselves. So, anytime I find a good example of API service providers launching new APIs that help API providers be more successful, I’m all over it with a story. Today’s example is from my friends over at Runscope with their API Metrics API that lets you “retrieve your API tests performance metrics for each individual test, keep a pulse on your API’s performance over time, and create custom internal or external dashboards with it”. You can filter the request by using 3 different parameters: region - The service region you’re using to run your tests (e...

A Conference Focused On Machine Learning APIs

07 June 2017
I try to pay attention to events going on in the API space beyond just APIStrat in Portland this fall (submit your CFP!!), and I saw a notification for PAPIs in São Paulo in two weeks, as well as Boston in October. I’m glad we’ve always kept @APIStrat a wider community thing, but if I had to pick one vertical to focus on in 2017 and on, it would definitely be machine learning APIs. PAPIs has been on my radar for a while now, but I think their foresight is going to start paying off this year. While there are a number of trends moving the API space forward, things like microservices, serverless, and GraphQL, nothing will compare to what is happening with machine learning (ML). I think 90% of the ML will be BS, but there will be 5-10% of it that will actually move industries forward in any meaningful way, and the scope of the investment into everything ML is going to be dizzying for the foreseeable future...

Transparency Around Every Company Who Has Access To Our Social Data Via An

07 June 2017
I believe that APIs can bring some important transparency to the web, mobile, and device applications that seem to be invading our life. I hesitate using the word transparency because it has been weaponized by Wikileaks and others in the current cyber(in)secure landscape, but for the purposes of this story, it will work. APIs by default do not mean transparency, but when done in the right way they can pull back the curtain a little on what is going on when a company, organization, institution, or agency behind is truly committed to transparency. I’ve long had a portion of my research dedicated to studying intentional transparency efforts by API providers, giving me a place to publish any organizations, links, and stories that I publish on the subject of API transparency...

Examples Of The OpenAPI Specification Used For Government APIs

07 June 2017
I was answering some questions for my partners over at DreamFactory when it comes to APIs in government, and one of the questions they asked was about some examples of the OpenAPI specification being used in government. To help out, I started going through my list of government API looking for any examples in the wild–here is what I found: Federal Election Commission (FEC) (OpenAPI) System for Award Management (SAM) (OpenAPI) US Digital Registry (OpenAPI) 18F Open Source Micro Purchasing API (OpenAPI) NASA (Couldn’t find OpenAPI in less than 30 seconds) Centers for Medicare & Medicaid Services (CMS) API for Quality Payment Program Measures (OpenAPI) National Renewal Energy Labratory Transportation Laws and Incentives API (OpenAPI) I am sure there are more OpenAPI in use across government, but this is what I could find in a five-minute search of my API database...

The Effect of Visual Design and Information Content on Readers’ Assessments

06 June 2017
I have seen a number of research projects looking at API documentation, but this is the most detailed study into how people are seeing, or not seeing the API documentation and other resources we are providing. It is a dissertation for Robert Bennett Watson out of the University of Washington on the Effect of Visual Design and Information Content on Readers’ Assessments of API Reference Topics. I gave the research paper a read through and it is some lofty academic stuff, but it touches on a number of the things I write about on API Evangelist when it comes to the cognitive load associated with understanding what an API does. I found the resulting conversation from the research to be the most interesting part, discussing how we can improve the flow with our API documentation and reduce interruption time, or as I often call it, “friction”...

Patent US 8997069: API Descriptions

06 June 2017
There are so many API patents out there, I’m going to have to start posting one a day just to keep up. Lucky for you I begin to get really depressed by all the API patents I lose interest in reading them and begin to work harder looking for positive examples of API in the world, but until then here is today’s depressing as fuck API patent. Title: API descriptions Number: US 8997069 Owner: Microsoft Technology Licensing, LLC Abstract: API description techniques are described for consumption by dynamically-typed languages. In one or more implementations, machine-readable data is parsed to locate descriptions of one or more application programming interfaces (APIs). The descriptions of the one or more application programming interfaces are projected into an alternate form that is different than a form of the machine-readable data...

Expanding On The API Acronym

06 June 2017
I really dislike acronyms, so the irony surrounding me being the API Evangelist is always present for me. API isn’t just about RESTful APIs to me. API is much more than just the technical, it is also the business and politics of our digital world–something that doesn’t come across in three letters. As part of my storytelling, I enjoy unpacking the complexity that acronyms are often used to shadow, hopefully making the world of technology a little less intimidating for folks. While space out at lunch the other day I unpacked API and wrote this: A - application - the action of putting something into operation. P - programming - the action or process of writing computer programs. I - interface - interact with another system, person, or organization...

APIs Are How Our Digital Selves are Learning To Speak With Each Other

06 June 2017
I know this will sound funny to many folks, but when I see APIs, I see language and communication, and humans learning to speak with each other in this new digital world we are creating for ourselves. My friend Erik Wilde (@dret) tweeted a reminder for me that APIs are indeed a language. APIs are languages. show me one #API aspect that cannot be adequately framed in the context of language design practices and challenges.— Erik Wilde (@dret) June 4, 2017 Every second on our laptops and mobile phone we are communicating with many different companies and individuals. With each wall post, Tweet, photo push, or video stream we are communicating with our friends, family, and the public. Each of these interactions is being defined and facilitated using an API...

Extending Your Apps Using Embeddable Serverless Webhooks

05 June 2017
Auth0 has released a pretty interesting way to extend your web applications using what is an embeddable, serverless, webhooks environment–for lack of a better description. It’s a pretty interesting way to extend applications in a scrappy, hackable, scriptable, webhooky kind of way. The extensions are definitely not for non-developers, but provide a kind of scriptable view source that any brave user could use to get some interesting things done within an existing web application interface. Here are some of the selling features of Auth0 extensions: They are deployed outside of your product and managed externally. They run securely and in isolation from your SaaS application. The SaaS will not go down due to a faulty Webhook...

Algorithmia Invests More Resources Into Machine Learning APIs For Working With

05 June 2017
I got my regular email from Algorithmia this last week and I like where they are going with some of their machine learning APIs. They have been heavily investing in machine learning applied to video, allowing for the extraction of information from video, as well as applying interesting transformations to your videos. Here are some of the video tools they have been working on: Introduction to Video Transform: apply image transformations to every frame of a video automatically. Introduction to Video Meta-Data Extraction: apply any image recognition algorithms to every frame of a video automatically. Deep Dive into Parallelized Video Processing: Check out how we built a highly parallelized video processing pipeline...

Patent US9462011: Determining trustworthiness of API requests

05 June 2017
I’m always fascinated by the patents that get filed related to APIs. Most just have an API that is part of the equation, but some of the patents are directly for an API process. It’s no secret that I’m a patent skeptic. I’m not anti-patent, I just think the process is broken when it comes to the digital world, and specifically when it comes to APIs and interoperability. Here is one of those API patents that show just how broken things are: Title: Determining trustworthiness of API requests based on source computer applications’ responses to attack messages Number: US9462011 Owner: CA, Inc. Abstract: A method includes receiving an application programming interface (API) request from a source computer application that is directed to a destination computer application...

An API You Should Consider Emulating When Crafting Your SaaS / API Business

05 June 2017
The social bookmarking API Pinboard is my favorite API. I feel like it is a model we should all be considering crafting our API-focused businesses. I’ve used Pinboard to curate what I do as the API Evangelist ever since 2011, and it has been one of the most stable and versatile APIs in my stack, doing one thing, and doing it well, reflecting everything that is API from a business perspective. I feel that Pinboard provides entrepreneurs with a positive model for not just a SaaS business, and API operations, but showing startups that you don’t always need to scale to achieve success. Pinboard acquired their rival Delicious bookmarking site this last week, which has been bought and sold five times now, demonstrating the volatility of startup culture, as well as the viability and potential stability a well-run API business can bring to the table...

The Depth And Dimensions Of Monitoring API Operations

02 June 2017
When I play with my Hitch service I am always left thinking about the many dimensions of API monitoring. When you talk about API monitoring in the tech sector conversations almost always start with the API providers and the technical details monitoring of individual APIs. Hopefully, these discussions also focus on API monitoring from the API consumers point of view, but I wanted to also shine a light on companies like Hitch who are adding an additional dimension from the API service provider view of things–which is closer to my vantage point as an analyst. I am an advisor to Hitch because they are a different breed of API monitoring service, that isn’t just focused on the APIs. Hitch brings in the wider view of monitoring the entire operations of an API–if documentation changes, an SDK on Github, or update via Twitter, or a pricing change, you get alerted...

API Documentation From SDK Bridge

02 June 2017
This post is a straight up copy and paste from an email newsletter I get from Peter Gruenbaum of SDK Bridge. I am a big supporter of API service providers like SDK Bridge, who has been doing API documentation the entire time I’ve been the API Evangelist. Peter isn’t looking to be the next big startup, he’s just operating a successful API service that addresses one of the biggest problems API providers face–documentation. Some of my readers might not be aware these types of services exist, which is why I’m copy / pasting this, and helping spread the good word.

The Github Repo Stripe Uses To Manage Their OpenAPI

02 June 2017
I’m beating a drum every time I find a company managing their OpenAPI on Github, like we would the other code elements of our API operations. Today’s drumbeat comes from my friend Nicolas Grenié (@picsoung), who posted Stripe’s Github repository for their OpenAPI in our Slack channel for the super cool API Evangelists in the sector. ;-) Along with the New York Times, Box, and other API providers, Stripe has a dedicated Github repo for managing their OpenAPI definition. This opens up the Stripe API for easily loading in client tools like Restlet Client, and Postman, as we as generating code samples and SDKs using services like APIMATIC. Most importantly, it allows for developers to easily understand the surface area of the Stripe API, in a way that is machine-readable, and portable...

Centers for Medicare & Medicaid Services API for Quality Payment Program Measures

02 June 2017
I am regularly using APIs to slice and dice large datasets to help make sense of what is contained within the database behind in a way that other folks can then develop visualizations, reporting, and other applications for use by folks who are closest to the problem we are trying to solve–this opportunity is one of the reasons I have been evangelizing APIs at all level of government over the last seven years. After many years of hard work in the federal government by smart folks at 18F, and at the agencies they serve, we are beginning to see some tools emerge that begin to help us make sense of the overwhelming amount of data that comes out of the government on a regular basis. You can see this in action with the API for Quality Payment Program Measures, out of the Centers for Medicare & Medicaid Services (CMS)–helping make sense of how spending is working, or not working when it comes to healthcare...

When You Praise Good People In Government

01 June 2017
They do good. When you tell them they suck. They suck. http://papyri.info/

Data Visualization And Storytelling Around Museum Collections Using APIs

01 June 2017
I spend my days looking for interesting API stories to tell. Many days I work REAL hard to find anything truly interesting, as there is a lot of repetition and reuse in the API space, both for good and bad. So when I find stories that reflect what I see in my mind when I think API, I’m always very happy. One of these stories is out of the University of Kansas where a fellow named James Miller has teamed up with museum staff as a faculty research fellow for the Integrated Arts Research Initiative (IARI) “to engage researchers across the sciences and humanities in hybrid projects,” said Joey Orr, the museum’s curator for research who coordinates fellowships for IARI. “We’re using database-driven visualization to tell the stories of the Spencer Museum of Art — from its original founding gift to all the items they’ve obtained since then,”…“The term we like to use is ‘storytelling...

Heavier Investment In API Training Will Be Necessary

01 June 2017
</a> I was learning about the virtual classes that Github are offering, as I was working on some basic API curriculum for some of my clients, and I was reminded of how important training and education is when it comes to technological adoption. Not everyone learns the same way, and not everyone is an autodidact, and providing training around any technology, platform, or service your company, institution, or government agency is adopting is important. If you look at the historic spending of leading API companies like Apigee, you’ll see a large chunk of the budget going to educating and bringing would be or existing clients up to speed with the technology in play. Training and education will be a significant portion of each of the trends you see in play like DevOps, Microservices, and Serverless...

Managing Your Postman Collection Using Github

01 June 2017
I have been encouraging API providers to publish and manage their API definitions using Github similar to how you’d manage any code. Companies like Box and NY Times are publishing their OpenAPI definitions to a single repository, allowing partners and API consumers to pull the latest version of the API definition and use throughout the API lifecycle. I stumbled across another example of managing your API definitions using Github, but this time it is the management of your Postman Collections in a Github repo from API management provider Apigee (now Google). The Postman Collection provides a complete description of the Apigee API management surface area, allowing API providers to easily automate or orchestrate their API operations using Apigee...

Adding Three APIMATIC OpenAPI Extensions To The OpenAPI Toolbox

31 May 2017
I’ve added three OpenAPI extensions from APIMATIC to my OpenAPI Toolbox, adding to the number of extensions I’m tracking on that service providers and tooling developers are using as part of their API solutions. APIMATIC provides SDK code generation services, so their OpenAPI extensions are all about customizing how you deploy code as part of the integration process. These are the three OpenAPI extensions I am adding from them: x-codegen-settings - These settings are globally applicable to all operations and schema definitions. x-operation-settings - These settings can be specified inside an "operation" object. x-additional-headers - These headers are in addition to any headers required for authentication or defined as parameters...

An Example Of API Ethics Out Of Cambridge University

31 May 2017
I was doing some research into what was going on with the API landscape at universities and I came across the Trait Prediction API from the University of Cambridge. I’m still studying what they have going on from a social API perspective, but I thought their approach to API ethics stood out as something I wanted to explore some more. The University of Cambridge, “encourage all of our collaborators to adhere to the following ethical principles, in addition to the applicable legal restrictions”: Control: Nobody should have predictions made about them without their prior informed consent Transparency: The results of any predictions should be shared with individuals in a clear and understandable format Benefit: Predictions should be used to improve services and provide a clear benefit to users Relevance: It should be clear why the data requested is relevant to the prediction being made I do not have formal areas of my API research dedicated to API ethics, but I think I just found my first couple of building blocks to add to it when I do fire it up...

A Perception Of Patent And Copyright Overlapping When It Comes To APIs

31 May 2017
I just read an interesting piece by Dennis Crouch over at on Patentlyo asking, “Are Copyright and Patent Overlapping or Mutually Exclusive in Protecting Software Innovations?” The article is challenging the most recent decision in the ongoing Oracle v Google copyright case using a study on “The Patent-Copyright Laws Overlap Study”, prepared at the behest of the House Subcommittee on Intellectual Property and the Administration of Justice in May of 1991. Among the most significant of the Study’s software findings is that there is “no overlap in subject matter: copyright protects the authorship in a set of statements that bring about a certain result in the operation of a computer, and patents cover novel and nonobvious computer processes...

API Providers Localizing Compute For Developers Using Serverless

30 May 2017
Twilio launched their Twilio Function this last week, localizing serverless infrastructure for Twilio API consumers, when it comes to powering key functionality that Twilio brings to the table. This seems like a logical move for mature API providers, keeping in tune with shifts in how developers are integrating with APIs, and deploying their applications in a DevOps, continuous integration world. I could see other API providers following Twilio’s lead, jumping on the serverless bandwagon, and localizing compute within their API ecosystems. I can see this approach converging with other movements in the SDK space where service providers like APIMATIC are enabling the continuous deployment of SDKs, samples, and other scripts for API integration...

Exploring The Possibilities With My Drone Prototype API

30 May 2017
I enjoy playing with what is possible when it comes to APIs, without all the overhead of actually operating the APIs. I’ve been exploring the world of drones over the last year and it is something that has inevitably collided with my API research, leaving me intrigued by what is possible with drone APIs, as I learn what existing drone providers are doing when it comes to APIs. Drones are the poster child for the Internet of Things. They collect video, take pictures, track location, and best of all–they fly!! Drones have APIs and consume APIs. You can deploy APIs in the cloud, on mobile devices and radio controllers, as well as on the drones themselves. Adding an entirely new dimension, you can also connect a variety of other IoT devices to the drones themselves, things like infrared and network detection, further pushing forward the possibilities...

Apicurio Is The Open Source Visual API Design Editor I Was Looking For

30 May 2017
I’ve been wanting someone to create an open source API editor for some time, and now the folks over at Red Hat / 3Scale have delivered one called Apicurio. It is a web-based Angular2 app, for visually designing your APIs using OpenAPI, with a Github focus. Apicurio is that blend of visual designer, and code view that I was hoping for, letting you manage all your paths, and definitions using OpenAPI via Github. It doesn’t have all the bells and whistles I’d love to see in my perfect API design editor, but they are just getting going, and I think it is an excellent start. Using Apicurio you can start a new API, or begin with an existing API by importing an OpenAPI (as it should be). When you are editing each path, it breaks up your verbs and has grayed out placeholders for adding any verbs you are missing–great inline API design literacy, helping folks quickly expand the design of their API...

Every API Should Begin With A Github Repository

25 May 2017
I’m working on my API definition and design strategy for my human services API work, and as I was doing this Box went all in on Opening, adding to the number of API providers I track on who not just have an OpenAPI but they also use Github as the core management for their API definition. Part of my API definition and design advice for human service API providers, and the vendors who sell software to them is that they have an OpenAPI and JSON schema defined for their API, and share this either publicly or privately using a Github repository. When I evaluate a new vendor or service provider as part of the Human Services Data API (HSDA) specification I’m beginning to require that they share their API definition and schema using Github–if you don’t have one, I’ll create it for you...

Craft Your API Design Guide So You Can Move To Other Areas of The Lifecycle

25 May 2017
I am working on an API definition and design guide for my human services API work, helping establish a framework for approaching API design as part of the human services data and API specification, but also for implementers to follow in their own individual deployments. Every time I work on the subject of API design, I’m reminded of how far behind the API sector is when it comes to standardizing what it is we do. Every month or so I see a new company publicly share their API design guide. When they do my friend Arnaud always adds to his API Stylebook, adding it to the wealth of information available in his work. I’m happy to see each API design guide release, but in reality, ALL API providers should have an API design guide, and they should also be open to publishing it publicly, showing their consumers they have their act together, and sharing with the wider API community the best practices in play...

Spreadsheet To Github For Sample Data CI

24 May 2017
I’m needing data for use in human service API implementations. I need sample organizations, locations, and services to round off implementations, making it easier to understand what is possible with an API, when you are playing with one of my demos. There are a number of features that require there to be data in these systems, and is always more convincing when it has intuitive, recognizable entries, not just test names, or possibly latin filler text. I need a variety of samples, in many different categories, with a complete phone, address, and other specific data points. I also need this across many different APIs, and ideally, on demand when I set up a new demo instance of the human services API...

How Twitter Handles Sorting For Their API

24 May 2017
I was looking into some of the common approaches by API providers for sorting of data in API responses. I’m not in the business of finding the right answer, I am in the business of finding successful examples from APIs(brands) that people are familiar with–I thought Twitter’s page in their API documentation dedicated to sorting was worth noting. When you craft your Twitter API request you just append sort_by=[attribute name]-[asc/desc] where the attribute is a valid attribute that is returned in the JSON of your GET request. An example of this is using ?name-asc to sort by name alphabetically or ?name-desc to sort in reverse. Providing a pretty basic approach that API providers can consider when designing sort functionality in their API...

Considering Using HTTP Prefer Header Instead Of Field Filtering For This API

24 May 2017
I am working my way through a variety of API design considerations for the Human Services Data API (HSDA)that I’m working on with Open Referral. I was working through my thoughts on how I wanted to approach the filtering of the underlying data schema of the API, and Shelby Switzer (@switzerly) suggested I follow Irakli Nadareishvili’s advice and consider using RFC 7240 -the Prefer Header for HTTP, instead of some of the commonly seen approaches to filtering which fields are returned in an API response. I find this approach to be of interest for this Human Services Data API implementation because I want to lean on API design, over providing parameters for consumers to dial in the query they are looking for...

My API Design Checklist For This Version Of The Human Services Data API

24 May 2017
I am going through my API design checklist for the Human Services Data API work I am doing. I’m trying to make sure I’m not forgetting anything before I propose a v1.1 OpenAPI draft, so I pulled together a simple checklist I wanted to share with other stakeholders, and hopefully also help keep me focused. First, to support my API design work I got to work on these areas for defining the HSDS schema and the HSDA definition: JSON Schema - I generated a JSON Schema from the HSDS documentation. OpenAPI - I crafted an OpenAPI for the API, generating GET, POST, PUT, and DELETE methods for 100% of the schema, and reflective its use in the API request and response. Github Repo - I published it all in a Github repository for sharing with stakeholders, and programmatic usage across any tooling and applications being developed...

Thinking About The Privacy And Security Of Public Data Using API Management

23 May 2017
When I suggest modern approaches to API management be applied to public data I always get a few open data folks who push back saying that public data shouldn’t be locked up, and needs to always be publicly available–as the open data gods intended. I get it, and I agree that public data should be easily accessible, but there are increasingly a number of unintended consequences that data stewards need to consider before they publish public data to the web in 2017. I’m going through this exercise with my recommendations and guidance for municipal 211 operators when it comes to implementing Open Referral’s Human Services Data API (HSDA). The schema and API definition centers around the storage and access to organizations, locations, services, contacts, and other key data for human services offered in any city–things like mental health resources, suicide assistance, food banks, and other things we humans need on a day to day basis...

Avoid Moving Too Fast For My API Audience

23 May 2017
I am stepping back to today and thinking about a pretty long list of API design considerations for the Human Services Data API (HSDA), providing guidance for municipal 211 who are implementing an API. I’m making simple API design decisions from how I define query parameters all the way to hypermedia decisions for the version 2.0 of the HSDA API. There are a ton of things I want to do with this API design. I really want folks involved with municipal 211 operations to be adopting it, helping ensure their operations are interoperable, and I can help incentivize developers to build some interesting applications. As I think through the laundry list of things I want, I keep coming back to my audience of practitioners, you know the people on the ground with 211 operations that I want to adopt an API way of doing things...

Some Thoughts On OpenAPI Not Being The Solution

23 May 2017
I get regular waves of folks who chime in anytime I push on one of the hot-button topics on my site like hypermedia and OpenAPI. I have a couple of messages in my inbox regarding some recent stories I’ve done about OpenAPI recently, and how it isn’t sustainable, and we should be putting hypermedia practices to work. I’m still working on my responses, but I wanted to think through some of my thoughts here on the blog before I respond–I like to simmer on these things, releasing the emotional exhaust before I respond. When it comes to the arguments from the hypermedia folks, the short answer is that I agree. I think many of the APIs I’m seeing designed using OpenAPI would benefit from some hypermedia patterns...

Keen IO Pushing Forward The Data Schema Conversation

22 May 2017
I wrote earlier this year that I would like us all to focus more on our schema and definitions of our data we use across API operations. Since then I’ve been keeping an eye out for any other interesting signs in this area like Postman with their data editor, and now I’ve come across the Streams Manager for inspecting the data schema of your event collections in Keen IO.. With Streams Manager you can: Inspect and review the data schema for each of your event collections Review the last 10 events for each of your event collections Delete event collections that are no longer needed Inspect the trends across your combined data streams over the last 30-day period Keen IO provides us with an interesting approach to getting in tune with the schema across your event collections...

Box Goes All In On OpenAPI

22 May 2017
Box has gone all in on OpenAPI. They have published an OpenAPI for their document and storage API on Github, where it can be used in a variety of tools and services, as well as be maintained as part of the Box platform operations. Adding to the number of high-profile APIs managing their OpenAPI definitions on Github, like Box, and the NY Times. As part of their OpenaPI release, Box published a blog post that touches on all the major benefits of having an OpenAPI, like forking on Github for integration into your workflow, generating documentation and visualizations, code, mock APIs, and even monitoring and testing using Runscope. It’s good to see a major API provider drinking the OpenAPI Kool-Aid, and working to reduce friction for their developers...

Evolving API SDKs at Google With Storage, Logging and Analytics

19 May 2017
One layer of my API research is dedicated to keeping track on what is going on with API software development kits (SDK). I have been looking at trends in SDK evolution as part of continuous integration and deployment, increased analytics at the SDK layer, and SDKs getting more specialized in the last year. This is a conversation that Google is continuing to move forward by focusing on enhanced storage, logging, and analytics at the SDK level. Google provides a nice example of how API providers are increasing the number of available resources at the SDK layer, beyond just handling API requests and responses, and authentication. I’ll try to carve out some time to paint a bigger picture of what Google is up to with SDKs...

Its Not Just The Technology: API Monitoring Means You Care

19 May 2017
I was just messing around with a friend online about monitoring of our monitoring tools, where I said that I have a monitor setup to monitor whether or not I care about monitoring. I was half joking, but in reality, giving a shit is actually a pretty critical component of monitoring when you think about it. Nobody monitors something they don’t care about. While monitoring in the world of APIsn might mean a variety of things, I’m guessing that caring about those resources is a piece of every single monitoring configuration. This has come up before in conversation with my friend Dave O’Neill of APIMetrics, where he tells stories of developers signing up for their service, running the reports they need to satisfy management or customers, then they turn off the service...

On Device Machine Learning API Stack

19 May 2017
I was reading about Google’s TensorFlowLite in Techcrunch, and their mention of Facebook’s Caffe2Go, and I was reminded of a conversation I was having with the Oxford Dictionaries API team a couple months ago. The OED and other dictionary and language content API teams wanted to learn more about on-device API deployment, so their dictionaries could become the default. I have asked when we will have containers natively on our routers a while ago, but I’d also like to add to that request–when will we have a stack of containers on device where we can deploy API resources that can be used by applications, and augment the existing on-device hardware and OS APIs? API providers should be able to deploy their APIs exactly here they are needed...

My Google Sheet Driven Product API And Web Page

18 May 2017
I am in the process of eliminating the MySQL backend behind much of my research, eliminating a business expense, as well as an unnecessary complexity in my architecture. There really is no reason for the data I use in my business to be in a database. Nothing I track on tends to go beyond 10K rows, with most of the tables actually being less than 100 rows–perfect for spreadsheets, and my new static approach to delivering APIs, and websites for my research. The time had come to update some of the products on my website, and I thought my product page was a perfect candidate for this approach, providing me with the following elements: Products Google Sheet - I have a simple spreadsheet with all of my products in it...

15 Topics To Help Folks See The Business Potential Of APIs

18 May 2017
One of my clients asked me for fifteen bullet points of what I’d say to help convince folks at his company that APIs are the future, and have potentially viable business models. While helping convince people of the market value of APIs is not really my game anymore, I’m still interested in putting on my business of APIs hat, and playing this game to see what I can brainstorm to convince folks to be more open with their APIs. Here are the fifteen stories from the API space that I would share with folks to help them understand the potential. Web - Remember asking about the viability about the web? That was barely 20 years ago. APIs are just the next iteration of the web, and instead of just delivering HTML to humans for viewing in the browser, it is about sharing machine-readable versions for use in mobile, devices, and other types of applications...

The Parrot Sequoia API Is Nice And Simple For IoT

18 May 2017
I’m profiling a number of drone APIs lately and I came across some interesting APIs out of Parrot. Not all of the APIs are for drones, but I thought they were clean and simple examples of what IoT APIs can look like. The API for the Parrot Sequoia camera can be controlled over USB, WIFI, allowing you to change settings, calibrate the sensors, trigger image capture and manage memory, and files. Here are the paths for the device: /capture: to get the Sequoia capture state, start and stop a capture /config: to get and set the configuration of the camera /status: to get all information about the Sequoia physical state /calibration: to get the calibration status, start and stop a calibration /storage: to get informations about memory /file: to get files and folders information /download: to download files /delete: to delete files and folders /version: to get serial number and software version /wifi: to get the Sequoia SSID /manualmode: to get and set ISO and exposure manually /websocket: to use WebSocket notifications on asynchronous events I like the simple use of API design to express what is possible with an IoT device and that a small hand-held deployable camera and sensor can be defined in this way...

Focusing On What You Do Best While Leveraging APIs To Not Reinvent The Wheel

17 May 2017
There are some pretty proven API solutions out there these days. I had to explain to someone a call the other day that in 2017 you shouldn’t ever roll your own API signup, registration, rate limiting, reporting, logging, and other API management features–there are too many proven API management solutions on the market these days (cough, 3Scale, Restlet, DreamFactory, or Tyk) As a penny-pinching small business owner who is also a programmer, I am always struggling with the question of whether I should be buying or building. However, when it comes to some of the more proven, well-laid API sectors–I know better. One of these areas I will never develop my own tooling is when it comes to analytics...

Studying How Providers Are Supporting Batch API Requests

17 May 2017
A recent addition to my API research is the concept of making batch API requests. I was reminded of this during a webinar I did with Cloud Elements when they cited batch API requests as an area needing improvement in their State of API Integration report. I had also recently come across several batch APIs while profiling the Google API stack, so I already had the topic in my notebook, but Cloud Element pushed me to add the topic to my research. Here are a handful of batch API implementations I am working through, to better understand how providers are approaching the problem: Facebook Graph API [Google Cloud Storage](https://cloud.google.com/storage/docs/json_api/v1/how-tos/batch Full Contact Zendesk SalesForce Microsoft Office Amazon MailChimp Meetup As I do, in my approach to API research, I will process the common patterns I come across in each of these implementations, then add as building blocks in my API design research, hopefully providing some details API providers can consider early on in the API lifecycle...

JSON Schema For OpenAPI Version 3.0

17 May 2017
We are inching closer to a final release of version 3.0 for the OpenAPI specification, with the official version currently set at 3.0.0-rc1. We are beginning to see tooling emerge, and services like APIMATIC are already supporting version 3.0 when it comes to SDK generation, as well their API Transformer conversion tool. I am working on an OpenAPI validation solutions tailored specifically for municipal API deployments and was working with the JSON Schema for version 2.0 of the API specification. I wanted to help make my work be as ready for the future of the API specification and wanted to see if there was a JSON Schema for version 3.0 of the OpenAPI specification. I couldn’t find anything in the new branch of the repository, so I set out seeing if anyone else has been working on it...

Key Factors Determining Who Succeeds In The API and ML Marketplace Game

16 May 2017
I was having a discussion with an investor today about the potential of algorithmic-centered API marketplaces. I’m not talking about API marketplaces like Mashape, I’m more talking about ML API marketplaces like Algorithmia. This conversation spans multiple areas of my API lifecycle research, so I wanted to explore my thoughts on the subject some more. I really do not get excited about API marketplaces when you think just about API discovery–how do I find an API? We need solutions in this area, but I feel good implementations will immediately move from useful to commodity, with companies like Amazon already pushing this towards a reality. There are a handful of key factors for determining who ultimately wins the API Machine Learning (ML) marketplace game: Always Modular - Everything has to be decoupled and deliver micro value...

Google Spanner Is A Database With An API Core

16 May 2017
I saw the news that Google’s Spanner Database is ready for prime time, and I wanted to connect it with a note I took at the Google Analyst Summit a few months back–that gRPC is the heart of the database solution. I’m not intimate with the Spanner architecture, approach, or codebase yet, but the API focus, both gRPC core, and REST APIs for a database platform are very interesting. My first programming job was in 1987, developing COBOL databases. I’ve watched the database world evolve, contributing to my interest in APIs, and I have to say Google Spanner isn’t something I anticipated. Databases have always been where you start deploying an API, but Spanner feels like something new, where the database and the API are one, and the way the database does everything internally and externally is done via APIs (gRPC)...

The Human Services Schema Defines The Storage And The API Defines Access

16 May 2017
I’m comparing five separate vendor API implementations with the Human Services API standard I’m working on at the moment. I’m looking to push version 1.0 of the API towards a 1.1 with some incremental, forward-thinking changes. During This phase of the project, I’m looking to get as much feedback on the API interface from commercial vendors. The Human Services schema is being moved forward by a separate, but overlapping group, and has already gone through a feedback phase, and has officially released version 1.1 of the schema–I’m looking to do the same for the API. Even though the Human Services schema is present, the purpose of the API definition is to open up discussion about what access to that data looks like, with the OpenAPI for the Human Services API acting as a distributed and repeatable contract governing how we access publicly available human services data...

An OpenAPI Generator For Publishing To Github

16 May 2017
The folks behind the OpenAPI Spec driven, interactive API documentation ReDoc, have also developed an OpenAPI generator that helps you manage your OpenAPI Spec deployment using Yeoman. If you aren’t familiar with Yeoman, it is modern scaffolding for web apps, which is all about helping you manage the quick and consistent deployment of APIs following existing best practices. ReDoc’s Yeoman generator leverages all the benefits of pushing your OpenAPI Specs and API documentation on Github: Community Engagement - Allows for engagement with API consumers via Github’s native infrastructure, and issue management. Hosting on GitHub Pages - You are offloading the hosting and bandwidth to Github, and their CDN, significantly reducing overhead...

My New CMS For Manging My Network Of Github Sites

15 May 2017
All of my websites have run 100% on Github for the last three years. The core of my API industry research is always in JSON or YAML, stored in individual project-based Github repositories. I leverage Jekyll for the page and other content collections (blogs, news, etc.). Since 2011 I’ve used my own homebrew CMS system, making it accommodate the switch to a more static presence on Github. Over the weekend I ditched my CMS and lit up a new CMS I came across called Siteleaf, which has all the core features I need: Github, Jekyll, Amazon S3, and API. This is how I manage a couple hundred API research sites, and the images, video, and other heavy objects I store using Amazon S3–these services and tools are critical to my business...

Generating Revenue From The Remarketing Tags On API Evangelist

15 May 2017
I am going through my entire infrastructure lately, quantifying the products and services that API Evangelist offers, and the partnerships that make everything go round. As I do in my work as the API Evangelist, I’m looking to work through my thoughts here on the blog, and this week I have an interesting topic on the workbench–the API Evangelist remarketing tags. According to Google, remarketing tags are: “To show ads to people who have visited your desktop or mobile website, add the remarketing tag to your website. The tag is a short snippet of code that adds your website visitors to remarketing lists; you can then target these lists with your ads. If your website has a Google Analytics tag, you can use this tag instead and skip adding the AdWords remarketing tag...

One Layer Of An API Ranking System Will Need To Be Domain Scoring

15 May 2017
I saw that WhoAPI launched a Domain Score API recently, helping put a value on whether or not you can trust a domain. The example they have in their blog post applies a domain score to the email addresses for any developer signing up for the Domain Score API–pretty useful stuff. I do not know anything about the algorithm behind the domain scoring API, or what data it pulls from, but I think the concept is definitely applicable in today’s online environment. I wrote about Best Buy requiring their developers to register with an email at their business domain, not some general email service, and this seems like another layer of security you could add to this process. With the current climate online, services like these are going to be increasingly valuable in the day to day operations of businesses, and not just for registering for an API...

Helping Standardize How We Communicate About The API Integration Possibilities

12 May 2017
Showcasing the integrations that are possible with your API via your API developer portal is an increasingly important way to demonstrate the usefulness of your API resources. Companies like Amazon, DataDog, Intercom, and other leading providers showcase other systems their solution is already integrated with. When it comes to API solutions, applications aren't just web and mobile, they are often system to system integrations with many of the SaaS and other software solutions that companies are already using in their operations. As I do with other types of signals coming out of the API space I'd like to see more API providers publish a listing of possible integrations, and I've created a simple API solution for managing an API integration page that can run in any Jekyll environment and possesses an API core...

A New Look For API Evangelist

12 May 2017
I was trying to fit some new content into my website, and I couldn't make it fit within the layout. Then I remembered I had also taken off a section of my work because it looked like crap on my iPad a couple weeks back. It is a sign I've outgrown the current layout of my website when I can't publish my new work, as well as be an adequate archive for my historical research. Thankfully, my website is a pretty modular Jekyll implementation, so once I found the right look, it was only a couple hours worth of work to give it a full overhaul. The new look and feel for API Evangelist remind me of the original look for the site back in the day, but with a more modern touch. It's responsive and has one of those little icon menus that follow you as your scroll...

API Integration Service Providers

12 May 2017
I spend a lot of time talking about API providers, companies who have a public APIs. Occasionally, you will also hear me talk integration platform as a service (iPaaS) providers, companies like Zapier and Datafire who focus on providing a platform that connects you with many different API integration possibilities. These companies are a valuable player in the API ecosystem because they acknowledge that we usually do not just need one API, we will almost always need to integrate with many APIs, and they provide tools for developers, and non-developers to deliver API solutions that can leverage multiple individual APIs in a variety of business workflows. I just got off a call with Sean Matthews of Left Hook Digital, an integration service provider who "efficiently build, maintain, and grow their integration options through a diversified iPaaS presence...

Using Public Lands As An Analogy When Talking About Public Data APIs

11 May 2017
I have used the analogy of public lands when talking about access to, and monetization around public data resources, for a number of years. While not a perfect analogy, it provides me with a very tangible, and relatable way to help people understand access to, and the value of public data resources that can often be very abstract and difficult to see. Conveniently, some of the stories about public data, and policy I've worked on in the Federal Government involved public data that was actually about public lands, and more specifically national parks, and other resources in the Recreational Information Database (RIDB). While discussing this work on a conference call the other day, someone thought that using the analogy of public lands when talking about public data didn't always work because public lands were a limited resource--a national park is only so big...

My Challenges When Taking Money From Startups As The API Evangelist

11 May 2017
It is a hustle to do API Evangelist. I've been lucky to have the support of 3Scale since 2013, without them API Evangelist would not have survived. I'm also thankful for the community stepping up last year to keep the site up and running, keeping it community focused thing, and not just yet another vendor mouthpiece. I make my money providing four ad slots on the site, by selling guides and white papers, and by consulting and creating content for others. It is a hustle that I enjoy much more than having a regular job, even though it is often more precarious, and unpredictable regarding what the future might hold. Taking money from companies always creates a paradox for me. People read my stories because they tend to be vendor neutral and focus on ideas, and usable API-centric concepts...

A HandFul Of Microsoft Flow OpenAPI Extensions

11 May 2017
I used to keep track of Swagger vendor extensions are part of my previous research around what was formerly known as Swagger. It is something I'm reviving as part of my OpenAPI Toolbox work, profiling the OpenAPI extensions I come across in the course of my work. While profiling the Azure as part of my API Stack research I came across Microsoft Flow, and noticed that they use OpenAPI as part of the configuration of the integration platform as a service (iPaaS) solution, and have four specific extensions defined: x-ms-summary - Title of the entity. x-ms-visibility - Determines the user facing visibility of the entity. x-ms-dynamicvalues - Enables populating a dropdown for collecting input parameters to an operation...

Simple APIs With Jekyll And Github With Data Managed Via Google Spreadsheets

10 May 2017
I'm always looking for simpler, and cheaper ways of doing APIs that can help anyone easily manage data while making it available in both a human and machine readable way--preferably something developers and non-developers both will find useful. I've pushed forward my use of Github when it comes to managing simple datasets, and have a new approach I want to share, and potentially use across other projects. You can find a working example of this in action with my OpenAPI Toolbox, where I'm looking to manage and share a listing of tooling that is built on top of the OpenAPI specification. Like the rest of my API research, I am looking manage the data in a simple and cheap way that I can offload the storage, compute, and bandwidth to other providers, preferably ones that don't cost me a dime...

Adding An Extensions Category To The OpenAPI Toolbox

10 May 2017
I added another type of tool to my OpenAPI Toolbox, this time it is extensions. They used to be called Swagger vendor extensions, and now they are simply called OpenAPI extensions, which allow any implementor to extend the schema outside the current version of the API specification. All you do to add an OpenAPI extension is prepend x- to any value that you wish to include in your OpenAPI, and the validator will overlook it as part of the specification. I have a whole list of vendor extensions I'd like to add, but I've started with a handful from Microsoft Flow, and my friends over at APIMATIC. Two great examples of how OpenAPI extensions can be used in the API lifecycle. In this case, one is for integration platform as a service (iPaaS), and the other is SDK generation and continuous integration...

In Search Of Some Funding For My Machine Learning API Research

10 May 2017
I am wanting to profile the world of machine learning APIs, similar to what I've done with Amazon, Google, Microsoft, Facebook, and the rest of my API Stack research, but I'm in need of some investment to help make sure I can properly carve out the time to conduct the research, and publish a resulting guide that provides an overview of the space, when done. After profiling the tech giants, I'm seeing some interesting shifts in the landscape when it comes to machine learning and would like to spend time profiling the rest of the landscape beyond just the bigcos. While I am interested in mapping out the landscape of the machine learning API space, I don't have the time to make every project happen, and also pay the bills...

Pricing Tiers Works For SaaS But Not Really For APIs

09 May 2017
I get why SaaS, and API providers offer a handful of pricing plans and tiers for their platforms, but it isn't something I personally care for as an API consumer. I've studied thousands of plans and pricing for API providers, and have to regularly navigate 50+ plans for my own API operations, and I just prefer having access to a wide range of API resources, across many different companies, with a variety of usage limitations and pricing based upon each individual resources. I really am getting tired of having to choose between bronze, gold, or platinum, and often getting priced out completely because I can scale to the next tier as a user. I understand that companies like putting users into buckets, something that makes revenue predictable from month to month, or year to year, but as we consumer more APIs from many different providers, it would help reduce the complexity for us API consumers if you flattened the landscape...

The List Of API Signals I Track On In My API Stack Research

09 May 2017
I keep an eye on several thousand companies as part of my research into the API space and publish over a thousand of these profiles in my API Stack project. Across the over 1,100 companies, organizations, institutions, and government agencies I'm regularly running into a growing number of signals that tune me into what is going on with each API provider, or service provider.  Here are the almost 100 types of signals I am tuning into as I keep an eye on the world of APIs, each contributing to my unique awareness of what is going on with everything API. Account Settings (x-account-settings) - Does an API provider allow me to manage the settings for my account? Android SDK (x-android-sdk) - Is there an Android SDK present? Angular (x-angularjs) - Is there an Angular SDK present? API Explorer (x-api-explorer) - Does a provider have an interactive API explorer? Application Gallery (x-application-gallery) - Is there a gallery of applications build on an API available? Application Manager (x-application-manager) - Does the platform allow me to management my APIs? Authentication Overview (x-authentication-overview) - Is there a page dedicated to educating users about authentication? Base URL for API (x-base-url-for-api) - What is the base URL(s) for the API? Base URL for Portal (x-base-url-for-portal) - What is the base URL for the developer portal? Best Practices (x-best-practices) - Is there a page outlining best practices for integrating with an API? Billing history (x-billing-history) - As a developer, can I get at the billing history for my API consumption? Blog (x-blog) - Does the API have a blog, either at the company level, but preferably at the API and developer level as well? Blog RSS Feed (x-blog-rss-feed) - Is there an RSS feed for the blog? Branding page (x-branding-page) - Is there a dedicated branding page as part of API operations? Buttons (x-buttons) - Are there any embeddable buttons available as part of API operations...

Public And Private Sector Hybrid Data Marketplaces

09 May 2017
I have seen a number of incarnations when it comes to making public data available on the Internet, from startup implementations like earlier InfoChimps, U.S. Federal Government efforts like Dataa.gov, and Socrata. Recently, Andrew Nicklin (@technickle), the Director of Data Practices at the Center for Government Excellence at Johns Hopkins University pointed out a version I haven't come across yet, the public / private sector hybrid.  Publicly-operated data markets. This is an extremely interesting approach, because it provides a few other benefits beyond making government data accessible. With this approach, a government offers a public data market as a platform on which it and third-parties make a variety of data available, some for free and some at a premium...

Regional Availability When It Comes To API Access

08 May 2017
I have been profiling the Microsoft Azure platform over the last couple of weeks, and I found their approach to talking about the regions that were available was worth taking note of. I haven't actually assessed who has more regions, but Azure's approach seems to be pretty advanced, even if AWS might possess more regions (gut feeling). By profiling these cloud services and their available APIs using OpenAPI I am hoping to eventually develop a machine-readable approach to comparing which providers are available within which regions. Google has a regions page, but it doesn't feel as forward leaning as AWS and Azures. It is interesting to watch how each of these providers is handling the availability of API services in a variety of regions across North and South America, Europe, Asia, Africa, and the Middle East...

OpenAPI-Driven Documentation For Your API With ReDoc

08 May 2017
ReDoc is the responsive, three-panel, OpenAPI specification driven documentation for your API that you were looking for. Swagger UI is still reigning king when it comes to API documentation generated using the OpenAPI Spec, but ReDoc provides a simple, attractive, and clean alternative to documentation. ReDoc is deployable to any web page with just two tags--with the resulting documentation looking attractive on both web and mobile devices. Now you can have it all, your API documentation looking good, interactive, and driven by a machine-readable definition that will help you keep everything up to date. All you need to fire up ReDoc is two lines of HTML on your web page: The quickest way to deploy ReDoc is using the CDN step shown above, but they also provide bower or npm solutions, if that is your desire...

Participating In The OpenAPI Feedback Loop

08 May 2017
When you are an individual in a sea of tech giants, and startups who are moving technical conversations forward, it can be easy to just sit back, stay quiet, and go with the flow. As a single person, it feels like our voice will not be heard, or even listened to when it comes to moving forward standards and specifications like the OpenAPI, but in reality, every single voice that speaks up is important, and has the potential to bring a new perspective regarding what the future should hold when it comes to the roadmap. If you are building any services or tooling that supports version 2.0 of the OpenAPI specification and will be looking to evolve your services or tooling to support version 3.0, you need to make sure and share your views...

Taxation On Public Data Via The API Management Layer

05 May 2017
I'm involved in some very interesting conversations with public data folks who are trying to push forward the conversation around sensible revenue generation by cities, counties, state, and the federal government using public data. I'm learning a lot from these conversations, resulting in the expansion and evolution my perceptions of how the API layer can help the government develop new revenue streams through making public data more accessible.  I have long been a proponent of using modern API management infrastructure to help government agencies generate revenue using public data. I would also add that I'm supportive of the crafting of sensible approaches to developing applications on top of public data and API in ways that generate a fair profit for private sector actors...

Quantifying The Data A Company Possesses Using APIs

05 May 2017
Profiling APIs always provides me with a nice bulleted list of what a company does or doesn't do. In my work as the API Evangelist, I can read marketing and communications to find out what a company does, but I find that profiling their APIs provides a more honest view of what is going on. The lack of a public API always sets the tone for how I view what a company is up to, but when there is a public API, profiling it always provides a nice distillation of what a company does, in a nice bulleted list I can share with my readers. When I profile the APIs of companies like Amazon, Google, and Microsoft, I come out of it with a nice bulleted list of what is possible, but when I go even further, making sure each API profile has accompanying schema definitions, a nice list of what data company begins to emerge...

The Value Of Operational Level API Exhaust Systems

05 May 2017
When thinking about generating revenue generated from APIs it is easy to focus on directly charging for any digital resource being made available via the API. If it's an image, we charge per API call, and maybe the amount of MB transferred. If it's messaging, we charge per message. There are plenty of existing examples out there regarding how you directly charge for data, content, or algorithms using APIs, and an API way of doing business--look to Amazon, Twilio, and other pioneers. Where there are fewer examples and less open discussions, is around the value of the operation level of APIs, and making these data available via APIs--yes APIs for APIs. Modern approaches to doing APIs are all about requiring each application to use an API key with each call they make, the logging of each request and response, possessing the identifying key for each application...

I Pushed 1173 API Definitions To The API Stack

04 May 2017
It has been over a year since I've pushed any API definitions to my API Stack research, but I finally was able to prioritize time this week to make sure it was updated with the latest profiles I have in my API monitoring system. I pushed 1,173 companies who are doing interesting things with APIs. Not all of them have a traditional API program, but most of them do. It isn't all of the API related companies in my tracking system, but it's definitely the core group of what I'm watching. Each API is profiled with an APIs.json file, providing an index of the name, description, tags, and other metadata, but also provides the URLs for documentation, Github, Twitter, and other key aspects of API operations...

My New API Vendor Evaluation Checklist

02 May 2017
I am helping a customer think through their decision-making process around the adoption of a new API service, and while I am doing this I am spending the time to think through my own API adoption process. I like having checklists to consider when making new purchasing and integration decision. Sometimes I have an immediate need which is driven by emotion, and it can help to step back and think through a more rational checklist I established for myself on a previous date. When I am approaching a new API that I think might move beyond just playing around, and actually have a viable business use case in my operations, I think through the following areas: Define Value - What value is being created by an API I'm looking to use...

Open Discussions About Funding API Startups

02 May 2017
It made me happy to read the Rise of Non “VC compatible” SaaS Companies, and see that there are more sensible discussions going on around how to develop SaaS business, something that I hope spreads into the specifically API as a product startups and API service providers. I know that many of my readers think I'm anti-VC--I am not. Or may I'm anti-startup--I am not. I'm anti-VC and anti-startup ideology becoming the dominant religion, pushing out a lot of really good people and ideas who can't play that game. When it comes to Silicon Valley, if you push back, you get excluded from the club, and there are waves of people who step up to tell you "not all startups are bad" or "not all VCs are bad"--I wish I could help you understand how this response makes you look...

Defining The Surface Area Of The Facebook API

02 May 2017
I learn a lot by studying APIs. One of the ways I get to know what an API does is by creating an OpenAPI for the API, which helps define all of the paths available for an API--helping me understand what is possible. After defining the API requests that are possible, ensuring there are simple descriptions for each path, I also like to make sure all the data that is being passed back and forth via an API is also defined in the OpenAPI--giving me a good snapshot of what data is stored behind an API. In my current Facebook API definition, there is a total of 271 paths, with 90 objects defined using 654 data points. The machine-readable OpenAPI definition tells me what data is stored and transmitted, and what actions I can take involving these items...

Expressing What An API Does As Well As What Is Possible Using OpenAPI

01 May 2017
I am working to update my OpenAPI definitions for AWS, Google, and Microsoft using some other OpenAPIs I've discovered on Github. When a new OpenAPI has entirely new paths available, I just insert them, but when it has an existing path I have to think more critically about what is next. Sometimes I dismiss the metadata about the API path as incomplete or lower quality than the one I have already. Other times the content is actually more superior than mine, and I incorporate it into my work. Now I'm also finding that in some cases I want to keep my representation, as well as the one I discovered, side by side--both having value. This is one reason I'm not 100% sold on the fact that just API providers should be crafting their own OpenAPis--sure, the API space would be waaaaaay better if ALL API providers had machine readable OpenAPIs for all their services, but I would want it to end here...

Communication With Consumers Through The Design Of Our APIs

01 May 2017
Many of the problems that APIs are often associated with API adoption can often be mitigated via more communication. I track on a number of ways the successful API providers are communicating around their API efforts, but I also like it when API designers and architects communicate through the actual technical design of their APIs. One example of this can be found in the IETF draft submission for The Sunset HTTP Header, by Erik Wilde. "This specification defines the Sunset HTTP response header field, which indicates that a URI is likely to become unresponsive at a specified point in the future." In his original post, nothing lasts Forever (and some things disappear according to a schedule), Erik shows us that a little bit of embedded communication like this in the design of our APIs can help make API consumers more in tune with what is going on...

Quantifying The API Landscape Across Amazon, Google, and Microsoft

01 May 2017
I work to develop OpenAPI definitions for 3rd party APIs because it helps me understand what is being offered by a company. Even when I'm able to autogenerate an OpenAPI for an API, or come across an existing one, I still spend time going through the finer details of what an API does, or doesn't do. I find the process to be one of the best ways to learn about an API, stopping short of actually integrating with it. Over the last couple of months, I've aggregated, generated, and crafted OpenAPI and APIs.json definitions for the top three cloud API providers out there. I wanted to be able to easily see the surface area for as many of the APIs as I could find for these three companies: Amazon - 2222 paths (or methods) across 65 of the Amazon Web Services - you can find the APIs...

Where Do I Start With APIs? Your Existing Software Usage!

28 April 2017
When I get asked by folks about where they should start with APIs, I always start with the low hanging fruit on their websites--if it is publicly available as HTML on your website, it should be available as JSON or YAML via an API. After that, I recommend people start with the software and systems a company is already using and might have APIs or data outputs. Your existing technology most likely has APIs or the ability to publish machine-readable data, and you are just not taking advantage of their capabilities as part of any larger API strategy. I recommend launching a new developer portal using Github and get to work inventorying all of the software, systems, website, and services you use...

Where Do I Start With APIs? Your Website!

28 April 2017
I was firing up my low hanging fruit engine for a customer today, pulling down their entire website, giving them suggestions on where they should start with their API efforts, so I felt it was a good time to blog about this process again. Getting started with APIs can be a challenging question for some organizations, especially when they don't have executive and/or IT buy-in to the concept. To assist folks who find themselves in this situation, I have a process which I call "low-hanging fruit", designed to help jumpstart the API conversation in a safer way. When someone approaches me with the question: Where do I start with APIs at our company, organization, institution, or government agency? If they do not have a specific project in mind or have the buy-in of IT yet, I always recommend started with the low hanging fruit on your website, and targeting these four areas: Existing Spreadsheets - If you there is a CSV, Microsoft Excel Spreadsheet, or Google sheet on the public website, it should be available as an API for searching, and usage in other applications...

A View Of The API LIfecycle From James Higginbotham

28 April 2017
Us API Evangelists have a super secret Slack group where we talk about super interesting API Evangelist things, and one of the folks I regularly learn from in this group is James Higginbotham (@launchany). James is a highly skilled enterprise API architect and curator of the popular API Developer Weekly email newsletter. James is always dropping wisdom in the group, but I found a recent API lifecycle list to be particularly worth sharing, as many of my readers are looking to bring some coherence to their own API operations. Identify Desired Outcome (maps to Discover) Assess Capabilities Required to Satisfy the Need (activities to achieve the outcome) Capture Actors/Participants Using the Capabilities to Achieve the Outcomes (activity steps) Determine Capability Gaps (what don't I have yet, along with what I have - might be various 3rd parties to fill the need) Find Capability Boundaries (when the problem space is larger than a bounded context for a team, line of business, or some other appropriate boundary) Identify API Resources Design API Resource Lifecycle (endpoints that will be offered, to whom) Document the API Design (OpenAPI, Landing Page for a developer portal section, etc) Consume the API Design using a mock Development/Automated Testing Deploy/Manage/Monitor/Market/Evangelize/Improve/Support It is a short, but powerful way to look at your life cycle, which often means many different things to many different folks...

Wearing My Tech Vendor Hat When It Comes To Public Data

27 April 2017
This is a multipart story on monetizing public data using APIs. I have spent the last seven years studying over 75+ aspects of the API delivery lifecycle across companies, organizations, institutions, and government agencies. This project is designed to be a distillation of my work to help drive a conversation around sensible and pragmatic revenue generation using public data--allowing the city, county, state, and federal government agencies to think critically about how open data efforts can exist and grow. It lives as a standalone repository, as well as individual stories that are meant to stand on their own, while also contributing to an overall narrative about public data monetization...

SDK Generation, API Validation And Transformation Using The APIMATIC CLI

27 April 2017
Continuing a growing number of command line interfaces (CLI) being deployed side by side with APIs, SDK generation provider APIMATIC just released a CLI for their platform, continuing their march towards being a continuous integration provider. There was a great post the other day on Nordic APIs about CLI, highlighting one way API providers seem to be investing in CLIs to help increase the chances that their services will get baked into applications and system integrations. "APIMatic CLI is a command line tool written in Python which serves as a wrapper over our own Python SDK. It is available in the form of a small windows executable so you can easily plug it into your build cycle. You no longer have to write your own code or set up a development environment for the consumption of our APIs...

API Definitions Should Be Done By The API Provider

27 April 2017
I talk to a lot of API service and tooling providers about API definitions. I've long been an advocate for API service providers supporting OpenAPI, as well as a variety of API definition formats--if you are having trouble doing this, check out API Transformer. While service providers are an important link in the API definition chain, support of API specification by API providers themselves, and the availability of definitions for all of their APIs is another very critical link in this API supply chain. During a discussion with an iPaaS provider this week about the availability of OpenAPI definitions, a comment was made about there not being enough good sources of usable definitions, specifically from API providers themselves...

My Concerns As A Public Data Steward

26 April 2017
This is a multipart story on monetizing public data using APIs. I have spent the last seven years studying over 75+ aspects of the API delivery lifecycle across companies, organizations, institutions, and government agencies. This project is designed to be a distillation of my work to help drive a conversation around sensible and pragmatic revenue generation using public data--allowing the city, county, state, and federal government agencies to think critically about how open data efforts can exist and grow. It lives as a standalone repository, as well as individual stories that are meant to stand on their own, while also contributing to an overall narrative about public data monetization...

Zapier Was Pretty Savvy In Their Approach To Launching Their Partner API

26 April 2017
One of the areas of the API sector I've been pretty critical of service providers is in the area of integration platform as a service, or iPaaS. If This Then That emerged on the scene, and began enabling some pretty interesting orchestration between popular APIs, but their approach is something I've been critical of, because I don't feel like they pay forward the API way of doing things, by keeping their partnerships closed, and not offering an API on top of their own API-driven platform. Because of my stance on IFTTT, I've always chosen to support the Zapier team, who are in direct competition with IFTTT, but they also have an API for developing, deploying and managing your platform integrations...

Simple API Design Interface Features

26 April 2017
I am on a quest to help improve and standardize the available API design tooling out there, and one aspect of doing this is spending time highlighting the API service providers who have interesting approaches to design embedded in their service. Top of my list is Restlet with their studio. There are a couple of things going on in Restlet Studio that I think are significant to the API design conversation, and would like to see become commonplace across service providers, and possibly even part of some sort of open source offering. Restlet Studio has a nice human interface for designing APIs. When you load up an API you are given a simple, clean, yet comprehensive user interface for adding and updating API paths, and other finer details of your design, no developer skills necessary--allowing anyone to step up and help define the API contract...

API Rate Limiting At The DNS Layer

25 April 2017
I just got an email from my DNS provider CloudFlare about rate limiting and protecting my APIs. I am a big fan of CloudFlare, partly because I am a customer, and I use to manage my own infrastructure, but also partly due to the way they understand APIs, and actively use them as part of their business, products, and services. Their email spans a couple areas of my research that I find interesting, and extremely relevant: 1) DNS, 2) Security, 3) Management. They are offering me something that is traditionally done at the API management layer (rate limiting), but now offering to do it for me at the DNS layer, expanding the value of API rate limiting into the realm of security, and specifically in defense against DDoS attacks--a serious concern...

Your Wholesale API For Sale In The Major API Marketplaces

25 April 2017
I have been talking about selling wholesale APIs for some time now, allowing your potential customers to pick and choose exactly the API infrastructure they need, and develop their own virtualized API stacks. I'm not talking about publishing your retail API into marketplaces like Mashpe, I'm talking about making your API deployable and manageable on all the major cloud providers.  You see this shift in business with a recent AWS email I got telling me about multi-year contracs for SaaS and APIs. Right now there are 70 SaaS products on AWS Marketplace, but from the email I can tell that Amazon is really trying to expand it's API offerings as well. When you deploy an API solution using the AWS Marketplace, and a customer signs up for a one, two, or three year contract, they don't pay for the underlying AWS infrastructure, just for the SaaS, or API solution...

Google And AWS APIs Available In Visual Studio And Eclipse IDEs

25 April 2017
I'm always learning from the API pioneers, and trying to understand how they are pushing forward the API conversation. I'm neck deep in profiling AWS APIs, as well as Google APIs. One common pattern I'm seeing across both providers is the support for API access in both Visual Studio and Eclipse IDEs.  Google is helping developers find APIs within both of the leading IDE platforms. They have long had some Eclipse plugins for their API infrastructure, but I recently noticed they also have a pretty robust solution for Visual Studio developers. The Google APIs .NET library is made available in Visual Studio using the NuGet package manager, opening up access to a significant portion of their API stack...

Separating The Licensing Layers Of Your Valuable Data Using APIs

24 April 2017
Data is power. If you have valuable data, people want it. While this is the current way of doing things on the Internet, it really isn't a new concept. The data in databases has always been wielded alongside business and political objectives. I have worked professionally as a database engineer for 30 years this year, with my first job building COBOL databases for use in schools across the State of Oregon in 1987, and have seen many different ways that data is the fuel for the engines of power. Data is valuable. We put a lot of work into acquiring, creating, normalizing, updating, and maintaining our data. However, this value only goes so far if we keep it siloed, and isolated. We have to be able to open up our data to other stakeholders, partners, or possibly even the public...

THe Concern Around Availability And Reliability Of Government APIs

24 April 2017
There is some rumors circling about more government open data going way, this round is at the EPA. The EPA says the data isn't going anywhere, but understandably there are some serious concerns about the availability and reliability of environmental data from federal agencies during a Trump administration. With the looming government shutdown, I'll renew some of my old arguments around how we can make government data more accessible and making a difference--thoughts I developed during the 2013 shutdown. Communication And CollaborationFirst and foremost, communication around API operations is essential for any kind of reliability. Too often the providers behind APIs, and even consumers of APIs are radio silent...

A Ranking Score to Determine If Your API Was SLA Compliant

24 April 2017
I talked about Google's shift towards providing an SLA across their cloud services last week, and this week I'd like to highlight APIMetric's Cloud API Service Consistency (CASC) score, and how it can be applied to determine if an API is meeting their SLA or not. APIMetric came up with the CASC Score as part of their APImetrics Insights analytics package, and has shown been very open with the API ranking system, as well as the data behind. The CASC score provides us with an API reliability and stability ranking for us to apply across our APIs, providing one very important layer of a comprehensive API rating system that we can use across the industries being impacted by APIs. I said in my story about Google's SLAs that companies should have an API present for their APIs...

Developing Internal API Curriculum And Workshops For Your Organization

21 April 2017
I am working with an enterprise group to develop a curriculum that will be used across internal training workshops executed around the globe. They are looking to push their entire company towards an API way of doing things, and empower business and IT groups to realize their API potential. I'm anonymizing the company, as they have not agreed to me talking about publicly, but as I do, I wanted to share my work behind the scenes, and help other organizations be aware of the work that I do. The API training curriculum is going to be designed to reach and bring up to speed three levels of internal users: API Beginners - The introduction to the world of APIs for business or technical groups...

The SLA Is Becoming Standard Across Google APIs

21 April 2017
I've been working my way through all of the Google APIs, making sure I have an OpenAPI for each API, as well as an APIs.json for the entire API operations. One of the things I index as part of each APIs.json when it is present, is a service level agreement (SLA). Something I found to quickly becoming standard across Google APIs. In this round of research, I found 17 API-driven services at Google that had an SLA present: App Engine - https://cloud.google.com/appengine/sla BigQuery - https://cloud.google.com/bigquery/sla Compute - https://cloud.google.com/compute/sla Container Engine - https://cloud.google.com/container-engine/sla DataFlow - https://cloud.google.com/dataflow/sla DataProc - https://cloud...

How I Can Help Make Sure Your API Is Ready For Use

21 April 2017
As one of my clients is preparing to move their API from deployment to management, I'm helping them think through what is necessary to make sure their API is ready for use by a wider, more public group of developers. Ideally, I am brought into the discussion earlier on in the lifecycle, to influence design and deployment decisions, but I'm happy to be included at any time during the process. This is a generalized, and anonymized version of what I'm proposing to my client, to help make sure their API is ready for prime time--I just wanted to share with you a little of what goes on behind the scenes at API Evangelist, even when my clients aren't quite ready to talk publicly. External Developer Number OneThe first place I can help with the release of your API is when it comes to being the first external developer and fresh pair of eyes on your API...

Continuous Integration Conversational Interfaces

21 April 2017
I recently wrote about how Zapier's new command line interface has a continuous integration feel to it, and while I was writing the piece, I kept thinking about how these integration apps could be used as part of conversational interfaces. I'm thinking about messaging, voice, or even embeddable conversational interfaces, and Zapier's CLI could be used to define some known conversational scenarios we encounter on a regular basis. I'm thinking about the side of conversational interfaces that is more known and scripted. I'm not thinking about creating applications that could hold their own in a natural language conversation, but ones could be defined as part of known business processes, matching a well-defined question and set of rules...

Stories Are The Best Way To Keep The Door Open

20 April 2017
The world is built on stories. People enjoy telling and hearing stories. Stories are the lifeblood of what I do as the API Evangelist and are the number one way I stay in touch with people across many different industries and around the globe. As a single person shop there is only so many calls I can conduct in any single day, and there are only so many folks I can ping on a regular basis to stay in touch--I rely on the power of stories to do the hard work for me, acting as the distributed glue in my world. When I connect with someone new via Twitter, email, or in person, I always close up the conversation with, "if you ever have any good stories for me to tell, either anonymously, or directly, make sure and reach out"...

Human Service APIs On AWS, Azure, Google, and Heroku

20 April 2017
I have several volunteers available to do work on Open Referral's Human Services Data Specification (API). I have three developers who are ready to work on some projects, as well as an ongoing stream of potential developers I would like to keep busy working on a variety of implementations. I am focusing attention on the top four cloud platforms that companies are using today: AWS, Azure, Google, and Heroku.  I am looking to develop a rolling wave of projects that will run on any cloud platform, as well as taking advantage of the unique features that each provider offers. I've setup Github projects for managing the brainstorming and development of solutions for each of the four cloud platforms: AWS - A project site outlining the services, tooling, projects, and communication around HSDS AWS development...

Continous Integration Platform As A Service At The Command Line

20 April 2017
Integration platform as a service (iPaaS) provider Zapier recently launched a command line tool for managing your integrations, adding an interesting dimension to the platform--leaning in what feels like a continuous integration direction. The integration platform has long had a web builder for managing your integrations with over 750 API-driven services, using their APIs, but the command line interface feels like it's begging to be embedded into your development workflow and life cycle.  Zapier is catering to engineers by allowing them to: Bring your Node libraries. Zapier CLI Apps are made entirely of Node JS code. Use whichever libraries from NPM that you like. You can control every aspect of how Zapier interacts with your API, and our schema defines how authentication, Triggers, Actions, and Searches work...

Google Partner API As A Blueprint For Other APIs

19 April 2017
I've been tracking on how API providers operate their partner programs for a while now, in hopes of pulling together some sort of blueprint that other API providers can follow. I'm always happy to find stop along the API life cycle where an API provider has already developed a robust operational API, like the Google Partner API. The Google Partner API provides the essential building blocks of a pretty sophisticated partner program API including company, messaging, company, lead, offer, status, profile, user, relations, and analytics. It is a nicely designed APIs, providing a complete set of paths, with lots of detail and robustness when it comes to the surface area of the API, the data it returns...

Protecting Our Valuable Data With APIs

19 April 2017
In my travels over the last couple of weeks I have found myself in two separate cities, listening to two separate stories about using APIs to help protect some valuable data, that someone was trying to defend, but also putting out there with APIs in hopes of generating revenue to keep things ing. Often times when you mention APIs to someone, they automatically think they will have less control over their data in a digital environment, but increasingly company's are realizing that they actually have the potential to result in more control. In Oxford, UKWhile in Oxford I met with the dictionaries API team, as well as other groups in charge of the important resource, including the OED team...

Google Needs To Get Their API Icon Set In Order

19 April 2017
I have been ranting about an icon set for the API community for over a year now. I want there to be more than just a set of SDK programming language icons. Something that would give us a visual API vocabulary, and allow us to plan, share, and implement API infrastructure like AWS is beginning to do with their own icon set, and their latest visual tooling for defining your architecture. While profiling Google APIs, I'm seeing a pretty disorganized approach to logos beyond just core services, the absence of any dedicated icons that represent specific Google APIs. Amazon is pretty far ahead of the game when it comes visual iconography to represent the services they offer, and will dominate when it comes to visual life cycle tooling, unless Google, Microsoft, or some other provder begin to invest in meaningful icons...

Log Files Are Only For When Things Go Wrong

18 April 2017
I'm always amazed at the number of companies I work with that do not consider log files a first class data system. Log files for servers, web servers, and other systems or applications are only for when something goes wrong. I have to admit, I'm in the same situation. I have APIs on the logging for my API management layer, but I do not have easy API access to my Linux servers or the Apache web server that runs on top of them.  I know that some companies use popular solutions like New Relic to do this, and I keep track on about eight API friendly logging solutions. I'm going to have to spend some time in my API logging research digging around for a solution I can use to stand up an API for my server(s)...

IBM Has A Nice API Explorer

18 April 2017
IBM has a pretty cool explorer format for their API catalog, allowing you to search and browse the IBM API catalog by category, and even broken down preview, beta, and live APIs. It looks like there are about 60+ APIs in the catalog so far, with a mix of uses. Each API has the essential building blocks like getting started, documentation, pricing, and other resources. I don't see any machine readable index like APIs.json or OpenAPI but will keep an eye out. If I have the time I will generate an index for the project after I'm done with some of the other leading cloud and machine learning platforms like AWS and Google.

YAML Templates For API Operations

18 April 2017
I am seeing a significant number of infrastructure orchestration solutions in the cloud start using YAML templates as the core setting of settings and instructions for workflows. Amazon recently introduced YAML templates for your AWS CloudFormations, where you can define the infrastructure templates you are using throughout the API life cycle. These AWS YAML templates are fast becoming the central definition to be used across AWS operations, with support in the AWS Service Catalog. Whether you use AWS or not, working to define your infrastructure using YAML templates help define what is going on. I'm seeing significant adoption of OpenAPIs in YAML, and I'm even beginning to create API operational indexes using APIs...

Add An API To The Web For Sharing Text, URLs And Images

17 April 2017
I am working to push forward my embeddable API research today, so I'm on the hunt for new tools and standards that can be included in my research and put to work by API providers. One of the top reasons for doing embeddable tools is the sharing of information and media on the web. Share buttons have become ubiquitous, so I wanted to have some standard approaches to making them a default part of API operations. While monitoring the API space I came across "a proposal to add an API to the web for sharing text, URLs and images to an arbitrary destination of the user's choice": Web Share is a proposed web API to enable a site to share data (text, URLs, images, etc) to an arbitrary destination of the user's choice...

More API Evangelists And Storytellers Please

17 April 2017
Everyone once in a while I get a comment from someone regarding competition in the API storytelling space, alluding to someone getting the page views, or audience when it comes to APIs. I rarely worry about these things, and in reality, I want to see way more competition and outlets when it comes to short and long form API storytelling--the API space needs as many voices as it possibly can. I'd like to see domain specific evangelists emerge, beyond individual API advocates. Someone covering industrial, machine learning, healthcare, and other significant verticals. We need to begin to cultivate domain expertise, and preferably vendor-agnostic, and tooling-comprehensive knowledge and accompanying storytelling...

Your API Should Reflect A Business Objective Not A Backend System

17 April 2017
I'm in the middle of evolving a data schema to be a living breathing API. I just finished generating 130 paths, all with the same names as the schema tables and their fields. It's a natural beginning to any data-centric API. In these situations, it is easy for us to allow the backend system to dictate our approach to API design, rather than considering how the API will actually be used. I'm taking the Human Service Data Specification (HSDS) schema, and generating the 130 create, read, update, and delete (CRUD) API paths I need for the API. This allows the organizations, location, services, and other details being managed as part of any human service API that will be managed in a very database-driven way...

The Evolution Of The API Strategy And Practice Conference

14 April 2017
In the summer of 2012, Steve Willmott approached me with the idea of doing an API conference. We had both been discussing the need for a vendor-neutral API conference throughout the year, and now he wanted to make it a reality. We got to work talking to potential sponsors to see if the idea would be financially viable, and after a handful of conversation, we quickly had the sponsor support we needed to go ahead with the real thing. The first API Strategy & Practice (APIStrat) was scheduled for December 2012 in New York City, but had to be rescheduled to February of 2013 due to Hurrican Sandy. Honestly, it ended up working out well, with the first APIStrat ended up being sold out...

Gearing Up For Enterprise Sales With An API Service Level Agreement

14 April 2017
I am working through the AWS APIs and the Google APIs, and profiling the building blocks across both of these API operations. My objective in doing this work is to learn as much as I possibly can about how these companies are doing APIs. After diving into Google's APIs I noticed that they were slightly more ahead of the curve when it comes to providing server level agreements (SLA) for their cloud APIs, than AWS. I noticed nine while working through Google APIs: BigQuery - https://cloud.google.com/bigquery/sla StackDriver - https://cloud.google.com/stackdriver/sla Key Management Service - https://cloud.google.com/kms/sla Datastore - https://cloud.google.com/datastore/sla Pub/Sub - https://cloud...

From CRUD To An API Design Conversation With Human Services

14 April 2017
I am working to take an existing API, built on top of an evolving data schema, and move forward a common API definition that 211 providers in cities across the country can put to use in their operations. The goal with the Human Services Data Specification (HSDS) API specification is to encourage interoperability between 211 providers, allowing organizations to better deliver healthcare and other human services at the local and regional level. So far, I have crafted a v1.0 OpenAPI derived from an existing Code for America project called Ohana, as well as a very CRUD (Create, Read, Update, and Delete) version 1.1 OpenAPI, with a working API prototype for use as a reference. I'm at a very important point in the design process with the HSDS API, and the design choices I make will stay with the project for a long, long time...

Playing With Different Views For An OpenAPI Diff Tool

13 April 2017
I am working on version 1.1 of the API definition for the human services data specification (HSDS), and I needed some help articulating the differences between version 1.0 and 1.1, which are both defined using the OpenAPI 2.0 specification. I manage all of my OpenAPIs using Github, but I needed a friendlier way to show the diff between two JSON files, than what Github provides. I got to work on a version that would run using Liquid, that would work in Jekyll, which all my sites and tools run in. I have a variety of API documentation tools that run on Github, so I wanted to develop an interface that showed two separate OpenAPI definitions side by side on a simple HTML page, so at this stage, I'm playing with different ways of showing the differences between paths, and other elements of the API definition...

Tooling For Converting Your OpenAPI Definitions From 2.0 to 3.0

13 April 2017
I wrote a post asking what it would take to migrate OpenAPI tooling from version 2.0 to 3.0 of the API specification, and Mike Ralphson (@PermittedSoc) commented about some of the projects he's been working on involving the latest specification version. Which I hope is a good sign of things to come, when it comes to moving from version 2.0 to 3.0 in 2017. Mike has developed an OpenAPI converter and validator to help people migrate their OpenAPI definitions from 2.0 to 3.0. The open source tool also has an online version of the OpenAPI converter and validator for using in the browser, and of course, it also has an OpenAPI conversion and validation API, because ALL API tools and services should have an API--it is just good API craft...

Six API Embeddables To Consider For Your API

12 April 2017
I have been profiling all of the Google APIs lately, a process that always yields a significant amount of stories for my notebook. One element of Google's approach to delivering APIs that I found relevant in the Google+ portal, was their embeddable tooling. This is an area of the API lifecycle I'm regularly evangelizing, and always looking for good examples to support my research. I think that the six embeddable tools Google offers up as part of their social API represent the top embeddable tooling I see across this space. Partially because of the dominance of social media platform, but also because they make sense to end-users, and accomplish common things that people want to accomplish online...

Exploring Github Curated Galleries

12 April 2017
Github has long been my number one source for discovering people doing interesting things with APIs. As I was trying to articulate how API providers can put Github to work as part of their API operations in another story, I came across the Github Explore section. I thought that the list of items on the home page helps demonstrate that Github is more than just about managing open source code--which is the common perception regarding what you do with Github amongst muggles. I feel that these nine areas reflect the top uses for Github in 2017: Policies - From federal governments to corporations to student clubs, groups of all sizes are using GitHub to share, discuss, and improve laws. Tools for Open Source - Software to make running your open source project a little bit easier...

Open Source Drag And Drop API Lifecycle Design Tooling

12 April 2017
I'm always on the hunt for new ways to define, design, deploy, and manage API infrastructure, and thought the AWS Cloud Formation Designer provides a nice look at where things might be headed. AWS CloudFormation Designer (Designer) is a graphic tool for creating, viewing, and modifying AWS CloudFormation templates, which translates pretty nicely to managing your API infrastructure as well. While the AWS Cloud Formation Designer spans all AWS services, all the elements are there for managing all the core stops along the API life cycle liked definition, design, DNS, deployment, management, monitoring, and others. Each of the Amazon services is available with a listing of each element available for the service, complete with all the inputs and outputs as connectors on the icons...

Getting Feedback From Your API Community When Developing APIs

11 April 2017
Establishing a feedback loop with your API community is one of the most valuable aspects of doing APIs, opening up your organization to ideas from outside your firewall. When you are designing new APIs or the next generation of your APIs, make sure you are tapping into the feedback loop you have already created within your community, by providing access to the alpha, beta, and prototype versions of your APIs. The Oxford Dictionaries API is doing this with their latest additions to their stack of word related APIs, by providing early access for their community with two of their new API prototypes that are currently in development: The Oxford English Dictionary (OED) is the definitive authority on the English language containing the meaning, history, and pronunciation of more than 280,000 entries – past and present – from across the English-speaking world...

What Questions Would You Ask Across 50K API Definitions?

11 April 2017
Mike Ralphson‏ (@PermittedSoc) asked me the other day, "if you could run SQL / #GraphQL queries over nearly 50K #API definitions, what would you ask?". I told him I would respond via blog post, which is one way I help amplify the conversation I have with other API folks in the space. Mike is doing som important work when it comes to API discovery, something that needs amplification if we are going to move this conversation forward. Ok, so what would I ask of nearly 50K API definitions, if I had the opportunity to ask? Here are some of my answers: What are all the paths used? - I'd like to see a list of all path folders, separated by the forward slash, minus any parameters. What paths folders actually are words? - I'd like to know how coherent API design patterns are, and how many are actually words in a dictionary...

OpenAPI As An API Literacy Tool

11 April 2017
I've been an advocate for OpenAPI since it's release, writing hundreds of stories about what is possible. I do not support OpenAPI because I think it is the perfect solution, I support it because I think it is the scaffolding for a bridge that will get us closer to a suitable solution for the world we have. I'm always studying how people see OpenAPI, both positive and negative, in hopes of better crafting examples of it being used, and stories about what is possible with the specification. When you ask people what OpenAPI is for, the most common answer is documentation. The second most common answer is for generating code and SDKs. People often associate documentation and code generation with OpenAPI because these were the first two tools that were developed on top of the API specification...

An Introduction To Github For API Providers

10 April 2017
I have had a number of requests from folks lately to write more about Github, and how they can use the social coding platform as part of their API operations. As I work with more companies outside of the startup echo chamber on their API strategies I am encountering more groups that aren't Github fluent and could use some help getting started. It has also been a while since I've thought deeply about how API providers should be using Github so it will allow me to craft some fresh content on the subject. Github As Your Technical Social NetworkThink of Github as a more technical version of Facebook, but instead of the social interactions being centered around wall posts, news links, photos, and videos, it is focused on engagement with repositories...

The Paradox Of API Evangelist

10 April 2017
I recently gave a talk to the API group over at Oxford University Press. During the discussion, one of their team members asked me about the paradox of what I was advising as the API Evangelist. He was speaking of the dangers of opening up APIs, establishing logging and awareness layers for all the data, content, and algorithms being served up as part of everything we do online. My prepared talk for the conversation was purposefully optimistic, but the conversation also was about the realities of all of this on the ground, at a company like the Oxford University Press--making the conversation a pretty good look at the paradox of API evangelism for me.  I still believe in the potential of APIs, although I'm increasingly troubled by how APIs are used by technology companies...

My Oxford Dictionaries Talk About The World Of APIs

10 April 2017
This is from a conversation I had with the Oxford Dictionaries API team last week while in Oxford. I led a conversation with 30-40 folks across several teams at the Oxford University Press offices. I tried to paint a relevant and realistic picture of the world of APIs, as it would pertain to their organization. I talked for about an hour, with another hour of discussion with the group, where we discussed some of these areas in more detail. History of APIsTo help connect the dots of where the world of APIs is going I wanted to take a brief walk through the history of APIs and make sure everyone is up to speed. The current wave of web APIs began in early 2000's with SalesForce, Amazon, and eBay leveraging web technologies to deliver commerce related IT services that leverage web technology over traditional enterprise approaches...

Taking A Look At The Stoplight API Spec Editor

31 March 2017
I'm keeping an eye on the different approaches by API service providers when it comes to providing API editors within their services and tooling. While I wish there was an open source GUI API editor out there, the closest thing we have is from these API service providers, and I am trying to track on what the best practices are so that when someone does step up and begin working on an open, embeddable solution, they can learn from my stories about what is working or not working across the space. One example I think has characteristics that should be emulated is the API Spec Editor from Stoplight. The GUI editor lets you manage all the core elements of an OpenAPI like the general info, host, paths, and even the shared responses and parameters...

REST, Linked Data, Hypermedia, GraphQL, and gRPC

31 March 2017
I'm endlessly fascinated by APIs and enjoy studying their evolution. One of the challenges in helping evangelize APIs that I come across regularly is the many different views of what is or isn't an API amongst people who are API literate, as well as helping bring APIs into focus for the API newcomers because there are so many possibilities. Out of the two, I'd say that dealing with API dogma is by far a bigger challenge, than explaining APIs to newbies--dogma can be very poisonous to productive conversations and end up working against everyone involved in my opinion.  I'm enjoying reading about the evolution in the API space when it comes to GraphQL and gRPC. There are a number of very interesting implementations, services, tooling, and implementations emerging in both these areas...

Using Google Sheet Templates For Defining API Tests

30 March 2017
The Runscope team recently published a post on a pretty cool approach to using Google Sheets for running API tests with multiple variable sets, which I thought is valuable at a couple of levels. They provide a template Google Sheet for anyone to follow, where you can plug in your variable, as well as your Runscope API Key, which allows you to define the dimensions of the tests you wish to push to Runscope via their own API. The first thing that grabs me about this approach is how Runscope is allowing their customers to define and expand the dimensions of how they test their API using Runscope in a way that will speak to a wider audience, beyond just the usual API developer audience. Doing this in a spreadsheet allows Runscope customers to customize their API tests for exactly the scenarios they need, without Runscope having to customize and respond to each individual customer's needs--providing a nice balance...

Complimentary APIs For The Oxford Dictionaries API

30 March 2017
Many API providers I meet have the "build it and they will come" mentality, thinking that if they build an API, developers will come and use it. It does happen, but many APIs only have so many direct uses, and will have a limited number of resulting implementations. This is one of the reasons I recommend companies do APIs in the first place, to get beyond the obvious and direct implementations, and incentivize entirely new applications that a provider may not have considered. Developing innovative applications an API provider may not have considered is the primary focus of companies I talk to, but only a handful have begun thinking about the other APIs that are out there that might compliment an API...

An Opportunity To Emulate Slack Buttons

30 March 2017
Slack released their Slack Buttons last year, to help as they state "reduce the number of small yet high-frequency tasks that quietly devour a user’s time." I know folks are obsessed with voice, bot, and other conversational interfaces, but I agree with Slack, that there is a huge opportunity to help users execute common API-driven functions with a single push of a button. It is something I blog about regularly, helping folks realize the opportunity in the development of API driven, embeddable buttons, that go beyond what Slack is doing and would run anywhere on the web, in the browser, or even on mobile and other Internet connected devices. Zapier has taken a stab at this with Push by Zapier, and they have the inventory of APIs to support it...

Helping Your Customers Operate Throughout The API LIfe Cycle

29 March 2017
When I started API Evangelist back in 2010 the only stop along the API life cycle that service providers were talking about was API management. In 2017, there are numerous stops along the API life cycle from design, to testing, all the way to deprecation. The leading API providers are expanding the number of stops they service, and the smart ones are making sure that if they only service on or two stops, they do so by providing via API definitions like OpenAPI, ensuring their customers are able to seamlessly weave multiple service providers together to address their full life cycle of needs. I've been working with my partner Restlet to advise them on expanding their platform to be what I consider to be an API life cycle provider...

All API Startups Should Be More Like Glitch

29 March 2017
I was playing around with, and better understanding the new collaborative developer community that is Glitch, and I saw they had published a blog post about how they won't screw up Glitch. The topic was in alignment with another post I was working on regarding what I'd like to see fro API startups, but I think Anil articulates it better than even I could, and I think folks are going to respect it a lot more when it comes from a seasoned veteran like him, over an opinionated evangelist like me. In hist post, Anil shares five key points I think every startup should be thinking about from day one: No lock-in. We use totally standard infrastructure for Glitch, including regular old Node.js, and normal JavaScript for your code...

Learning To Use Our Words Better When Defining Our APIs

29 March 2017
I am playing around with the Open API for the Oxford Dictionaries API, and I'm struck by the importance of not just dictionaries like the Oxford Dictionaries, but also the importance of OpenAPI, and API providers defining their APIs like the Oxford folks have. While we aren't as far down the road as we are with the English dictionary, we are beginning to make progress when it comes to defining the paths, parameters, and other characteristics using OpenAPI, learning to speak and communicate in the digital world using APIs. We use words to craft titles, paragraphs, outlines, and other ways that we communicatie in our personal and professional lives. We also use words to craft titles, paragraphs, outlines, collections, and other ways our systems our communicating in our personal and professional lives using the OpenAPI specification...

Being Able See An API Request In Browser Is Important

28 March 2017
There are a number of things at work making this whole web API thing actually work. One of them that came up while I was at Google discussing APIs a couple weeks ago, while we were listening to Dan Ciruli (@danciruli) was the importance of being able to see an API request in the browser. It is something I think we often overlook when it comes to understanding why web APIs have reached such a wide audience. I remember when I first realized I could change the URL in my Delicious account and get an XML listing of my bookmarks--this is when the API light first went on in my head. The web wasn't just for humans, it could be structured for use in other websites. Seeing the XML in the browser presented me links in a machine readable way, that triggered me to think about else I could with them, and which other systems I could put them to work in...

API Definition: API Transformer

28 March 2017
This is an article from the current edition of the API Evangelist industry guide to API definitions. The guide is designed to be a summary of the world of API definitions, providing the reader with a recent summary of the variety of specifications that are defining the technology behind almost every part of our digital world OpenAPI Spec is currently the most used API definition format out there, with the number of implementations, and tooling, with API Blueprint, Postman Collections, and other formats trailing behind. It can make sense to support a single API definition when it comes to an individual platforms operations, but when it comes to interoperability with other systems it is important to be multi-lingual and support multiple of the top machine-readable formats out there today...

I Think The Parse Twitter Page Sums It Up Pretty Well

28 March 2017
Building a business is hard. Building a business that depends on other business is hard. We would like it if all of our vendors stuck around forever, but this is not the reality of doing business in today's climate. My stance on this situation that nothing lasts forever, but startups and the enterprise could be more honest about the business of startups, which is seriously beginning to impact the trust we all have in the platforms, tools, and APIs we depend on for our businesses. I was working my way through some legacy tweets, and I came across Parse's Twitter home page, which I think sums up the promise being made by each wave of startups, and the end results of these promises--although I have to say that Parse actually handled it pretty well, compared with other startups that I have seen in action...

A Looser More Evolvable API Contract With Hypermedia

27 March 2017
I wrote about how gRPC API implements deliver a tighter API contract, but I wanted to also explore more thought from that same conversation, about how hypermedia APIs can help deliver a more evolvable API contract. The conversation where these thoughts were born was focused on the differences between REST and gRPC, in which hypermedia and GraphQL also came up. Leaving me thinking about how our API design and deployment decisions can impact the API contract we are putting forth to our consumers. In contrast to gRPC, going with a hypermedia design for your API, your client relationship can change and evolve, providing an environment for things to flex and change. Some APIs, especially internal API, and trusted partners might be better suited for gRPC performance, but when you need to manage volatility and change across a distributed client base, hypermedia might be a better approach...

I Predict A Future Flooded With Google Prediction Galleries

27 March 2017
I was roaming through Google's Prediction API, and I thought their prediction gallery provides us a look at a shift occurring right now in how we deliver APIs. I predict that machine learning galleries and marketplaces will become all the rage, independently operating like Algorithmia, or part of a specific API like the Google prediction gallery. Ok, let me put it out there that I hate the use of word prediction. If I was naming the service, I would have called it "execution", or more precisely a "machine training (MT) model execution API". I know I'll never get my way, but I have to put it out there how bullshit many of the terms we use in the space are--ok, back to the API blah blah blah, as my daughter would say...

API Definition: U.S. Data Federation

27 March 2017
This is an article from the current edition of the API Evangelist industry guide to API definitions. The guide is designed to be a summary of the world of API definitions, providing the reader with a recent summary of the variety of specifications that are defining the technology behind almost every part of our digital world. The U.S. Data Federation is a federal government effort to facilitate data interoperability and harmonization across federal, state, and local government agencies by highlighting common data formats, API specifications, and metadata vocabularies. The project is focusing on being a coordinating interoperability across government agencies by showcasing and supporting use cases that demonstrate unified and coherent data architectures across disparate agencies, institutions, and organizations...

Uber Is Painting Bigger Picture Of Their Drivers With Driver API Partnerships

24 March 2017
I was taking a look at the new Uber Driver API and trying to understand the possibilities with the API, and some of the the motivations behind Uber's launch of the API. According to Uber, "our Driver API lets you build services and solutions that make the driver experience more productive and rewarding. With the driver's permission, you can use trip data, earnings, ratings and more to shape the future of the on-demand economy." Providing an interesting opportunity for partners to step up and help build useful apps that Uber drivers can leverage in their worlds, helping them be more successful in their work. The first dimension of the Uber Driver API I find interesting is that it is not an API that is about their core business--ridesharing...

API Definition: WebConcepts.info

24 March 2017
This is an article from the current edition of the API Evangelist industry guide to API definitions. The guide is designed to be a summary of the world of API definitions, providing the reader with a recent summary of the variety of specifications that are defining the technology behind almost every part of our digital world. Keeping up with the standards bodies like International Organization for Standardization (ISO) and Internet Engineering Task Force (IETF)  can be a full-time job. Thankfully,  Erik Wilde (@dret) has help simply and made the concepts and specifications that make the web work more accessible and easier to understand, with his WebConcepts.info project...

Moving APIs Out Of The Partner Realm And Making Them More Public

24 March 2017
It is common for API providers to be really private with their APIs, and we often hear about providers restricting access as time goes by. So, when API providers loosen up restrictions on their APIs, inviting wider use by developers, making them public--I think it is worth taking notice.  A recent example of this in the wild is from the API poster child Twitter, with their Periscope video service. Twitter has announced that they are slowly opening up access to the Periscope video API, something that has been only available to a handful of trusted partners, and via the mobile application--there was no way to upload a video without using your mobile device. Twitter is still "limiting access to fewer strategic partners for a period", but at least you can apply to see if your interests overlap with Twitters interests...

Sharing API Data Validation Examples

23 March 2017
I was studying examples of how I can validate the data returned from a human services APIs demo, and develop a set of API tests, as well as API service providers who can implement the tests, for cities to consider as part of their API deployments that are serving up locations and organizations where you can find critical services. I'm looking for examples of the common things like API availability and response time, but I'm also looking to get very granular and specialized to organizational, location, and service APIs. The image I borrowed from RunScope helps visualize what I'm talking about, showing us how we can keep an eye on the basics, but also getting really granular when specifying what we expect from of our APIs...

API Definition: Open API Specification 3.0.0-RC0

23 March 2017
This is an article from the current edition of the API Evangelist industry guide to API definitions. The guide is designed to be a summary of the world of API definitions, providing the reader with a recent summary of the variety of specifications that are defining the technology behind almost every part of our digital world. The OpenAPI Specification, formerly known as Swagger is approaching an important milestone, version 3.0 of the specification, but it is also the first major release since the specification was entered into the Linux Foundation. Swagger was the creation of Tony Tam of Wordnik back in 2010, but after the project was acquired by SmartBear in 2015, the company donated the specification to the newly formed OpenAPI Initiative (OAI) which is part of the Linux Foundation...

Deploying Your APIs Exactly Where You Need Them

23 March 2017
Building on earlier stories about how my API partners are making API deployment more modular and composable, and pushing forward my understanding of what is possible with API deployment, I'm looking into the details of what DreamFactory enables when it comes to API deployment. "DreamFactory is a free, Apache 2 open source project that runs on Linux, Windows, and Mac OS X. DreamFactory is scalable, stateless, and portable" -- making it pretty good candidate for running it wherever you need. After spending time at Google and hearing about how they want to enable multi-cloud infrastructure deployment, I wanted to see how my API service provider partners are able to actually power these visions of running your APIs anywhere, in any infrastructure...

Opportunity For Push Button API Deployment With Google Cloud Launcher

22 March 2017
I'm keeping an eye on the different approaches to deploying infrastructure coming out of AWS, Google, Microsoft and other providers. In my version of the near future, we should be able to deploy any API we want, in any infrastructure we want with a single push of a button. We are getting there, as I'm seeing more publish to Heroku buttons, AWS and Azure deployment packages, and I recently came across the Google Cloud Launcher, which I think will work well for deploying a variety of API driven solutions--we just need more selection and a button! All the parts and pieces for this type of push button API deployment exist already, we just need someone to step up and provide a dead simple framework for defining and embedding the buttons, abstracting away the complexities of each cloud platform...

API Definition: Human Services API Specification

22 March 2017
This is an article from the current edition of the API Evangelist industry guide to API definitions. The guide is designed to be a summary of the world of API definitions, providing the reader with a recent summary of the variety of specifications that are defining the technology behind almost every part of our digital world. A lot of attention is given to APIs and the world of startups, but in 2017 this landscape is quickly shifting beyond just the heart of the tech space, with companies, organizations, institutions, and government agencies of all shapes and sizes are putting APIs to work. API definitions are being applied to the fundamental building blocks of the tech sector, quantifying the computational, storage, images, videos, and other essential resources powering web, mobile, and device based applications...

API Icon Vocabulary

22 March 2017
I am working on profiling 75 of the Google APIs, and one thing I struggle with at this scale is standardizing the images I use, or more specifically, icons that represent each service as well as the value they deliver under the hood--something Google seriously needs to get more organized in by the way. I have written before about having a set of icons for the API sector, for SDK related icons, and also about how Amazon is getting more organized when it comes to icons for the AWS platform, as I beat this drum about the need for common imagery. While I am glad that Amazon is started to think about iconography when it comes to working with APIs at scale, a lead that Google and Microsoft should follow, I'm hoping that API icons are something that someone will tackle at the same level as say a Schema...

Reminding Myself Of Why I Do API Evangelist

21 March 2017
This is my regular public service reminder of why I do API Evangelist. I do not evangelize APIs because I think everybody should be doing them, that they are the solution to all of our problems, or because I have an API I want you to buy (I have other things for you to buy). I do API Evangelist because I want to better understand how platforms like Facebook, Twitter, Uber, and others are operating and impacting our personal and professional lives. I do believe in APIs as an important tool in our professional toolboxes, but Silicon Valley, our government(s), and many other bad actors have shown me that APIs will more often be used for shady things, rather than the positive API vision I have in my head...

Considering Standards In Our API Design Over Being A Special Snowflake

21 March 2017
Most of the APIs I look at are special snowflakes. The definition and designs employed are usually custom-crafted without thinking other existing APIs, or standards that already in place. There are several contributing factors to why this is, ranging from the types of developers who are designing APIs, to incentive models put in place because of investment and intellectual property constraints. So, whenever I find an API that is employing an existing standard, I feel compelled to showcase and help plant the seeds in others minds that we should be speaking a common language instead of always being a special snowflake. One of these APIs that I came across recently was the Google Spectrum Database API which has employed a standard defined by the IETF Protocol to Access White Space (PAWS)...

With Each API We Increase The Attack Surface Area

21 March 2017
It is easy for me to get excited about a new API. I'm an engineer. I'm a dude. I am the API Evangelist. It easy to think about the potential for good when it comes to APIs. It is much harder to suspend the logical side of my brain and think about the ways in which APIs can be used in negative ways. As a technologist it is natural for me to focus in on the technology, and tune out the rest of the world--it is what we do. It takes a significant amount of extra effort to stop, suspend the portion of your brain that technology whispers to, and think about the unintended consequences, and the pros and cons of why we are doing APIs. Technologists aren't very good at slowing down and thinking about the pros/cons of connecting something to the Internet, let alone whether or not an API should even exist in the first place (it has to exist!)...

The OpenAPI Toolbox And My API Definition Research

20 March 2017
I have the latest edition of my API definition research published, complete with a community-driven participation model, but before I moved on to my design, deployment, and management guides, I wanted to take a moment and connect my OpenAPI toolbox to this research. My API definition research encompasses any specification, schema, or authentication and access scope used as part of API operations, providing a pretty wide umbrella. I am always on the hunt for specifications, schema, media types, generators, parsers, converters, as well as semantics and discovery solutions that are defining the layers of the API space.  This is one reason I have my OpenAPI Toolbox, which helps focus my research into the fast-growing ecosystem developing around the OpenAPI specification...

A Community Strategy For My API Definition Guide

20 March 2017
I have tpublished the latest edition of my API definition guide. I've rebooted my industry guides to be a more polished, summary version of my research instead of the rougher, more comprehensive version I've bee publishing for the last couple of years. I'm looking for my guides to better speak to the waves of new people entering the API space, and help them as they continue on their API journey. In addition to being a little more polished, and having more curated content, my API guides are now going to also be more of a community thing. In the past I've kept pretty tight control over the content I publish to API Evangelist, only opening up the four logos to my partners. Using my API industry guides I want to invite folks from the community to help edit the content, and provide editorial feedback--even suggesting what should be in future editions...

API Evangelist Industry Guide To API Definitions

20 March 2017
I keep an eye on over 70 areas of the API sector, trying to better understand how API providers are getting things done, and what services and tooling they are using, while also keeping my perspective as an API consumer--observing everything from the outside-in. The most important area of my research is API definitions--where I pay attention to the specifications, schema, scopes, and other building blocks of the API universe.  The way my research works is that I keep an eye on the world of APIs through monitoring the social media, blogs, Github, and other channels of companies, organizations, institutions, and agencies doing interesting things with APIs. I curate information as I discover and learn across the API sector, then I craft stories for my blog(s)...

Google Support Buttons

20 March 2017
I talked about the gap between developer relations and support at Google, something that Sam Ramji (@sramji) has acknowledged is being worked on. Support for a single API can be a lot of work and is something that is exponentially harder with each API and developer to add to your operations, and after looking through 75 of the Google APIs this weekend, you see evidence that Google is working on it. While there are many Google APIs that still have sub-standard support for their APIs, when you look at Google Sheets you start seeing evidence of their evolved approach to support, with a consistent set of buttons that tackle many of the common areas of API support. For general questions, Google provides two buttons linked to StackOverflow: The search just drops you into Stack Overflow, with the tag "google sheets api", and the ask a new question drops you into the Stack Overflow submit new question form...

What Will It Take To Evolve OpenAPI Tooling to Version 3.0

16 March 2017
I am spending some time adding more tools to my OpenAPI Toolbox, and I'm looking to start evaluating what it will take for tooling providers to evolve their solution from version 2.0 of the OpenAPI Spec to version 3.0. I want to better understand what it will take to evolve the documentation, generators, servers, clients, editors, and other tools that I'm tracking on as part of my toolbox research. I'm going to spend another couple of weeks populating the toolbox with OpenAPI solutions. Getting them entered with all the relevant metadata. Once I feel the list is good enough, I will begin reaching out to each tool owner, asking what their OpenAPI 3.0 plans are. It will give me a good reason to reach out and see if anyone is even home...

The Ability To Deploy APIs In AWS, Google, or Microsoft Clouds

16 March 2017
I spent a day last week at the Google Community Summit, learning more about the Google Cloud road map, and one thing I kept hearing them focus on was the notion of being able to operate on any cloud platform--not just Google. It's a nice notion, but how real of a concept is it to think we could run seamlessly on any of the top cloud platforms--Google, AWS, and Microsoft.  The concept is something I'll be exploring more with my Open Referral, Human Services Data Specification (HSDS) work. It's an attractive concept, to think I could run the same API infrastructure in any of the leading cloud platforms. I see two significant hurdles in accomplishing this: 1) Getting the developer and IT staff (me) up to speed, and 2) Ensuring your databases and code all runs and scales seamlessly whichever platforms you operate in...

API Environment Variable Autocomplete And Tooltips In Postman

16 March 2017
The Postman team has been hard at work lately, releasing their API data editor, as well as introducing variable highlighting and tooltips. The new autocomplete menu contains a list of all the variables in the current environment, followed by global variables, making your API environment setups more accessible from the Postman interface. Introducing a pretty significant time saver, once you have your environments setup properly. This is a pretty interesting feature, but what makes me most optimistic, is when this approach becomes available for parameters, headers, and some of the data management features we are seeing emerge with the new Portman data editor. It all feels like the UI equivalent of what we've seen emerge in the latest OpenAPI 3...

Tracking On Licensing For The Solutions In My OpenAPI Toolbox

15 March 2017
I wanted to provide an easy way to publish and share some of the tools that I'm tracking on in the OpenAPI ecosystem, so I launched my API toolbox. In addition to tracking on the name, description, logo, and URL for OpenAPI tooling, I also wanted to categorize them, helping me better understand the different types of tools that are emerging. As I do with all my research, I published the OpenAPI Toolbox as a Github repository, leveraging its YAML data core to store all the tools.  It will be a never ending project for me to add, update, and archive abandoned projects, but before I got too far down the road I wanted to also begin tracking on the license for each of the tools. I'm still deciding whether or not I want the toolbox to exclusively contain openly licensed tools, or look to provide a more comprehensive directory of tooling that includes unknown and proprietary solutions...

A Tighter API Contract With gRPC

15 March 2017
I was learning more about gRPC from the Google team last week, while at the Google Community Summit, as well as the API Craft SF Meetup. I'm still learning about gRPC, and how it contributes to the API conversation, so I am trying to share what I learn as I go, keeping a record for others to learn from along the way. One thing I wanted to better understand was something I kept hearing regarding gRPC delivering more of a tighter API contract between API provider and consumer. In contrast to more RESTful APIs, a gRPC client has to be generated by the provider. First, you define a service in a .proto file (aka Protocol Buffer), then you generate client code using the protocol buffer compiler...

Azure and Office APIs in Visual Studio

15 March 2017
I was reviewing the latest changes with Visual Studio 2017 and came across the section introducing connected services, providing a glimpse of Microsoft APIs baked into the integrated development environment (IDE). I've been pushing for more API availability in IDE's for some time now, something that is not new, with Google and SalesForce having done it for a while, but is something I haven't seen any significant movement in for a while now. I have talked about delivering APIs in Atom using APIs.json, and have long hoped Microsoft would move forward with this in Visual Studio. All APIs should be discoverable from within any IDE, it just makes sense as a frontline for API discovery, especially when we are talking about developers...

Thinking About Schema.org's Relationship To API Discovery

15 March 2017
I was following the discussion around adding a WebAPI class to Schema.org's core vocabulary, and it got me to think more about the role Schema.org has to play with not just our API definitions, but also significantly influencing API discovery. Meaning that we should be using Schema.org as part of our OpenAPI definitions, providing us with a common vocabulary for communicating around our APIs, but also empowering the discovery of APIs.  When I describe the relationship between Schema.org to API discovery, I'm talking about using the pending WebAPI class, but I'm also talking about using common Schema.org org within API definitions--something that will open the definitions to discovery because it employs a common schema...

The Relationship Between Dev Relations And Support

15 March 2017
I saw an interesting chasm emerge while at a Google Community Summit this last week, while I heard their support team talk, as well as their developer relations team discuss what they were up to. During the discussion, one of the companies presents discussed how their overall experience with the developer relations team has been amazing, their experience with support has widely been a pretty bad experience--revealing a potential gap between the two teams. This is a pretty common gap I've seen with many other API platforms. The developer relations team is all about getting the word out, and encouraging platform usage and support teams are there to be the front line for support and being the buffer between integration, and platform engineering teams...

Getting Our Schema In Order With Postman's New Data Editor

14 March 2017
In 2017 I think that getting our act together when it comes to our data schema will prove to be just as important as getting it together when it comes to our API definitions and design. This is one reason I'm such a big fan of using OpenAPI to define our APIs because it allows us to better organize the schema of the data included as part of the API request and response structure. So I am happy to see Postman announce their new data editor, something I'm hoping will help us make sense of the schema we are using throughout our API operations. The Postman data editor provides us with some pretty slick data management UI features including drag and drop, a wealth of useful keyboard shortcuts, bulk actions, and other timesaving features...

Airmap's API Enabled Digital Notice And Awareness System

13 March 2017
I am spending time learning more about what Airmap is doing with their digital notice and awareness system. I first learned about what Airmap was up to when I learned they were behind the notifications of national parks, and forest fires that displayed via the iPhone enabled radio controller for my DJI Phantom 3 Pro drone. I found it to be a pretty slick way to notify me of issues with the drone, my radio signal, and the environment around me, so when I came back to civilization I set out researching more about what Airmap does, staying in tune with what they are up to ever since. Now, Airmap's digital notice and awareness system caught my attention: AirMap’s Digital Notice & Awareness System works by sending an encrypted digital flight notice from a drone operator to a secure airspace management dashboard accessible by airspace authorities...

Greyballing Is Embedded In API's DNA

13 March 2017
I've been simmering on thoughts around Uber's greyballing for some time now, where they target regulators and police in different cities, and craft a special Uber experience just for them. Targeting users like this are not new, all companies do it, it's just that Uber has a whole array of troubling behavior going on, and the fact that they were so aggressively pushing back on regulators, is why this is such a news story. I'm familiar with this concept because greyballing is embedded in the DNA of APIs, we just call it API management. Every web, mobile, and device that uses an API have a unique fingerprint, identifying the application, as well as the user. Not all apps or users are created equal, and everyone gets's a tailored experience...

Lots Of Talk About Machine Learning Marketplaces

13 March 2017
I spent last week in San Francisco listening to Google's very machine learning focused view of the future. In addition to their Google Next conference, I spent Tuesday at the Google Community Summit, getting an analyst look at what they are up to. Machine Learning (ML) was definitely playing a significant role in their strategy, and I heard a lot talk of machine learning marketplaces. Beyond their own ML offerings like video intelligence and vision APIs, Google also provides you with an engine for publishing your own ML models. They also have a machine learning advanced solution lab, throwing a machine learning hackathon, and pushing a machine learning certification program as part of their cloud and data offerings...

Focus On Having A Robust And Diverse API Toolbox

10 March 2017
I'm learning a lot about HTTP/2 and gRPC this week, so I have been thinking about how we isolate ourselves by focusing in on individual toolsets, where we should really be expanding our horizons, helping ensure we have the most robust and diverse API toolbox we possibly can. Depending on what part of the tech universe an engineer comes from they'll have a different view on just exactly what I mean when I say API to them. The most common perspective that people respond with is REST. Folks automatically think this is what I mean when I say API--it isn't. That is your dogma or your gullibility to other people's dogma--please expand your horizons. When I say APIs, I mean an application programming interface that leverages web technology (aka HTTP, HTTP/2)...

Telling A More Complete Story With Hypermedia

10 March 2017
I spend a lot of time connecting the dots with APIs, trying to understand what resources are available via an API, and then how I can actually put them to use. I can usually land the documentation page of an API, and be up to speed about what resources are available, and have a basic level of understanding of how I can put the APIs to work withing 15 minutes--if the API is reasonably designed, and somewhat documented. Where things get tougher for me and require much heavier of a cognitive load, is going from the basics to understanding what is possible when you can really connect the dots between all the APIs a provider makes available. While I was profiling, and learning more about the AWS API Gateway, which is an API that let's you deploy and manage your APIs, I found that their usage of the hypermedia format HAL, significantly contributed to me going from basics to a better understanding the big picture, and what is possible at scale...

API Definitions Covering Both REST and gRPC APIs

10 March 2017
I have been learning more about the way Google designs and defines their APIs after their release of their API design guide. When I research a company's APIs I always spend time looking through their Github repositories for anything interesting, and while poking around in Google's I found a repository of "interface definitions for a small (but growing) set of Google APIs". I keep track of any Github repo I find containing API definitions, but Google's repo stood out because it contained a set of API definitions that covered both APIs that support both REST and gRPC. Straight from the Github repo, they support two ways of access APIs: "Google APIs use Protocol Buffers version 3 (proto3) as their Interface Definition Language (IDL) to define the API interface and the structure of the payload messages...

From Awareness, Observability, To API Ratings

09 March 2017
This is the third post in my effort to try and define the three sides of my API monitoring. I'm trying to quantify what is needed as a sort of API industry monitoring dashboard -- if there is such a thing. To help me think through this, I have taken my approach to monitoring the API space and I'm breaking them up into three buckets API awareness, API observability, and now API ratings. While the three areas share many common characteristics, the motivations behind each area are significantly different--enough so, I want to look at them and evolve them separately. A rating system for the API space is something I usually get one or two requests to discuss each quarter, sustained throughout the year...

The Three Layers Of API Hype

09 March 2017
I read a lot of content about APIs. I read a lot of redundant and fluffy marketing and technical jargon, trying to understand exactly what an API does, or doesn't do. Before I criticize, I have to admit that crafting really good API marketing and documentation is hard. Only about 5% of what I read is good, a significant portion is just incomplete and lazily done by someone who doesn't care--the rest is actually incorrect, misleading, and straight up hype. There are three layers to the API hype onion in my experience: Marketing - The fluff on the main page written by the marketing team who usually doesn't care about the API and has taken the time to get to know what it does. Documentation - The technical fluff in the API portal usually written by someone technical, and not quite possessing the skills to talk to humans, let alone coherently explain something to another human being...

Guidance On Versioning Your API From Google

09 March 2017
I always enjoy learning about how companies are versioning their APIs. The topic is always one of the most discussed areas when we do APIStrat workshops, and is an aspect of the API space that I think there is never a 100% right way of doing things. Making it an area I recommend learning as many different approaches as you can, then decide on the right solution for your particular situation. To help you in your journey, and mine, I try to document any official versioning strategies published by API providers I research. Today I have one from Google, providing some very interesting insight into how they version their APIs. Google uses Semantic Versioning, which follows this approach to each version number MAJOR...

People Doing Interesting Things With APIs

08 March 2017
I just wanted to take a moment and highlight some folks who are doing interesting things with APIs. I spend a lot of time focusing on the companies, products, and services from the sector, but I don't talk a lot about individual people. So I wanted to pause for a moment and just highlight a couple of people doing really interesting things with APIs right now. If have been paying attention to API definitions in the last year, then you probably have come across APIs.guru, the Wikipedia for APIs. They have 244 OpenAPI definitions available in their catalog, which is the most comprehensive directory of machine readable API definitions out there. If you have an OpenAPI for your API you should be publishing it to APIs...

A Framework For Our All Day API Discussion

08 March 2017
This is an outline I pulled together for a potential project I am working on this week. It's derived from my research, and previous workshops I've done with companies, organizations, institutions, and government agencies in the past. I wanted to share here, in hopes it would stimulate API-focused conversations with some interesting folks. I put together a framework to guide a full day discussion between us, which will leave you with a greater awareness of what an API focus can bring to your company, and leave you with a strategy that you could apply to your API operations back home. This framework is assembled from the last seven years of monitoring the API practices of leading companies like Amazon, Google, Facebook, Twitter, and others, but tailored to meet the needs of a retail and digital commerce focused company...

There Is More To This Than Just Having An API

07 March 2017
There is a reason why I encourage API providers to look at not just the technology of APIs but also invest heavily into the business and politics of API operations. There is a reason I evangelize a more open, web-based approach to doing APIs, even if you are peddling hardware and device APIs. It is because there are a number of human-centered elements present when doing APIs, that will define your services, and ultimately contribute to whether or not they are a success or a failure. One example of this from my API news curation archives is from the Sonos API ecosystem, and a pretty big blunder in communication the audio device platform made late last year, that is significantly impacting their partnerships in 2017...

The Tyk Wordpress API Portal

07 March 2017
I am finally seeing more solutions available for API providers when it comes to publishing an portal for their API operations. I've long had my minimum viable API portal definition, which I recently deployed to support the Miami Open211 API, and I also wrote about AWS serverless approach to an API portal. Next up, is a WordPress solution from my API management partner Tyk. The WordPress API portal solution has the following features: Automatic developer registration on Tyk when developers sign up in WP Configuration of API policies available for token registration Developers may request an access token for the available API policies Automatic or manual approval of key requests Storage of token (references) by name and API policy Revoking of tokens by developer Display usage statistics per key Request quota usage per key All the basics you need when standing up a basic API operation...

I Am Learning About gRPC APIs From Google

07 March 2017
I have been processing Google's API design guide, and an unexpected part of the work has been learning more about gRPC, which Google is "converging designs of socket-based RPC APIs with HTTP-based REST APIs." -- something I have not seen in an API design guide until now. "gRPC uses protocol buffers as the Interface Definition Language (IDL) for describing both the service interface and the structure of the payload messages", and is something I'm hearing more chatter about from larger providers, which I think represents the evolving world of API design beyond the old REST days. According to the site, "gRPC is used in last mile of computing in mobile and web client since it can generate libraries for iOS and Android and uses standards based HTTP/2 as transport allowing it to easily traverse proxies and firewalls...

Please Develop An Embeddable Open Source Visual API Editor

06 March 2017
This is a repeat story of one I wrote two years ago, but things haven't changed so I'm going to rant about again, 2017 style. We need someone to develop an open source, visual API design editor. There is the Swagger Editor, but that is more a web IDE, and I'm looking for a well designed, intuitive, visual editor for managing your OpenAPI definitions, that is embeddable and easily integrated into any web or mobile system. There are examples of nice visual API design editors with some of the leading API service providers, but I'm looking for something any API service provider could put to work. I included these examples in my last story, except I'm including Stoplight this round instead of Gelato, because they gave me an upgrade my account message, and wouldn't let me see the interface...

Do You have An API Design Guide For Your Operations?

06 March 2017
Everyone developing APIs struggles with API design. Ok, maybe a few of the gurus out there don't, but the rest of us need education, practice, and ideally someone or something to help guide us through the best practices when it comes to API design. I try to track what different companies are doing when it comes to API design, and maintain a list of any API design guides I come across in my work. If you are looking to start getting a grasp on API design at your company, organization, institution or agency, I recommend starting on the journey to define your own API design guide--you will be surprised what you can learn along the way. You can kick things off by visiting my API design research, but I strongly recommend you head over to the API Stylebook, and build on this important work...

Thinking About OpenAPI Provenance

06 March 2017
I am building on the great work by the APIs.guru team, assembling a collection of Google definitions. I will be forking their Google Open definitions and wrap them in APIs.json indexes, so I can analyze the APIs at the 100K level, and potentially augment, and enrich the existing OpenAPIs that the APIs.guru team has worked so hard on.  When APIs.guru crafts an OpenAPI for an API, they have a set of OpenAPI extensions that provides a snapshot of the history for each OpenAPI. They provide six OpenAPI extensions, specific to their API discovery objectives: x-apiClientRegistration:     url: 'https://console.developers.google.com' x-logo:      url: 'https://www...

I Want To Just POST Information Directly To Your API Platform

03 March 2017
I was dreaming of a more modular, event-driven approach to API monetization the other day, and I found myself thinking more about the motivations behind each API call made, from the perspective of both the consumer and the provider. With this story I am just thinking about just the POST, or how we usually add something to a system via API--this is not always the case, but it is the common usage of the verb.  I don't have any numbers to support this, but the majority of APIs I encounter are GET only. The more mature API platforms have diverse stacks, using their verbs, but when companies are just getting going with their API operations, they rarely use POST, PUT, PATCH, and DELETE...

Deploy A Grape Doorkeeper Driven API To Heroku With A Click Of A Button

03 March 2017
There have been many advances in the way that we deploy APIs in the last couple of years, but I still want more of an embeddable, push botton way to deploy generic or even more specialized APIs. This is something I've ranted about before, asking where the deploy to AWS and Google buttons. I'm seeing more AWS solutions emerge, helping deploy from Github using AWS Codeploy, and the regular number of deploy to Heroku buttons, but not the real growth I'd like to see occur--making it a drum I will keep beating until I get what I want. I was working on my OpenAPI toolbox, cataloging open source tools that put the OpenAPI specification to work, and came across a deploy with Heroku button for the Grape Doorkeeper, which helps you "create an awesome versioned API, secured with OAuth2 and automatically documented"...

Google Shares Their API Design Guide

03 March 2017
Google released an API design guide recently. I'll be adding the design guide to the list of examples I have in my API design research. The Google API design guide is pretty straight forward in its purpose, with a goal of helping, "developers design simple, consistent and easy-to-use networked APIs", but I thought it was noteworthy that they were also looking to help "converging designs of socket-based RPC APIs with HTTP-based REST APIs." gRPC and Protocol Buffers has been on my task list to learn more about for a while now, but without any projects at scale, it's probably not a task I'll find much time for anytime soon. I'll try to carve off more time to learn how folks like Google are doing it, through their guides and storytelling...

Getting Back To Work On My OpenAPI Toolbox

02 March 2017
I used to have a Github repository dedicated to Swagger tooling and implementations, but I took it down after Swagger was donated to the Linux Foundation. I've rebooted it as my OpenAPI Toolbox, providing a single Github repository for managing an active list of open source tooling built on top of the OpenAPI specification. Here is a snapshot of my toolbox of OpenAPI-driven solutions, as it stands today. This site is a Jekyll-driven website running on Github, using Github Pages. The tools in this toolbox are driven by a YAML file in the _data folder for this repository, with the HTML pages driven using Liquid. Here are the tools organized by type of implementation (something that is evolving quickly): Documentation Generators Servers   Clients Editors   Here they are organized by programming language, providing another dimension to look at the tooling being developed on top of OpenAPI...

Dreaming Of A More Modular Event Driven API Monetization

02 March 2017
I was learning about the approach Amazon has taken with their serverless API developer portal, and highlighting their approach to API plans, and couldn't help but think there was more to it all than just rate limiting your API. Amazon's approach to API plans is in alignment with other API management providers, allowing you to deploy your APIs, meter, rate limit, and charge for access to your API--standard business of APIs stuff. Controlling access to a variety of API resources is something that has been well-defined over the last decade by API management providers like 3Scale, and now Tyk and DreamFactory. They provide you with all the tools you need to define access to APIs, and meter access based upon a wide variety of parameters...

My Developer Portal Checklist For A Human Services API

02 March 2017
I was handed the URL for a human services API implementation for Miami. It was my job to now deploy a portal, documentation, and other supporting resources for the API implementation. This project is part of the work I'm doing with Open Referral to help push forward the API conversation around the human services data specification (HSDS). I got to work forking my minimum viable API portal definition, to provide a doorway for the Miami Open211 API.  Next, I got to work on setting up a basic presence for the human services API. I started with giving the portal a title, and a basic description of what the service does, then I got to work on each of the portal elements that will help people put the data to work...

A Machine Readable Definition For Your AWS API Plan

01 March 2017
I was learning about the AWS Serverless Developer Portal, and found their API plan layer to be an interesting evolution in how we define the access tiers of our APIs. There were a couple different layers of AWS's approach to deploying APIs that I found interesting, including the AWS marketplace integration, but I wanted to stop for a moment and focus in on their API plan approach. Using the AWS API Gateway you can establish a variety of API plans, with the underlying mechanics of that plan configurable via the AWS API Gateway user interface or the AWS API Gateway API. In the documentation for the AWS Serverless Developer Portal, they include a JSON snippet of the configuration of the plan for each API being deployed...

Mapping Github Topics To My API Evangelist Research

01 March 2017
I was playing around with the new Github topics, and found that it provides an interesting look at the API space, one that I'm hoping will continue to evolve, and maybe I can influence. I typed 'api-' into Github's topic tagging tool for my repository, and after I tagged each of my research areas with appropriate tags, I set out exploring these layers of Github by clicking on each tag. It is something that became quite a wormhole of API exploration. I had to put it down, as I could spend hours looking through the repositories, but I wanted to create a machine-readable mapping to my existing API research areas, that I could use to regularly keep an eye on these slices of the Github pie--in an automated way...

New York Times Manages Their OpenAPI Using Github

01 March 2017
I come across more companies managing their OpenAPI definition as a single Github repository. One example of this is from the New York Times, who as the API definitions for their platform available as its own Github repository. It demonstrates the importance of maintaining your API definitions separately from any particular implementation, such as just your documentation. You can find Individual OpenAPIs for their archive_api, updated description, article_search,books_api, community, geo_api, most_popular_api, movie_reviews, semantic_api, times_tags, timeswire, top_stories broken down into separate folders within the Github repository. The NYT also provides markdown documentation, alongside the machine-readable OpenAPI definition in each folder, helping make sure things are human-readable...

A Checklist For API Observability

28 February 2017
I have had the Wikipedia page for Observability open in a browser tab for weeks now. I learned about the concept from Stripe a while back and is something that I am looking to help define APIs from an external vantage point. In this world of fake news and wild promises of artificial intelligence and machine learning, we need these black boxes to be as observable as they can--I am hoping that APIs can be one of the tools in this observability toolbox. Stripe is approaching this concept from the inside, with a focus on stability and reliability of their API operations. I am focusing on this concept from the outside, to "measure how well internal states of a system can be inferred by knowledge of its external outputs"...

The AWS Serverless API Portal

28 February 2017
I was looking through the Github accounts for Amazon Web Services and came across their Serverless API Portal--a pretty functional example of a forkable developer portal for your API, running on a variety of AWS services. It's a pretty interesting implementation because in addition to the tech of your API management it also helps you with the business side of things.  The AWS Serverless Developer Portal "is a reference implementation for a developer portal application that allows users to register, discover, and subscribe to your API Products (API Gateway Usage Plans), manage their API Keys, and view their usage metrics for your APIs..[]..it also supports subscription/unsubscription through a SaaS product offering through the AWS Marketplace...

Will The Experian API Focus On The People Being Ranked?

28 February 2017
I was reading about Experian the credit score company "ventures nimbly into the API economy" this week. I'm happy to see any company begin their API journey, especially companies whose important algorithms impact our lives in such a major way. APIs are critical when it comes to shining a light on how algorithms work and don't work. According to the Experian developer page, "the Experian Connect API provides easy access to embed credit functionality on your websites and mobile apps. Consumer-empowered sharing allows you to create products and services for previously unreachable markets". Sadly I can't see much about the API itself, as you have to fill out a form and request access to see documentation or anything beyond just a basic description...

An Example Of An API Service Provider Using Hypermedia

27 February 2017
There is a growing number of hypermedia APIs available in the wild these days. However there aren't a lot of examples of hypermedia API service providers making the API lifecycle more dynamic and living. When people ask me for examples of hypermedia APIs out there I like to have a handful of URLs I can share with them, providing a diverse set they can consider as part of their own operations. One really good example of an API service provider putting hypermedia to use is Amazon Web Services--specifically with the AWS API Gateway.  AWS describes it best in the documentation for the gateway API: The Amazon API Gateway web service is a resource-based API that uses Hypertext Application Language (HAL)...

The API Definition For The Tyk API Gateway

27 February 2017
If you are selling a service you should have an API. It is something you hear me talk about a lot here on the blog. I push on this subject because it is important, and there are numerous API service providers out there who do not have an API or choose to not make them available. In a DevOps, continuous integration world, we need the entire stack to have APIs--making our API platforms programmatic, just like the data, content, and algorithms we are making available via the APIs we are deploying. If you need an example of this in the wild, you don't have to look much further than my partner in crime Tyk, who have a simple API for their API gateway--no matter where you deploy the gateway, you can manage it using it's APIs...

I Need Your Help With My API Definition Industry Guide

27 February 2017
I am approaching seven years doing API Evangelist. I have over 70 areas of my core API lifecycle research available on the website and have four of those areas (definitions, design, deployment, & management) that I've been publishing industry guides for the last couple of years. In 2017, I want to take those guides, and hopefully a handful of other research areas to the next level. My guides have always been about the quantity of information, over the quality of the final guide. I want to turn that on its head and focus on the quality of information and presentation over the quantity, publishing an executive summary of each of my API industry research areas. With my new guide, I am looking to add a touch of design, but I'm also looking to expand the exposure and storytelling opportunities for my partners in the space...

A Well Thought Out API Platform

20 February 2017
I was playing with one of the API deployment solutions that I track on, appropriately called API Platform. It is an open source PHP solution for defining, designing, and deploying your linked data APIs. I thought their list of features provided a pretty sophisticated look at what an API can be, and was something I wanted to share. Create a CRUD API in minutes JSON-LD, Hydra, HAL native support Automatic Swagger documentation Built with Symfony and Doctrine Docker integration Data validation and error management Pagination, filtering and sorting Generate the data model using Schema.org FOSUser,JWT, CORS and OAuth support Implements OWASP's recos Modular Designed for speed and caching Behat, PHPUnit and Postman spec & testing 100% open source (MIT) There are a couple of key elements here...

API Definitions Influencing API Design

17 February 2017
I was having a conversation about whether I should be putting my API definition or my API design work first--which comes earlier in the lifecycle of an API? The conclusion was to put definition first because you need a common set of definitions to work with when designing your API(s). You need definitions like HTTP and HTTP/2. In, 2017 you should be employing definitions like OpenAPI Spec, and JSON Schema. These definitions help set the tone of your API design process. In my opinion, one of the biggest benefits of designing, developing, and operating APIs on the web has been forcing developers to pick up their heads and pay attention to what everybody else is doing and wanting. I suffer from this...

Trying To Define API Awareness

16 February 2017
I have a regular call with a really smart API person who is trying to move forward a really cool project for the API space. It is some thought provoking voodoo and I need to be able to write about it--this is how I flush out my thoughts and move forward. He is not quite ready to talk about his project publicly, so I will just talk about and explore in terms of my API Evangelist research and how it applies to the area(s) of the API space he is looking to make an impact. This topic spans several areas of my API research, but if I had to give it a single label I would call it API awareness. When you hear me talk about my monitoring the API space, API awareness is the result. I wanted to try and communicate this from my vantage point but also share with other analysts, practitioners, and even the average individual online today...

API Lifecycle Service Providers Instead Of Walled Gardens

16 February 2017
It is a common tactic of older software companies to offer open source, services, and tools in a way that all roads just lead into their walled garden. There are many ways to push vendor lock-in and the big software vendors from 2000 through 2010 have mastered how to route you back to their walled gardens and make sure you stay there. Web APIs have set into motion a shift in how we architect our web, mobile, and device applications, as well as providing services to the life cycle that are behind the operation of these web APIs. While this change has the potential to positive it often it can be very difficult to tell apart the newer breed of software companies from the legacy version, amidst all the hype around technology and startups...

Box's Seamless Approach To API Documentation

14 February 2017
The document platform Box updated their developer efforts recently, helping push forward the definition of what API documentation can be. I've long been advocating moving APIs out from the shadow of the developer portal, and make it more seamless with any UI, kind of like CloudFlare does with their DNS dashboard. There is no reason the API should have to be hidden from users--it should be right behind the UI for everyone to discover. Box does this. You can interact with files just like it is the regular interface. When push the get the folder items, upload file, or other option available to you in the documentation--you get example API request and response in the right-hand column...

API Life(middleware)Cycle API

14 February 2017
I have had a series of calls with an analyst group lately, discussing the overall API landscape in 2017. They have a lot of interesting questions about the space, and I enjoyed their level of curiosity and awareness around what is going on--it helps me think through this stuff, and (hopefully) better explain it to folks who aren't immersed in API like I am.  This particular group is coming at it from a middleware perspective and trying to understand what APIs have done to the middleware market, and what opportunities exist (if at all). This starting point for an API conversation got me thinking about the concept of middleware in contrast to, or in relationship to what I'm seeing emerge as the services and tooling for the API life cycle...

A CKAN OpenAPI Spec

14 February 2017
.gist {width:100% !important;} .gist-file .gist-data {max-height: 500px;} I was working on publishing an index of the General Service Administration (GSA) APIs I currently have in my API monitoring system, and I remembered that I updated my Data.gov work publishing a cache of the index on Github. Part of this work I had left a note for myself about finding / creating an OpenAPI Spec for the Data.gov API, which since it is a CKAN implementation should be pretty easy--I hoped. After Googling for a bit I found one created by the French government open data portal -- thank you!!. It looks pretty complete with 102 paths, and 79 definitions, providing a pretty nice jumpstart for anyone looking to documentation their CKAN open data implementation...

Using Github As An API Index And Data Store

13 February 2017
I am spending a lot of time studying how companies are using Github as part of their software and API development life cycle, and how the social coding platform is used. More companies like Netflix are using as part of their continuous integration workflow, something that API service providers like APIMATIC are looking to take advantage of with a new wave of services and tooling. This usage of Github goes well beyond just managing code, and are making the platform more of an engine in any continuous integration and API life cycle workflow. I run all my API research project sites on Github. I do this because it is secure and static, as well as introduces a very potent way to not just manage a single website, but over 200 individual open data and API projects...

The Reasons Why We Pull Back The Curtain On Technology

13 February 2017
Photo by Shelah I was trying to explain to a business analyst this week the difference between SDK and API, which he said was often used interchangeably by people he worked with. In my opinion SDK and API can be the same thing, depending on how you see this layer of our web, mobile, and device connectivity. The Internet has been rapidly expanding this layer for some time now, and unless you are watching it really don't see any difference between API and SDK--it is just where the software connects everything. For me, an SDK is where the data, content and algorithmic production behind the curtain is packaged up for you -- giving you a pre-defined look at what is possible, prepared for you with a specific language or platform in mind...

Where Are The Interesting API Bookmarklet Examples?

10 February 2017
I have been kvetching about the quality of embeddable tooling out there, so I'm working on discovering anything interesting. I started with bookmarklets, which I think is one of the most underutilized, and simplest examples of working with APIs on the web. Here are a couple of interesting bookmarklets for APIs out there: Twitter - Probably the most iconic API and bookmarklet out there -- share to Twitter. Pinboard - An API-driven bookmarklet for saving bookmarks that I use every day. Hypothesis - A whole suite of API-driven bookmarklets for annotating the web. Socrata - A pretty cool bookmarklet for quickly viewing documentation on datasets. Tin Can API - A bookmarklet for recording self-directed learning experiences...

What Do You Get When You Search For The Schema.org Logo?

10 February 2017
I spend a lot of time looking for logos of the companies that I write about. A lack of consistency around how companies manage (or don't) their logos, and make them available (or don't) regularly frustrates the hell out of me. While doing my regular work I found myself Googling for the Schema.org logl -- what came up made me smile. When you Google for Schema.org logo you don't get the logo for Schema.org, you get the schema for a logo, which is the image property of a thing and is used by brands, organizations, places, products, and services. I still had to actually do a separate search to find the Schema.org logo, but it did make me smile, and make me think even deeper about how we manage (or don't) our bits online...

Having A Program For Researchers Baked Into Your API Operations

09 February 2017
I wrote about the need for service level agreements dedicated to researchers who are depending on APIs a couple weeks ago, and while I was doing my work profiling of AWS, I came across their approach to supporting research. Amazon has a dedicated program research and technical computing on AWS, where they: "helps researchers process complex workloads by providing the cost-effective, scalable and secure compute, storage and database capabilities needed to accelerate time-to-science. With AWS, scientists can quickly analyze massive data pipelines, store petabytes of data and share their results with collaborators around the world, focusing on science not servers." Amazon has three distinct ways in which they are helping researchers, as well as the industries and people they impact: AWS Research Cloud Program - The AWS Research Cloud Program helps you focus on science, not servers---all with minimal effort and confidence that your data and budget are safe in the AWS Cloud...

API Management Is Getting More Modular And Composable

09 February 2017
I've been keeping an eye on the API management space for about seven years now, and I actually have to say, even with all the acquisitions, IPOs, commoditization, etc, I am actually pretty happy with where the sector has evolved. API management always resembled its older cousin the API gateway for me, so when companies like 3Scale started offering a freemium model, that I could deploy in the cloud with a couple lines of code---I jumped on the API management bandwagon. It was easy and gave you all the service composition, onboarding, analytics, and metering tools you needed out of the box. I have been pushing on providers to provide an open source API management solution for quite some time, and providers like WSO2 finally stepped up to bring an enterprise-grade solution to the table, then solutions like API Umbrella also emerged for the government...

API Evangelist Joins The Open API Initiative (OAI)

09 February 2017
It was an interesting journey getting the API specification formerly known as Swagger into the Linux foundation last year. After SmartBear donated the spec to the newly formed Open API Initiative, I was considering joining the governing body behind the spec, but with all I had going on last year, I didn't feel it was the right time. Participating in governance groups hasn't really ever been my thing, and there are a handful of large organizations involved, and who am I really? I'm just a single person ranting about APIs. However, in 2017 I am changing my tune and will be joining the Open API Initiative (OAI) It is an important time for API definitions, and there is a lot riding on the success of OpenAPI, as well as API definitions in general...

API Embeddables In A Conversational Interface World

08 February 2017
I would say that embeddable tooling is one of saddest areas of the API space for me in recent years. When it comes to buttons, badges, widgets, and other embeddable goodies that put APIs work, the innovation has been extremely underwhelming. Login, like, share, and a handful of other embeddable tooling have taken hold, but there really isn't any sort of sophisticated approach to putting APIs to work using web, mobile, browser embeddables.  The only innovation I can think of recently is from Zapier with their Push by Zapier solution -- allowing you to orchestrate with the zaps you've creative, putting APIs to work using the variety of recipes they've cooked up. I'm thinking that I will have to step up my storytelling around what is possible with Push by Zapier, helping folks understand the possibilities...

The Unlimited Possibilities When You Become API Definition Fluent

08 February 2017
I was a regular check-in with one of my favorite API service providers this week, talking about some of the new features they are rolling out in coming weeks, and they demonstrated for me why API definitions are so important in 2017.  APIMATIC got their start deploying SDKs for your API, but have quickly moved into providing API documentation, testing, continuous integration, and some additional stops that they have planned for release in coming months. As I was sharing how happy I was with their movement into new areas of the API life cycle, and praising their agility when it came to rolling out new features, they responded with: "The credit goes to machine-readable descriptions...

Sharing Compute Costs For Open Data And API Consumers Using The Cloud

08 February 2017
I recently wrote about how Algorithmia offloads the compute costs around machine learning using AWS, structuring their image style transfer modeling so that the consumer pays the cost for deploy an AWS GPU instance. It is an interesting way to shift the burden of paying for the hard costs around API operations. Another interesting approach I extracted from a story I wrote yesterday is from Amazon Web Services (AWS) with their approach to open data. Amazon Public Datasets are available as Amazon Elastic Block Store (Amazon EBS) snapshots and/or Amazon Simple Storage Service (Amazon S3) buckets. AWS hosts the master copy of the dataset, and when you want to use, you fire it up in your AWS account, and get to work...

Helping Carry The Load When It Comes To Public Data And APIs

07 February 2017
I am finally getting back to my Knight Foundation funded grant work on Adopta Agency, I'm investing some research cycles into finding some tools that civic, science, journalism and other public data activists can put to use in their critical work. We've seen folks rise to the occasion when it came to climate data, helping migrate vital resources from federal government servers, something I'd like to see happen across other business sectors, as well as continue as an ongoing thing throughout this administration, and beyond. I have long been a proponent of the private sector sharing the load when it comes to managing public data and APIs. After leaving DC during the 2013 federal government shutdown I began evangelizing the importance of individuals and companies stepping up to help with the heavy lifting of making sure public data is available when we need it most--resulting in my Adopta...

Dedicated Space For Telling The Stories Of Your API Consumers

07 February 2017
Telling the story of what your  API accomplishes may seem like a pretty simple, straightforward thing, but you'd be surprised how many API providers DO NOT do this on a regular basis, or do not have dedicated stories, showcase, or similar section to their website. This is why I beat this drum on a regular basis -- if you do not tell the story of the cool things people are doing with your API or your API services, they will never know how your solution works, and will probably never think of your service again--even with they actually have that specific problem that you solve. To help demonstrate this in a very meta way, I am going to showcase how my clients, showcase their clients. Deep man...

Maintaining On Premise Capacity As Well As Cloud Expertise

07 February 2017
The "cloud" has done some very interesting things for individuals, companies, organizations, institutions, and government agencies, and is something that shouldn't be ignored. However, I watch organizations of all shapes and sizes make a similar mistake when it comes to outsourcing too much of their operations to vendors, and cloud services. Each organization's needs will be different, but technology leaders should be mindful of how they invest in talent, alongside how much they invest in external services. I struggle with this in my own business on a daily basis, but I've also seen small businesses make the same mistake, as well as witnessed the damage of this all the way up the Department of Veterans Affairs (VA) in the federal government...

API Definitions, Documentation And Hypermedia

06 February 2017
I wrote about what is at stake with API definitions currently and someone made a thoughtful comment on the importance of continuing to discuss hypermedia amidst all of this--I agree. I've long been an advocate for OpenAPI Spec and API Bueprint as a bridge from where we are, to where we need to be, getting us closer to the world hypermedia folks think we should have. I'd love it if every API allowed for content negotiation using one of the major hypermedia formats like HAL, Collection+JSON, or JSON-LD, but unfortunately, we have a lot of education and training ahead of us before we'll get there. A combination of APIs.json for discovery, and OpenAPI Spec for defining the request and response structure of an API can seem clunky compared to the elegant (hopefully) design of a hypermedia API, but not every API architect has the know-how, or the time and resources to always do things properly...

Application: The Action of Putting Something Into Operation

06 February 2017
I hate how technology dehumanizes things and went you bundle that with the current model for how things get funded, it tends to do this at scale, and with troubling efficiency. I'm the API Evangelist. I am not selling APIs as a technology solution, I am fighting to keep this sliver of our increasingly technical worlds open, and serving humans--otherwise I feel there is no hope for any of this to work with any kind of equity and compassion for the people it should be serving. One of the reasons I blog is to help me refine the stories I tell in the API space, both virtually and in person. In an effort to make the API acronym more accessible to the masses, and also a reminder to the technorati that all of this is about doing meaningful things for the tech sector, I'm continuing to push my definition of API on the world...

What I Would Like To See From API Providers When It Comes To Public Analytics

06 February 2017
I'm putting some thought into the what a public analytics layer might look like for federal, state, county, and city governments. Something that looks like analytics.usa.gov, but for APIs. This is one of the things I really like about government is that you get to push forward ideas that you just can't convince folks to do in the private sector. There is no way companies will share their web or API traffic numbers publicly because there are too much smoke and mirrors involved in the process--for some reasons folks like accountability in government, but not in private sector??? API analytics are a slightly different beast than web analytics, so I wanted to step back and think about what is important to me, an API consumer, or potential API consumer when I am looking at what API does, or a group of APIs actually do: APIs - Depending on how APIs are grouped, if there are many APIs across the different organization, groups, or event external agencies, help me understand which APIs are available, giving me a quick snapshot of which are most used, and how they compare against each other...

Preparing For Conversations About Schema, Definitions And Scopes

02 February 2017
I am focusing heavily on schema, definitions, and scopes in 2017, because it is the most important layer in the tech sector, the API space, and is something that touches almost every industry, while also reaching into our personal worlds. I'm working on refining my argument in 2017 that I'm not selling APIs as a solution all by themselves, I'm pushing APIs to help us tame this insane beast that we've let out of the closet, and will never be able to put back in. SchemaWhether it is JSON schema, MSON or Data Packages, current approaches to defining the data used as part of each API request or response are defining what has become to be known as the API economy (for good and bad). The schema describes the digital bits that are being created and moved around online today...

The Amazon Console Came After The API And CLI

02 February 2017
I've spent a lot of time thinking about the Amazon Web Services ecosystem lately. I've gone through and generated OpenAPI Specs for the majority of their APIs, as well as an APIs.json index for the collection of valuable services. I have also written about the relationship between the Amazon API and CLI, and while doing this research I had jotted down thoughts about their approach to the Amazon Console. For most API providers the API is a secondary thing, implemented after their website, applications, and even mobile applications in many situations. When AWS launched in 2006 they were only API and CLI, and after a couple of years, they got to work on providing their AWS Console, which plays a pretty significant role in working with the platform...

Amazon Dash: Ok Idea. Dumb Implementations

01 February 2017
The AWS IoT Button, based on the Amazon Dash Button hardware, was kind of sorta an interesting model, allowing you to trigger virtual things with a physical click of a button, but now they've virtualized their approach, which I guess is a decent enough of an idea (not new), but their implementation is just not that smart. I think they just went from virtual to physical, and back again that they kind of got whiplash, and didn't really think it through before launching. I'm not big on bashing people's technology implementations, as I would rather focus on shining a light on what is progressive in the space, but the area of embeddable tooling built using APIs has suffered so much in the last couple years, I'm not keen on big providers further sucking the oxygen out of the room--AWS can do better...

Including End Users In the Conversation About Their Bits Being Sold

01 February 2017
Fitbit recenttly announced a program to pay their wearable users up to $1500 for integrating their Charge 2 into the UnitedHealthcare Motion program powered by Qualcomm Life’s 2net Platform. The "UnitedHealthcare Motion is an employer-sponsored wearable device wellness program that offers financial incentives for enrollees who meet daily step goals". Pulling back the curtain just a little bit on the value of your Internet of Things data, and specifically the devices you strap to your body. I am not a fan of corporations strapping devices to their employees as part of these wellness programs (or for any reason), and using cash incentive to achieve the desired behavior...

A Limited Medium API Means I Do Not Always Curate What Is Published There

01 February 2017
One of the deciding factors of whether or not I put a new online service to use in my business depends on whether or not they have an API. Sometimes I have no choice in the matter, but if I have any say, a service must allow me to move data in and out of their system programmatically, keeping in sync with my own systems, otherwise I will not adopt the service as part of my regular operations. One platform I have integrated into my operations is the blogging platform Medium. I handpick some of my content for publishing to Medium, pushing to my account from my own management system using their publishing API. This works well for me, as I require that all of my content, images, and videos are created and originate in my own systems, and then syndicate to other platforms secondarily via APIs--the only downside is that I can't actually pull data from Medium via their API into my management system...

The Importance Of APIs In Journalism Right Now

31 January 2017
APIs are playing an increasing role in all aspects of our public life. Our current president has set the precedent that he will be using Twitter as a primary communication channel, cutting off traditional media and other channels--amplifying the importance of the Twitter API when it comes to doing your job as a journalist. Journalists don't just need to be plugged into to major platform channels like Twitter, Facebook, Instagram, and others, they also need to be able to conduct research using these platform APIs. Journalists should be fluent in synchronous, and asynchronous pulling of social media and other data via leading APIs. Whether it's pulled through custom programming or using existing tools and services, successful journalists will have a robust toolbox for meeting their needs in this area...

Funding The Development Of An API Ranking Solution

27 January 2017
I have written before about how we are going to create the Standard and Poors or Moodys for the API industry, and how an API ratings could be used as an economic engine. This is a topic I have folks reach out to me about regularly, wanting to create such a rating system, for a variety of business and political reasons. It is something I'd like to continue to get ahead of before someone who is eviler than I am (I am pretty evil), decides to set something in motion that doesn't include me (ego). I may sound elitist saying this (I am), but there are very few people who get the API landscape at this level, understand the scope of this challenge, and can have a productive conversation about how to do this...

I Got A Response Regarding My Facebook Threat API Access

27 January 2017
I am pushing forward my security research, and profiling what threat information APIs and platforms are up to. I rarely ever dive into any API without actually signing up for an API, getting some keys, and actually get to work making API calls. I have come across a number of APIs that are just fronts so that they can get in ProgrammableWeb directory, or just issue a press release that they have an API, so I usually prefer to fire things up and validate an API does what is being advertised. There is no better way to truly get to know an API than to actually make API calls against it and get to work doing some integration. While profiling the Facebook ThreatExchange API I did what I normally do--requested some keys...

If You Are Doing Interesting Things With APIs Please Tell The Story

27 January 2017
I wish I could write about everything interesting that is going on in the API space, but as a one man show, I struggle to keep up with discovering, reading and understanding what is going on, let alone carving out the time to write something thoughtful about it. Many interesting things get added to my notebook, but I simply do not find the time to finish and publish a story--sadly. I'm always appreciative of folks who email me ideas for stories based upon interesting things with APIs, but it still doesn't always mean I will find the bandwidth to craft a post. What I really enjoy is when folks ping me about something interesting, but they also write their own story on their own domain, and share via multiple channels like Twitter, LinkedIn, etc...

Pull The Social Media Accounts For Gov Using The US Digital Registry API

25 January 2017
Over the holidays I pulled the data.gov index of federal government data, and the next item on my list was to cache the results of the US Digital Registry API , providing me with a list of agencies, and their social media accounts. I pulled the JSON from the API, and then published to the Github repository for this site, so that I could use for several different applications. Drive Listings Of Federal Agency Social MediaI wanted a quick way to get at the Twitter and Github accounts for the federal government, and have in a single location (Github). I've published YAML data to Github, and using Jekyll I've created listings for the Twitter, Github, Facebook, Pinterest, Instagram, and LinkedIn accounts, making them easier to browse when I need them...

The OpenAPI Specification Version 3.0 Highlights

25 January 2017
I am impressed with the work that the Open API Initiative (OAI) working group has accomplished with the version 3.0 release of the OpenAPI Specification. I have had zero involvement in moving the specification forward (something I'm changing), and after coming back to the effort I am impressed with what they've prioritized, and accomplished for this release.  The highlights in version 3.0 of the OpenAPI Spec for me are: Components - The new components architecture really reflects "APIs" in my opinion, making things modular and reusable. Body - Catching up when it comes to allowing the body to be defined separately from the headers and parameters. Content Negotiation - You can now define content objects to define the relationship between response objects, media types, and schema...

What Is At Stake With API Definitions At The Moment

25 January 2017
I wrote angrily about Oracle's acquisition of Apiary last week, and this week I find myself deeply considering the API definition landscape, so I wanted to take another look at this event from the 100K view. In 2017, API definitions are touching every aspect of the API lifecycle, from design to deprecation, and are becoming key to defining, automating, and evolving many different industries from cloud computing to human services.  I define API definitions as the specifications, schema, and scopes that are being used to map out the world of APIs. Specifications for describing APIs are nothing new, and approaches to defining data schema are well established as well. However by 2012 things were changing and Swagger emerged as an important tool for describing APIs in JSON, then YAML, using JSON Schema to define the underlying data definition...

Making Your API Portal Speak To The Widest Possible Audience

24 January 2017
I have the first draft of a developer portal ready for an API project I am working on, and before I move forward polishing it too much I wanted to step back and think about the goals behind the launch of this API portal, and the intended audience I'm targeting with its operation. I do not want this landing page to just speak to developers, I would like it to speak to as wide of an audience as possible.  This particular API portal is meant to support the development of human service websites, mobile, and other applications in the Miami area. I do not want to scare off the "normals" with the home page. I want to make sure the language I use speaks to API newbies, while also giving experienced developers what they need to get up and running and solve any problems...

Amazon Alexa Uses HTTP/2

24 January 2017
I track on the different approaches used by API providers so that I know where to find examples of leading approaches to API design and deployment. Then I write about them so that I have something to reference across my research. I keep an eye out for API providers who employ hypermedia as part of their API design, as well as companies who are putting HTTP/2 to work as part of their design and deployment. The Amazon Alexa Voice Service API employs HTTP/2 as part of their voice-enablement platform. I'm still learning about HTTP/2 so I was pleased to see the amount of education they provide in their documentation, outlining some of the key terms and concepts at play; Frame: The basic protocol unit in HTTP/2; each frame serves a different purpose, for example, HEADERS and DATA frames form the basis of HTTP requests and responses...

Loss Of Primary and Foreign Keys Translating From Data Package to OpenAPI Spec

24 January 2017
I am keeping a version of an OpenAPI Spec in sync with a Data Package. It's not a perfect sync because the Data Package doesn't describe the surface area of the API, just the underlying data schema used on the backend. During project discussions, one of the concerns that was brought up focused on the loss of primary and foreign key references. During our next discussion, I wanted to have a more coherent explanation of why this was ok, and this post will help me do that. The OpenAPI Spec I've created has each resource in the Data Package represented but leaves out the database relationships represented by those keys in the backend. The API defines the basic CRUD (Create, Read, Update and Delete) for each resource represented, but allows the relationships to be expressed using the URI...

Considering the Logging and Observability Layer for Amazon Alexa Enablement

23 January 2017
I am going through the Amazon Alexa platform, profiling it as part of my voice API research, and also thinking deeply about the impact voice-enablement, and conversational interfaces will or will not make in our lives. I've been pretty vocal that I am not too excited about voice-enablement in my own world but it is something I understand other folks are, and I'm also interested in Amazon's approach to operating their platform--making it something I'm digging deeper into.  I do not own any of the voice enabled Amazon devices, but I am playing with their simulator Echosim.io. I'm not interested in building any skills or applications for Alexa, but I am curious to learn how the platform functions, so I will be developing prototypes so that I can understand things better...

No Database Behind An API and Just Using Files Stored on Github

23 January 2017
It is common for an API to just be a facade for a database. Meaning the data, and content served up via the API is read from and written to a database backend. This is probably the most common way to deploy an API, but increasingly I'm working to eliminate the database behind, and storing the content or data being served up via Github repositories.  I find it easier to store individual YAML, JSON, and other machine readable files on Github, and just check out the repository as part of each API deployment. Each API has a different refresh rate determining how often I commit or pull a fresh copy of the content or data, but the API does all of its work with a locally checked out copy of the repository...

Adding The Webhose,io Search API To Stack Of APIs I Depend On

23 January 2017
I have been looking for a decent search engine API to help me uncover new sources of information across the API space. I've always been frustrated with the APIs in this category since all of the good Google search APIs went away. I need to search the web, and specifically for blog and news posts with API related insights. In an effort to find a suitable solution I recently came across and spent time digging into one called Webhose.io, primarily because they had an APIs.JSON file. Webhose.io integrates data from hundreds of thousands of global online sources in the following areas: Social Media Data - Structured data from top social media sites.  Forum Monitoring - Post data from across many forums...

Reducing Our Hard Work To A Transaction With APIs and Serverless

20 January 2017
I'm thinking about cloud pricing after my profiling of over 60 of the AWS API resources, as I play with building tools on Algorithmia, and evaluate a variety of serverless options. As someone who is regular blindsided by the devious undercurrents of business, while I'm busy focusing on shiny technological objects, I can't help but feel like us developers are contributing to the commoditization of our (currently) valuable skillset when it comes to APIs, microservices, devops, and serverless. This isn't exclusive to these areas of technology, and I think it is something we've all set into motion with APIs and microservices over the last decade. We are decoupling some very complex, and often large codebases and dependencies that take a certain amount of experience and skills to tackle, and reducing down to individual reusable resources that are automatically scaled, and may not require as many advanced skills to daisy chain and connect together...

Oracle Acquiring Apiary

19 January 2017
Oracle has purchased API design provider Apiary. I'm a big fan of what Apiary does, and what the team has accomplished. I don't trade in Silicon Valley currency, so I'm not going to congratulate the team on their exit. For me, it is just a reminder of how we can't have anything nice in the space. No matter how good your team is, or how good your product or services are, the thousand pound gorillas will always come in the room and fuck things up.  I am bummed about the acquisition of Apiary because they are essential to my API design origin story. Jakub, Z, and the Apiary team made API definitions to be more about API design than just API documentation. Pushing the conversation earlier on in the API lifecycle, opening up the concept that API definitions could be used for not just documenting your APIs after they are live, and all about design early on in the process, something that opened up for use across every stop along the API life cycle...

The State of California Drinking Water Program Repository

19 January 2017
One of the side projects I work on regularly is focused on moving forward the conversation around water data. My next wave of work is targeting the State of California Drinking Water Program Repository, and help make some of the valuable spreadsheets and CSV files more usable. Here are the six datasets I'm targeting for processing in coming weeks: Annual Report Form - PDF of input form used for the Annual Report. Annual Reports - Excel book of Annual Reports of public water systems from 2011 through 2015. SDWIS Public Water Systems - CSV of active public water systems including contact, location, water source, and type. Small Water Supplier Conservation Reports - CSV of small water suppliers reporting conservation results from June through November 2015...

Focusing On Common API Definitions, Schema, Scopes and Specifications

19 January 2017
The API universe is rapidly expanding as more companies, organizations, institutions, and government agencies are sharing data, content, and algorithms using web APIs. It has expanded so much in the last year that I can't keep up with everything that is going on. I can't test new APIs, and the emerging services and tooling from providers who are targeting the space fast enough--that is ok, I'm not sweating it.  However, I do have to prioritize and focus on the areas where I can make the biggest impact when it comes to my understanding, and when it comes to helping the API community. While I will still be maintaining a general awareness of all technologies in 2017 I'm going to be heavily focused on three areas: API Definition - The machine-readable definition of an API interface, security and data models...

When We Lose Trust In The Reporting Numbers Our Providers Feed Us

17 January 2017
What happens when we can't trust the numbers our service providers report to us? I personally do not stress over my analytics and traffic, views, and other numbers we are engineering our worlds to run by, but when you are paying for a service--I definitely have an opinion. Facebook recently had a series of misreporting events around their metrics, leaving us questioning the numbers we are fed by our service providers on a regular basis. There is no way that we can be 100% sure our service providers are telling us the truth--we have to trust them. However, there are ways that API providers can be more transparent when it comes to the data behind the numbers. It is easy enough to open up the log files, and other data that went into calculating the numbers when operating a platform...

Patent #20150363171: Generating Virtualized API From Narrative API Documentation

17 January 2017
I like to pick worrisome patents from my API patent research and share them on my blog regularly. Last week I talk about Patent #US9300759 B1: API Calls With Dependencies and today I want to talk about patent #US09471283: Generating virtualized application programming interface (API) implementation from narrative API documentation, which according to its abstract is: A virtualized Application Program Interface (API) implementation is generated based upon narrative API documentation that includes sentences that describe the API, by generating programming statements for the virtualized API implementation based on parsing the narrative API documentation and generating the virtualized API implementation based on upon the programming statements for the virtualized API implementation...

What Are The Goals Behind Launching An API Portal?

16 January 2017
I was getting ready to do some work on a developer portal for a project I'm working on and I wanted to stop, step back and try to define what the goals in launching this portal are. As the technologist on this project, it is easy for me to impose my belief in why I am launching this portal (to publish documentation), but I feel it is important that we get the perspective of all stakeholders--so, I asked everyone involved what the goals were. In the short term, the goals are to engage these groups around the API resources: Engage Third-Parties - Bring in new, and stimulate existing usage of data made available via APIs. Internal Departments - Ensure the internal groups are also engaged, and part of the outreach...

Profiling Facebook ThreatExchange API

16 January 2017
I'm spending some cycles on discovering what "cybersecurity" or "security" API solutions are out there, but specifically looking at threat information related to operating on the web. First up on the list is Facebook's ThreatExchange API, and I wanted to go through and break down what they offer via their API as I work to define an OpenAPI Spec, and their overall API operations as I populate an APIs.json file.This process helps me better understand what Facebook is offering in this area, as well as producing a machine readable definition that I can use across the rest of my research.  So, what is Facebook ThreatExchange? Learn about threats. Share threat information back...

No Innovation Around Terms of Service Reveals True Motives

16 January 2017
Silicon Valley startups and entrepreneurs love to point out that they are trying to make the world a better place. Over a 25+ year career, I have fallen for the belief that I was improving a situation through technology. Hell, I still do this regularly as the API Evangelist, stating that a certain approach to opening up access to data, content, and algorithms can make things better, when in numerous situations it will not. I walk a fine line with this and I hope that I'm a little more critical about where technology should be applied, and focus primarily on making existing technology more accessible using APIs--not starting new ones. When you are critical of technology in the current climate, there are plenty of folks you like to push back on you, leaning on the fact that they are trying to make the world a better place...

A Missed Opportunity With The Medium API

13 January 2017
In addition to using the news of Medium's downsizing as a moment to stop and think about who owns our bits, I wanted to point out what a missed opportunity the Medium API is. Having an API is no guarantee of success, and after $132M in 3 Rounds from 21 Investors, I'm not sure an API can even help out, but it is fun to speculate about what might be possible if Medium had robust API in operation. Medium has an API, but it is just a Github repository, with reference to a handful of paths allowing you to get details on yourself, the publications you are part of, and post entries to the site. There are no APIs for allowing me to get the posts of other users, or publications, let alone any of the analytics, or traffic for this...

Requiring SSL For API All Calls

13 January 2017
This is one of those regular public service announcements that if at all possible, you should be requiring SSL for all your API calls. I recently got an email from the IBM Watson team telling me that they would be enforcing encryption on all calls to the Alchemy API in February. SSL is something I've started enforcing on my own internal APIs. I do not have wide usage of my APIs by third-party providers, but I do have a variety of systems making calls to my APIs, transmitting some potentially sensitive information--luckily nothing too serious, as I'm just a simple API Evangelist. Encryption is an area I research regularly, hoping to stay in tune (as much as I can) with where discussions are going when it comes to encryption and API operations...

IFTTT vs Zapier vs DataFire

13 January 2017
Integration Platform as a Service (iPaaS) solutions are something I've been tracking on for a while, and an area I haven't seen too much innovation in, except by Zapier for most of that time. I'm a big fan of what IFTTT enables, but I'm not a big fan of companies who build services that depend on APIs but do not offer APIs in turn, so you don't find me highlighting them as an iPaaS solution. Instead, you'll find me cheering for Zapier, who has an API, and even though I wish they had more APIs, I am grateful they paying it forward a little bit. I wish we had better solutions, but the politics of API operations seems to slow the evolution of iPaaS, usually leaving me disappointed. That was until recently when some of my favorite API hackers released DataFire: DataFire is an open source integration framework - think Grunt for APIs, or Zapier for the command line...

The Google Baseline For A User Account Area

12 January 2017
I have a minimum definition for what I consider to be a good portal for an API, and was spending some time thinking about a baseline definition for the API developer account portion of that portal, as well as potentially any other authenticated, and validated platform user. I want a baseline user account definition that I could use as aa base, and the best one out there off the top of my head would be from Google. To support my work I went through my Google account page and outlined the basic building blocks of the Google account: Sign-in & Security - Manage your account access and security settings Signing in to Google - Control your password and account access, along with backup options if you get locked out of your account...

Why I Still Believe In APIs--The 2017 Edition

12 January 2017
As I approach my seventh year as the API Evangelist and find myself squarely in 2017, I wanted to take a moment to better understand, and articulate why I still believe in APIs. To be the API Evangelist I have to believe in this, or I just can't do it. It is how my personality works--if I am not interested, or believe in something, you will never find me doing it for a living, let alone as obsessively as I have delivered API Evangelist. First, What Does API Mean To Me?There are many, many interpretations, and incarnations of "API" out there. I have a pretty wide definition of what is API, one that spans the technical, business, and politics of APIs. API does not equal REST, although it does employ the same Internet technologies used to drive the web...

Using An OpenAPI Spec As Central Truth In Stakeholder Discussions

12 January 2017
I am working with Open Referral to evolve the schema for the delivery of human services, as well as helping craft a first draft of the OpenAPI Spec for the API definition. The governing organization is looking to take this to the next level, but there are also a handful of the leading commercial providers at the table, as well other groups closer to the municipalities who are implementing and managing Open211 human service implementations. I was working with Open Referral on this before checking out this last summer, and would like to help steward the process, and definition(s) forward further in 2017. This means that we need to speak using a common language when hammering out this specification and be using a common platform where we can record changes, and produce a resulting living document...

Your State Issued ID Is Required To Signup For This Online Service

11 January 2017
I am evaluating Shutterstock as a new destination for some of my photos and videos. I've been a Shutterstock user for their stock images, but I'm just getting going being a publisher. I thought it was worth noting that as part of their sign up process they require me to upload a copy of my state issued identification before I can sell photos or images as a Shutterstock publisher. This is something I've encountered with other affiliate , partner, and verified solutions. I've also had domains expire, go into limbo, and I have to fax in or upload my identification. It isn't something I haven't seen with many API providers yet, but I'm guessing it will be something we'll see more of with API providers further locking down their valuable resources...

Intercom Providing Docker Images Of Their SDKs

11 January 2017
I regularly talk about the evolving world of API SDKs, showcasing what API service providers like APIMATIC are up to when it comes to orchestration, integration, other dimensions of providing client code for API integrations. A new example of this that I have found in the wild is from communication and support API platform Intercom, with their publishing of Docker images of their API SDKs. This overlaps my SDK research with the influence that containerization is having on the the world of providing and integrating with APIs. Intercom provides Docker images for their Ruby, Node, Go, and PHP API SDKs. It's a new approach to making API code available to API consumers that I haven't seen before, (potentially) making their integrations easier, and quicker...

Evernote: Reaffirming Our Commitment to Your Privacy

11 January 2017
A couple of weeks back, the online note-taking platform Evernote made a significant blunder of releasing a privacy policy update that revealed they would be reading our notes to improve their machine learning algorithms.  It is something they have since rolled back with the following statement "Reaffirming Our Commitment to Your Privacy": Evernote recently announced a change to its privacy policy and received a lot of customer feedback expressing concerns. We’ve heard that feedback and we apologize for the poor communication.We have decided not to move forward with those changes that would have taken effect on January 23, 2017. Instead, in the coming months we will be revising our existing Privacy Policy...

Hoping Schema Becomes Just As Important As API Definitions in 2017

10 January 2017
The importance of a machine readable API definition has grown significantly over the last couple of years, with a lot of attention being spent (rightfully so) on helping educate API providers of the value of having an OpenAPI Spec, API Blueprint, or another format. This is something I want to continue contributing to in 2017, but I also want to also shine a light on the importance of having your data schema well defined. When you look through the documentation of many API providers, some of them provide an example request which might give hints at the underlying data model, but you rarely ever see API providers openly share their schema in any usable format. You do come across some of a complete OpenAPI Spec or API Blueprints from time to time, but usually, when you find API definitions, the schema definition portion is incomplete...

Patent US9300759 B1: API Calls With Dependencies

10 January 2017
I understand that companies file for patents to build their portfolios, and assert their stance in their industry, and when necessary use patents as leverage in negotiations, and in a court of law. There are a number of things that I feel patents logically apply to, but I have trouble understanding why folks insist on patenting things that make the web work, and this whole API thing work. One such filing is patent number US9300759 B1: API Calls With Dependencies, which is defined as: Techniques are disclosed for a client-and-server architecture where the client makes asynchronous API calls to the client. Where the client makes multiple asynchronous API calls, and where these API calls have dependencies (i...

The Design Process Helping Me Think Through My Data And Content

10 January 2017
I'm working on the next evolution in my API research, and I'm investing more time and energy into the design of the guides I produce as a result of each area of my research. I've long produced a 20+ page PDF dumps of the leading areas of my research like API design, definitions, deployment, and management, but with the next wave of industry guides, I want to polish my approach a little more.  The biggest critique I get from folks about the API industry guides I produce is that they provide too much information, aren't always polished enough, and sometimes contain some obvious errors. I'm getting better at editing, but this only goes so far, and I'm bringing in a second pair of eyes to review things before they go out...

Evaluating A New Channel For Publishing My Bits

09 January 2017
I have used Shutterstock for some time now when it comes stock images but I've only recently started playing around with their publishing program, hoping to make some money from some of my photos and videos. As with any other channel that I am considering for inclusion in my line-up of tools and services, I am spending time going through their platform and evaluate the tech, business, and political considerations of adding any new service to work into my world.  First, a service should always have an API. This isn't just because of what I do for a living and my obsession with APIs. This is so that I can integrate seamlessly with my existing operations. Another side of this argument is that I will always be able to get my data and content out of a system, but I am working to be a little more proactive than that...

Service Level Agreements for Researchers Who Depend On APIs

09 January 2017
I came across a pretty interesting post on using APIs for research, and the benefits, and challenges that researchers face when depending on APIs. It was another side of API stability and availability that I hadn't considered too much lately. Social media platforms like Twitter and Facebook are rich with findings to be studied across almost any discipline. I regularly find social media API studies at universities from areas like healthcare and Zika virus, algorithmic intellectual property protection, all the way up to US Navy surveillance programs that are studying Twitter. APIs are being used for research, but there are rarely API platform plans crafted with research in mind. Flexible rate limits, custom terms of service, that give them access to the data they need...

The API Driven Marketplace That Is My Digital Self

09 January 2017
I spend a lot of time studying and thinking about the "digital bits" that we move around the Internet. Personally, and professionally I am dedicated to quantifying, and understanding those bits that are the most important to us as individuals, professionals, and business owners. Like many other folks who work in the tech sector I have always been good at paying attention to the digital bits, I am just not as good at others when monetizing these bits, adding to my own wealth. When you talk about this world in the world as much as I have, you see just a handful of responses. Most "normals" aren't very interested in things at this level--they just want to benefit from the Internet and aren't really interested in how it works...

Algorithmia's Multi-Platform Data Storage Solution For Machine Learning Workflows

06 January 2017
I've been working with Algorithmia to manage a large number of images as part of my algorithmic rotoscope side project, and they have a really nice omni-platform approach to allowing me to manage my images and other files I am using in my machine learning workflows. Images, files, and the input and output of heavy object is an essential part of almost any machine learning task, and Algorithmia makes easy to do across the storage platforms we use the most (hopefully).  Algorithmia provides you with local data storage--pretty standard stuff, but they also allow you to connect your Amazon S3 account, or your Dropbox account, and connect to specific folders, buckets, while helping you handle all of your permissions...

What I Learned Crafting API Definitions For 66 Of The Amazon Web Services

05 January 2017
I just finished crafting API definitions for 66 of the Amazon Web Services. You can find it all on Github, indexed with an APIs.json. While I wish all API providers would do this hard work on their, I do enjoy the process because it forces me to learn a lot of each API, and the details of what providers are up to. I learned quite a bit about Amazon Web Services going through the over 2000 paths that are available across the 66 services.  The Importance Of Consistency Across TeamsWhen you bounce from service to service within the AWS ecosystem you can tell that consistency is a challenge for Amazon. Consistency is lacking in API design, documentation, and other critical areas. This is something that is actually getting worse with some of their newer projects...

Explaining To Normals Why Every API Is Different

04 January 2017
I enjoy having conversations with "normals" about APIs, especially when they approach me after doing a great deal of research, and are pretty knowledgeable about the landscape, even if they may lack deeper awareness around the technical details. These conversations are important to me because it is these folks that will make the biggest impact with APIs--it won't be the entrepreneurs, developers, architects, and us true believers. While having one of these conversations yesterday, the topic of API design came up, and we were talking about the differences between seemingly similar APIs like Flickr and Instagram, or maybe Twitter and Facebook. I was asked, "why are these APIs are so different? I thought the whole thing with APIs is that they are interoperable, and make integration easier?" << I love getting asked this because it helps me see the API space for what it is, not the delusion that many of us API believers are peddling...

A Glimpse At Minimum Bar For Business API Operations in 2017

04 January 2017
I look at a lot of API portals and developer areas , and experience a number of innovative approaches from startups, as well as a handful of leading API providers, but the Lufthansa Airlines API portal (which recently came across on my radar) I feel represents the next wave of API providers, as the mainstream business world wakes up to the importance of doing business online in a machine readable way. Their developer program isn't anything amazing,  it's pretty run of the mill, but I think it represents the minimum bar for SMB and SMEs out there in 2017. The Lufthansa developer portal has all the basics including documentation, getting started, an application showcase, blog, and they are using Github, Stack Overflow, Twitter, and have a service status page...

API Calls as Opposed to API Traffic

04 January 2017
I was doing some planning around a potential business model for commercial implementations of OpenReferral, which provides Open211 open data and API services for cities, allowing citizens to find local services, and I had separated out two types of metrics: 1) API calls  2) API traffic. My partner in crime on the project asked me what the difference was, looking for some clarification on how it might possibly contribute to the bottom line of municipalities looking to fund this important open data work. So, what is the difference between API call and API traffic in this context? API Call - This is the measurement of each call made to the API by web, mobile, and device applications. API Traffic - This is the measurement of each click made via URLs / URIs served up as part of any API response...

Exploring The Economics of Wholesale and Retail Algorithmic APIs

03 January 2017
I got sucked into a month long project applying machine learning filters to video over the holidays. The project began with me doing the research on the economics behind Algorithmia's machine learning services, specifically the DeepFilter algorithm in their catalog. My algorithmic rotoscope work applying Algorithmia's Deep Filters to images and drone videos has given me a hands-on view of Algorithmia's approach to algorithms, and APIs, and the opportunity to think pretty deeply about the economics of all of this. I think Algorithmia's vision of all of this has a lot of potential for not just image filters, but any sort of algorithmic and machine learning API. Retail Algorithmic and Machine Learning APIsUsing Algorithmia is pretty straightforward...

Learning About Machine Learning APIs With My Algorithmic Rotoscope Work

03 January 2017
I was playing around with Algorithmia for a story about their business model back in December, when I got sucked into playing with their DeepFilter service, resulting in a 4-week long distraction which ultimately became what I am calling my algorithmic rotoscope work. After weeks of playing around, I have a good grasp of what it takes to separate videos into individual images, applying the Algorithmia machine learning filters, and reassembling them as videos. I also have several of my own texture filters created now using the AWS AMI and process provided Algorithmia--you can learn more about algorithmic rotoscope, and details of what I did via the Github project updatese...

2010 | 2011 | 2012 | 2013 | 2014 | 2015 | 2016 | 2017 | 2018 | 2019 | Archive