OAuth 2.0 (RFC 6749) is a great authorization framework but it leaves much up to the imagination. Luckily, there are numerous extensions that expand, explain, and clarify the basic capabilities to build a robust and powerful suite of standards. That said, there’s one unobviously complex area which gets little attention: Scopes. What is an OAuth Scope? […]
API Documentation comes in a variety of forms. You can find it in pdfs, html, or even a Postman-collection that lets you play immediately. You can provide project examples, detailed blog posts, or video walk throughs.There are tradeoffs of each. Regardless of how you deliver the documentation, all documentation fall into one of three buckets: […]
All opinions and analysis in this post reflect my experience and opinion, not those of current or previous employers. They did not review or approve of this in any form. For years I’ve advised everyone from solo developers to Fortune 50 companies on the best approaches to designing and building APIs in addition to numerous […]
I’ve been thinking about what Google looks like in five years. At a macro level, they have detailed information on every event, flight, hotel, and traffic, what could they do? Or at a micro level, they have the same information on more and more people plus detailed geo-data with our personal trackers.. er.. phones, what […]
We’ve heard that adage in reference to using Facebook, Twitter, and a variety of others for quite a few years. While it absolutely does apply for general web users, in the API space, it takes on a more sinister tone. When you’re working with an API, it’s usually because it makes a piece of your […]
Note: To be clear, I am not accusing AirBnb or Facebook – or anyone else – of allowing this. According to my understanding of their Acceptable Use Policies and the law, this is way out of bounds and likely to result in trouble for all involved. Do not do it. Updated March 2018: I have […]
This was originally published on the Clarify.io blog, reproduced here. When I joined Twilio in early 2011, I learned that API companies have three user interfaces: First, there’s the website. It’s what we all think about because it’s the first thing most users see. We have designers, UX people, and similar who spend a lot of […]
Building API helper libraries is hard.
The helper libraries rarely get the same time or attention as the API itself. They’re usually an afterthought.
If you read the tech press, everyone knows they need an API but most aren’t really sure what it is. They treat it as another checkbox like “Web 2.0” was a few years ago or a mobile app was most recently. In fact, there’s an entire “API-first” movement in development circles that most people don’t […]
My first book – “A Practical Approach to API Design” – shipped this past Friday. As a result, I’m activating Operation Buy It Now today. To sweeten the deal, if you order it by 11:59pm ET on Sunday the 23rd, you will be entered into a random drawing for four hours of API consulting. All […]