Skip to main content

API Design notes from Web 2.0 Expo

Twitter API Experience

It is ALL around REST these days. Even Google abandoned more complicated API in favor of RESTfull

For Twitter API more that 80% of overall traffic these days

Twitter manages developer community over Google Group

400 applications added by hand to the directory from e-mail, tons more are around and not the catalog

XML, JSON, and many other formats supported

Grow API organically (started with 2 methods and no documentation), from the conversation with developers "I can do X if you do Y"

Documentation is really important – at least reverse engineer. Doc should describe at least: How do I start? Is API crawlable? How to dive into the API?

Support developers 24 hrs is important – be present! If not listening, developers will go forward.

Delegate to other developers who are active within the community. Do not forget to socially reward them.

Scaling from API prospective. XML, JSON are not designed for scale by itself. Do it early is a big win. Dedicate part of server farm for API – do not mix destination and API on the same servers

Security issues. API is where bad-behaving users will go first. Audit. Monitor. Expect what can be leaked.

What twitter did wrong?

  • Did not start with api.twitter.com
  • Did not version the API
  • Did not make life easy (or easier) for Flash developers
  • Did not automate (statistics, admin use, app galleries)
  • Many more

New in twitter API

  • Rudimentary geolocation support
  • More consistency between methods
  • Parity between user-side and API side

Misc Observations

It is unclear how to make API into business. It is a trade-off between value from dev community and users. Mashery pretends to monetize on API. QOS is an option.

OAuth [http://oauth.net/] is absolutely where authorization goes on API. More complex on production and consumer site.

Jabber/XMPP – most clients pull constantly. A lot of overhead can be saved this way. But overhead and lack of libraries slow down the effort.

Web->API->SOA Model provides: separation of concerns, direction to move towards

Faces of APIs: XML, spreadsheets, static virtual maps, static URLs, SOAP, JSON, serialized PHP, JavaScript callbacks, etc

The only way to transfer date/time data – UNIX timestamp

New API directions:

  • Amazon S3/(with billing associated with it and authentication)
  • OAuth – emerging standard for 3-d party in client-server relationship. Create a situation to provision on behalf of other users.
Labels:

Comments

Post a Comment

Popular posts from this blog

Freebase Hack Day

Post a Comment
Read more

Facebook Friends Connect

Is a way to extend external sites to provide: FB identity FB friends (relationship) Feed to FB   Demo app at http://www.somethingtoputhere.com/therunaround User experience: login: js login method requiresession(): detects state of usr-FB relationship, log-in into FB if needed. If user has not authorised app - present app auth dialog. If already has session - just go init JS, require session   access FB data: - FBML on external site - use JS FBML parser and replace in browser DOM with FB data - JS based API to get FB data, REST API on the server site. Sessions work accross any API - only small subset of FBML us supported at the moment   adding social content: - use access API   Connections: app developers can suggest connections (using e-mail hash) user get connect request on FB Move content from external sites to FB app can register feed template (3 types of stories) call JS "showfeeddialog" to request user to confirm data sharing on FB. privacy protection: app ca...
Post a Comment
Read more

Respect Coin

Respect I think it's time to talk about currency. Let's create a Respect Coin. Step 1. Install OpenZeppelin library  npm install zeppelin-solidity When it comes to coins, I like to use some functions that smart people already implemented and other smart people verified. I think that Zeppelin is a nice collection of Solidity contracts that can be trusted. Let's use the StandardToken contract and use it as a parent class for our own RespectCoin contract. Step 2. Create RespectCoin contract and store it in "contracts/RespectCoin.sol" file  pragma solidity ^0.4.4; import "../node_modules/zeppelin-solidity/contracts/token/StandardToken.sol"; /** * @title RespectCoin * @dev ERC20 Token example, where all tokens are pre-assigned to th e creator. * Note they can later distribute these tokens as they wish using `transfer` and other * `StandardToken` functions. */ contract RespectCoin is StandardToken { string public constant name = ...
Post a Comment
Read more