Wrong confirmation ID

Email
Favorite
Favorited ×
Download
Embed
Private Content
Copy and paste this code into your blog or website Copy Customize… Close
We have emailed the verification/download link to "".
Login to your email and click the link to download the file directly.

To request the link at a different email address, update it here. Close
Validation messages. Success message. Fail message.

Check your bulk/spam folders if you can't find our mail.

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

+ Follow

iSyndica - Building an API

by e27 Singapore on Apr 22, 2010

751 views

More…

Less

2 Embeds 31

http://www.e27.sg	28
http://e27.sg	3

Statistics

Favorites: 0
Downloads: 3
Comments: 0
Embed Views: 31
Views on SlideShare: 720
Total Views: 751

An API can be a great asset or a liabilityGood API’s capture trafficOf-boarding cost can be prohibitiveBad API’s can be a huge drain in terms of supportOnce an API is published and in production, it becomes hard to change.
Ease of useEasy to learnEasy to add functionalityGets the job done
API's need to be Stateless - Every request needs to contain all of the information necessary to service the request. Every API should be atomic - It does one logical operation and one alone and doesn't rely on any sequential calls.API’s should abstract the implementation detailUse self explanatory name.Avoid ambiguous overloading
Documentation – It’s a necessary evil, there are too many API’s out there that don’t have enough usable documentation.Be consistent with naming conventions throughout the API.Modularize your code and try to think in terms of interfaces and not implementation types
Attempt to incorporate the patterns already existing in the development platform of your choice.Try to reduce “boiler plate” code. Cut & Paste is very error prone. Use Code generation where ever possible.Our 80/20: write code 20% of the time.
Developer Key – Unique developer identifier sent as part of every call. Not so secure.Username / Password – Username & Password sent as part of every call. Not so secure unless using HTTPS which is 90% slower than HTTPDigest – Using an security algorithm to stamp a call with a digest for authentication. Fairly secure and easy to implement.Token – Using an identification token
OAuth is token based authentication mechanisms that standardizes secure API authorization for desktops & web applicationsOAuth stake holdersProviders – Software applications that provide a service on the web i.e. API enabled websites/web-services. For eq. Facebook, Flickr etcUsers – Users of a service, average joe’s who own an account with the providersConsumers –3rd party Software applications that proxy for the users with the providers. For eqFacebook Mobile, iSyndica VDSAdvantagesOnly the provider sees your username / passwordThe token is easily tracked by the provider and as a user you can limit/revoke the permissionUse of a secret key makes phishing the token useless.DisadvantagesComplex implementation
No cleartext username and password ever stored, Username & Password are sent over HTTPS – Slow but secureOauth Loop is instantaneous, No need for the user to go through complexOAuth loops
API design isn’t easy but incredibly funAdds incredible valueA group effortThere is no “Perfect API” that fits all the requirement.
API design isn’t easy but incredibly funAdds incredible valueA group effortThere is no “Perfect API” that fits all the requirement.

iSyndica - Building an API — Presentation Transcript

iSyndica
Building an API
Hackerspace.sg, April 20th 2010
Good API Design
It’s a great asset.
Or a liability.
What makes an API ‘Good’?
It just works.
Three Key Guidelines
Labels/
GetLabel?id=1
GetLabelRoots
GetLabelChildren?id=1
Keep it atomic.
Three Key Guidelines
GreatExamples
eBay
Facebook
Flickr
Google Data
Twitter
Document well.
Three Key Guidelines
.NET: T4
Ruby:Rgen
Python: Cog, Cheetah
Java: XDoclet
Code generation is your friend.
API Security Types
Developer Key
Username/Password
Digest
Token
Our Choice
Mobile OAuth?
Have Fun
There’s no “Perfect API”.
Thanks!
www.isyndica.com
nqadir@isyndica.com

iSyndica - Building an API

by e27 Singapore on Apr 22, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

2 Embeds 31

Statistics

iSyndica - Building an API — Presentation Transcript