This website is currently dormant!
RSS

API Definitions News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API definition conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is defining not just their APIs, but their schema, and other moving parts of their API operations.

Details About The 52 Online Services I Depend On

I went through all the online services I use, and made sure all of them are listed, and I understood more about why and how I use a service. So far I have 52 servies I depend on, providing a pretty good map of my online domain.

3Scale

  • Why do I use this service? API Management
  • What content do I generate via this service? user, access and traffic logs
  • Do I pay for this service? - Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes via email
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? No
  • Do I currently integrate with this services API? - No

about.me

  • Why do I use this service? - Profile Page
  • What content do I generate via this service? None
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes - http://about.me/developer/sdk/docs/
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Alchemy API

  • Why do I use this service? - Text Extraction
  • What content do I generate via this service? None
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes 
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Amazon Web Services (AWS)

  • Why do I use this service? - Central hosting and stroge
  • What content do I generate via this service? None
  • Do I pay for this service? Yes
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Angellist

  • Why do I use this service? - Business Profile
  • What content do I generate via this service? None
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes  https://angel.co/api
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Anypoint Platform

  • Why do I use this service? API Management
  • What content do I generate via this service? APIs
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Apiary.io

  • Why do I use this service? API Design
  • What content do I generate via this service? APIs
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

AT&T

  • Why do I use this service? - Mobile Phone
  • What content do I generate via this service? None
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Crunchbase

  • Why do I use this service? - Business Profile
  • What content do I generate via this service? Profile
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Disqus

  • Why do I use this service? - Commenting
  • What content do I generate via this service? Comments
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Dropbox

  • Why do I use this service? - Storage
  • What content do I generate via this service? Files
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - Yes
  • Do I currently integrate with this services API? - No

Drupal

  • Why do I use this service? - Nothing
  • What content do I generate via this service? None
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Dwolla

  • Why do I use this service? - Payments
  • What content do I generate via this service? Payments
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

DZone

  • Why do I use this service? - Blog Syndication
  • What content do I generate via this service? Blog Syndication
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

EventBrite

  • Why do I use this service? - Event Management
  • What content do I generate via this service? Events
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Evernote

  • Why do I use this service? - Notetaking
  • What content do I generate via this service? Notes
  • Do I pay for this service? Yes
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - Yes
  • Do I currently integrate with this services API? - No

Facebook

  • Why do I use this service? - Social
  • What content do I generate via this service? Messages, Photos, Videos, Friends
  • Do I pay for this service? No
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Flickr (Yahoo)

  • Why do I use this service? - Manage photos
  • What content do I generate via this service? Photos
  • Do I pay for this service? No
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Foursquare

  • Why do I use this service? - Track my locations
  • What content do I generate via this service? Checkins, Photos
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

FullContact

  • Why do I use this service? - Contact Profling
  • What content do I generate via this service? Profile
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Geeklist

  • Why do I use this service? - Developer Profile
  • What content do I generate via this service? Profile
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Github

  • Why do I use this service? - Manage all projects
  • What content do I generate via this service? Websites, Code
  • Do I pay for this service? Yes
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Gliffy

  • Why do I use this service? - Diagramming
  • What content do I generate via this service? Diagrams
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

GoDaddy

  • Why do I use this service? - Domain Management
  • What content do I generate via this service? Domains
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - Yes
  • Do I currently integrate with this services API? - No

Google

  • Why do I use this service? - Primary account
  • What content do I generate via this service? Email, Contacts, Calendar, Documents
  • Do I pay for this service? No
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - Yes
  • Do I currently integrate with this services API? - Yes

Hacker News

  • Why do I use this service? - News syndication
  • What content do I generate via this service? Bookmarks
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Hover

  • Why do I use this service? - Domain Management
  • What content do I generate via this service? Domains
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

IFTTT

  • Why do I use this service? - Automation
  • What content do I generate via this service? Jobs
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Instaper

  • Why do I use this service? - Reading service
  • What content do I generate via this service? Bookmarks
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Klout

  • Why do I use this service? - Social Ranking
  • What content do I generate via this service? No
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No
  • Laneworks - http://control.laneworks.net/admin/

Lanyrd

  • Why do I use this service? - Event discovery
  • What content do I generate via this service? Events
  • Do I pay for this service? No
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

LinkedIn

  • Why do I use this service? - Social
  • What content do I generate via this service? Messaging, Links
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Mashape

  • Why do I use this service? - API Management
  • What content do I generate via this service? API Profiles
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Meetup

  • Why do I use this service? - Event Discovery
  • What content do I generate via this service? Events
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Mega

  • Why do I use this service? - File Storage
  • What content do I generate via this service? Files
  • Do I pay for this service? No
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Noun Project

  • Why do I use this service? - Image Discovery
  • What content do I generate via this service? Images
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Paypal

  • Why do I use this service? - Payments
  • What content do I generate via this service? Payments
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Pinboard

  • Why do I use this service? - Bookmarking
  • What content do I generate via this service? Bookmarks
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Plancast

  • Why do I use this service? - Event discovery
  • What content do I generate via this service? Events
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Quora

  • Why do I use this service? - QA
  • What content do I generate via this service? Questions, Answers
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Reddit

  • Why do I use this service? - Bookmarking
  • What content do I generate via this service? Bookmarks
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Serve

  • Why do I use this service? - Payments
  • What content do I generate via this service? Payments
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Soundcloud

  • Why do I use this service? - Audio Discovery
  • What content do I generate via this service? Audio Files
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Square

  • Why do I use this service? - Payments
  • What content do I generate via this service? Payments
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

Stack Overflow

  • Why do I use this service? - QA
  • What content do I generate via this service? Question, Answers
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

StumbleUpon

  • Why do I use this service? - Bookmarks
  • What content do I generate via this service? Bookmarks
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Thingiverse

  • Why do I use this service? - 3D Printing
  • What content do I generate via this service? 3D Designs
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Tumblr

  • Why do I use this service? - Blogging
  • What content do I generate via this service? Blog
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - Yes
  • Do I currently integrate with this services API? - No

Twitter

  • Why do I use this service? - Tweeting
  • What content do I generate via this service? Tweets, Friends
  • Do I pay for this service? No
  • Does this service provide data portability? - Yes
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

VectorStock

  • Why do I use this service? - Stock Images
  • What content do I generate via this service? Images
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - No
  • Does this service have an API? - No
  • Does this service offer oAuth? - No
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Yahoo

  • Why do I use this service? - Profile
  • What content do I generate via this service? Profile
  • Do I pay for this service? No
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - No

Zapier

  • Why do I use this service? - Automation
  • What content do I generate via this service? Jobs
  • Do I pay for this service? Yes
  • Does this service provide data portability? - No
  • Can I terminate my use of this service? - Yes
  • Does this service have an API? - Yes
  • Does this service offer oAuth? - Yes
  • Does this service offer 2 Factor Authentication? - No
  • Do I currently integrate with this services API? - Yes

I think I will need to build some sort of tracking system for the services I use. Something that runs on Github, and can be forked by anyone, and made public or private. 

I'll update this as I add new ones. I know there are more servies I use, but it is hard to remember all of them.


Reclaim Profile For Each Service I Depend On

As I’m going through each of the 50+ services I depend on, and change my password this weekend, I want to apply a little critical reclaim my domain thinking to each service as I pass through. I’m not naive to think I will be able to reclaim 100% of my domain, but I should have a bar defined, of what I expect from each provider in the area of domain management.

What is the the minimum I need to know about each online service I depend on?

  • Why do I use this service?
  • What content do I generate via this service? (ie. Messages, Images, Videos)
  • Do I pay for this service?
  • Does this service provide data portability? (Download of settings and content)
  • Can I terminate my use of this service?
  • Does this service have an API?
  • Does this service offer oAuth?
  • Does this service offer 2 Factor Authentication?
  • Do I currently integrate with this services API?

That will do for now. Eventually I’m sure I will have more questions I will need to ask, but for this round I am just looking to generate a profile each service and identify whether or not they have an API.

By establishing a Reclaim Profile for each online service, I will have mapped out my online domain--where I exist online, and potentially where I generate content and other information I may want to reclaim.


API Definitions: How Do They Model REST?

Last week at #APIStrat Amsterdam, I moderated, and presented in a session that was called API service descriptions. I gave the talk for the first 15 minutes, then Sumit Sharma (@sumitcan), Ole Lensmar (@olensmar), and Ruben Verborgh (@RubenVerborgh) followed me-- the full video is on Youtube if you are interested.

Over the last couple months I've been doing a deeper dive into the area of API design, with a specific look at API definition formats from API Blueprint, RAML and Swagger, so the session was intended to help me continue the conversation, in person, on the stage at #APIStrat Amsterdam. I'm happy I did, because Ole came to the table with some valuable data on API definitions, that save me some valuable research hours.

I'm breaking up his work into several smaller posts, you can find his full deck on slideshare, next up after API Definitions: What Is Behind The Name?, is a side by side comparison of how Blueprint, RAML and Swagger each model REST:

 

API-Blueprint

RAML

Swagger

Resources

X

X

X (“api”)

Methods/Actions

X (“action”)

X (“method”)

X (“operation”)

Query Parameters

X

X

X

Path/URL Parameters

X

X

X

Header Parameters

X

X

X

Representations

(status codes, mime-types)

X

X

X

Documentation

X

X

X

Authentication

 

Basic, Digest, Oauth 1&2, (*)

Basic, API-Key, OAuth 2

Representation Metadata

<any> (inline)

<any> (inline/external)

JSON Schema (subset)

Nested Resources

X

X

 

Composition/Inheritance

Resource Models

Traits, Resource Types

 

File inclusions

 

X

 

API Version metadata

 

X

X

Sample Representations

X

X

 

Ole provides a nice overview of the three leading API definition formats, giving API providers a good side-by-side summary that can be used when deciding which format to support. I will work with Ole to help keep the numbers up to date, and include in my final research white paper for API design when finished.

Thank you too Ole Lensmar (@olensmar) and Smartbear Software for doing this research, and allowing me to share it with you.


I Am Up To 34 APIs Out Of The Netherlands

As we gear up for API Strategy & Practice in Amsterdam, March 24-26th, I’m spending my time getting to know API companies across Europe. I published a listing of APIs I found from the United Kingdom a few days ago, and next up is taking a look at what APIs are coming out of the Netherlands.

Last week I did a roundup of 17 APIs out of the Netherlands, but thanks to Twitter, and specifically Gerard van Enk (@gvenk) who was curating a spreadsheet of APIs, I was able to double the amount of APIs I'm tracking on out of the country.


Arts Holland

Arts Holland is a consortium of three leading players in the field of arts, culture, new media and tourism. The institutes part of this consortium are the Netherlands Board of Tourism & Conventions, Netherlands Uitburo and Waag Society. Together with organizations in the field of arts, culture, communication, transport, creative industry and technology, a series of tools will be developed that will guide any arts lover through the high-brow cultural landscape Holland has to offer to it’s visitors. The Arts Holland data platform, developer's site and SPARQL tutorial are created and hosted by Waag Society.


BOL.com

The bol.com Open API gives you access to the complete range of the biggest online store in the Netherlands. Use bol.com data into your own concept or application and earn money through the affiliate program bol.com.


CitySDK

The CitySDK Linked Open Data Distribution API is a linked data distribution platform. Developed by Waag Society, the distribution API is a component of the CitySDK toolkit. This toolkit supports the development of open and interoperable interfaces for open data and city services in eight European cities (Amsterdam, Helsinki, Manchester, Lisbon, Istanbul, Lamia, Rome and Barcelona).


Cloudspeakers

The Cloudspeakers API is a REST API and makes it possible for developers to access the data of Cloudspeakers. Cloudspeakers tries to match all found reviews, audio and video files to the MusicBrainz database. MusicBrainz is a community music metadatabase that attempts to create a comprehensive music information site.


Democracy API

The Democracy API enables developers to interact with the Democracy web site programmatically. It's designed to make it possible for anyone to improve Democracy or integrate Democracy into other applications. You can develop a Democracy interface for a mobile phone, build a Democracy widget for your blog, or develop an application that makes it easy to post photos to your feed from your iPhone.


Distimo

Distimo has a very clear objective: to make the app market transparent. The company was born out of the frustration of a lack of insights into the performance of apps and the manual work needed to track important metrics. Our goal is to provide the best and most actionable app intelligence for anyone who wants to compete in the app market. Our data-driven team seeks to help developers, brands and financial services companies gain actionable, timely and factual knowledge of what’s happening daily in the global app market.


Drillster

The Drillster API enables any developer to write applications that interact with Drillster. The API is based on the principles of REST, and comes in both an XML and a JSON flavor. Authentication is taken care of by the OAuth 2.0 protocol. Non-commercial use is free of charge, but commercial use requires prior arrangement.


Dutch Parliament

Digitization of collections creates new opportunities for cooperation. Are you interested in offering collections of KB through your own online channels? Want your digital collection enrich our datasets?


Dutch Schools

The educational system in the Netherlands is complex, and many public bodies are tasked with keeping schools and students on the right track. However, data regarding this task is made available to the general public in a way it is not easily processable, which makes checks by the public (and press) more difficult. The OpenOnderwijs API alleviates this problem by providing a unified interface to data on education collected from several institutions with different responsibilities with regard to the Dutch educational system, such as DUO, Onderwijsinspectie and Vensters voor Verantwoording. The OpenOnderwijs API is built on open source technology, such as Scrapy for scraping school data (the scrapers can be found at Github), Sphinx for the documentation, and ElasticSearch for efficient data storage and retrieval. Also, all school addresses are geocoded using the BAG42 service, an Dutch initiative aiming to integrate high quality, official data sources with “regular” geocoding.


ElasticSearch

Elasticsearch is on a mission to organize data and make it easily accessible. The company delivers the world’s the most advanced open source search and analytics engine available and make real-time data exploration available to anyone. By having a laser focus on achieving the best user experience imaginable, Elasticsearch has become one of the most popular and rapidly growing open source solutions in the market. Today, Elasticsearch is used by thousands of enterprises in virtually every industry. We take good care of our customers and users, providing production support, development support and training worldwide.


Geosophic

Geosophic is the gaming platform that allows you to get behavior analytics from your players while offering them new engagement triggers in the form of geolocated leaderboards. Geosophic is your ‘neighbourhood arcade’ of the mobile age. Our location based leaderboards allow gamers to show off that they’re the best in their cities, countries as well as the whole world. They also include customized game recommendations (performance advertising) which creates a new monetization channel for the developers


Ikdoe API

The Ikdoe API is a RESTful API. Since ikdoe is all about activities, the only resource we provide through this api is the activity resource. At the moment we only support XML as response format, but might support additional formats in the future.


Incubate

Incubate has launched the Incubate API to make all festival-data available for use in apps, websites or even art created by Incubate-minded developers. The Incubate API is an Ally API, a REST oriented JSON Web Service Interface to communicate with the Ally database. Information about artists, time schedules, venues or the latest festival news can be easily collected using the API.


Layar

Layar B.V. designs and develops mobile phone application. It offers Layar, a mobile augmented browser that provides information on top of the camera display view in various categories, including eating and drinking, entertainment and leisure, games, government, health care, local search and directory services, real estate, retail, schools and universities, social networks and communities, tourism, transportation, and weather.


Mobypicture

Share your adventures instantly with your friends. Mobypicture enables users to share photos, video, text and audio directly to their friends on their favorite social sites like Flickr, Facebook, YouTube, Wordpress, Twitter and many more. Mobypicture supports groups, geolocation and a lot of extra features.


MoneyBird

MoneyBird is an online service providing fast and easy billing. You can create, manage and send invoices, but also manage your contacts, send recurring invoices and manage your expenses. PayPal integration available to enable your contacts to pay even faster!


MovieMeter

The MovieMeter API is a XML-RPC webservice which you can use to retrieve film information in Dutch. This API is not intented to provide a complete set of MovieMeter functionalities, for instance the API doesn't provide operations to log in, vote or place new messages. You are allowed to create a website or application which has a primary goal of showing MovieMeter information. However, you must make it clear that while you're application uses our information, it's not made by MovieMeter. Also don't name your application "MovieMeter" or something similar. The application or website must be free of charge and ads. If you don't comply to these rules, your access to the API could be revoked.


Nimbuzz

Nimbuzz is the free call and messaging app for the connected generation. Nimbuzz combines the powers of the Internet and mobile communications into one, and lets you meet, share and connect with family and friends on any mobile device. Nimbuzz users enjoy the freedom of communicating with friends between any internet enabled device, from mobile to mobile, mobile to PC/Mac and vice versa, harnessing the power of the Internet (Wi-Fi, 3G, 2G, GPRS). With its mobile, Web, Wap and desktop clients, Nimbuzz is available on thousands of the worlds’ most popular devices across all major platforms – Nokia Symbian, iPhone, iPod touch, Android, BlackBerry, J2ME, as well as Windows and Mac desktop computers. Social networks & communities supported by Nimbuzz include, Facebook®, GoogleTalk , Twitter, Yahoo!.


NS API

NS has a large amount of data with information on the planned and actual schedules. We make this information like available to developers with a RESTful API. NS API currently features the following services: Prices, Live departures, Faults and activities, the station list of all stations in the Netherlands including geodata, Travel advice from station to station.


OIPA

OIPA is a framework that provides a rich and usable API for parsing, ingesting, storing and searching IATI standard compliant datasets.


Open Images

Open Images is an open media platform that offers online access to audiovisual archive material to stimulate creative reuse.


Openkvk

openkvk.nl is a database created from a collection of data from various sources including kvk.nl , belastingdienst.nl and rechtspraak.nl . These sources are public and subject to the legal publication and conditions. To get the data from these sources to integrate into this system and make searchable we run daily maintenance queries, and quarterly we refresh the sources completely.


PeerReach

Peerreach is an Amsterdam-based social media startup that provides an influence metric that measures your influence within different areas of expertise. The Peerreach algorithm is similar to the pagerank algorithm that Google uses to identify influential websites.


Postcode API

The Dutch postal codes, addresses and locations, since early 2012 public data. We believe that public data should be accessible via accepted standards. Really open And that everyone has access to that data, and that data can be used. The Postcode API gives you free and easy access to the postcode database of the Land Registry.


React.com

React.com offers web services to connect your web site or mobile application with a continuously growing broad selection of social networks. For quick integration we offer hosted services which will allow you to directly use social network functionality by just adding HTML to your website. No need to ask your users for passwords and profiles, let them register and log in with their social network accounts through social sign-in integration.


ReadSpeaker

ReadSpeaker speech-enables online content on the fly in 35+ languages and 100+ voices. In 1999, ReadSpeaker pioneered the first-ever speech-enabling application for websites. Today, the company provides a portfolio of web-based text-to-speech solutions for websites, mobile sites, mobile apps, RSS feeds, online documents and forms, as well as online campaigns. Its solutions are used by over 5000 corporate, media, government, and nonprofit customers around the world.


Rijksmuseum API

The Rijksmuseum API (Application Programming Interface) is a new, state-of-the-art service for application developers. Using the API allows the Rijksmuseum collection and other content, and (high resolution) images available for use in, for example apps or web applications.


Springest

Springest is a Dutch continuing education service that helps users find and compare courses, books, articles, training courses using search and filter capabilities. The Springest API opens up all of the searchable data from Springest to users. Users can query for training guides, courses, and other content as well as integrate it into programs. The service uses REST calls and returns XML or JSON.


The Wrds API

With Wrds API you can link your own program Wrds . You can let the program then lists Wrds add , view, edit , and remove them . For example, if you want a MSN-bot that you hear derogatory words about you , then you can use this API .


Total Film

Total Film provides developers free access to its movies on TV database through an API. With this, the total supply of television films for today and tomorrow can be obtained. More APIs will be released in the future.


TwitterCounter

 

TwitterCounter is Feedburner for Twitter.

TwitterCounter tracks Twitter users and displays attractive stats to everybody interested. Bloggers can add a simple button displaying the number of Followers they have on Twitter.

Thousands of blogger currently display the TwitterCounter button which links to their personal stats page at Twittercounter.com. All these buttons drive traffic to TwitterCounter which shows simple text ads next to the Twitter stats. This creates a positive feedback loop of increasing members, traffic and ad views.

 


Viewbook

Viewbook exposes an API for 3rd party tools to enhance Viewbook using the Flickr REST style API for it's request and response formats. Viewbook uses Flickr's REST implementation. Requests and responses are the same (with a few minor differences, see below), so you can follow the documentation at Flickr to implement the Viewbook API.


Weather API

This is a very basic JSON API for very basic weather data from the Royal Netherlands Meteorological Institute. The KNMI offers no simple API for simple data, so I built this one, which scrapes their website. Currently, it only offers a single API call, for the latest weather observations at 36 monitoring stations.


Webservices.nl

Webservices.nl has a mission to raise. Data quality of Dutch companies at the highest level to make this possible, it offers a variety of convenient online data services, which every company cheap and simple data data to validate and enrich.


What I see when I look through these 34 APIs, is a wealth of creative talent exposing their resources as APIs. You have art, museums, images, photos, music and other right brain activity. 

With multiple Paris API events, and a single API event in Madrid so far, I'm very pleased with the types of API conversations going on in Europe, and getting really excited to see who comes together to talk APIs in Amsterdam. 

I’m sure there are still other Dutch API efforts I’m missing, so if you know of any companies with a significant presence in the Netherlands, doing cool stuff with APIs, make sure and let me know@kinlane.


APIs Coming Out Of The Netherlands

As we gear up for API Strategy & Practice in Amsterdam, March 24-26th, I’m spending my time getting to know API companies across Europe. I published a listing of APIs I found from the United Kingdom a few days ago, and next up is taking a look at what APIs are coming out of the Netherlands.

You tend to not think of what country an API is from, unless its attached to public infrastructure, or a company is extremely vocal about their home country. I confess that I couldn’t name a single API from Amsterdam before this week, but now I notice that Distimo, Drillster, ElasticSearch, Peerreach, and TwitterCounter were all out of the Netherlands, and were APIs I am already familiar with.

I was able to easily find 17 separate APIs out of the Netherlands:


Arts Holland

Arts Holland is a consortium of three leading players in the field of arts, culture, new media and tourism. The institutes part of this consortium are the Netherlands Board of Tourism & Conventions, Netherlands Uitburo and Waag Society. Together with organizations in the field of arts, culture, communication, transport, creative industry and technology, a series of tools will be developed that will guide any arts lover through the high-brow cultural landscape Holland has to offer to it’s visitors. The Arts Holland data platform, developer's site and SPARQL tutorial are created and hosted by Waag Society.


BOL.com

The bol.com Open API gives you access to the complete range of the biggest online store in the Netherlands. Use bol.com data into your own concept or application and earn money through the affiliate program bol.com.


Democracy API

The Democracy API enables developers to interact with the Democracy web site programmatically. It's designed to make it possible for anyone to improve Democracy or integrate Democracy into other applications. You can develop a Democracy interface for a mobile phone, build a Democracy widget for your blog, or develop an application that makes it easy to post photos to your feed from your iPhone.


Distimo

Distimo has a very clear objective: to make the app market transparent. The company was born out of the frustration of a lack of insights into the performance of apps and the manual work needed to track important metrics. Our goal is to provide the best and most actionable app intelligence for anyone who wants to compete in the app market. Our data-driven team seeks to help developers, brands and financial services companies gain actionable, timely and factual knowledge of what’s happening daily in the global app market.


Drillster

The Drillster API enables any developer to write applications that interact with Drillster. The API is based on the principles of REST, and comes in both an XML and a JSON flavor. Authentication is taken care of by the OAuth 2.0 protocol. Non-commercial use is free of charge, but commercial use requires prior arrangement.


Dutch Parliament

Digitization of collections creates new opportunities for cooperation. Are you interested in offering collections of KB through your own online channels? Want your digital collection enrich our datasets?


Dutch Schools

The educational system in the Netherlands is complex, and many public bodies are tasked with keeping schools and students on the right track. However, data regarding this task is made available to the general public in a way it is not easily processable, which makes checks by the public (and press) more difficult. The OpenOnderwijs API alleviates this problem by providing a unified interface to data on education collected from several institutions with different responsibilities with regard to the Dutch educational system, such as DUO, Onderwijsinspectie and Vensters voor Verantwoording. The OpenOnderwijs API is built on open source technology, such as Scrapy for scraping school data (the scrapers can be found at Github), Sphinx for the documentation, and ElasticSearch for efficient data storage and retrieval. Also, all school addresses are geocoded using the BAG42 service, an Dutch initiative aiming to integrate high quality, official data sources with “regular” geocoding.


ElasticSearch

Elasticsearch is on a mission to organize data and make it easily accessible. The company delivers the world’s the most advanced open source search and analytics engine available and make real-time data exploration available to anyone. By having a laser focus on achieving the best user experience imaginable, Elasticsearch has become one of the most popular and rapidly growing open source solutions in the market. Today, Elasticsearch is used by thousands of enterprises in virtually every industry. We take good care of our customers and users, providing production support, development support and training worldwide.


Geosophic

Geosophic is the gaming platform that allows you to get behavior analytics from your players while offering them new engagement triggers in the form of geolocated leaderboards. Geosophic is your ‘neighbourhood arcade’ of the mobile age. Our location based leaderboards allow gamers to show off that they’re the best in their cities, countries as well as the whole world. They also include customized game recommendations (performance advertising) which creates a new monetization channel for the developers


Nimbuzz

Nimbuzz is the free call and messaging app for the connected generation. Nimbuzz combines the powers of the Internet and mobile communications into one, and lets you meet, share and connect with family and friends on any mobile device. Nimbuzz users enjoy the freedom of communicating with friends between any internet enabled device, from mobile to mobile, mobile to PC/Mac and vice versa, harnessing the power of the Internet (Wi-Fi, 3G, 2G, GPRS). With its mobile, Web, Wap and desktop clients, Nimbuzz is available on thousands of the worlds’ most popular devices across all major platforms – Nokia Symbian, iPhone, iPod touch, Android, BlackBerry, J2ME, as well as Windows and Mac desktop computers. Social networks & communities supported by Nimbuzz include, Facebook®, GoogleTalk , Twitter, Yahoo!.


PeerReach

Peerreach is an Amsterdam-based social media startup that provides an influence metric that measures your influence within different areas of expertise. The Peerreach algorithm is similar to the pagerank algorithm that Google uses to identify influential websites.


Postcode API

The Dutch postal codes, addresses and locations, since early 2012 public data. We believe that public data should be accessible via accepted standards. Really open And that everyone has access to that data, and that data can be used. The Postcode API gives you free and easy access to the postcode database of the Land Registry.


ReadSpeaker

ReadSpeaker speech-enables online content on the fly in 35+ languages and 100+ voices. In 1999, ReadSpeaker pioneered the first-ever speech-enabling application for websites. Today, the company provides a portfolio of web-based text-to-speech solutions for websites, mobile sites, mobile apps, RSS feeds, online documents and forms, as well as online campaigns. Its solutions are used by over 5000 corporate, media, government, and nonprofit customers around the world.


Rijksmuseum API

The Rijksmuseum API (Application Programming Interface) is a new, state-of-the-art service for application developers. Using the API allows the Rijksmuseum collection and other content, and (high resolution) images available for use in, for example apps or web applications.


Springest

Springest is a Dutch continuing education service that helps users find and compare courses, books, articles, training courses using search and filter capabilities. The Springest API opens up all of the searchable data from Springest to users. Users can query for training guides, courses, and other content as well as integrate it into programs. The service uses REST calls and returns XML or JSON.


TwitterCounter

 

TwitterCounter is Feedburner for Twitter.

TwitterCounter tracks Twitter users and displays attractive stats to everybody interested. Bloggers can add a simple button displaying the number of Followers they have on Twitter.

Thousands of blogger currently display the TwitterCounter button which links to their personal stats page at Twittercounter.com. All these buttons drive traffic to TwitterCounter which shows simple text ads next to the Twitter stats. This creates a positive feedback loop of increasing members, traffic and ad views.

 


Weather API

This is a very basic JSON API for very basic weather data from the Royal Netherlands Meteorological Institute. The KNMI offers no simple API for simple data, so I built this one, which scrapes their website. Currently, it only offers a single API call, for the latest weather observations at 36 monitoring stations.


I noticed numerous open data portals as I was doing my research into APIs out of the Netherlands, which I will showcase in a separate post—you can tell there is a serious passion for open data in the country.

I’m sure there are other Dutch API efforts I’m missing, so if you know of any companies with a significant presence in the Netherlands, doing cool stuff with APIs, make sure and let me know @kinlane.


What Are The Common Building Blocks of API Integration?

I started API Evangelist in 2010 to help business leaders better understand not just the technical, but specifically the business of APIs, helping them be successful in their own API efforts. As part of these efforts I track on what I consider the building blocks of API management. In 2014 I'm also researching what the building blocks are in other areas of the API world, including API design, deployment, discovery and integration.

After taking a quick glance at the fast growing world of API integration tools and services, I've found the following building blocks emerging:

Pain Point Monitoring
Documentation Monitoring - Keeping track of changes to an APIs documentation, alerting you to potential changes in valuable developer API documentation for single or many APIs
Pricing Monitoring - Notifications when an API platform's pricing changes, which might trigger switching services or at least staying in tune with the landscape of what is being offered
Terms of Use Monitoring - Updates when a company changes the terms of service for a particular platform and providing historical versions for comparison
Authentication
oAuth Integration - Provides oAuth integration for developers, to one or many API providers, and potentially offering oAuth listing for API providers
Provider / Key Management - Management of multiple API platform providers, providing a secure interface for managing keys and tokens for common API services
Integration Touch Points
API Debugging - Identifying of API errors and assistance in debugging API integration touch points
API Explorer - Allowing the interactive exploring of API providers registered with the platform, making calls and interacting and capturing API responses
API Feature Testing - The configuring and testing of specific features and configurations, providing precise testing tools for any potential use
API Load Testing - Testing, with added benefit of making sure an API will actually perform under a heavy load
API Monitoring - Actively monitoring registered API endpoints, allowing real-time oversight of important API integrations endpoints that applications depend on
API Request Actions
API Request Automation - Introducing other types of automation for individual, captured API requests like looping, conditional responses, etc.
API Request Capture - Providing the ability to capture a individual API request
API Request Commenting - Adding notes and comments to individual API requests, allowing the cataloging of history, behavior and communication around API request actions
API Request Editor - Allowing the editing of individual API requests
API Request Notifications - Providing a messaging and notification framework around individual API requests events
API Request Playback - Recording and playing back captured API requests so that you can inspect the results
API Request Retry - Enabling the ability to retry a captured API request and play back in current time frame
API Request Scheduling - Allowing the scheduling of any captured API request, by the minute, hour, day, etc.
API Request Sharing - Opening up the ability to share API requests and their results with other users via email, or other means
Other Areas
Analytics - Visual analytics providing insight into individual and bulk API requests and application usage
Code Libraries - Development and support of code libraries that work with single or multiple API providers
Command Line - Providing a command line (CL) interface for developers to interact with APIs
Dashboard - Web based dashboard with analytics, reports and tools that give developers quick access to the most valuable integration information
Gateway - Providing a software gateway for testing, monitoring and production API integration scenarios
Geolocation - Combining of location when testing and proxying APIs from potentially multiple locations
Import and Export - Allowing for importing and exporting of configurations of captured and saved API requests, allowing for data portability in testing, monitoring and integrationPublish - Providing tools for publishing monitoring and alert results to a public site via widget or FTP
LocalHost - Opening up of a local web server to a public address, allowing for webhooks and other interactions
Rating - Establishment of a ranking system for APIs, based upon availability, speed, etc.
Real-Time - Adding real-time elements to analytics, messaging and other aspects of API integration
Reports - Common reports on how APIs are being used across multiple applications and user profiles
Teams - Providing a collaborative, team environment where multiple users can test, monitor and debug APIs and application dependencies
Workflow - Allowing for the daisy chaining and connecting of individual API request actions into a series of workflows and jobs

What else are you seeing? Which tools and services do you depend on when you are integrating one or many APIs into your applications? What tools and services would you like to see?

I'm looking at the world of API design right now, but once I'm done with that research, I will be diving into API integration again, trying to better understand the key players, tools, services and the building blocks they use to get things done.


An API Evangelist Review Of Your API

Over the last 3 years I have looked at all the APIs available in ProgrammableWeb API directory, with about 2500 of which I monitor regularly. Throughout this process I've evolved an eye for what building blocks go into a successful API program.

When I review an existing API area or program, public or private, I spend as little or as much time as I need to look at an API initiative through the following 20 lenses:

  • Overview - The general look, feel and initial impression of an API at the high level.
  • Endpoints - Review of API endpoints, looking at the detail.
  • On-boarding - How easy is it to get up and going? Where is the friction?
  • Documentation - General API documentation review and critique.
  • Authentication - What is involved with authentication and security.
  • Code - A look at all available code libraries, SDKs, apps and language or platform availability.
  • Mobile - Is there a mobile fit and how does an API address this world.
  • Support - What do direct and indirect support practices look like and what are activity levels.
  • Communications - How are communications handled, and is it done in a transparent way.
  • Change Practices - How are updates, changes, and communication around the roadmap handled.
  • Business Model - What is the business model of an API, how does it make ends meet.
  • Resources - What resources are provided from how-to, case studies to videos and workshops.
  • Research & Development - Does an API reflect a research & development group.
  • Legal Department - Covering the legal areas of terms of use, privacy and branding.
  • Embeddable - How portable and embeddable are aspects of the API? Can it be distributed easily?
  • Environment - A look at the underlying environment of the API, sandboxing, testing, monitoring, etc.
  • Developers - What does this look like for a developer? What tools do we get to ensure success?
  • Consistency - How consistent are API endpoints and the support resources, and the overall operations.
  • Openness - If the API is public, to what degree of open are API efforts? 
  • Evangelism - What does outreach around the API look like, regarding events, social, storytelling, etc.

You can look across the building blocks I have listed for API management to get a better idea of the detail I'm looking for across API operations. These building blocks have been assembled through over 3 years of reviewing APIs, and can provide a good checklist to use when applying the above lenses.

Each review involves visiting an API area, applying the above 20 lenses, register and often times hack on an API. When done I write up a review report, which in many cases will be privately shared with a company and key stakeholders for review and discussion.

In some cases, when approved, I will publicly write up a review, providing a more polished view of an API area based upon final review report, and publish on my API Evangelist network of blogs.

The goal with a review is to better understand the balance of technology, business and politics going on within an API ecosystem, providing feedback that will help a company better achieve balance and success with their API initiative.


API and OAuth Literacy Is As Important As Financial Literacy in the API Economy

The primary mission of API Evangelist is to spread awareness of APIs amongst the masses, expanding the audience beyond just the IT crowd, and developer community. Initially I wanted to make sure business leaders understood the potential of APis, so that they funded API initiatives within their companies. In 2012 I feel that APIs have hit a critical mass, and while I still evangelize APIs to business leaders I'm shifting a portion of my focus to the average Internet user.

APIs impact almost every aspect of our daily lives from logging into Facebook on our mobile phones to purchasing gasoline at the corner gas station. As API usage spreads across business, the government and the Internet of Things (IoT), the everyday citizen will be using APIs more and more each day. While many of these citizens will never hack on an API at the code level, I'm seeing a need emerge for everyone individual to be aware of APIs, much like they need a certain level of economic and financial awareness in every day life.

When it comes to our world of finances, every single adult must have a certain level of awareness of how our financial system operates. You don't need to understand the inner workings of banking and global markets, but you need to know how to setup a bank account, apply for credit or debit cards, balance your checkbook and pay your taxes. As our lives move online and the API economy grows, our data is fast becoming the online currency on Internet platforms like Facebook, Twitter and Pinterest, the need for us to understand the mechanisms at play in this new digital economy increases.

Virtually every platform we use online employs APIs in some capacity. These platforms use APIs and often an open authentication standard called oAuth to allow us to give access to our data that resides on platforms to the applications and other systems we use daily. We login to news and media sites using our Facebook login, we give access to our Instagram photos to scrapbooking applications using oAuth and APIs and much more. If you use Facebook or Pinterest on your cell phone, you are using APIs daily.

Much like your bank accounts, you are giving access to your Facebook or Pinterest accounts to 3rd parties, and you don't want just any companies application to make deposits or withdrawals of information without your knowledge. This is where a certain level of awareness around APIs and oAuth comes into play. As an average user you may not need to actually handle an oAuth token or parse JSON, but you will initiate the oAuth flow regularly and potentially import and export JSON data between systems regularly.

In the API economy users will initiate potentially thousands of transactions daily, in contrast to the handful of transactions you may initiate via your credit cards and bank accounts. Yet we have less literacy around APIs than we do about these financial systems. We are giving financial management courses in high school and college, and are required to take them as part of debt management, divorce and bankruptcy cases. Similar awareness around APIs, security and privacy is needed for the average citizen in the Internet age.

When I tell developers or the technically savvy user that I'm educating the masses about APIs, they often state that there is no reason the average person will ever need to know about APIs. Consciously or subconsciously this is part of the current climate of Internet technology and the exploitative stance Silicon Valley investors have set into motion. The Facebooks and Twitters of the world do not want you understanding how your data is being accessed and transacted, because behind the curtain they are profiting from your information, which is the lifeblood, currency and value of the API economy.

I will continue to work for more API and oAuth literacy amongst the "normals", establishing at least a high level awareness of how the API economy works within in every online citizen, helping evolve toward a more web literate society, which will benefit everyone, even Silicon Valley--whether they like it or not.


OAuth 101

With APIs beginning to enter the mainstream consciousness, it is time to spend more time educating the masses about OAuth. We've had plenty of conversations between two of the OAuth legs, provider and developer, but we now need to bring the third leg into the conversation--the user.

First, what is OAuth? - An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.

Whether you like it or not, OAuth has become the industry standard for accessing resources, being served up via APIs, that are being consumed through desktop, web and the fast growing mobile space.

OAuth Platforms & Data Providers
If you are an online platform, OAuth is something you need to understand. At a minimum, if you require users to establish an account, you need to consider allowing users to create their accounts and login in the future using other popular OAuth providers like Facebook, Twitter and Google. Next if you want to provide access to your platform user's data via an API, you need to take a deeper dive into OAuth, and consider establishing yourself as an OAuth provider.

OAuth for Desktop, Web and Mobile Developers
In 2013, if you are a developer, you are probably using APIs. OAuth has been very intimidating for developers for quite some time, but with the increased availability of quality OAuth clients, better implementations and educational materials from API providers, and standardized approaches by startups like OAuth.io--OAuth is something you shouldn't fear anymore. You need OAuth as a default tool in your developer toolbox.

Everyday Online User
Like the term API, OAuth is something that should be added to the vocabulary of every tech savvy user. You should understand that OAuth exists, and that it gives you the ability to create accounts and login to your favorite platforms without filling out endless new forms and sharing your passwords unnecessarily. The platforms you use daily, like Facebook, Twitter, LinkedIn and Google all are OAuth providers, and you should leverage these providers to manage your online presence. The control is in your hands to securely manage your online persona using OAuth, and with a little education and maintenance you can ensure you profile(s) are secure, and only the providers you trust have access to your important data.

This is a first post in series of OAuth related information that is looking to educate the masses about the importance of OAuth. Hopefully increasing the number of quality OAuth providers, knowledgeable developers and OAuth aware online users--making OAuth something that is ubiquitous across the web, and enabling meaningful 3 legged conversations that make data accessible, incentivizes developers while protecting end-user's privacy.

I will be deploying an entirely new research project dedicated to OAuth, where I will work on stories about OAuth that hopefully resonate with the masses. As with my other research, it will take me a while to dial in. As I work to do this, I will curate the best stories and tools in the OAuth space, eventually trying to create a polished repository of OAuth resources that providers, developers and users will find valuable.


Simplifying oAuth With oAuth.io

Securely accessing API with oAuth can be one of the bigger pains in the ass for developers. Poor understanding of how oAuth works and often lack of good client libraries, can make API authentication a hurdle developers can't jump over.

Now developers don't have to stress out over oAuth. The tech savvy team over at Webshell.io has created a dead simple oAuth solution that allows you to integrate with over 70 of the common API providers, with just three lines of JavaScript, called oAuth.io.

What I like about oAuth.io the most, is that it is a true client side oAuth solution. With as many pure client-side, JavaScript, Single Page Apps I'm building, this type of oAuth solution just rocks!

I really enjoy dead simple solutions like oAuth.io, that take powerful, but complex things and abstracts away the complexity, making it something anyone can use. I recommend taking a look at oAuth.io and saving yourself the overhead of API integration using oAuth.

If that wasn't enough, It gets even better. They have also open sourced the oAuth.io core under the name oAuthd.

Nice work Webshell.io team!


Securing Your API 101

I get a lot of questions from folks about the why, when and how of securing an API. And in keeping in sync with my audience, I wanted to provide a plain english story of securing your API, avoiding  the often enterprise, service oriented architecture (SOA) jargon, which can confuse the situation for many who are just getting their feet wet.

So, you have created a basic API from your data or other resource, that returns XML or JSON for users--now you want to secure it. The reasons for securing your API will vary on a case by case basis. Your might be releasing data that you only want a handful of select people to access, or you might be looking to reduce the amount of server and bandwidth resources it takes to support an API, or you might just want to intimately understand who accesses an API and why and how they are using it. Or D) All The Above!

There are a handful of approaches to providing access to your API:

  • Open - Just keeping your API wide open, accessible to anyone who has the URL. Obviously this isn't secured, but provides contrast for other options
  • BasicAuth - Basic authentication is a native part of HTTP and the Internet, which employs a username / password combination that is passed when accessing an API, which the server then authenticates allowing or denying access
  • Key - Requiring an application or user key which is usually a combination of alpha and numeric characters, which is obtained by each developers through a API registration process, providing a unique access key for each consumer
  • oAuth - oAuth is an open authorization standard, that is usually employed when there is more sensitive, user specific data available via an API. oAuth is considered to be standard approach to securing API access, but increases the technical learning curve for API users

I'm also investigating another approach that is an alternative to API keys, which addresses the concerns around server and bandwidth overhead of open API access. Once I have more understanding, I will include as part of my educational materials.

If you are looking to just make sure you have some level of control over who accesses your API, a simple API key approach is recommended. An API key limits who has access, while also giving you a way to track the ways each user is interacting with your API. There are currently around 20 API management providers who specialize in providing API key solutions for API providers, as well as oAuth and Basic Authentication options. If you are looking for more help on securing your API, reach out to these providers.

If you are deploying an API for the federal government in the United States, there is also a new option from Data.gov, which provides you with a solution to the most common needs of API providers including API keys, rate limiting and analytics. I'm still working on adding this solution to my API management resources, and will have more analysis in the future.

This post is meant to be a very simple, non-technical overview of securing your API. If you are looking to do this on a tight budget, I recommend looking at 3Scale. They have a self-service, easy to implement process for getting going, but can also provide the support needed for scaling and evolving your solution.

When securing your API, make sure and remember that securing is not just about preventing unwanted access and abuse, but also provide you with insight into who and how developers and other users are accessing and using your data. This type of insight is critical to evolving your API strategy, so make sure you are not just securing, but also measuring and analyzing.


API Management Using Github

There are plenty of tools and services you can use to manage your API and its developer community. But there is no platform that provides as much benefit and versatility as Github.

Github is a social coding platform that developers have grown to love and respect. With a high level of adoption by developers, and the versatility of the features available on Github, API providers have developed many innovative ways to use the platform to manage an API.

I have documented eleven approaches to using Github for API management to date:

This list does not represent all the uses of Github for an API, but the approaches I've seen used by open API providers. Not all APIs are created or managed equally and these approaches to using Github can be applied in many different ways, even within private platforms.

Github is about social coding and file versioning, an approach that offers huge benefits to API management practices. You want all aspects of your API operations to be social and versioned allowing it to evolve over time--Github handles this like no other platform.

Consider Github as the core of your API operations and think about which of these eleven approaches you can use to make sure your API is as successful possible.


Evernote, OAuth and Zapier

One of the platforms I depend upon for my memory was hacked today. This afternoon, Evernote let everyone know that the platform was compromised and forced a reset of all passwords.

While I’d prefer all platforms I depend on could thwart any hacks, it seems like security breaches are becoming par for the course.

I appreciate that Evernote immediately forced a password reset and because I use the desktop app, I immediately was prompted to update my password.  

I also enjoy seeing the OAuth flow in action, where reciprocity providers like Zapier immediately take action.  By 2:57 PM I get an email from Evernote, letting me know of situation:

Next at 3:56 PM I receive an email from Zapier, letting me know I should have received email from Evernote and to check my connections:

I immediately update my OAuth token for Evernote, via the Zapier dashboard:

Next I get an email from Evernote, letting me know I’ve successfully been connected to Zapier.

I really like seeing OAuth in action. It makes me really evaluate how my network of cloud services can work together. OAuth and reciprocity services like Zapier help me integrate, automate and make my world go around in a secure way I can depend on.

There was a security breach today, on the Evernote platform, a service I depend on, but because of quick action by Evernote as well as Zapier, my Google Docs and Evernote integration has resumed, migrating vital data and content securely after only a minor disruption.


Social Network Authentication Using Singly (PHP Edition)

As an active user of a variety of cloud services I’ve become very accustom to authenticating using my social networks, such as Facebook, Twitter, LInkedin or Github, rather than creating yet another new account.

If I want access to an online service, and it allows me to authenticate using my social networks, I make a quick assumption on which one is best to use, click on link, give the application appropriate oAuth approval, and begin using the service. I can revoke their access at any time when I manage my oAuth permissions in the social network.

I want to make this default for users of my websites, apps and APIs--allowing them authenticate using six social networks:

Facebook Foursquare Github
Instagram LinkedIn Twitter

Singly has made this nice and easy!

Step 1 - Sign up for Singly

Step 2 - Create New Singly App

Step 3 - Create Social Network Apps. This part seems like it is a lot of work, but once done...it is sweet. You need to create an app for each one of the six social networks you will be allowing authentication:

Singly has great instructions to walk you through this process. It will only take you about 5-10 minutes. And once you are done, you will have one API key to access all six of these APIs.

I built a prototype PHP application that demonstrates this process, you can download on Github. Once downloaded, all you need to do is add your Singly app keys, and Site URL into the config file.

I provide six links with icons triggering the social network authentication via Singly:

Then I provide six separate authentication callback handlers. I keep them separate, because I intend to do separate handling for each social network within these callbacks in the near future.

All six callback handlers just set a session with your authentication information and redirect you back to home page for display. What’s next is up to you.

I will be adding more to this social network authentication prototype in the near future. A couple of things I would like to do is have a display profile widget and some sort of ranking of users by social network.


Google Reader API

One thing I love about Google, is the APIs. The apps I use most like Gmail, Calendar and Docs all have APIs, allowing me to write code that works my accounts and its data, and integrate it into other applications.

Well except for one application, Google Reader. Google has never made an API for Google Reader. It onlyallowsyou to use RSS feeds and sharing them publicly. I've always wanted to get at thewealthof knowledge that is curated daily in my Google Reader.

So I tend to look regularly to see if they have put one out. Tonight I came across a Google Code project that says it:

Hosts documentation and the issue tracker for the (unofficial) Google Reader API. It has a Googler working on it, that was from the reader team. It appears to be work in progress, but has activity in the last month.

Here are the pages currently up:
  • ApiSubscriptionEdit - Allows a stream to be subscribed to, unsubscribed from, or an existing subscription to be edited.
  • StreamId - Description of stream IDs exposed by the Google Reader API. "Streams" refer to collections of items in the Google Reader API. This includes feeds, items with a specific tag, or folders. Stream IDs are are string-based identifiers used to identify streams and are passed to many API methods.
  • ItemId - Description of item IDs exposed by the Google Reader API. Items in Reader are referenced by globally unique item IDs. IDs are generally derived from the <id> attribute in Atom feeds and the <guid> attribute in RSS feeds. In the absence of those, the item URL may be used to generat the ID. In cases where the feed does not provide IDs or URLs (or they are not deemed "trustworthy", e.g. if more than one item in the feed response has the same ID or URL), then the ID will be computed from a signature of certain feed item properties (title, body, etc.).
  • ApiStreamItemsIds - Given one or more StreamIds and fetching options, returns the IDs of the items in those Streams. Getting just item IDs is significantly cheaper than getting stream contents. If you need to do filtering of items, it is highly encouraged to do this at the ID level before fetching item contents for the subset of items that remain.
  • ApiStreamItemsContents - Given a collection of ItemIds and fetching options, returns the contents of those items.
  • ApiCommonInputs - Inputs that all API methods support
  • ActionToken - Describes XSRF-preventing action tokens.
  • ApiStreamContents - Given a StreamId and fetching options, returns the contents of the items in that Stream.
  • Authentication - Making authenticated requests with OAuth and ClientLogin
I'm going to make some time this weekend to play with more and write some code. I would like to rework my tagging system in Google Reader and drive information for sites that run in my new content management system.

I'm excited to finally see a potential API for Google Reader, and the possibility that they are not going to abandon one of my favorite tools.

Hunch's Clear Vision of Privacy and OAuth

Having a privacy policy on your API is an important part of making it clear to developers and end-users, where your company stands in regard to their data and personal privacy.

Just having a privacy policy is not enough, make sure it truly reflects your companies values, whats important to your users, and is in line with how you deploy your technology.

One shining example of this in the API space, is Hunch. Hunch's provides a 'Taste Graph' of the entire web, providing information on what people like; anything, from books to electronic gadgets to fashion or vacation spots.

Hunch is combining algorithmic machine learning with user-curated content, with the goal of providing better recommendations for everyone. The information they provide through their web application and API, is extremely valuable, as well as potentially very private.

Hunch's API privacy policy articulates their position very clearly:
Hunch takes our users' privacy very seriously. When using the API, Hunch returns predictions for users within the Taste Graph. Certain API calls can be made for any user, while other calls require the user to Hunch Connect before predictions will be returned. Our guiding principle for this distinction is whether the user's likes or facts about themselves are already made public on the internet.
Obviously the privacy of their users is very important, and they back this up by using OAuth as it is meant to be used. Giving users granular level control over who has access to their sensitive data, while still providing other, non-sensitive, rich data without authentication.

Hunch has a clear vision of API and data privacy in a space, where there is a lot of potential for abuse. An example that many other API providers should follow.

Also make sure and check out the privacy policy for their main site, they really lay it out honestly, and in plain english. I wish more technology providers would approach privacy this way.

Update: From my girl Audrey Watters @ RWW: Dixon made it clear that despite Hunch's ability to predict users' tastes that the company would never sell that data. "We have never made a data deal," said Dixon. Furthermore, people can only get predictive information about themselves.

If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.