On The Shoulders of GiantsLearning About API Design by Looking BackwardsRonnie MitraPrincipal API Architect - EMEALayer 7 ...
Web APIs: New and Exciting!                              http://www.flickr.com/photos/every1knows/4191971139
“Web APIs? I’ve been doing that for years.”                           Image courtesy of http://www.flickr.com/photos/en321...
Web APIs offer us a new perspective                                      http://www.flickr.com/photos/mugley/4407790613
What can we learn by looking back?                                     http://www.flickr.com/photos/dcassaa/483162086/
user-centereddesign makes things better
User-Centered Design:Design products for the users who willuse them.User InterviewsRapid PrototypingIterations
UCD helped drive websites into theworld of web 2.0Simpler look and feelIntuitive controlsFamiliar interfaces
UCD is all around us…and usually in our favourite products.
Can we apply a user centered designapproach to web API design?
The challenge:Developers are a different breed of users.We need to work on a developer-centereddesign approach for APIs
Developer Centered DesignIdentify audienceMake appropriate design decisionsPrototype and testIterate
removingbarriers will  increase  adoption
We can learn a lot about registrationfrom website design
Objective:Turn guest accounts into registered accounts
Principles of Registration:1.   Communicate the value of registering2.   Make it easy to signup3.   Provide instant feedba...
frictionless processes are good for API    management.
security is war
Perfect security is not possiblePractical security = Make attacks inconvenient and   too costly to execute
Protecting Websites:1. TLS/SSL for data privacy and server AU2. User/password for authentication
Protecting SOA Services:1. TLS/SSL for data privacy on the wire2. WS-* for message security
OWASP Top 10:A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direc...
Is TLS/SSL Good Enough?You need to configure it properly.You need to use a secure implementation
Website design: password policies     Don’t drive users away
The Lesson:Balance control with usability
hypermedia canmake life easier
Links allow us to navigate the web
Forms provide a template for input
Links and templates can make an        API easier to use
documentation is    a craft
APIs aren’t just for the webWhat type of instructions do     these APIs provide?
Think like a developer:Information must be accessibleProvide information in small portionsThink task based
Good documentation improves          usability
Examples are like illustrations.    Use a LOT of them.
effectivemanagement is   critical
SOA GovernanceEnforce access controlPromote service usageProvide service discovery documentsProvide service usage visibility
API ManagementEnforce access controlPromote API usageProvide API documentationProvide API usage visibility
SOA GovernanceHow do we make sure that these  services are used properly?
API ManagementHow do we get people to use our API  without falling over?
Controlled versus Organic
What can we learn from SOAGovernance?Representing organizations is usefulComplexity sucksFocus on the user
abstraction saves time and effort
In SOA, Enterprise Service    Busses were useful    (but complicated)
TransformationContent-Based RoutingLoggingSecurity Enforcement
Off-loading security functionality makes sense
Provide consistent interfaces with a proxy
SummaryThere is gold to be found when looking backDon’t blindly lift and drop – adapt insteadAlways make your design relev...
On The Shoulders of GiantsLearning About API Design by Looking BackwardsRonnie MitraPrincipal API Architect - EMEALayer 7 ...
Upcoming SlideShare
Loading in...5
×

On the shoulders of giants Learning About API Design by Looking Backwards

847

Published on

Move forward with API Design by reviewing the lessons we’ve learned over the last 10 years with websites, SOA and product design.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
847
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • In many ways the web API space has become synonymous with a culture of modernity and hipness.
  • Often times when speaking about APIs to architects who’ve “been around the block” you get a response that there is nothing new in this web API stuff.Maybe you felt that way? I know that in the early days, when I first heard the term I dismissed it as an attempt at rebranding existing technologies.
  • From SOA We learned that many organizations are NOT greenfield and established patterns for integrating existing tech. outward.We can apply these patterns to the API management space.
  • From SOA We learned that many organizations are NOT greenfield and established patterns for integrating existing tech. outward.We can apply these patterns to the API management space.
  • From SOA We learned that many organizations are NOT greenfield and established patterns for integrating existing tech. outward.We can apply these patterns to the API management space.
  • On the shoulders of giants Learning About API Design by Looking Backwards

    1. 1. On The Shoulders of GiantsLearning About API Design by Looking BackwardsRonnie MitraPrincipal API Architect - EMEALayer 7 API Academy
    2. 2. Web APIs: New and Exciting! http://www.flickr.com/photos/every1knows/4191971139
    3. 3. “Web APIs? I’ve been doing that for years.” Image courtesy of http://www.flickr.com/photos/en321/3902138429/
    4. 4. Web APIs offer us a new perspective http://www.flickr.com/photos/mugley/4407790613
    5. 5. What can we learn by looking back? http://www.flickr.com/photos/dcassaa/483162086/
    6. 6. user-centereddesign makes things better
    7. 7. User-Centered Design:Design products for the users who willuse them.User InterviewsRapid PrototypingIterations
    8. 8. UCD helped drive websites into theworld of web 2.0Simpler look and feelIntuitive controlsFamiliar interfaces
    9. 9. UCD is all around us…and usually in our favourite products.
    10. 10. Can we apply a user centered designapproach to web API design?
    11. 11. The challenge:Developers are a different breed of users.We need to work on a developer-centereddesign approach for APIs
    12. 12. Developer Centered DesignIdentify audienceMake appropriate design decisionsPrototype and testIterate
    13. 13. removingbarriers will increase adoption
    14. 14. We can learn a lot about registrationfrom website design
    15. 15. Objective:Turn guest accounts into registered accounts
    16. 16. Principles of Registration:1. Communicate the value of registering2. Make it easy to signup3. Provide instant feedback4. Make policies clear5. Use “lazy registration”
    17. 17. frictionless processes are good for API management.
    18. 18. security is war
    19. 19. Perfect security is not possiblePractical security = Make attacks inconvenient and too costly to execute
    20. 20. Protecting Websites:1. TLS/SSL for data privacy and server AU2. User/password for authentication
    21. 21. Protecting SOA Services:1. TLS/SSL for data privacy on the wire2. WS-* for message security
    22. 22. OWASP Top 10:A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and Forwards
    23. 23. Is TLS/SSL Good Enough?You need to configure it properly.You need to use a secure implementation
    24. 24. Website design: password policies Don’t drive users away
    25. 25. The Lesson:Balance control with usability
    26. 26. hypermedia canmake life easier
    27. 27. Links allow us to navigate the web
    28. 28. Forms provide a template for input
    29. 29. Links and templates can make an API easier to use
    30. 30. documentation is a craft
    31. 31. APIs aren’t just for the webWhat type of instructions do these APIs provide?
    32. 32. Think like a developer:Information must be accessibleProvide information in small portionsThink task based
    33. 33. Good documentation improves usability
    34. 34. Examples are like illustrations. Use a LOT of them.
    35. 35. effectivemanagement is critical
    36. 36. SOA GovernanceEnforce access controlPromote service usageProvide service discovery documentsProvide service usage visibility
    37. 37. API ManagementEnforce access controlPromote API usageProvide API documentationProvide API usage visibility
    38. 38. SOA GovernanceHow do we make sure that these services are used properly?
    39. 39. API ManagementHow do we get people to use our API without falling over?
    40. 40. Controlled versus Organic
    41. 41. What can we learn from SOAGovernance?Representing organizations is usefulComplexity sucksFocus on the user
    42. 42. abstraction saves time and effort
    43. 43. In SOA, Enterprise Service Busses were useful (but complicated)
    44. 44. TransformationContent-Based RoutingLoggingSecurity Enforcement
    45. 45. Off-loading security functionality makes sense
    46. 46. Provide consistent interfaces with a proxy
    47. 47. SummaryThere is gold to be found when looking backDon’t blindly lift and drop – adapt insteadAlways make your design relevant to your developers
    48. 48. On The Shoulders of GiantsLearning About API Design by Looking BackwardsRonnie MitraPrincipal API Architect - EMEALayer 7 API Academy
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×