Gengo Pulse on Tech: API World + DataWeek
Last month’s DataWeek conference and API World expo in San Francisco was full of interesting takeaways for developers. An event focused on discussing new approaches to and best practices behind data science, API design/strategy and more, the event is one of the largest of its kind.
I attended with fellow Gengons to accept an award for Best API of 2014 and learn about the latest API trends, recapped here for fellow developers.
Mission critical: securing APIs
Scott Morrison, CTO of enterprise-scale API security and management company Layer 7, shared his thoughts on the importance of securing APIs. Just years ago we were still learning how to secure our web apps, and we’re now learning the same lessons with APIs. Increased structural visibility and a higher number of calls makes an API relatively easy to attack. Because an API closely maps a system’s Database and Object Model, enforcing OAuth, SSL and protecting against SQL and JSON injection is critical.
Morrison gave five strategies for defending against API security threats:
- Validating parameters
- Applying explicit threat detection
- Turning on SSL
- Applying rigorous authentication and authorization
- Using proven security methods
If you’d like to learn more, you can dive into the details of his chat here.
Community and the API lifecycle
In a second talk, Google’s Thor Mitchell, Product Manager of the Google Developers platform, discussed how it’s critical to create a community around your API for all stages of the lifecycle, from launch through retirement.
Before launch and through your API’s early stages, know that marketing your API matters. Someone in the role of Developer Evangelist should rally and inspire people to create apps around your API, identify core use cases and benefits and carefully clarify your API’s terms and conditions. The Developer Evangelist critically serves as an advocate for the API’s developers within the company as well.
After launch and before retirement, changes should be clearly communicated to users and bugs should at the very least be acknowledged early if not immediately fixed—even brief downtime can create a large loss of confidence among developers and users.
Before retiring your API, make sure your guidelines and policy on API deprecation are clear and announce key dates as early as possible. Because companies may have built their entire apps off of your API, be honest about why you’re retiring the API, offer alternatives and help developers with any needs.
For global APIs
Outside of a pre-event hackathon focused on solving global problems with sponsors’ APIs (which, as a fun bonus, I won with my developer teammate from San Francisco), the conference program was thin on advice for global companies. To make up for it, I gathered advice from attendees on what’s important when building a global API. Their advice:
- Collaborate with different kinds of users through all phases, but especially when designing the API. To the extent that you can, extend developer evangelism to your target international audiences
- Make your API easy to use and simple and ensure all necessary documentation is available in target languages for multilingual developers
Interested in using Gengo’s API?
or Contact us