In some of my more recent posts, I have written about upcoming transformations within the API space, ranging from orchestration layers to how Netflix pursued an optimized API design for the 1,000-plus device types that it supports. In this post, I will provide more context for these decisions and how they may (or, perhaps more likely, will) apply to your API designs–especially when it comes to the benefits of the separation-of-design model.
ProgrammableWeb enjoyed another tremendous year in 2013. The year in APIs was filled with landmarks, innovation and massive expansion of the API economy. ProgrammbleWeb readers kept us busy, and four particular areas of interest prompted the most attention.
The adoption of REST as the predominant method to build public APIs has over-shadowed any other API technology or approach in recent years. Although several alternatives (mainly SOAP) are still (very) prevalent in the enterprise, the early adopters of the API movement have taken a definitive stance against them and opted for REST as their approach and JSON as their preferred message format.
The explosive growth of social media, cloud computing and mobile devices is making Web APIs the primary interface for technology-driven products and services, and placing more and more attention on the emerging “API economy.” And with 50 percent of B2B collaboration predicted to take place through APIs by 2016, we are only seeing the tip of the iceberg.
Last week, the social posting site Buffer had both their database of access tokens and their OAuth client secrets compromised by attacks on Github and MongoDB. Buffer uses Github to store their client_secret in source code and MongoDB to store their access tokens.
A little more than one week has passed since Buffer’s infrastructure was successfully hacked, resulting in a flood of unauthorized posts to Twitter and Facebook. Shortly after ProgrammableWeb’s investigation of the hack revealed how more questions about the attack deserved to be answered, Buffer disclosed some of the answers on its blog. But more questions remained and Buffer’s CTO Sunil Sadasivan has come forward to answer them in this ProgrammableWeb exclusive Q&A.
There’s more than meets the eye to October’s successful attack on Buffer. Due to the significant legal and financial risks alone, the incident involving identity theft should serve as a wake-up call to end-users, Web developers, and API providers that not enough is being done to secure the Web.
The social sharing application Buffer gets hacked. But it’s the users of Twitter and Facebook that end up paying the price because of how Buffer automates posts to both networks. The incident could prove instructive to other services that offer public APIs.