The API Lifecycle

Kin Lane

API Evangelist

Defrag: The API Lifecycle

November 2015

1940s

1950s

1960s

1970s

1980s

1990s

2000s

2010s

Henry Beck

Beck Map

1898

1902

	Design

	Design
>> Best Practices

Use the Web
Simplicity
Consistency
Easy to Read
Easy to Learn
Hard to Misuse
Audience Focused
Experience Over Resource
Use Your Own APIs

	Design
>> Core Design

SSL
Host
Resource
Action
Verbs
Parameters
Headers
Body
Versioning
Pagination
Filtering
Sorting
Field Selection

	Design
>> Response

Status Codes
Error Handling
Rate Limits
Caching
eTags
Request-Ids
UTF-8
CORS
JSONP

	Design
>> Media Types

application/json
application/xml
application/csv
text/html
application/atom+xml

	Design
>> Open Standards

JSON Schema
iCalendar
vCard
KML
geoRSS
m3u
UUID
ISO 8601 (Date / Time)
ISO 4217 (Currency)
ISO 3166 (Country)
RDFa
Schema.org

	Design
>> Design Process

Definitions
Editor
Forkable
Sharing
Collaboration
Annotation
Translation
Highlighting

	Design
>> Organization

Guide
Notebook
Collections
Dictionary
Contact

	Design
>> Internationalization

Accept-Language

	Hypermedia

	Hypermedia
>> Core Concepts

Target Identification
Link Relation Type
Human-Readable Label(s)
Target Resource Hints
Traversal Hints
Topology
Directionality
Resource Role

	Hypermedia
>> Hypermedia Formats

Collection+JSON
Extensible Markup Language (XML)
Home Documents
Hydra
Hypertext Application Language (HAL)
JSON API
Mason
Noun As Resource With HyperLinks (NARWHL)
Siren
Uniform Basis for Exchanging Representations (UBER)
XForms
XML Inclusions (XInclude)
XML Linking Language (XLink)
xml:id

	Definition

	Definition
>> API Definition

Translator
Specification
Generator
Parser
Validator
Schema
Converter
Database
Command-Line
Powershell
Aggregator
Editors
IDE Plugin
Forms

	DNS

	DNS
>> Core DNS

Domain
Record
Zone
Registration
Cache
IP Address
Geo DNS

	DNS
>> Stability

Monitors
Threat Analysis
Whitelist / Blacklist
Denial of Service (DDOS)
DNS Failover
Latency Based Routing
Verification

	DNS
>> Utility

Statistics
Batch Requests
Import
Export

	Containers

	Containers
>> Core Concepts

Containers
Images
Nodes
Volumes
Clusters
Networks
Hub
Registry

	Containers
>> API

Containers
Image
Volumes
Networks

	Virtualization

	Virtualization
>> Core Virtualization

Mock
Sandbox
Simulator
Record
Playback
Verification
Port Forwarding
SSL

	Virtualization
>> Data Virtualization

Templates
Dummy Data
Excel Data

	Virtualization
>> Import / Export

Import Swagger
Import RAML
Import Blueprint
Import WADL
Import Postman

	Virtualization
>> Other Elements

Reporting
Analytics
Teams

	Deployment

	Deployment
>> Deployment

CSV to API
Database to API
Framework
Gateway
Proxy
Connector
Hosting
Scraping
Container

	Management

	Management
>> Onboarding

Portal
Getting Started
Self-Service Registration
Best Practices
FAQ
Service Accord
Sign Up Email
Google Authentication
Github Authentication
Facebook Authentication
Flexible Messaging Area

	Management
>> Documentation

Documentation
List of Endpoints
Interactive Documentation
API Explorer
Error Response Codes

	Management
>> Authentication

Authentication Overview
Key Access
Basic Auth
oAuth
OAuth Scopes
Authentication Tester

	Management
>> Code Management

Github
Application Gallery
Open Source
Starter Projects
Community Supported Libraries
Code Builder
Code
SDKs.io

	Management
>> Self-Service Support

Forum
Forum RSS
Stack Overflow
Knowledgebase

	Management
>> Direct Support

Email
Contact Form
Phone
Ticket System
Office Hours
Calendar
Paid Support Plans

	Management
>> Communications

Slack
Blog
Blog RSS Feed
Twitter
Email
LinkedIn
Facebook
Google+
Email Newsletter
Instagram
Vimeo
Youtube
Chat

	Management
>> Updates

Status Dashboard
Roadmap
Change Log
Status RSS

	Management
>> Resources

Case Studies
How-to Guides
White Papers
Webinars
Events
Slideshare
Codecademy
Tour
Glossary
Videos

	Management
>> Developer Account

Developer Dashboard
Account Settings
Reset Password
Application Manager
Usage Logs & Analytics
Billing History
Message Center
Github Authentication
Delete Account
Service Tier Management

	Management
>> Internationalization

Documentation Language
Internationalization

	Management
>> Management API

User Management
Account Management
Application Management
Service Management

	Monitoring

	Monitoring
>> Core Monitoring

Request Editor
Request Retry
Request Sharing
Request Playback
Request Scheduling
Request Compare
Request Scripting
Request Automation
Request Commenting
Service Availability
Latency Measurement
Response Header Validation
Response Body Validation

	Monitoring
>> Management Monitoring

Documentation Monitoring
Pricing Monitoring
Terms of Service Monitoring

	Monitoring
>> Targeted Monitoring

Provider Based Monitoring
Region Based Monitoring
Public Monitoring

	Monitoring
>> Authentication

Basic Auth
OAuth
API Keys

	Monitoring
>> Utility

Collections
Virtualize
Localhost
Teams
API

	Monitoring
>> Notification

SMS
Email
Phone
Webhook

	Monitoring
>> Import

Postman
Swagger
RAML
HAR

	Monitoring
>> Reporting

Dashboard
Analytics
Embeddable

	Monitoring
>> 3rd Party

Slack
PagerDuty
VictorOps
HipChat
Flowdock
OpsGenie

	Testing

	Testing
>> Core Testing

Load Testing
Response Header Inspector
Response Body Inspector
Request Retry
Request Sharing
Request Playback
Request Scheduling
Request Compare
Request Scripting
Request Automation
Request Commenting
Simulator
Templates
Data Scenarios

	Performance

	Performance
>> Core Performance

CPU Usage
Memory Usage
Disk I/O
Network I/O
Request Editor
Request Retry
Request Sharing
Request Playback
Request Scheduling
Request Compare
Request Scripting
Request Automation
Request Commenting
Latency Testing
Simulator

	Security

	Security
>> Auth Formats

Basic Auth
OAuth
API Keys
JSON Web Token

	Security
>> Auth Considerations

Session Management
Session State
Anti-Farming
Protect HTTP Methods
Methods Whitelist
Cross-Site Request Forgery
Insecure Direct Object References

	Security
>> Input Validation

Assist the User
Secure Parsing
Strong Typing
Validate Content-Types
Validate Response Types
JSON Validation
XML Validation
Framework-Provided Validation

	Security
>> Output Validation

Send Security Headers
JSON Encoding
XML Encoding
Link Integrity

	Security
>> Cryptography

Data in Transit

	Security
>> Abuse of Functionality

Buffer Overflow Attack
Buffer Overflow via Environment Variables
Overflow Binary Resource File

	Security
>> Data Structure Attacks

Cross-Site Request Forgery (CSRF)
Logic/time Bomb
Trojan Horse
Account Lockout Attack
Cross-Site Request Forgery (CSRF)
Execution After Redirect (EAR)
Session Fixation
Session Hijacking Attack
Session Prediction

	Security
>> Embedded Malicious Code

Parameter Delimiter
Resource Injection
Server-Side Includes (SSI) Injection
SQL Injection
Web Parameter Tampering
XPATH Injection
Code Injection
Command Injection
Comment Injection Attack
Content Security Policy
Content Spoofing
CORS RequestPreflighScrutiny

	Security
>> Injection

Brute Force Attack
Cash Overflow
Cryptanalysis
Denial of Service

	Security
>> Path Traversal Attack

HTTP Request Smuggling
HTTP Response Splitting
Traffic Flood

	Security
>> Probabilistic Technique

Asymmetric Resource Consumption
Cash Overflow
Denial of Service

	Security
>> Protocol Manipulation

Comment Injection Attack
Custom Special Character Injection
Double Encoding
Forced Browsing
Path Traversal
Relative Path Traversal
Repudiation Attack
Setting Manipulation
Unicode Encoding

	Security
>> Resource Depletion

Cash Overflow
Cross-Site Request Forgery (CSRF)
Man-in-the-Middle Attack

	Security
>> Resource Manipulation

Certification
Security Visualization
Compliance & Auditing Reporting
Bug Bounty Program
Endpoint Tagging
Intrusion Correlation
Risk Scoring
Publish Your Page

	Terms of Service

	Terms of Service
>> Core Elements

Accuracy of Information
Security
Opting Out
Sites Covered
Childrens Privacy
Links to Non-Operators Web Sites
Aggregate Information
Log Files
Cookies
Web Beacons
How We Use Your Information
Information Sharing
Access To Information

	Privacy

	Privacy
>> Privacy

License
Intellectual Property Rights
Permitted and Prohibited Uses
Use of Personally Identifiable Information
User Submissions
Technical Requirements and Limitations
User Discussion Lists and Forums
Liability
Termination
Changes
Links to Other Materials
Warranty Disclaimer
Miscellaneous

	Licensing

	Licensing
>> Server Code

Apache
GPL
MIT

	Licensing
>> Data

Public Domain Dedication and License (PDDL)
Attribution License (ODC-By)
Open Database License (ODC-ODbL)

	Licensing
>> Content

Attribution (CC BY)
Attribution-ShareAlike (CC BY-SA)
Public Domain (CC0)

	Licensing
>> API

Attribution (CC BY)
Attribution-ShareAlike (CC BY-SA)
Public Domain (CC0)

	Licensing
>> Client Code

Apache
GPL
MIT

	Branding

	Branding
>> Branding

Use of Brand Name
Use of Brand Logo
Use of Product Titles
Content Display Requirements
Data Display Requirements
Image Assets
Icon Assets
Other Assets
Linking Requirements
Naming Your Application
Branding Examples
Full Style Guide
Give Credit
Bring Value

	Discovery

	Discovery
>> Specification

APIs.json

	Discovery
>> Discovery

API Directory
API Hub
IDE Extension
API Explorer
API Questions

	Discovery
>> Directory

ProgrammableWeb
Mashape

	Discovery
>> Search

APIs.io

	Client

	Client
>> Request Editor

Request URL Editor
Request Headers Editor
Cookies Manager
Request Method Manager
Request Body Editor

	Client
>> Authentication

Basic Auth
Digest Auth
OAuth 1.0
OAuth 2.0

	Client
>> Response Viewer

Save Requests
XML Viewer
JSON Viewer
RAW Viewer
Search

	Client
>> Organization

Collections
Templates
Clone Requests
Record
Replay
Keyboard Shortcuts
History
Teams

	Client
>> Import / Export

Import Swagger
Import API Blueprint
Import RAML
Import Postman
Export Postman
Export Swagger
Export API Blueprint
Export RAML

	Client
>> Tooling

Command Line
Codegen
Proxy
Extensions

	IDE

	IDE
>> Core Elements

Workspace
Project
Worker
Container
Resources
Analytics
Environment
Github
Editor(s)
Plugins
Autocomplete
Themes
Customize

	SDK

	SDK
>> Generate

C#
Objective-C
Java for Android
Java for JVM
PHP
Python
AngularJS
Ruby
Node.js
Go
Scala
ActionScript
Swift

	SDK
>> Import / Export

Import Swagger
Import RAML
Import Blueprint
Import WADL
Import Postman

	SDK
>> Discovery

List SDK
Search SDK
Browse SDK
Rating

	SDK
>> Mobile Management

Mobile Overview
iOS SDK
Android SDK
HTML5
Appery.io
Windows Mobile SDK

	SDK
>> Code - Platform Development Kits (PDK)

Wordpress
Heroku
Drupal
SalesForce
Joomla
Google App Engine
Chrome Extension
Firefox Add-On

	SDK
>> Single Page Applications (SPA)

Angular.js
React.js

	Embeddable

	Embeddable
>> Embed Formats

Open Graph Protocol
oEmbed

	Embeddable
>> Embeddable Tools

Bookmarklet
Widgets
Badges
Buttons

	Embeddable
>> Embed Engines

Widget Builder
JavaScript API

	Webhooks

	Webhooks
>> Core

URL
Payload
Event
Content Type

	Webhooks
>> Inbound

Webhooks Targets

	Webhooks
>> Outbound

Multiple Destinations
CRON Jobs

	Webhooks
>> Utilities

Transformations
Scripting
Retry

	Webhooks
>> Operations

Analytics
Emails
Logging
Alerts
Simulator

	Webhooks
>> 3rd Party Integration

Github

	Monetization

	Monetization
>> Acquisition

Discover
Negotiate
Licensing
Purchase

	Monetization
>> Development

Investment
Grant
Normalization
Design
Database
Server
Coding
DNS

	Monetization
>> Operation

Definition
Compute
Storage
Bandwidth
Management
Code
Evangelism
Monitoring
Security
Virtualization

	Monetization
>> Access Levels

Free
Free Trial
Not For Profit
Educational Access
Tier(s)
Public
Retail
Trusted
Education
Partner
Wholesale
Platform
Partner Program
Reseller Program

	Monetization
>> Pricing & Credits

Value of Resources
Revenue
API Value
Daily Limit
Usage
Incentive
Purchase
Buyout
Discounts
Volume
Applying

	Monetization
>> Indirect Value Generation

Marketing Vehicle
Web or Mobile Traffic
Brand Awareness
Data & Content Acquisition

	Monetization
>> Partner Revenue Generation

Link Affiliate
Revenue Share
Credits to Bill

	Monetization
>> Internal Revenue Generation

Monthly
Users
Applications
Tiers
Affiliate Revenue
Advertising Revenue

	Plans

	Plans
>> Plan Details

Trial Period
Setup Cost
Subscription Time
Subscription Cost
Plan Type
Features
Country

	Plans
>> Metrics

Default
Volume
Price Per

	Plans
>> Limits

Range
Timeframe

	Plans
>> API Resources

Methods
Verbs

	Plans
>> Rate Limits

Rate Limits Page
Rate Limit Information Inline In Docs
Account Rate Limit API

	Partners

	Partners
>> Program Details

Landing Page
Program Details
Program Requirements
Program Levels

	Partners
>> Partner Showcase

List of Partners
Partner Stories
Partner Search

	Partners
>> Partner Program

Application
Private Portal
Certification

	Partners
>> API

Quota Increase
Additional APIs
Read / Write APIs

	Partners
>> Early Access

Early Communication
Early Opportunities
Beta Access

	Partners
>> Legal

Agreement
Privacy Policy
Code of Conduct

	Partners
>> Marketing Activities

Blog Posts
Press Release
Facebook Post
Twitter Post
Google Plus

	Partners
>> Support

Discounts
Office Hours
Training
Advisors

	Partners
>> Content

Quotes
Testimonials
Use of Logo

	Partners
>> Communication

Blog
Spotlight
Newsletter

	Partners
>> Financial

Revenue Sharing
Reseller Discounts

1889

1902

1905

1908

1910

1911

1913

1914