your api is not a website!
DESCRIPTION
TRANSCRIPT
![Page 1: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/1.jpg)
Your API is not a Website!
9.15.11 @ 11:05 PSTVOIP or Dial-in (see chat)
Greg Brail @gbrail
Brian Pagano @brianpagano
![Page 2: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/2.jpg)
@brianpagano@gbrail
![Page 3: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/3.jpg)
Mapping out your API Strategy
Pragmatic REST: API Design Fu
10 Patterns in Successful API Programs
What to Measure: API Analytics
Is your API Naked? API Tech & Operations
Does your API need PCI? (Compliance)
Developers Hate Marketing: Driving API Adoption
OAuth: The Big Picture
“Boss, we need an API”
Your API is not a Website!
API Workshop Webinar Series(videos & slides at http://blog.apigee.com/taglist/webinar)
![Page 4: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/4.jpg)
Setup
APIs seem at first like web sites without images.
On deeper inspection that’s not the case!
Examining the differences is a great discussion on API technology.
![Page 5: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/5.jpg)
But first, how are APIs and Websites the same?
![Page 6: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/6.jpg)
Image by caseymultimedia
![Page 7: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/7.jpg)
How are APIs and Websites the same?
24x7 operations
![Page 8: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/8.jpg)
How are APIs and Websites the same?
24x7 operations
Frequent deployment
![Page 9: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/9.jpg)
How are APIs and Websites the same?
24x7 operations
Frequent deployment
Fast expectationsOn the Internet this is not news.But inside corporate IT, it is a new way of life!This is the case for public and private APIs.
![Page 10: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/10.jpg)
So how are they different?
![Page 12: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/12.jpg)
How are APIs and Websites different?
Audience
Longevity
Analytics
Security
Integration
Testability
![Page 13: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/13.jpg)
Audience
Websites are used by humans
APIs are used by programmers.
Programmers, in turn, make apps for humans.
image by maanow
![Page 14: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/14.jpg)
Why does this matter?
Developers don’t care about images, fonts, colors, and other design elements.
Developers do care about the “look and feel” of the API itself.Is it easy to develop to?
Does it use REST appropriately?
(according to their own definition of “REST”)
Does it make me do anything weird?
Does it work?
Is it down a lot?
![Page 15: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/15.jpg)
Longevity
Web sites change all the time.
APIs must remain compatible over time.
image by wilhelmja
![Page 16: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/16.jpg)
Why Does this Matter?
Humans are fairly resilient to changeWe may complain…
…but when a site design changes, we (usually) adapt
Programs are not resilient to changeDevelopers don’t want to re-write
Old apps might not have developers any more
Users don’t install updates right away
![Page 17: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/17.jpg)
Analytics
Most web analytics depend on the browser.
API clients might not be browsers at all!
![Page 18: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/18.jpg)
Why Does this Matter?
API analytics can’t rely on:JavaScript that runs on the client
“Beacon” URLs that get downloaded all the time
Cookies the client must return
API clients just don’t do these things - especially when built by 3rd parties
You need to embed analytics on the server.Use what is sent in the request and only that
![Page 19: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/19.jpg)
Security
Web sites can be scraped carefully.
APIs are extremely easy to “scrape” and automate.
APIs and web sites need different types of security.
OAuth for APIs, passwords for web sites,SSL for both!
![Page 20: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/20.jpg)
Why Does this Matter?
Since APIs are so easy to program, they are easy to ‘do damage.’Try to crack passwords using an API
Download a company’s whole product catalog
Book a whole bunch of flights to mess with pricing
Rate limits and quotas are essential.
![Page 21: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/21.jpg)
Why Else Does this Matter?
Passwords are lousy for public APIs.They propagate to lots of sites that use the APIs
They propagate to devices that use the APIs
Consider OAuth for these cases
![Page 22: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/22.jpg)
Integration
Web sites can pull content from all over.
APIs sit in one place.
![Page 23: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/23.jpg)
Why Does this Matter?
The architecture is just different.Websites can include scripts, gadgets, and images from all over the web
APIs can’t – developers expect a few API calls to do it all
But you can pull things together on the server side…
![Page 24: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/24.jpg)
Testability
Automated web site testing is hard.
Automated API testing is easier.
![Page 25: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/25.jpg)
Why Does this Matter?
Any API needs to:Change quickly
Remain compatible
Perform consistently
How do you ensure this?Test early and test often
Automated regression testing is the key
A good API should make this EASY
![Page 26: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/26.jpg)
Conclusion
A great API is not the same as a great web site.
A great API is:
Fast-moving, yet it never breaks the apps
Reliable, stable, and fast
Easy to understand and program to
Secure and resilient to failure
You need both.
![Page 27: Your API is not a Website!](https://reader035.vdocument.in/reader035/viewer/2022062616/5491ec28b47959b9538b48db/html5/thumbnails/27.jpg)
THANK YOUQuestions and ideas to:
@apigee@gbrail@brianpagano