iSyndica - Building an API
Upcoming SlideShare
Loading in...5
×
 

iSyndica - Building an API

on

  • 1,280 views

 

Statistics

Views

Total Views
1,280
Views on SlideShare
1,241
Embed Views
39

Actions

Likes
0
Downloads
3
Comments
0

4 Embeds 39

http://www.e27.sg 28
http://e27.sg 6
http://e27.co 4
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • An API can be a great asset or a liabilityGood API’s capture trafficOf-boarding cost can be prohibitiveBad API’s can be a huge drain in terms of supportOnce an API is published and in production, it becomes hard to change.
  • Ease of useEasy to learnEasy to add functionalityGets the job done
  • API's need to be Stateless - Every request needs to contain all of the information necessary to service the request. Every API should be atomic - It does one logical operation and one alone and doesn't rely on any sequential calls.API’s should abstract the implementation detailUse self explanatory name.Avoid ambiguous overloading
  • Documentation – It’s a necessary evil, there are too many API’s out there that don’t have enough usable documentation.Be consistent with naming conventions throughout the API.Modularize your code and try to think in terms of interfaces and not implementation types
  • Attempt to incorporate the patterns already existing in the development platform of your choice.Try to reduce “boiler plate” code. Cut & Paste is very error prone. Use Code generation where ever possible.Our 80/20: write code 20% of the time.
  • Developer Key – Unique developer identifier sent as part of every call. Not so secure.Username / Password – Username & Password sent as part of every call. Not so secure unless using HTTPS which is 90% slower than HTTPDigest – Using an security algorithm to stamp a call with a digest for authentication. Fairly secure and easy to implement.Token – Using an identification token
  • OAuth is token based authentication mechanisms that standardizes secure API authorization for desktops & web applicationsOAuth stake holdersProviders – Software applications that provide a service on the web i.e. API enabled websites/web-services. For eq. Facebook, Flickr etcUsers – Users of a service, average joe’s who own an account with the providersConsumers –3rd party Software applications that proxy for the users with the providers. For eqFacebook Mobile, iSyndica VDSAdvantagesOnly the provider sees your username / passwordThe token is easily tracked by the provider and as a user you can limit/revoke the permissionUse of a secret key makes phishing the token useless.DisadvantagesComplex implementation
  • No cleartext username and password ever stored, Username & Password are sent over HTTPS – Slow but secureOauth Loop is instantaneous, No need for the user to go through complexOAuth loops
  • API design isn’t easy but incredibly funAdds incredible valueA group effortThere is no “Perfect API” that fits all the requirement.
  • API design isn’t easy but incredibly funAdds incredible valueA group effortThere is no “Perfect API” that fits all the requirement.

iSyndica - Building an API iSyndica - Building an API Presentation Transcript

  • iSyndica
    Building an API
    Hackerspace.sg, April 20th 2010
  • Good API Design
    It’s a great asset.
    Or a liability.
  • What makes an API ‘Good’?
    It just works.
  • Three Key Guidelines
    Labels/
    GetLabel?id=1
    GetLabelRoots
    GetLabelChildren?id=1
    Keep it atomic.
  • Three Key Guidelines
    GreatExamples
    eBay
    Facebook
    Flickr
    Google Data
    Twitter
    Document well.
  • Three Key Guidelines
    .NET: T4
    Ruby:Rgen
    Python: Cog, Cheetah
    Java: XDoclet
    Code generation is your friend.
  • API Security Types
    Developer Key
    Username/Password
    Digest
    Token
  • Our Choice
  • Mobile OAuth?
  • Have Fun
    There’s no “Perfect API”.
  • Thanks!
    www.isyndica.com
    nqadir@isyndica.com