August 30th, 2013

Kobo Says Goodbye to the Goodreads API

Written by
 

Kodo/GoodreadsAn API-related news item that caught my interest earlier today speaks volumes about the nature of the burgeoning API market. Kobo  (a seller of eBook readers), has decided to stop using the open book recommendation and review API provided by Goodreads. The reason?  The social site for avid readers was acquired a few months ago by Amazon, which just happens to lead the eBook reader market with its Kindle product.

Acquisitions impacting business partnerships isn’t a new concept. But this event is significant because it highlights a few truths in the Web API space…

APIs Can Change Hands
At one time, Kobo was using a public API offered by a company that had developed a review and recommendation engine that was a serious competitor to Amazon’s.  But – post-acquisition – Kobo found itself in the awkward position of doing business with its main competitor. Not a deal-breaker in itself but it shifted the relationship enough that Kobo had to walk away.

APIs Need to be Mutually Beneficial
Doing business with a competitor is a normal part of most large operations and when your competitor casts as massive a shadow as Amazon does, it becomes almost unavoidable. But public API consumers like Kobo can find themselves in the unenviable position of not having any leverage when consuming a free API. To support a long-lasting business relationship, it is important that both sides benefit from the contract. Kobo’s benefit was obvious – offering readers a high-quality recommendation and review interface translated to a richer user experience and increased sales potential.

So, what did Goodreads get out of the arrangement? From the site’s public terms of service, it appears that marketability and branding were big drivers, as API consumers must display Goodreads branding and links to comply. Kobo may have made a special commercial arrangement with the Goodreads site in order to use its API commercially but it is unlikely to have been one that would have benefited Amazon enough to make it worth supporting a competitor. Once Amazon purchased the Goodreads company and its data, the balance of benefit shifted towards Kobo.

API Providers Can Lose Customers
What I find most fascinating about this story is the fact that Kobo stopped using the Goodreads API before Amazon forced it to. As far as I can tell, the terms haven’t changed significantly, the data is still available and Amazon has stated that it plans to keep the API open for Kobo. Despite all this, Kobo made a decision to walk away. Perhaps taking a hit on features now made more sense than being at the mercy of one of its biggest competitors. For API providers, it is a reminder that your consumers aren’t forced to continue using your APIs. In the future, providers may find that keeping consumers happy becomes just as important as finding them in the first place.

API Consumers Need to Consider the Worst
After Amazon acquired Goodreads, some apprehensive users sought out
alternative sites. While some of these reading sites offer APIs, it appears Kobo has decided to harvest data on its own, having recently announced its entrance into the social reading arena. Putting aside the chances of success, this strategic move highlights the need for businesses to plan for data and service disruption. It means considering the potential impact of having the API you’ve built a business on disappear, even if temporarily. As any lawyer will tell you, planning for divorce before you get married is just common sense.

This decision may be a turning point for one of the companies in this story but that isn’t why I found it interesting. Instead, it is a stark reminder that market forces can have a great impact on the APIs we are learning to rely upon. We often focus on the technical and design aspects of Web APIs but we mustn’t forget that they exist within a dynamic market and both providers and consumers need to be vigilant about handling change.

January 28th, 2013

Growing Your APIs in the Amazon Cloud

Amazon Tech TalkPutting applications in the cloud can reduce overall IT costs and deliver greater scalability. Cost considerations are always a concern in IT infrastructures but scalability may be the most important benefit of hosting applications in the cloud. Leveraging the elasticity of Amazon’s cloud infrastructure can allow you to scale your APIs to match market demand. Amazon Web Services provides tooling that can help you be quicker to market with your APIs.

But do interfaces hosted on AWS and exposed to third-party developers contain significant vulnerabilities? Cloud services allow third-party access to applications and data through APIs. Failing to properly secure that access can put the data and applications at risk. So, how do you safely expose APIs in a cloud environment?

Understanding the cloud API model isn’t always easy. So, on January 29, we’re having a live discussion about publishing APIs in the AWS cloud, which may help answer questions surrounding exposing APIs in cloud environments. I’m excited to welcome Layer 7 Technologies Senior Software Developer Hirbod (Rod) Moshfeghi as our special guest for this API Tech Talk. This is a great opportunity to have your questions answered and to discuss the implications of publishing cloud-based APIs.

Here’s how to join the live discussion…

On the day of the event, click here to join:

Submit your questions:

August 1st, 2012

Mobile Security & Management for the Enterprise: SecureSpan Mobile Access Gateway

Layer 7 SecureSpan Mobile Access GatewayThese days, enterprises face an increasing array of Mobile Access challenges, from BYOD to mobile device management. We live in an increasingly mobile and app-based world. More and more enterprises have mobile-enabled workforces that need access to enterprise data from personal smartphones and tablets.

But how do enterprises balance access control with the individual’s right to choose the apps they want? How do enterprises grant access to sensitive on-premise data via mobile devices without compromising security?

Enterprises need secure ways to surface internal information assets in mobile ready formats that can be easily consumed by both mobile developers and the apps they create. They need simplified ways to manage how enterprise applications and systems get exposed to mobile developers and apps.

Layer 7′s new SecureSpan Mobile Access Gateway does just that by streamlining the process of adapting internal data, application and security infrastructure for mobile use. Delivered as a policy pack extension to our SecureSpan API Proxy/SOA Gateway, the Mobile Access Gateway provides a centralized way to control security and management policies for information assets exposed via APIs to mobile developers and apps.

Contest: Win a $250 Amazon Gift Card
To celebrate the general availability of the SecureSpan Mobile Access Gateway, we’re having a Twitter contest and giving away a $250 Amazon gift card.

Here’s how to enter:

1. Retweet the following:

Win a $250 Amazon gift card from @layer7  http://ow.ly/cFj9i #L7MAG RT to enter!

Win a $250 Amazon gift card from @layer7 http://ow.ly/cFj9i #L7MAG RT to enter!

Tweet This for a Chance to Win

2. Don’t have twitter and still want to enter? Just leave a comment on this post, telling us your favorite mobile app.

The contest ends Aug 8 at noon. The winner will be drawn at random. If you win, we’ll send you a direct message on Twitter to let you know.

December 5th, 2011

Gartner AADI 2011 Presentation Video: API Management, Governance & OAuth

Scott Morrison at Gartner AADII delivered a talk all about API governance at last week’s Gartner Application Architecture, Development & Integration (AADI) summit in Las Vegas. I was the lunchtime entertainment on Wednesday. The session was packed—in fact, a large number of people were turned away because we ran out of place settings. Fortunately, a video of the session is now available, so if you were not able to attend, you can now watch it online.

In this talk, I explore how governance is changing in the API world. I even do a live OAuth demonstration using people, instead of computers. Unlike the classic “swim lane” diagrams that only show how OAuth works, this one also teaches you why the protocol operates as it does. (If you want to skip directly to the OAuth component, it begins at around 22 minutes

November 1st, 2011

Upcoming Webinar: How to Secure & Govern Integrations Between the Enterprise & the Cloud – A Best Buy Case Study featuring Amazon Web Services

Best Buy - Amazon Web ServicesWe know a lot of you get a great deal of value from our webinars, so we’re very pleased to announce that we’ve got a new one coming up on November 17th. Featuring input from Amazon Web Services, How to Secure & Govern Integrations Between the Enterprise & the Cloud will use the example of Best Buy’s API Developer Portal to demonstrate how an enterprise can securely integrate on-premise systems with Cloud applications.

The Best Buy API Developer portal is a superb example of how a large enterprise can leverage a hybrid on-premise/Cloud solution to scale API assets and accommodate peaks in demand, without compromising security or governance. The folks at Best Buy have been able to move into the Cloud while retaining full control of what information is shared with Cloud applications. At the same time, they’ve managed to insulate developers from the security, management and mediation challenges that often turn up with a hybrid Cloud solution.

How to Secure & Govern Integrations Between the Enterprise & the Cloud is happening on Thursday 17th November at 9am PST (which is noon EST and 5pm GMT). As with all our webinars, it will last about an hour and feature a Q&A session at the end. We had an absolutely phenomenal response to our last webinar, so we’re excited to be putting on this event with our friends at Amazon Web Services and Best Buy.

Register for the webinar >>