Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Should You Be Required to Get Approval Before Accessing API Resources?

DZone's Guide to

Should You Be Required to Get Approval Before Accessing API Resources?

Some companies are beginning to require approval before developers get access to any API resources. Kin Lane offers his thoughts on the subject.

· Integration Zone
Free Resource

Share, secure, distribute, control, and monetize your APIs with the platform built with performance, time-to-value, and growth in mind. Free 90-day trial of 3Scale by Red Hat

I wrote about SoundCloud beginning to require approval before developers get access to any API resources, a concept that I want to keep exploring. I'm going to be going through the APIs track on, looking for different variations of this, but before I did this, I wanted to explore a couple of approaches I already had rattling around in my head.

What if, when you first sign up for API access, you only get access to your own data and content? You couldn't get access to any other users until you were approved. It seems like something that would incentivize developers to publish data and content, build their profiles out, which is good for the platform right? It will also protect other end-users from malicious activity by random developers who are just looking to wreak havoc in support of their own objectives and do not care about the platform (like we saw with Soundcloud).

A good example of how this could be applied is evident in the post yesterday by Kris Shaffer on Medium, who was looking to get his content out of the platform. I use the Medium API to syndicate blog posts to Medium (POSSE), but there is no read API allowing me to pull my content out. I agree with Kris that this is a problem. What if Medium opened up API access, allowing us platform users to get at our own content, but then required the approval of any app before there ever is access to other users content?

Some food for thought. I hear a lot of platforms say they don't do APIs because they don't want to end up with the same problems as Twitter. I think this is the result of some legacy views about public APIs that should just go away. Not all APIs are created equal, and I feel that APIs shouldn't always be just about applications and often times are just a lifeline for platform users, helping us end-users better manage their data and content. If my internal systems and other third-party systems are integrated together with APIs, the likelihood that I will grow dependent on the integration only increases.

Explore the core elements of owning an API strategy and best practices for effective API programs. Download the API Owner's Manual, brought to you by 3Scale by Red Hat

Topics:
integration ,apis ,api resources

Published at DZone with permission of Kin Lane, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}