APIs: A Strategy Guide
Dan Woods, Daniel Jacobson, Greg Brail
Programmers used to be the only people excited about APIs, but now a growing number of companies see them as a hot new product channel. This concise guide describes the tremendous business potential of APIs, and demonstrates how you can use them to provide valuable services to clients, partners, or the public via the Internet. You’ll learn all the steps necessary for building a cohesive API business strategy from experts in the trenches.
Facebook and Twitter APIs continue to be extremely successful, and many other companies find that API demand greatly exceeds website traffic. This book offers executives, business development teams, and other key players a complete roadmap for creating a viable API product.
• Learn about the rise of APIs and why your business might need one
• Understand the roles of asset owners, providers, and developers in the API value chain
• Build strategies for designing, implementing, and marketing your product
• Devise an effective process for security and user management
• Manage traffic and user experience with a reliable operating model
• Determine the metrics you need to measure your API’s success
developer communities to support those using the API Operational information about the health of the API and how much use it is getting Note Remember that the structure of the API is part of the contract. The contract is binding, and it cannot be changed casually. You should treat an API like a software product, taking into account versioning, backward compatibility, and ramp-up time to accommodate any new functionality. There should be a balance between supporting your existing base
the backend systems to make SQL injection impossible. Since it is not possible to prove with 100 percent certainty that all the programming is correct, it’s also important to stop SQL injection attempts before they get to backend systems. For example, an API gateway can be inserted between the client and the servers running the API that scans all incoming traffic, or certain input fields, for regular expression patterns that denote a possible SQL injection attempt. In other words, Joe Smith may
permissions and rights management system into the API. But that was not enough. Rights management starts with drawing up contracts and ensuring that content is tagged appropriately. Without these key steps, the rights management system cannot accurately withhold content that is prohibited for distribution. NPR took the following steps to create its rights management system. Contracts Before launching the API, NPR consulted with its legal team, reviewing existing contracts and its rights
down!) Another recent industry best practice is to use microblogging or social media services such as Twitter to report on status. If there is indeed a major problem with your infrastructure, it’s likely that someone will “tweet” about it, and in a negative way. By proactively informing your community of your status using those same tools, you don’t fix the problem but you do keep your community informed, which goes a long way towards ensuring good will and happy users. Figure 8-1. Twitter
Many public API programs focus heavily on building their own “developer community” and invest all their energy into building developer portals and forum content. While this is a great practice, don’t overlook the value of plugging your content into outside developer communities. These can include large existing developer communities for the target language (such as Ruby), the platform (such as Apple’s iOS) or the type of app that the target developer segment is building (such as the Amazon