Skip to main content

API Design notes from Web 2.0 Expo

Twitter API Experience

It is ALL around REST these days. Even Google abandoned more complicated API in favor of RESTfull

For Twitter API more that 80% of overall traffic these days

Twitter manages developer community over Google Group

400 applications added by hand to the directory from e-mail, tons more are around and not the catalog

XML, JSON, and many other formats supported

Grow API organically (started with 2 methods and no documentation), from the conversation with developers "I can do X if you do Y"

Documentation is really important – at least reverse engineer. Doc should describe at least: How do I start? Is API crawlable? How to dive into the API?

Support developers 24 hrs is important – be present! If not listening, developers will go forward.

Delegate to other developers who are active within the community. Do not forget to socially reward them.

Scaling from API prospective. XML, JSON are not designed for scale by itself. Do it early is a big win. Dedicate part of server farm for API – do not mix destination and API on the same servers

Security issues. API is where bad-behaving users will go first. Audit. Monitor. Expect what can be leaked.

What twitter did wrong?

  • Did not start with
  • Did not version the API
  • Did not make life easy (or easier) for Flash developers
  • Did not automate (statistics, admin use, app galleries)
  • Many more

New in twitter API

  • Rudimentary geolocation support
  • More consistency between methods
  • Parity between user-side and API side

Misc Observations

It is unclear how to make API into business. It is a trade-off between value from dev community and users. Mashery pretends to monetize on API. QOS is an option.

OAuth [] is absolutely where authorization goes on API. More complex on production and consumer site.

Jabber/XMPP – most clients pull constantly. A lot of overhead can be saved this way. But overhead and lack of libraries slow down the effort.

Web->API->SOA Model provides: separation of concerns, direction to move towards

Faces of APIs: XML, spreadsheets, static virtual maps, static URLs, SOAP, JSON, serialized PHP, JavaScript callbacks, etc

The only way to transfer date/time data – UNIX timestamp

New API directions:

  • Amazon S3/(with billing associated with it and authentication)
  • OAuth – emerging standard for 3-d party in client-server relationship. Create a situation to provision on behalf of other users.


Popular posts from this blog

Posting to FaceBook feed using Graph API

Graph API was announced at F8 with a promise to dramatically simplify the FB API. I checked the read access over the new interface during the presentations and to my big surprise it worked flawlessly and from the first time. When I tried, JSON-formatted info about the FaceBook page was returned (as expected).
Then I tried OAuth 2.0 way of accessing the API to post a message to the feed. And to my even bigger surprise it worked too!
Here is what you need to do to access Graph API over OAuth: 1. Create a FB app, store app properties to a file:
$appkey='7925873fbfb5347e571744515a9d2804'; $appsecret='THE SECRET'; $canvas=''; 2. Create a page that will prompt user the access permission (I am prompting for the publish_stream and offline_access permissions at the same time)
// require'settings.php';
$url=""; $url.=…

Respect Coin

Respect I think it's time to talk about currency. Let's create a Respect Coin.
Step 1. Install OpenZeppelin library npm install zeppelin-solidity
When it comes to coins, I like to use some functions that smart people already implemented and other smart people verified. I think that Zeppelin is a nice collection of Solidity contracts that can be trusted. Let's use the StandardToken contract and use it as a parent class for our own RespectCoin contract.
Step 2. Create RespectCoin contract and store it in "contracts/RespectCoin.sol" file pragma solidity ^0.4.4; import "../node_modules/zeppelin-solidity/contracts/token/StandardToken.sol"; /** * @title RespectCoin * @dev ERC20 Token example, where all tokens are pre-assigned to th e creator. * Note they can later distribute these tokens as they wish using `transfer` and other * `StandardToken` functions. */ contract RespectCoin is StandardToken { string public constant name = "RespectCoin&quo…

"Hello World" from Solidity

How to say "Hello World" in the era of blockchain? Reflections Once upon a time, I worked in CTO role of a great startup, and in order to find talented code developers, we ran a competition for the most creative "Hello World" application. It was a lot of fun! I was not able to participate in the competition back then, but here is my delayed entry.

Step 1. Environment Configuration# Installing Truffle framework ( $ sudo npm install -g truffle# Creating project $ mkdir solidity-experiments $ cd solidity-experiments/ $ truffle init# Installing and starting Etherium local test network $ sudo npm install -g ethereumjs-testrpc $ testrpc &
Step 2. Point truffle framework to the test network Update truffle.js file created by the init to point to your test network. File content should look like this:
module.exports = { networks: { development: { host: "localhost", port: 8545, network_id: "*" // Match any netwo…