dial2do api

Report

Post on 05-Dec-2014

1.592 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

PDF of Presentation at Developer API War and Facebook Garage event in Dublin March 5th 2009

TRANSCRIPT

Sean O Sullivan, CTO sos@dial2do.com

API Experience

one number to get things done, hands-free

Dial One Number to …

“sandy”

“Evernote”

“Mosio”

“RTM”

“text”

jaiku

“jajah”“twitter”

“NYT”

“Huff Post”

“tumblr”

“Blogger”

Currently 40+ services

Interactive, Two-Way service (not just voice to text)

Integrates with existing web applications

One number, many services

Technical Overview

APIs

Lots of API usage in our projects

Mobile and Telephony (SMS, on-device APIs, Ribbit …)Classic Web APIs (Google, Facebook, twitter, ping.fm, Jajah…)Other telecom APIs (Parlay, Parlay-X)Also provide our own Dial2Do APIs (not public yet)

Good news

Good Examples

Broadly speaking, many APIs

Facebook APILast.fmGoogle

Are well-documentedAre well-structuredHave associated documentation and code samples

IssuesSecurity

Each service tends to have a different approach toauthenticationOpenID, OAuth, Token-based (by user or by service), orworst case username/passwordOften multiple forms of security supported (Google, Yahoo)

Architecture and Design

Dependencies on third parties - outages outside your controlIs twitter down for everyone or just me? :-)Defensive design and coding (async, failure cases)

OtherSome services not well documented (Bebo)

Authentication

Token based, perservice Usernames and Passwords don’t need to be stored

User control to revoke individual servicesYour service looks/feels better

Oauth or OpenID based

Standard with some widespread adoptionGoogle, Yahoo, others…Good documentation, good tools

Token based, peruser

Usernames and Passwords don’t need to be storedToken is at user account levelRevoke the token, revoke all services

Username /Password Least desirable - YOU have to store username/password

Bet

ter

Authorisation

OpenID

Has not as yet seen wide adoption - but will most likely getthere (URLs, more complex to grasp for end user)More features than OAuth

Cool Off Period

Have to protect against brute force auth attacksNeed cool-off periods after multiple auth failse.g. dictionary attack on twitter

OAuthWe are a Consumer but not yet a provider

one number to get things done, hands-free

Sean O Sullivan, CTO sos@dial2do.com

top related

api frenzy: api strategy 101
Software
nx-api · nx-api • aboutnx-api,page1 •...
Documents
api 570 pipiing...
Documents
nx-api - cisco...nx-api • aboutnx-api,page1 •...
Documents
callfire api introduction. outline overview generating api...
Documents
management kubernetes operator for api · api operator api...
Documents
dial2do q2 2010
Technology
api 570 api 574 section
Engineering
api 653 above ground storage tank inspection · • api 510...
Documents
apiwara | api management as a service | api design | api...
Business
travel portal - mobile recharge software - bus api - cab api...
Business
amazon api gateway - api reference - docs.aws.amazon.com ·...
Documents
service map api, smart city api, open data api
Technology
dial2do backgrounder q209
Technology
dial2do icin 09
Technology
api consumer guide - api discovery - store & retrieve data...
Documents
api provider guide api design
Documents
valve manufacturers association api 622 api...
Documents
dial2do q409
Technology
dial2do : api experience
Technology