on the shoulders of giants learning about api design by looking backwards
TRANSCRIPT
![Page 1: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/1.jpg)
On The Shoulders of GiantsLearning About API Design by Looking Backwards
Ronnie MitraPrincipal API Architect - EMEALayer 7 API Academy
![Page 2: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/2.jpg)
Web APIs: New and Exciting!
http://www.flickr.com/photos/every1knows/4191971139
![Page 3: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/3.jpg)
“Web APIs? I’ve been doing that for years.”
Image courtesy of http://www.flickr.com/photos/en321/3902138429/
![Page 4: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/4.jpg)
Web APIs offer us a new perspective
http://www.flickr.com/photos/mugley/4407790613
![Page 5: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/5.jpg)
What can we learn by looking back?
http://www.flickr.com/photos/dcassaa/483162086/
![Page 6: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/6.jpg)
user-centered design makes things better
![Page 7: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/7.jpg)
User-Centered Design:Design products for the users who will use them.
User InterviewsRapid PrototypingIterations
![Page 8: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/8.jpg)
UCD helped drive websites into the world of web 2.0
Simpler look and feelIntuitive controlsFamiliar interfaces
![Page 9: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/9.jpg)
UCD is all around us…and usually in our favourite products.
![Page 10: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/10.jpg)
Can we apply a user centered design approach to web API design?
![Page 11: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/11.jpg)
The challenge:Developers are a different breed of users.
We need to work on a developer-centered design approach for APIs
![Page 12: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/12.jpg)
Identify audienceMake appropriate design decisionsPrototype and testIterate
Developer Centered Design
![Page 13: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/13.jpg)
removing barriers will
increase adoption
![Page 14: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/14.jpg)
We can learn a lot about registration from website design
![Page 15: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/15.jpg)
Objective:Turn guest accounts into registered accounts
![Page 16: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/16.jpg)
1. Communicate the value of registering2. Make it easy to signup3. Provide instant feedback4. Make policies clear5. Use “lazy registration”
Principles of Registration:
![Page 17: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/17.jpg)
frictionless processes are good for API management.
![Page 18: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/18.jpg)
security is war
![Page 19: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/19.jpg)
Perfect security is not possible
Practical security = Make attacks inconvenient and too costly to execute
![Page 20: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/20.jpg)
Protecting Websites:
1. TLS/SSL for data privacy and server AU2. User/password for authentication
![Page 21: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/21.jpg)
Protecting SOA Services:
1. TLS/SSL for data privacy on the wire2. WS-* for message security
![Page 22: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/22.jpg)
A1: InjectionA2: Cross-Site Scripting (XSS)A3: Broken Authentication and Session ManagementA4: Insecure Direct Object ReferencesA5: Cross-Site Request Forgery (CSRF)A6: Security MisconfigurationA7: Insecure Cryptographic StorageA8: Failure to Restrict URL AccessA9: Insufficient Transport Layer ProtectionA10: Unvalidated Redirects and Forwards
OWASP Top 10:
![Page 23: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/23.jpg)
Is TLS/SSL Good Enough?
You need to configure it properly.You need to use a secure implementation
![Page 24: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/24.jpg)
Website design: password policies
Don’t drive users away
![Page 25: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/25.jpg)
The Lesson:Balance control with usability
![Page 26: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/26.jpg)
hypermedia can make life
easier
![Page 27: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/27.jpg)
Links allow us to navigate the web
![Page 28: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/28.jpg)
Forms provide a template for input
![Page 29: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/29.jpg)
Links and templates can make an API easier to use
![Page 30: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/30.jpg)
documentation is a craft
![Page 31: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/31.jpg)
APIs aren’t just for the web
What type of instructions do these APIs provide?
![Page 32: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/32.jpg)
Think like a developer:
Information must be accessibleProvide information in small portionsThink task based
![Page 33: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/33.jpg)
Good documentation improves usability
![Page 34: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/34.jpg)
Examples are like illustrations.Use a LOT of them.
![Page 35: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/35.jpg)
effective management
is critical
![Page 36: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/36.jpg)
SOA Governance
Enforce access controlPromote service usageProvide service discovery documentsProvide service usage visibility
![Page 37: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/37.jpg)
API Management
Enforce access controlPromote API usageProvide API documentationProvide API usage visibility
![Page 38: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/38.jpg)
SOA Governance
How do we make sure that these services are used properly?
![Page 39: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/39.jpg)
API Management
How do we get people to use our API without falling over?
![Page 40: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/40.jpg)
Controlled versus Organic
![Page 41: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/41.jpg)
Representing organizations is usefulComplexity sucksFocus on the user
What can we learn from SOA Governance?
![Page 42: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/42.jpg)
abstraction saves time and
effort
![Page 43: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/43.jpg)
In SOA, Enterprise Service Busses were useful
(but complicated)
![Page 44: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/44.jpg)
TransformationContent-Based RoutingLoggingSecurity Enforcement
![Page 45: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/45.jpg)
Off-loading security functionality makes sense
![Page 46: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/46.jpg)
Provide consistent interfaces with a proxy
![Page 47: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/47.jpg)
Summary
There is gold to be found when looking back
Don’t blindly lift and drop – adapt instead
Always make your design relevant to your developers
![Page 48: On the shoulders of giants Learning About API Design by Looking Backwards](https://reader038.vdocument.in/reader038/viewer/2022103021/55d51374bb61eb87638b457c/html5/thumbnails/48.jpg)
On The Shoulders of GiantsLearning About API Design by Looking Backwards
Ronnie MitraPrincipal API Architect - EMEALayer 7 API Academy