Cover image for APIs: A Strategy Guide

Book description

Programmers used to be the only people excited about APIs, but now a growing number of companies see them as a hot new product channel. This concise guide describes the tremendous business potential of APIs, and demonstrates how you can use them to provide valuable services to clients, partners, or the public via the Internet. You’ll learn all the steps necessary for building a cohesive API business strategy from experts in the trenches.

Table of Contents

  1. APIs: A Strategy Guide
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. Preface
      1. Conventions Used in This Book
      2. Using Code Examples
      3. Acknowledgments
      4. Safari® Books Online
      5. How to Contact Us
    3. 1. The API Opportunity
      1. Why We Wrote This Book
      2. Who Is This Book For?
      3. What Is an API?
        1. How Is an API Different from a Website?
        2. …But APIs and Websites Have a Lot in Common
      4. Who Uses an API?
      5. Types of APIs
      6. Why Now?
    4. 2. APIs as a Business Strategy
      1. The Growth of APIs
      2. Why You Might Need an API
        1. You Need a Second Mobile App
        2. Your Customers or Partners Ask for an API
        3. Your Site Is Getting Screen-Scraped
        4. You Need More Flexibility in Providing Content
        5. You Have Data to Make Available
        6. Your Competition Has an API
        7. You Want to Let Potential Partners Test the Waters
        8. You Want to Scale Integration with Customers and Partners
        9. An API Improves the Technical Architecture
    5. 3. Understanding the API Value Chain
      1. Defining the Value Chain: Ask Key Questions
      2. Creating a Private API Value Chain
        1. Ways to Use a Private API
          1. Efficiently Creating Public Apps
          2. Supporting Partner Relationships
          3. Creating Internal Apps
        2. Benefits of Private APIs
        3. Risks Related to Private APIs
      3. Creating a Public API Value Chain
        1. Ways to Use a Public API
          1. Enhancing Value and Extending Your Brand
          2. Reaching Niche Markets
          3. Expanding Reach Across Platforms and Devices
          4. Fostering Innovation
        2. Benefits of Public APIs
        3. Risks Related to Public APIs
      4. Shifting: Private to Public, Public to Private
        1. Netflix: Public API to Private API
      5. API Business Models for Working with Partners
        1. Expanding Reach: More Apps, More Platforms
        2. Gaining Indirect Revenue
        3. Increasing Innovation through Partners
        4. Increasing Application Value through Integration
        5. Freemium Use
      6. Programmable Web’s View of API Business Models
    6. 4. Crafting Your API Product Strategy
      1. Establish a Clear Business Objective
      2. Have a Vision for Your API
      3. API Strategy Basics
        1. APIs Need a Business Sponsor
      4. Types of API Strategies
        1. Private API Strategies
        2. Public API Strategies
      5. Putting Together a Team
        1. The Developer Evangelist
      6. Objections to APIs
    7. 5. Key Design Principles for APIs
      1. Designing APIs for Specific Audiences
        1. Designing for Developers
        2. Designing for Application Users
      2. Best Practices for API Design
        1. Differentiate Your API
        2. Make Your API Easy to Try and Use
        3. Make Your API Easy to Understand
        4. Don’t Do Anything Weird
        5. Less Is More
        6. Target a Specific Developer Segment
      3. Technical Considerations for API Design
        1. REST
          1. Pure REST
          2. Pragmatic REST
          3. Pragmatic RESTful Principles
        2. Example: Designing with Pragmatic REST
          1. Sometimes REST Needs a Rest
          2. XML vs. JSON
        3. Versioning and API Design
          1. Having a Mediation Layer
          2. Taking the Plunge: Going Versionless
      4. Designing Infrastructure for APIs
        1. Data Center or Cloud?
        2. Caching Strategies
        3. Controlling API Traffic
    8. 6. API Security and User Management
      1. User Management
        1. Do You Need to Start from Scratch?
        2. Questions to Ask About User Management
      2. Identification
      3. Authentication: Proving Who You Are
        1. Usernames and Passwords
        2. Session-Based Authentication
        3. Other Authentication Methods
        4. OAuth
        5. Fortify Authentication with SSL
      4. Encryption
      5. Threat Detection and Prevention
        1. SQL Injection
        2. XML and JSON Attacks
        3. Data Masking
      6. General Recommendations
        1. API Data Protection Recommendations
        2. API Security Recommendations
    9. 7. Legal Considerations for Your API Strategy
      1. Rights Management
        1. In Practice: Rights Management at NPR
          1. Contracts
          2. Rights Tagging System
          3. Rights Management System
      2. Contracts and Terms of Use
      3. Privacy Policies
      4. Data Retention Policies
      5. Attribution of Content and Branding
      6. Responding to Misuse
    10. 8. Operating and Managing an API
      1. Operating an API
        1. Operational Information on Demand: The API Status Page
        2. Handling Ops Issues
        3. Service-Level Agreements
        4. Issue Management
        5. Operational Monitoring and Support
        6. Documenting Your API
        7. Operations Runbook
      2. Traffic Management Approaches
        1. Business-Level Traffic Management
          1. Quotas
          2. Throttling
        2. Operational Traffic Management
          1. Spike Arresting
        3. Traffic Management and Scalability
        4. API Gateways
          1. Approaches to API Gateways in the Cloud
    11. 9. Measuring the Success of Your API
      1. Handling API Metrics
        1. Why Capture Usage Metrics?
        2. Requests and Responses
        3. Impressions
        4. Loyalty
      2. Operational Metrics
        1. Effectiveness Metrics
        2. Performance Metrics
      3. Key Questions to Ask about API Performance
      4. How Metrics Evolved at NPR
    12. 10. Engaging Developers to Drive Adoption
      1. What Motivates Developers?
      2. Key Parts of a Developer Program Offering
        1. Product (or First You Need a Great API!)
        2. Access to Your API and to You
        3. Business Terms and SLA Expectations
        4. Content
        5. Awareness of Your API
        6. Focus on the Full Developer Experience
        7. Community
      3. The Anatomy of a Developer Portal
      4. The Dos and Don’ts of Developer Engagement
        1. Dos
          1. Look Alive!
          2. Target Alpha Geeks
          3. Create Scale and Leverage
          4. Foster Developer Community
          5. Seek Out Key Influencers
          6. Plug into Other Developer Communities
        2. Don’ts
          1. No differentiation for the API (it’s just like so-and-so’s API)
          2. Making it hard to sign up
          3. Marketing the API
          4. Overfocus on the developer portal
          5. Selecting the wrong community manager
          6. Having an overly broad focus
    13. 11. Epilogue: Just the Beginning
    14. About the Authors
    15. SPECIAL OFFER: Upgrade this ebook with O’Reilly