how to fail miserably with your api program
TRANSCRIPT
HOW TO FAIL MISERABLY WITH
YOUR API PROGRAMCase Studies in What Not To Do
Lorinda BrandonDirector, API Partner DevelopmentSmartBear Software
@lindybrandon
BE INDISTINGUISHABLE FROM THE REST
• 50 SMS APIs• 45 location
APIs• 88 business
APIsMashape
• 4378 mapping APIs
• 1086 music APIs
• 48 gambling APIs
ProgrammableWeb
@LINDYBRANDON
OR… FIND YOUR “SECRET SAUCE” Make sure you know:
- Why you’re building an API
- Who you’re building it for
- What makes you unique
Only the ingredients should be secret – don’t forget to evangelize your “specialness”
@LINDYBRANDON
BE INCOMPREHENSIBLE
•“Worst documented audio API in history”CoreAudio
•“The Worst API Ever Made”
Event Tracing for Windows
@LINDYBRANDON
OR.. STRIVE FOR CLARITY
Applying the 3-30-3 rule to APIs:
3 seconds to understand what the
API does
30 seconds to find the endpoint
3 minutes to be up and running
@LINDYBRANDON
CHANGE YOUR MIND
• “Twitter's access token limit claims another victim”
• “One closed API at a time, the era of the open web is waning.”
Netflix
• “Most small developers without deep pockets or ample time likely won’t be able to partake”LinkedIn
@LINDYBRANDON
OR… BUILD YOUR LONG-TERM STRATEGY TODAY Launch your API after answering these questions:
What does success look like?
Which audience contributes to that success – developer or end-user?
What is the impact to our audience if we change strategies?
Changing your business strategy is not the same as versioning your API
@LINDYBRANDON
DON’T WORRY ABOUT SECURITY
• “Your average developer can build something in a day’s time that interacts with Snapchat’s API and saves everything that comes through it”Snapchat
• “Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user"Tinder
@LINDYBRANDON
OR… BUILD SECURITY INTO YOUR PLANS Identify your weak points and vulnerabilities
Don’t expose specific or personal information unless absolutely necessary
Include safeguards (like rate limits)
Don’t ignore warnings
Leaving security up to someone else is your first major security flaw
@LINDYBRANDON
DON’T WORRY ABOUT THE BACKEND
• “Since its official debut yesterday, Apple Maps has been nearly universally heralded as a disaster.”Apple
Maps
• “Pulling wrong data with the API is a major issue!"
Google PPC
@LINDYBRANDON
OR…MAKE SURE YOUR DATA/SERVICE ROCKS Take responsibility for ensuring your secret sauce is tasty
Validate both the API and the responses it gives
Spend release cycles on improvements, not reworks
If the API returns incorrect information, it is a reflection on the API itself
@LINDYBRANDON
NOW… HOW TO SUCCEED
Be unique in some way
Be easy to understand and adopt
Have a short-term and long-term plan
Identify security risks and plug them before you launch
Make sure your backend is as good as your API itself
@LINDYBRANDON