Archive for the ‘Uncategorized’ Category
5 Reasons APIs Suck
I have spent much of the last few months working with APIs, and the experience has inspired this list of what’s wrong with APIs:
-
Exposing an API makes scaling headaches worse
Preparing for traffic spikes has always been a challenge on the web, when a single link from Slashdot or Digg can send hordes of traffic your way and bring your site to its knees. Yet the situation is even worse if you offer an API, because the code on the other end accessing your API may be unrelenting in its pinging or simply badly written, hammering your infrastructure harder than human visitors ever could.
-
APIs have no “eyeballs” to “monetize”
Advertising has long been the lazy man’s substitute for coming up with a real, viable online revenue model. Attract visitors, then just wait for the barrels of money, right? Google’s AdSense and a host of other online advertising tools made it dead-simple to turn visitors into money, if not always much of it. But the “visitors” to your API are other web sites or other services, and even Google hasn’t figured out a way to make a computer interested in seeing an advertisement (yet).
-
The incentives to expose an API are often weak
Points 1 and 2, taken together, imply that publishing an API can have real costs in terms of bandwidth, servers, support, and administration. At the same time, there is no obvious revenue model through which to recoup these expenses. This reality can discourage people from making useful APIs available, a point which I’ll post more about soon.
-
There is no standard way to access an API
The battle to standardize access to web services has raged for over a decade, producing no clear victor and leaving a trail of abandoned and aborted proposals in its wake. Supporters of WS-* and REST have an almost reflexive distaste for one another. Your web service architecture might be RESTful, but is it “high REST”, “low REST”, or simply “REST-ish”?
-
APIs are unreliable
What if an API you rely on is down temporarliy, or, god forbid, permanently? Isn’t it dangerous to build your business on top of a resource controlled by someone else? Users of conventional software packages have contracts or Service Level Agreements to help protect them against these risks. APIs rarely have the types of guarantees offered by other types of hosted software.
Twitter's "fail whale"... a full year ago, Twitter's API already had 10x the traffic of its website, causing the site to go down repeatedly.
Now, I have an admission: I don’t actually think that APIs suck. APIs have made the internet a much more interesting place, promoting the type of remix culture which can really accelerate innovation. APIs also make economic sense, because they encourage specialization and the associated gains from comparative advantage. In non-economic terms, the availability of APIs encourages creators on the internet to focus on what they’re best at, and leverage APIs for the rest of the functionality they need. Yet in order to realize the full value of APIs and services on the web, we’ll have to find solutions to these five problems. Stay tuned for some of my ideas about a path forward.
I Know What You Did Last Summer
Yesterday I was at a conference about location-based services put on by the Columbia Institute for Tele-Information at Columbia Business School (and organized by my friend and classmate Alison Albeck Lindland of American Express Interactive). The event was called The Focus on Locus, and fostered interesting discussions about the business, social, and privacy aspects of the latest generation of services which are location-aware. Ironically, the conference coincided with Apple’s launch of the iPhone 3G, causing AT&T’s Dorothy Attwood to joke that she should donate her speaking time to give people a chance to run over to the 5th Avenue Apple Store to get in line.
NOT a movie about location-based services
For me, some of the most interesting issues raised centered around privacy. A recent Northeastern University study (publicized by Nature here and here) of 100,000 anonymous cellphone users showed that most of us are creatures of habit, travelling between the same two or three locations most days. It has been suggested — though a quick search didn’t turn up any references on the web — that many “anonymous” records of a person’s location can in fact reveal a person’s identity once cross-referenced against other databases, such as home and work locations. On a less paranoid note, datasets of human movements would certainly yield important insights for economists, epidemiologists, urban planners, sociologists, and others. There is a whole new science of the mobile human environment waiting to be unleashed if we can design a location monitoring and disclosure framework which has appropriate privacy safeguards.
“Where are you right now?” — this is the particularly narrow view that many in the location-based services space have of the foundation they are building services on top of. The reality is that aggregate or longitudinal location data will likely turn out to be more valuable than the single data point of someone’s current location. In many cases the fact that you are at a certain restaurant right now is less useful than the knowledge that you’ve been there 8 times this month, usually for a weekday lunch. Hedge fund-backed startup Sense Networks is one example of a company working on more sophisticated methods with which to analyze this type of richer locational dataset.
John Verdi of the Electronic Privacy Information Center warned companies against the huge liability of retaining user location data unnecessarily. The personal nature of this data makes it a potential goldmine for civil litigators, e.g. a divorce attorney very interested to know where his client’s husband was when out at night. Retained personal data can create a temptation for a company’s own employees to snoop as well, so the best way to avoid legal headaches related to privacy invasion is to store only the minimal amount of location data necessary to drive one’s services. This is, of course, easier said than done. Today we rarely understand the full value of the data we collect until well after it has been collected. Pair this fact with the rapidly falling cost of computer storage, and you have powerful incentives to store as much user data as is available, and worry about what to do with it later. Perhaps in the future we’ll have a personal data ownership framework where individuals will control complete datasets of their own behavior, and can choose to expose it to another company or organization if the incentives are right.
Perhaps the biggest unanswered question of the day was how to handle what might be called “peer-to-peer privacy”. What do you do when someone else posts a photo with you in it on Facebook against your will? This is an area where even the most well considered, easily comprehensible, and user friendly online privacy frameworks can still fail to preserve user privacy. It remains to be seen what mix of standards, technology, legal regulations, and social norms will help address this latest generation of privacy concerns.
Sneak Peak 2: Chattrbox
A fresh take on online community chat: real-time, lightweight, object-oriented sociality.
Google AppEngine Hack-a-thon
AppEngine swag
Google held a hack-a-thon at their New York office today, showing off their new AppEngine platform and giving developers a chance to take it for a test drive. My python programming experience is limited to some cramming with the O’Reilly book over the last few days, but it was still fairly easy to get a basic web application up and running. AppEngine looks to be an interesting new addition to the cloud computing marketplace.
Unfortunately, for my current needs, AppEngine has some critical limitations. There is no filesystem access, meaning I can’t use any python libraries which require the filesystem for processing. In addition, the only way to pull data into your application is through the URL Fetch API, which is limited to files one megabyte or smaller. This restriction dashed my plans to build an mp3 metadata indexing service on the platform, since a typical mp3 file is at least 5 megabytes today.
While preventing filesystem access may be a fundamental piece of the AppEngine security architecture, it seems likely that other limitations, such as that on URL Fetch, will be removed as the platform matures. I’m hopeful Google will move quickly to remove these barriers and make AppEngine a more suitable platform for a broad spectrum of web applications.
Sneak Peak 1: Street Cred
Pop culture is one of the primary drivers of the ebbs and flows in popularity of major consumer brands. While explicit celebrity endorsements have a long history as a marketing tool, the market exposure that brands gain from being mentioned in musical lyrics is perhaps a more pervasive form of influence. Street Cred is an experiment in brand analytics which tracks and analyzes these brand mentions in the lyrics of hip hop tracks. Each week, the most played hip hop tracks across the country are logged. Street cred searches the internet for the transcribed lyrics of each track, then runs these lyrics through a regular expression engine tuned to capture mentions of the top consumer brands. A measure of consumer exposure is calculated for each brand: its Street Cred Score. This continuously-updated metric blends the current airplay numbers for the most-popular hip hop tracks with the brands mentioned in the lyrics to determine which brands have the most Street Cred. Here’s a preview.
Top 10 tracks for the week:
The Brand Cloud, where the size of each brand is proportional to its current Street Cred score:
A sample brand intelligence page, this one for Victoria’s Secret, showing its history of brand mentions:
