Comments on: Dear API Developers, this is what I would like to have http://www.wait-till-i.com/2007/11/07/dear-api-developers-this-is-what-i-would-like-to-have/ Chris Heilmann - Accessibilty, Web Development and Pragmatism - can talk, will travel Sun, 06 Jul 2008 20:03:13 +0000 http://wordpress.org/?v=2.5.1 By: Chris http://www.wait-till-i.com/2007/11/07/dear-api-developers-this-is-what-i-would-like-to-have/#comment-6311 Chris Wed, 07 Nov 2007 20:54:19 +0000 http://www.wait-till-i.com/2007/11/07/dear-api-developers-this-is-what-i-would-like-to-have/#comment-6311 Yes, Jonathan, exactly. These are the places were authentication is totally needed. Yes, Jonathan, exactly. These are the places were authentication is totally needed.

]]> By: Jonathan Boutelle http://www.wait-till-i.com/2007/11/07/dear-api-developers-this-is-what-i-would-like-to-have/#comment-6310 Jonathan Boutelle Wed, 07 Nov 2007 20:05:10 +0000 http://www.wait-till-i.com/2007/11/07/dear-api-developers-this-is-what-i-would-like-to-have/#comment-6310 Wow! Nice list! Thanks for taking the time to make this. I like the "hackable url" stuff. And the "carrots rather than sticks" approach to getting developers to choose to register for an API is a *very* good idea. Obviously *User* authentication becomes an issue in at least two situations. 1) When your calls are writing to our system, rather than simply fetching information (since you're changing our state, we need to know who you are) 2) When your calls are reading private data (we just added the ability to share slideshows privately yesterday, so this will be more of an issue for us now than in the past). In addition, there's the question of whether your system requires users to trust developers with their userid / passwords. A full API like flickr avoids this problem, but the result is something really baroque and hard to code to IMHO (frob? wtf? ;->). I think we'll start out by making our public data super-easy to read (both by RSS and by API), and take it from there. Thanks again for your feedback! I'll let you know when we've solved some of these issues (expect first changes within 2-3 weeks). -Jon Boutelle cofounder, SlideShare Wow! Nice list! Thanks for taking the time to make this.

I like the “hackable url” stuff. And the “carrots rather than sticks” approach to getting developers to choose to register for an API is a very good idea.

Obviously User authentication becomes an issue in at least two situations.
1) When your calls are writing to our system, rather than simply fetching information (since you’re changing our state, we need to know who you are)
2) When your calls are reading private data (we just added the ability to share slideshows privately yesterday, so this will be more of an issue for us now than in the past).

In addition, there’s the question of whether your system requires users to trust developers with their userid / passwords. A full API like flickr avoids this problem, but the result is something really baroque and hard to code to IMHO (frob? wtf? ;->).

I think we’ll start out by making our public data super-easy to read (both by RSS and by API), and take it from there.

Thanks again for your feedback! I’ll let you know when we’ve solved some of these issues (expect first changes within 2-3 weeks).
-Jon Boutelle
cofounder, SlideShare

]]>