Post on 05-Dec-2014
description
Sean O Sullivan, CTO sos@dial2do.com
API Experience
one number to get things done, hands-free
Dial One Number to …
“sandy”
“Evernote”
“Mosio”
“RTM”
“text”
jaiku
“jajah”“twitter”
“NYT”
“Huff Post”
“tumblr”
“Blogger”
Currently 40+ services
Interactive, Two-Way service (not just voice to text)
Integrates with existing web applications
One number, many services
Technical Overview
APIs
Lots of API usage in our projects
Mobile and Telephony (SMS, on-device APIs, Ribbit …)Classic Web APIs (Google, Facebook, twitter, ping.fm, Jajah…)Also provide our own APIs (not public yet)
Good news
Good Examples
Broadly speaking, many APIs
Facebook APILast.fmGoogle
Are well-documentedAre well-structuredHave associated documentation and code samples
IssuesSecurity
Each service tends to have a different approach to authenticationOpenID, OAuth, Token-based (by user or by service), or worst case username/passwordOften multiple forms of security supported (Google, Yahoo)
Architecture and Design
Dependencies on third parties - outages outside your controlIs twitter down for everyone or just me? :-)Defensive design and coding (async, failure cases)
Other
Some services not well documented (Bebo)
Authentication
Token based, per service Usernames and Passwords don’t need to be stored
User control to revoke individual servicesYour service looks/feels better
Oauth or OpenID based
Standard with some widespread adoptionGoogle, Yahoo, others…Good documentation, good tools
Token based, per user
Usernames and Passwords don’t need to be storedToken is at user account level Revoke the token, revoke all services
Username / Password Least desirable - YOU have to store username/password
Authorisation
OpenID
Has not as yet seen wide adoption - but will most likely get there (URLs, more complex to grasp for end user)More features than OAuth
Cool Off Period
Have to protect against brute force auth attacksNeed cool-off periods after multiple auth failse.g. dictionary attack on twitter
OAuth
We are a Consumer but not yet a provider
one number to get things done, hands-free
Sean O Sullivan, CTO sos@dial2do.com