WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
Dial2Do API
1. API Experience
one number to get things done, hands-free
Sean O Sullivan, CTO sos@dial2do.com
2.
3.
4.
5. Dial One Number to …
“jajah”
“twitter”
“sandy”
jaiku
Currently 40+ services
“Evernote”
“Blogger”
“Mosio”
Interactive, Two-Way service (not“RTM” to text)
just voice
“NYT”
Integrates with existing web “tumblr”
applications
“Huff Post”
“text”
8. APIs
Lots of API usage in our projects
Mobile and Telephony (SMS, on-device APIs, Ribbit …)
Classic Web APIs (Google, Facebook, twitter, ping.fm, Jajah…)
Other telecom APIs (Parlay, Parlay-X)
Also provide our own Dial2Do APIs (not public yet)
9. Good news
Broadly speaking, many APIs
Are well-documented
Are well-structured
Have associated documentation and code samples
Good Examples
Facebook API
Last.fm
Google
10. Issues
Security
Each service tends to have a different approach to
authentication
OpenID, OAuth, Token-based (by user or by service), or
worst case username/password
Often multiple forms of security supported (Google, Yahoo)
Architecture and Design
Dependencies on third parties - outages outside your control
Is twitter down for everyone or just me? :-)
Defensive design and coding (async, failure cases)
Other
Some services not well documented (Bebo)
11. Authentication
Better
Standard with some widespread adoption
Oauth or OpenID
Google, Yahoo, others…
based
Good documentation, good tools
Token based, per
Usernames and Passwords don’t need to be stored
service
User control to revoke individual services
Your service looks/feels better
Token based, per Usernames and Passwords don’t need to be stored
user Token is at user account level
Revoke the token, revoke all services
Username /
Least desirable - YOU have to store username/password
Password
12. Authorisation
OpenID
Has not as yet seen wide adoption - but will most likely get
there (URLs, more complex to grasp for end user)
More features than OAuth
Cool Off Period
Have to protect against brute force auth attacks
Need cool-off periods after multiple auth fails
e.g. dictionary attack on twitter
OAuth
We are a Consumer but not yet a provider
13. one number to get things done, hands-free
Sean O Sullivan, CTO sos@dial2do.com