Over a million developers have joined DZone.

Should You Be Required to Get Approval Before Accessing API Resources?

DZone's Guide to

Should You Be Required to Get Approval Before Accessing API Resources?

Some companies are beginning to require approval before developers get access to any API resources. Kin Lane offers his thoughts on the subject.

· Integration Zone ·
Free Resource

WSO2 is the only open source vendor to be named a leader in The Forrester Wave™: API Management Solutions, Q4 2018 Report. Download the report now or try out our product for free.

I wrote about SoundCloud beginning to require approval before developers get access to any API resources, a concept that I want to keep exploring. I'm going to be going through the APIs track on, looking for different variations of this, but before I did this, I wanted to explore a couple of approaches I already had rattling around in my head.

What if, when you first sign up for API access, you only get access to your own data and content? You couldn't get access to any other users until you were approved. It seems like something that would incentivize developers to publish data and content, build their profiles out, which is good for the platform right? It will also protect other end-users from malicious activity by random developers who are just looking to wreak havoc in support of their own objectives and do not care about the platform (like we saw with Soundcloud).

A good example of how this could be applied is evident in the post yesterday by Kris Shaffer on Medium, who was looking to get his content out of the platform. I use the Medium API to syndicate blog posts to Medium (POSSE), but there is no read API allowing me to pull my content out. I agree with Kris that this is a problem. What if Medium opened up API access, allowing us platform users to get at our own content, but then required the approval of any app before there ever is access to other users content?

Some food for thought. I hear a lot of platforms say they don't do APIs because they don't want to end up with the same problems as Twitter. I think this is the result of some legacy views about public APIs that should just go away. Not all APIs are created equal, and I feel that APIs shouldn't always be just about applications and often times are just a lifeline for platform users, helping us end-users better manage their data and content. If my internal systems and other third-party systems are integrated together with APIs, the likelihood that I will grow dependent on the integration only increases.

IAM is now more than a security project. It’s an enabler for an integration agile enterprise. If you’re currently evaluating an identity solution or exploring IAM, join this webinar.

integration ,apis ,api resources

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}