Kin Lane

API Evangelist



Defrag: The API Lifecycle



November 2015









1940s




1950s




1960s




1970s



1980s


1990s





2000s



2010s


Henry Beck

Beck Map

1898


1902


Design
Design
>> Best Practices

  • Use the Web
  • Simplicity
  • Consistency
  • Easy to Read
  • Easy to Learn
  • Hard to Misuse
  • Audience Focused
  • Experience Over Resource
  • Use Your Own APIs
Design
>> Core Design

  • SSL
  • Host
  • Resource
  • Action
  • Verbs
  • Parameters
  • Headers
  • Body
  • Versioning
  • Pagination
  • Filtering
  • Sorting
  • Field Selection
Design
>> Response

  • Status Codes
  • Error Handling
  • Rate Limits
  • Caching
  • eTags
  • Request-Ids
  • UTF-8
  • CORS
  • JSONP
Design
>> Media Types

  • application/json
  • application/xml
  • application/csv
  • text/html
  • application/atom+xml
Design
>> Open Standards

  • JSON Schema
  • iCalendar
  • vCard
  • KML
  • geoRSS
  • m3u
  • UUID
  • ISO 8601 (Date / Time)
  • ISO 4217 (Currency)
  • ISO 3166 (Country)
  • RDFa
  • Schema.org
Design
>> Design Process

  • Definitions
  • Editor
  • Forkable
  • Sharing
  • Collaboration
  • Annotation
  • Translation
  • Highlighting
Design
>> Organization

  • Guide
  • Notebook
  • Collections
  • Dictionary
  • Contact
Design
>> Internationalization

  • Accept-Language
Hypermedia
Hypermedia
>> Core Concepts

  • Target Identification
  • Link Relation Type
  • Human-Readable Label(s)
  • Target Resource Hints
  • Traversal Hints
  • Topology
  • Directionality
  • Resource Role
Hypermedia
>> Hypermedia Formats

  • Collection+JSON
  • Extensible Markup Language (XML)
  • Home Documents
  • Hydra
  • Hypertext Application Language (HAL)
  • JSON API
  • Mason
  • Noun As Resource With HyperLinks (NARWHL)
  • Siren
  • Uniform Basis for Exchanging Representations (UBER)
  • XForms
  • XML Inclusions (XInclude)
  • XML Linking Language (XLink)
  • xml:id
Definition
Definition
>> API Definition

  • Translator
  • Specification
  • Generator
  • Parser
  • Validator
  • Schema
  • Converter
  • Database
  • Command-Line
  • Powershell
  • Aggregator
  • Editors
  • IDE Plugin
  • Forms
DNS
DNS
>> Core DNS

  • Domain
  • Record
  • Zone
  • Registration
  • Cache
  • IP Address
  • Geo DNS
DNS
>> Stability

  • Monitors
  • Threat Analysis
  • Whitelist / Blacklist
  • Denial of Service (DDOS)
  • DNS Failover
  • Latency Based Routing
  • Verification
DNS
>> Utility

  • Statistics
  • Batch Requests
  • Import
  • Export
Containers
Containers
>> Core Concepts

  • Containers
  • Images
  • Nodes
  • Volumes
  • Clusters
  • Networks
  • Hub
  • Registry
Containers
>> API

  • Containers
  • Image
  • Volumes
  • Networks
Virtualization
Virtualization
>> Core Virtualization

  • Mock
  • Sandbox
  • Simulator
  • Record
  • Playback
  • Verification
  • Port Forwarding
  • SSL
Virtualization
>> Data Virtualization

  • Templates
  • Dummy Data
  • Excel Data
Virtualization
>> Import / Export

  • Import Swagger
  • Import RAML
  • Import Blueprint
  • Import WADL
  • Import Postman
Virtualization
>> Other Elements

  • Reporting
  • Analytics
  • Teams
Deployment
Deployment
>> Deployment

  • CSV to API
  • Database to API
  • Framework
  • Gateway
  • Proxy
  • Connector
  • Hosting
  • Scraping
  • Container
Management
Management
>> Onboarding

  • Portal
  • Getting Started
  • Self-Service Registration
  • Best Practices
  • FAQ
  • Service Accord
  • Sign Up Email
  • Google Authentication
  • Github Authentication
  • Facebook Authentication
  • Flexible Messaging Area
Management
>> Documentation

  • Documentation
  • List of Endpoints
  • Interactive Documentation
  • API Explorer
  • Error Response Codes
Management
>> Authentication

  • Authentication Overview
  • Key Access
  • Basic Auth
  • oAuth
  • OAuth Scopes
  • Authentication Tester
Management
>> Code Management

  • Github
  • Application Gallery
  • Open Source
  • Starter Projects
  • Community Supported Libraries
  • Code Builder
  • Code
  • SDKs.io
Management
>> Self-Service Support

  • Forum
  • Forum RSS
  • Stack Overflow
  • Knowledgebase
Management
>> Direct Support

  • Email
  • Contact Form
  • Phone
  • Ticket System
  • Office Hours
  • Calendar
  • Paid Support Plans
Management
>> Communications

  • Slack
  • Blog
  • Blog RSS Feed
  • Twitter
  • Email
  • LinkedIn
  • Facebook
  • Google+
  • Email Newsletter
  • Instagram
  • Vimeo
  • Youtube
  • Chat
Management
>> Updates

  • Status Dashboard
  • Roadmap
  • Change Log
  • Status RSS
Management
>> Resources

  • Case Studies
  • How-to Guides
  • White Papers
  • Webinars
  • Events
  • Slideshare
  • Codecademy
  • Tour
  • Glossary
  • Videos
Management
>> Developer Account

  • Developer Dashboard
  • Account Settings
  • Reset Password
  • Application Manager
  • Usage Logs & Analytics
  • Billing History
  • Message Center
  • Github Authentication
  • Delete Account
  • Service Tier Management
Management
>> Internationalization

  • Documentation Language
  • Internationalization
Management
>> Management API

  • User Management
  • Account Management
  • Application Management
  • Service Management
Monitoring
Monitoring
>> Core Monitoring

  • Request Editor
  • Request Retry
  • Request Sharing
  • Request Playback
  • Request Scheduling
  • Request Compare
  • Request Scripting
  • Request Automation
  • Request Commenting
  • Service Availability
  • Latency Measurement
  • Response Header Validation
  • Response Body Validation
Monitoring
>> Management Monitoring

  • Documentation Monitoring
  • Pricing Monitoring
  • Terms of Service Monitoring
Monitoring
>> Targeted Monitoring

  • Provider Based Monitoring
  • Region Based Monitoring
  • Public Monitoring
Monitoring
>> Authentication

  • Basic Auth
  • OAuth
  • API Keys
Monitoring
>> Utility

  • Collections
  • Virtualize
  • Localhost
  • Teams
  • API
Monitoring
>> Notification

  • SMS
  • Email
  • Phone
  • Webhook
Monitoring
>> Import

  • Postman
  • Swagger
  • RAML
  • HAR
Monitoring
>> Reporting

  • Dashboard
  • Analytics
  • Embeddable
Monitoring
>> 3rd Party

  • Slack
  • PagerDuty
  • VictorOps
  • HipChat
  • Flowdock
  • OpsGenie
Testing
Testing
>> Core Testing

  • Load Testing
  • Response Header Inspector
  • Response Body Inspector
  • Request Retry
  • Request Sharing
  • Request Playback
  • Request Scheduling
  • Request Compare
  • Request Scripting
  • Request Automation
  • Request Commenting
  • Simulator
  • Templates
  • Data Scenarios
Performance
Performance
>> Core Performance

  • CPU Usage
  • Memory Usage
  • Disk I/O
  • Network I/O
  • Request Editor
  • Request Retry
  • Request Sharing
  • Request Playback
  • Request Scheduling
  • Request Compare
  • Request Scripting
  • Request Automation
  • Request Commenting
  • Latency Testing
  • Simulator
Security
Security
>> Auth Formats

  • Basic Auth
  • OAuth
  • API Keys
  • JSON Web Token
Security
>> Auth Considerations

  • Session Management
  • Session State
  • Anti-Farming
  • Protect HTTP Methods
  • Methods Whitelist
  • Cross-Site Request Forgery
  • Insecure Direct Object References
Security
>> Input Validation

  • Assist the User
  • Secure Parsing
  • Strong Typing
  • Validate Content-Types
  • Validate Response Types
  • JSON Validation
  • XML Validation
  • Framework-Provided Validation
Security
>> Output Validation

  • Send Security Headers
  • JSON Encoding
  • XML Encoding
  • Link Integrity
Security
>> Cryptography

  • Data in Transit
Security
>> Abuse of Functionality

  • Buffer Overflow Attack
  • Buffer Overflow via Environment Variables
  • Overflow Binary Resource File
Security
>> Data Structure Attacks

  • Cross-Site Request Forgery (CSRF)
  • Logic/time Bomb
  • Trojan Horse
  • Account Lockout Attack
  • Cross-Site Request Forgery (CSRF)
  • Execution After Redirect (EAR)
  • Session Fixation
  • Session Hijacking Attack
  • Session Prediction
Security
>> Embedded Malicious Code

  • Parameter Delimiter
  • Resource Injection
  • Server-Side Includes (SSI) Injection
  • SQL Injection
  • Web Parameter Tampering
  • XPATH Injection
  • Code Injection
  • Command Injection
  • Comment Injection Attack
  • Content Security Policy
  • Content Spoofing
  • CORS RequestPreflighScrutiny
Security
>> Injection

  • Brute Force Attack
  • Cash Overflow
  • Cryptanalysis
  • Denial of Service
Security
>> Path Traversal Attack

  • HTTP Request Smuggling
  • HTTP Response Splitting
  • Traffic Flood
Security
>> Probabilistic Technique

  • Asymmetric Resource Consumption
  • Cash Overflow
  • Denial of Service
Security
>> Protocol Manipulation

  • Comment Injection Attack
  • Custom Special Character Injection
  • Double Encoding
  • Forced Browsing
  • Path Traversal
  • Relative Path Traversal
  • Repudiation Attack
  • Setting Manipulation
  • Unicode Encoding
Security
>> Resource Depletion

  • Cash Overflow
  • Cross-Site Request Forgery (CSRF)
  • Man-in-the-Middle Attack
Security
>> Resource Manipulation

  • Certification
  • Security Visualization
  • Compliance & Auditing Reporting
  • Bug Bounty Program
  • Endpoint Tagging
  • Intrusion Correlation
  • Risk Scoring
  • Publish Your Page
Terms of Service
Terms of Service
>> Core Elements

  • Accuracy of Information
  • Security
  • Opting Out
  • Sites Covered
  • Childrens Privacy
  • Links to Non-Operators Web Sites
  • Aggregate Information
  • Log Files
  • Cookies
  • Web Beacons
  • How We Use Your Information
  • Information Sharing
  • Access To Information
Privacy
Privacy
>> Privacy

  • License
  • Intellectual Property Rights
  • Permitted and Prohibited Uses
  • Use of Personally Identifiable Information
  • User Submissions
  • Technical Requirements and Limitations
  • User Discussion Lists and Forums
  • Liability
  • Termination
  • Changes
  • Links to Other Materials
  • Warranty Disclaimer
  • Miscellaneous
Licensing
Licensing
>> Server Code

  • Apache
  • GPL
  • MIT
Licensing
>> Data

  • Public Domain Dedication and License (PDDL)
  • Attribution License (ODC-By)
  • Open Database License (ODC-ODbL)
Licensing
>> Content

  • Attribution (CC BY)
  • Attribution-ShareAlike (CC BY-SA)
  • Public Domain (CC0)
Licensing
>> API

  • Attribution (CC BY)
  • Attribution-ShareAlike (CC BY-SA)
  • Public Domain (CC0)
Licensing
>> Client Code

  • Apache
  • GPL
  • MIT
Branding
Branding
>> Branding

  • Use of Brand Name
  • Use of Brand Logo
  • Use of Product Titles
  • Content Display Requirements
  • Data Display Requirements
  • Image Assets
  • Icon Assets
  • Other Assets
  • Linking Requirements
  • Naming Your Application
  • Branding Examples
  • Full Style Guide
  • Give Credit
  • Bring Value
Discovery
Discovery
>> Specification

  • APIs.json
Discovery
>> Discovery

  • API Directory
  • API Hub
  • IDE Extension
  • API Explorer
  • API Questions
Discovery
>> Directory

  • ProgrammableWeb
  • Mashape
Discovery
>> Search

  • APIs.io
Client
Client
>> Request Editor

  • Request URL Editor
  • Request Headers Editor
  • Cookies Manager
  • Request Method Manager
  • Request Body Editor
Client
>> Authentication

  • Basic Auth
  • Digest Auth
  • OAuth 1.0
  • OAuth 2.0
Client
>> Response Viewer

  • Save Requests
  • XML Viewer
  • JSON Viewer
  • RAW Viewer
  • Search
Client
>> Organization

  • Collections
  • Templates
  • Clone Requests
  • Record
  • Replay
  • Keyboard Shortcuts
  • History
  • Teams
Client
>> Import / Export

  • Import Swagger
  • Import API Blueprint
  • Import RAML
  • Import Postman
  • Export Postman
  • Export Swagger
  • Export API Blueprint
  • Export RAML
Client
>> Tooling

  • Command Line
  • Codegen
  • Proxy
  • Extensions
IDE
IDE
>> Core Elements

  • Workspace
  • Project
  • Worker
  • Container
  • Resources
  • Analytics
  • Environment
  • Github
  • Editor(s)
  • Plugins
  • Autocomplete
  • Themes
  • Customize
SDK
SDK
>> Generate

  • C#
  • Objective-C
  • Java for Android
  • Java for JVM
  • PHP
  • Python
  • AngularJS
  • Ruby
  • Node.js
  • Go
  • Scala
  • ActionScript
  • Swift
SDK
>> Import / Export

  • Import Swagger
  • Import RAML
  • Import Blueprint
  • Import WADL
  • Import Postman
SDK
>> Discovery

  • List SDK
  • Search SDK
  • Browse SDK
  • Rating
SDK
>> Mobile Management

  • Mobile Overview
  • iOS SDK
  • Android SDK
  • HTML5
  • Appery.io
  • Windows Mobile SDK
SDK
>> Code - Platform Development Kits (PDK)

  • Wordpress
  • Heroku
  • Drupal
  • SalesForce
  • Joomla
  • Google App Engine
  • Chrome Extension
  • Firefox Add-On
SDK
>> Single Page Applications (SPA)

  • Angular.js
  • React.js
Embeddable
Embeddable
>> Embed Formats

  • Open Graph Protocol
  • oEmbed
Embeddable
>> Embeddable Tools

  • Bookmarklet
  • Widgets
  • Badges
  • Buttons
Embeddable
>> Embed Engines

  • Widget Builder
  • JavaScript API
Webhooks
Webhooks
>> Core

  • URL
  • Payload
  • Event
  • Content Type
Webhooks
>> Inbound

  • Webhooks Targets
Webhooks
>> Outbound

  • Multiple Destinations
  • CRON Jobs
Webhooks
>> Utilities

  • Transformations
  • Scripting
  • Retry
Webhooks
>> Operations

  • Analytics
  • Emails
  • Logging
  • Alerts
  • Simulator
Webhooks
>> 3rd Party Integration

  • Github
Monetization
Monetization
>> Acquisition

  • Discover
  • Negotiate
  • Licensing
  • Purchase
Monetization
>> Development

  • Investment
  • Grant
  • Normalization
  • Design
  • Database
  • Server
  • Coding
  • DNS
Monetization
>> Operation

  • Definition
  • Compute
  • Storage
  • Bandwidth
  • Management
  • Code
  • Evangelism
  • Monitoring
  • Security
  • Virtualization
Monetization
>> Access Levels

  • Free
  • Free Trial
  • Not For Profit
  • Educational Access
  • Tier(s)
  • Public
  • Retail
  • Trusted
  • Education
  • Partner
  • Wholesale
  • Platform
  • Partner Program
  • Reseller Program
Monetization
>> Pricing & Credits

  • Value of Resources
  • Revenue
  • API Value
  • Daily Limit
  • Usage
  • Incentive
  • Purchase
  • Buyout
  • Discounts
  • Volume
  • Applying
Monetization
>> Indirect Value Generation

  • Marketing Vehicle
  • Web or Mobile Traffic
  • Brand Awareness
  • Data & Content Acquisition
Monetization
>> Partner Revenue Generation

  • Link Affiliate
  • Revenue Share
  • Credits to Bill
Monetization
>> Internal Revenue Generation

  • Monthly
  • Users
  • Applications
  • Tiers
  • Affiliate Revenue
  • Advertising Revenue
Plans
Plans
>> Plan Details

  • Trial Period
  • Setup Cost
  • Subscription Time
  • Subscription Cost
  • Plan Type
  • Features
  • Country
Plans
>> Metrics

  • Default
  • Volume
  • Price Per
Plans
>> Limits

  • Range
  • Timeframe
Plans
>> API Resources

  • Methods
  • Verbs
Plans
>> Rate Limits

  • Rate Limits Page
  • Rate Limit Information Inline In Docs
  • Account Rate Limit API
Partners
Partners
>> Program Details

  • Landing Page
  • Program Details
  • Program Requirements
  • Program Levels
Partners
>> Partner Showcase

  • List of Partners
  • Partner Stories
  • Partner Search
Partners
>> Partner Program

  • Application
  • Private Portal
  • Certification
Partners
>> API

  • Quota Increase
  • Additional APIs
  • Read / Write APIs
Partners
>> Early Access

  • Early Communication
  • Early Opportunities
  • Beta Access
Partners
>> Legal

  • Agreement
  • Privacy Policy
  • Code of Conduct
Partners
>> Marketing Activities

  • Blog Posts
  • Press Release
  • Facebook Post
  • Twitter Post
  • Google Plus
Partners
>> Support

  • Discounts
  • Office Hours
  • Training
  • Advisors
Partners
>> Content

  • Quotes
  • Testimonials
  • Use of Logo
Partners
>> Communication

  • Blog
  • Spotlight
  • Newsletter
Partners
>> Financial

  • Revenue Sharing
  • Reseller Discounts

































1889


1902


1905


1908


1910


1911


1913


1914


1919


1920


1921


1924


1926


1932

1933







Barcelona

Beijing

Boston

Chicago

Washington DC

Paris

Sao Paulo

Seoul

Tokyo




The End


By Kin Lane


@kinlane