Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Your API is not a Website!<br />9.15.11 @ 11:05 PST<br />VOIP or Dial-in (see chat)<br />Greg Brail		@gbrail<br />Brian Pa...
@brianpagano<br />@gbrail<br />
API Workshop Webinar Series<br />(videos & slides at http://blog.apigee.com/taglist/webinar) <br />Mapping out your API St...
Setup<br />APIs seem at first like web sites without images.<br />On deeper inspection that’s not the case!<br />Examining...
But first, how are APIs and Websites the same?<br />
Image by caseymultimedia<br />
How are APIs and Websites the same? <br />24x7 operations<br />
How are APIs and Websites the same? <br />24x7 operations<br />Frequent deployment<br />
How are APIs and Websites the same? <br />24x7 operations<br />Frequent deployment<br />Fast expectations<br />On the Inte...
So how are they different?<br />
Image by lindzstrom<br />
How are APIs and Websites different? <br />Audience<br />Longevity<br />Analytics<br />Security<br />Integration<br />Test...
Audience<br />Websites are used by humans<br />APIs are used by programmers.<br />Programmers, in turn, make apps for huma...
Why does this matter?<br />Developers don’t care about images, fonts, colors, and other design elements.<br />Developers d...
Longevity<br />Web sites change all the time.<br />APIs must remain compatible over time.<br />image by wilhelmja<br />
Why Does this Matter?<br />Humans are fairly resilient to change<br />We may complain…<br />…but when a site design change...
Analytics<br />Most web analytics depend on the browser.<br />API clients might not be browsers at all!<br />
Why Does this Matter?<br />API analytics can’t rely on:<br />JavaScript that runs on the client<br />“Beacon” URLs that ge...
Security<br />Web sites can be scraped carefully.<br />APIs are extremely easy to “scrape” and automate.<br />APIs and web...
Why Does this Matter?<br />Since APIs are so easy to program, they are easy to ‘do damage.’<br />Try to crack passwords us...
Why Else Does this Matter?<br />Passwords are lousy for public APIs.<br />They propagate to lots of sites that use the API...
Integration<br />Web sites can pull content from all over.<br />APIs sit in one place.<br />
Why Does this Matter?<br />The architecture is just different.<br />Websites can include scripts, gadgets, and images from...
Testability<br />Automated web site testing is hard.<br />Automated API testing is easier.<br />
Why Does this Matter?<br />Any API needs to:<br />Change quickly<br />Remain compatible<br />Perform consistently<br />How...
Conclusion<br />A great API is not the same as a great web site.<br />A great API is:<br />Fast-moving, yet it never break...
THANK YOU<br />Questions and ideas to:<br />@apigee<br />@gbrail<br />@brianpagano<br />
Upcoming SlideShare
Loading in …5
×

Your API is not a Website!

11,051 views

Published on

Published in: Technology, Design

Your API is not a Website!

  1. 1. Your API is not a Website!<br />9.15.11 @ 11:05 PST<br />VOIP or Dial-in (see chat)<br />Greg Brail @gbrail<br />Brian Pagano@brianpagano<br />
  2. 2. @brianpagano<br />@gbrail<br />
  3. 3. API Workshop Webinar Series<br />(videos & slides at http://blog.apigee.com/taglist/webinar) <br />Mapping out your API Strategy <br />Pragmatic REST: API Design Fu <br />10 Patterns in Successful API Programs<br />What to Measure: API Analytics<br />Is your API Naked? API Tech & Operations<br />Does your API need PCI? (Compliance)<br />Developers Hate Marketing: Driving API Adoption<br />OAuth: The Big Picture <br />“Boss, we need an API”<br />Your API is not a Website!<br />
  4. 4. Setup<br />APIs seem at first like web sites without images.<br />On deeper inspection that’s not the case!<br />Examining the differences is a great discussion on API technology.<br />
  5. 5. But first, how are APIs and Websites the same?<br />
  6. 6. Image by caseymultimedia<br />
  7. 7. How are APIs and Websites the same? <br />24x7 operations<br />
  8. 8. How are APIs and Websites the same? <br />24x7 operations<br />Frequent deployment<br />
  9. 9. How are APIs and Websites the same? <br />24x7 operations<br />Frequent deployment<br />Fast expectations<br />On the Internet this is not news.<br />But inside corporate IT, it is a new way of life!<br />This is the case for public and private APIs.<br />
  10. 10. So how are they different?<br />
  11. 11. Image by lindzstrom<br />
  12. 12. How are APIs and Websites different? <br />Audience<br />Longevity<br />Analytics<br />Security<br />Integration<br />Testability<br />
  13. 13. Audience<br />Websites are used by humans<br />APIs are used by programmers.<br />Programmers, in turn, make apps for humans.<br />image by maanow<br />
  14. 14. Why does this matter?<br />Developers don’t care about images, fonts, colors, and other design elements.<br />Developers do care about the “look and feel” of the API itself.<br />Is it easy to develop to?<br />Does it use REST appropriately? <br />(according to their own definition of “REST”)<br />Does it make me do anything weird?<br />Does it work?<br />Is it down a lot?<br />
  15. 15. Longevity<br />Web sites change all the time.<br />APIs must remain compatible over time.<br />image by wilhelmja<br />
  16. 16. Why Does this Matter?<br />Humans are fairly resilient to change<br />We may complain…<br />…but when a site design changes, we (usually) adapt<br />Programs are not resilient to change<br />Developers don’t want to re-write<br />Old apps might not have developers any more<br />Users don’t install updates right away<br />
  17. 17. Analytics<br />Most web analytics depend on the browser.<br />API clients might not be browsers at all!<br />
  18. 18. Why Does this Matter?<br />API analytics can’t rely on:<br />JavaScript that runs on the client<br />“Beacon” URLs that get downloaded all the time<br />Cookies the client must return<br />API clients just don’t do these things - especially when built by 3rd parties<br />You need to embed analytics on the server.<br />Use what is sent in the request and only that<br />
  19. 19. Security<br />Web sites can be scraped carefully.<br />APIs are extremely easy to “scrape” and automate.<br />APIs and web sites need different types of security.<br />OAuth for APIs, passwords for web sites,<br />SSL for both!<br />
  20. 20. Why Does this Matter?<br />Since APIs are so easy to program, they are easy to ‘do damage.’<br />Try to crack passwords using an API<br />Download a company’s whole product catalog<br />Book a whole bunch of flights to mess with pricing<br />Rate limits and quotas are essential.<br />
  21. 21. Why Else Does this Matter?<br />Passwords are lousy for public APIs.<br />They propagate to lots of sites that use the APIs<br />They propagate to devices that use the APIs<br />Consider OAuth for these cases<br />
  22. 22. Integration<br />Web sites can pull content from all over.<br />APIs sit in one place.<br />
  23. 23. Why Does this Matter?<br />The architecture is just different.<br />Websites can include scripts, gadgets, and images from all over the web<br />APIs can’t – developers expect a few API calls to do it all<br />But you can pull things together on the server side…<br />
  24. 24. Testability<br />Automated web site testing is hard.<br />Automated API testing is easier.<br />
  25. 25. Why Does this Matter?<br />Any API needs to:<br />Change quickly<br />Remain compatible<br />Perform consistently<br />How do you ensure this?<br />Test early and test often<br />Automated regression testing is the key<br />A good API should make this EASY<br />
  26. 26. Conclusion<br />A great API is not the same as a great web site.<br />A great API is:<br />Fast-moving, yet it never breaks the apps<br />Reliable, stable, and fast<br />Easy to understand and program to<br />Secure and resilient to failure<br />You need both.<br />
  27. 27. THANK YOU<br />Questions and ideas to:<br />@apigee<br />@gbrail<br />@brianpagano<br />

×