So reads the ZDNet headline. The trouble all stems from Facebook’s social reader, part of the Facebook Open Graph Actions initiative. Several sites have this, including the popular Guardian app, installed over 4 million times.
The ZDNet post gets to the crux of the issue:
Once you’ve authorized Yahoo that first time, all future reads of articles on their web sites are also posted to your profile, whether you like it or not. The only way to stop it is to remove the app authorization in your Facebook privacy settings.
This all happens through a somewhat confusing API authorization screen. If you don’t authorize, you don’t read the story. The only way around sharing your every celebrity obsession (or whatever it is you read) is to share only with yourself. It’s a strange solution and, based on my news feed, not one many have figured out.
Charlie Kindel shares his true feelings in Don’t Build APIs:
The only way to ensure an API does not get abused is to ensure it is not successful. But if it is successful you will have to support it forever.
I believe early stage ventures should avoid creating APIs at all. They certainly not try to “be a platform”. But if you are going to ignore my advice and start exposing APIs, take this to heart:
You will do them wrong. Callers will use them in ways you don’t expect. And you will waste huge amounts of energy supporting them in the future.
That quote is slightly edited for space, but I think it gets at Kindel’s core point. Jamieson Becker fires back with DON’T Don’t Build APIs, pointing out internal benefits to dogfooding–building your own app on your API.
Today we had 10 new APIs added to our API directory including business management software, Greek-to-Latin translation service, US Department of Defense procurement information service, open key-value data storage service, SMS messaging service, payee verification service and online file storage service. Below is more details on each of these new APIs.
Autotask API: Autotask is a cloud based business management software platform that lets users organize, automate and optimize their business. It gives users the ability to do their billing, scheduling, employee tracking and see which clients are most profitable. The Autotask API exposes the functionality of the platform and allows it to be integrated with third party applications. Full documentation is not publicly available.
DigitalClassicist G-Tool API: The service accepts Greek character strings and returns transliterated Latin strings. Specified rulesets configure the character translation to account for variations in the location and time period of the source material.
API methods accept Unicode character strings in the Greek alphabet along with ruleset designations to control the transformation to be applied and output preference designations. Returned data provide Latin equivalents of the submitted strings, transformed according to the specified rulesets.
IUID Registry API: The service supports the DoD's Wide Area Workflow system for paperless contracting. It allows retrieval of specifications for items available for vendor bids to fulfill DoD purchase contracts, including purchase history for some items. The service also identifies vendors registered to bid on supply contracts. Vendors can use the system to help fulfill contract terms by transmitting shipping notices for electronic receipt and acceptance.
API methods support verification of Unique Item Identifiers (UII) for products to be purchased, with specifics like part and batch numbers. Methods also support retrieval of listings for contractors registered with the system.
OpenKeyval API: The service provides an open storehouse for key-value data intended to maintain persistent data for use in web applications. Storage accommodates case-sensitive, 5-128 character keys made up of alphanumeric characters, dashes, and underscores.
API methods support creation of a record storing a key value linked to a submitted string. Methods also support retrieval of the key for use in an application upon submission of the arbitrary string. The key value can then be updated in the service and the local application, and submissions of the associated persisting string will retrieve the new value.
Telerivet API: Telerivet is a service that lets people deploy their own SMS services world wide. Telerivet allows the SMS service to use a local phone number across all mobile networks. The SMS service connects to the mobile network using an inexpensive Android phone and a local SIM card.
The API allows developers to enable their applications to send and receive SMS messages to/from any phone. It also allows users to receive incoming multimedia messages from MMS-capable phones, build SMS services that respond to missed calls, which are free to end-users, send and receive long (multipart) SMS and Unicode SMS and more. The API uses RESTful calls and responses are formatted in JSON.
TINCheck API: The service validates a submitted taxpayer identification number (TIN) to verify a match with the correct name on a payee record. The U.S. Internal Revenue Service (IRS) imposes heavy penalties for data submissions with inaccurate TINs. The service allows applications to call validation functions and confirm accuracy before submitted data.
API methods support submission of TIN data to retrieve associated first and last names and address. U.S. address format includes two possible street links, city, state, and ZIP code.
Trillium Global Locator API: The service provides global location data for address validation. It processes submitted address data to validate and standardize its format, then assigns latitude and longitude coordinates to pinpoint the location. The intent is to process incomplete and variably formatted address information to determine precise locations.
API methods support submission of an address string and processing based on datasets of valid location information to enhance and reformat the address for exact location. Datasets are available for locations worldwide from multiple sources.
Ubuntu One Account Admin API: The Ubuntu One Account Admin API allows users to administer an Ubuntu One account, grant access to applications, and handle passwords and other access details. Administrators can get information about a user’s account, subscribed features, costs, and CouchDB access. They can also retrieve an Ubuntu One mobile username and password for a user, or issue new OAuth tokens for an Ubuntu One account.
Ubuntu One Files API: The Ubuntu One Files API can be used to store files in the Ubuntu One cloud. Users may choose to sync their stored files to some, all, or none of their machines and devices. This API can also be used to publish files to a public URL. The Ubuntu One Files API operates over REST using GET or PUT calls.
Ubuntu One Music API: The Ubuntu One Music API allows users to stream their music on any platform capable of playing music. Users are able to search their music collection using a variety of parameters as well as create, edit, delete, and play their playlists. The Ubuntu One Music API operates over REST calls in XML format.