July 10th, 2012

Hey Twitter: API Management = Developer Management

Twitter APIQuick question for you: What matters most, the client or the server?

Answer: Neither —  they are really only useful as a whole. A client without a server is usually little more than an non-functional wire frame and a server without a client is simply unrealized potential. Bring them together though and you have something of lasting value. So, neither matters more and each actually matters a lot less than half.

In the API world, this is an easy point to miss. The server side always wields disproportionate power by virtue of controlling the API to its services and this can easily foster an arrogance about the server’s place in the world. This effect is nicely illustrated by Twitter’s recent missteps around developer management.

The problems for Twitter all began with a blog entry. Blogs are the mouthpiece of the platform. Tucked away within an interesting entry about Twitter Cards and the potential to run applications within tweets (something that is genuinely exciting), can be found a restatement of an early warning to developers:

“(D)evelopers should not ‘build client apps that mimic or reproduce the mainstream Twitter consumer client experience.’”

Ominous stuff indeed. This was quickly picked up on by Nick Bilton writing in the New York Times Bits blog, who pointed out that the real problem is that Twitter just isn’t very good at writing client-side apps that leverage its own API. Stifling competition by leveraging the API power card can only alienate developers — and by extension the public, who are left with a single vendor solution. Suddenly, it feels like the 1980s all over again.

This ignited a firestorm of concern that was well summarized by Adam Green on ProgrammableWeb. Green acknowledged that API change is inevitable but pointed out that this is something that can be managed effectively — which is not what Twitter is doing right now.

The irony of the whole thing is that, in the past, by exercising its power position, Twitter has actually made great contributions to the API community. In mid 2010, Twitter cut off basic authentication to APIs in favor of OAuth, a drop-dead event that became known as the OAuthcalypse. Hyperbole aside, in terms of actual impact on the populace, this cut over made even Y2K look like the end of days. Given a tractable challenge, developers cope, which is really Green’s point.

What is important to realize is that API Management isn’t technical but social. Win the community over and they will move mountains. Piss them off and they will leave in droves for the next paying gig.

The thing I always remind people is that as a trend, APIs are not about technology; they are a strategy. Truth is, the technology is pretty easy — and that’s the real secret to API’s success. You see, the communications are never the thing; the app is the thing (and that is what WS-* missed). Maintaining simplicity and a low barrier to entry counts for everything because it means you can get on with building real apps.

Now, I can give you the very best infrastructure and tools to facilitate API community. But how you manage this community… Well, that is where the real work begins and — in the end — it’s all a lot less deterministic than we technologists like to admit. People are hard to manage but communities are even harder.

If there is a lesson here, it is that APIs are really about potential and that potential can only be realized when you have two sides — client and server — fully engaged. Mess this one up and you’re left with just a bunch of unused interfaces.

July 6th, 2012

OpenID Connect: Live Tech Talk July 10 9am PDT

OpenID ConnectOur Tech Talks strive to focus on the most interesting and relevant API Management topics for both developers and publishers. And as new and evolving protocols emerge, we want to provide a forum for developers and publishers alike to discuss these protocols in an open discussion forum. So with that in mind, our next Tech Talk will focus on OpenID Connect.

OpenID Connect is an emerging standard that adds federated authentication to OAuth 2.0-enabled systems. It’s a suite of lightweight specifications that provide a framework for identity interactions via RESTful APIs. And in its simplest deployment, OpenID Connect allows all types of clients including browser-based, mobile and javascript to request and receive information about identities and currently authenticated sessions.

So, it’s a relatively simple protocol that helps make authenticating complicated scenarios easier. And let’s be honest – simple and easy are always welcome when it comes to securing RESTful APIs. Authorization and authentication are now available using only one technology. This makes life easier for anyone looking to secure their APIs.

But of course, questions always arise when discussing the various implementation scenarios for OpenID Connect. That’s why we’re excited to welcome Senior Software Developer Sascha Preibisch as our special guest for our July 10 Tech Talk Tuesday. He will answer any OpenID Connect questions you may have – so get those questions ready and join us on July 10 at 9am PDT.

Here’s how to join the discussion:

Click here to get a reminder in your calendar.

On the day of the event, join on Livestream or Facebook:
»  livestream.com/layer7live
»  facebook.com/layer7

Tuesday, July 10 | 9am PDT | 12pm EDT | 5pm BST

Submit your questions:
Tweet using the tag #Layer7Live
Email techtalk@layer7.com
Check in & Chat through Facebook

June 29th, 2012

Upcoming Webinar: How to Run a Successful Hackathon for Your Open APIs

Hackathon WebinarHackathons are exploding in popularity and open API publishers are quickly realizing the power these intensive programming sessions have to attract developers. For API publishers, hackathons represent one of the most powerful means for growing an API’s profile and engaging directly with talented developers.

On July 12, Layer 7 will be presenting a live webinar called How to Run a Successful Hackathon for Your Open APIs. This interactive one-hour session will give you the key knowledge you will need in order to use hackathons as a tool for engaging app developers and building a community around your open APIs.

For this webinar, we will be joined by leading API evangelist and author Kin Lane who will deliver real-world advice on how to organize hackathons that will truly contribute to the success of your API publishing program. Click here to get more information and to register for the webinar today.

June 26th, 2012

QCon New York 2012

QCon BannerLast week, Layer 7 was a sponsor at QCon New York, an exciting conference held in Brooklyn. This event dealt with the latest software development trends in several categories including mobile, cloud, big data, architecture and security. As noted in this article from the show, there was quite a bit of focus on the seismic shift in development from server-heavy applications to more agile development using client-focused technologies like HTML5 and JavaScript. These are better suited for mobile and Web use cases, allowing client-side manipulation of data.

However, these technologies are only half the story. The other half is the API that provides a method of interaction with the server. To provide a rich, functional interface, this API must be user-friendly for people and machines. It should be easy to develop against, with or without extensive documentation. And it should be able to represent both the current application state and the operations available to the client. These API design principles were discussed by Layer 7’s Principal API Architect, Mike Amundsen, in his fascinating talk on Wednesday.

QCon was yet another in a long line of analyst, enterprise and developer conferences to draw the same conclusions about the future of enterprise IT. It’s time to look at software development in a new way – and Layer 7 is helping enterprises get on board with these new technologies. Our recently-announced SecureSpan Mobile Access Gateway provides the middleware necessary to adapt internal information assets into secure, optimized APIs consumable by mobile devices for enterprise mobile enablement or BYOD.

June 22nd, 2012

Designing Flexible APIs – Live Tech Talk on June 26

Mike AmundsenEach and every Web or mobile developer has unique needs. APIs have to be flexible enough to meet these varying needs.

Mike Amundsen, Layer 7′s new Principal API Architect, is an in-demand thought leader who focuses on the subject of how to build flexible, adaptable APIs. We’re very excited that Mike will be discussing this issue as our special guest for the next Tech Talk Tuesday event on June 26 at 9am PDT.

He’ll be chatting with Director of Client Solutions Matt McLarty and taking questions live. It’s not a presentation or scripted in anyway. It’s simply a chance for you to have your questions on designing flexible APIs answered live.

So, what does it mean to design a flexible API? Here are a few things to consider:

  • Employing the USE methodology (Usable, Scalable, Evolvable)
  • When (and when NOT) to version your API
  • Supporting multiple formats (XML, JSON etc.)
  • Designing the message format
  • Planning for re-usability
  • The power of hypermedia as a design element

I’m looking forward to a great interactive Tech Talk with lots of questions and audience participation. It’s a great topic and we have a great speaker to go along with it.

Don’t forget to add the Tech Talk to your calendar.

On the day of the event, join on Livestream or Facebook:

Submit your questions:

Tweet using the tag #Layer7Live
Email techtalk@layer7.com
Check-in & Chat through Facebook