Fork me on GitHub

{"API Strategy"}

Small Business API Strategy

This is my first attempt at pulling together a coherent API strategy for small businesses, from across my API research. I will be applying to my own operations, as well as a handful of others I'm working on with other organizations. Here are the areas I am touching on currently: Discovery, Definitions, Design, Hypermedia, DNS, Deployment, Virtualization, Containers, Management, Documentation, SDK, Embeddable, Real Time, Webhooks, Support, Monitoring, Testing, Road Map, Authentication, Security, Terms of Service, Privacy, Licensing, Branding, Monetization, Plans, Partners, Evangelism covering 28 areas of the API life cycle.

Discovery (Back to Top)

Taking API Inventory
Taking inventory of what web services, and APIs may already exist, be in use, or are available within an organization, providing a master catalog of current resources, that can be put to use, and evolved.

Internal APIs
  • What new APIs should exist for internal use?
  • What existing APIs are in operation and use internally?
Public APIs
  • What other public APIs should be considered for use?
  • What public APIs are currently in use?

How Are APIs Found?
How APIs are being discovered across the current API landscape. How are APIs being found by developers, and application architects at all stages of development.

API Directory
  • What internal API directories are operated and in use?
  • What API directories are in use?

API Definition Formats
A machine readable specification designed to assist in the area of API discovery. This allows APIs, and their supporting operations to be described in a way that can ingested, and indexed by API search engines, and directories.

APIs.json
  • Is APIs.json in use to provide meta data indexes for API discovery?

API Directories
Moving to actual examples of API directories that exist, providing static developers that API consumers can browse, and search by keywords within.

ProgrammableWeb
  • Are internal users aware of ProgrammableWeb, and do they put it to use?
Mashape
  • Are internal users aware of Mashape, and do they put it to use?
APIs.guru
  • Are the API definitions available in APIs.guru the Wikipedia for APIs?

Business Directories
Business directories that allow for additional information related to APIs, as well as having APIs themselves, allowing for discovery of APIs from companies who list themselves in these directories.

Crunchbase
  • Is the business and its public APIs documented with Crunchbase?
AngelList
  • Is the business and its public APIs documented with AngelList?

API Search Engines
What search engine solutions are available out there, that allow for API discovery, moving beyond just static API discovery.

APIs.io
  • Are all public APIs registered with the APIs.io search engine?
Definitions (Back to Top)

Formats
A new approach to defining APIs using JSON, YAML, and Markdown instead of XML has gained in popularity, with popular formats like OpenAPI Spec and API Blueprint being used to describe APIs, JSON Schema and MSON for defining descriptions, and a variety of media types for common definitions.

Specification
  • What API specification format are in use?
Schema
  • What schema formats are in use?
Media Types
  • What media types are in use?

Tooling
Tooling for working with API definitions, allowing them to be more easily worked with throughout the API lifecycle--providing some common tooling patterns across formats.

Generator
  • How and where are API definitions generated?
Parser
  • Is there proper tooling in all applied programming languages for parsing common API definition formats?
Validator
  • Is there proper tooling in all applied programming languages for validating common API definitions?
Converter
  • Is API Transformer used?
  • Is there proper tooling in all applied programming languages for converting common API definitions?
Merging
  • Is there tooling in all applied programming languages for merging common API definitions?
Diff
  • Is there tooling in all applied programming languages for identifying a difference between common API definitions?

Environment
The environment where API definitions are worked with, whether existing IDEs, cloud services, or possibly no environment at all in text editors.

Editors
  • Is this integrated with the API design process?
  • Is there an editor dedicated to working with API definitions?

Backend
The behind the scenes infrastructure that is often used to define how APIs will be designed by providing auto-generation features using popular API definition formats.

Database
  • What tooling is available for exporting API definitions from existing database infrastructure?
Design (Back to Top)

Best Practices
What are the best practices for API design. Do not confuse this with behavior when consuming an API. This is about best practices specifically in the world of API design. This should be about having an overarching philosophy, and ethos when it comes to API design, that reflects the technical, and business goals of a company.

Use the Internet
  • is there a healthy awareness of HTTP within design groups?
Simplicity
  • Has the simplicity of design been considered at every turn?
Consistency
  • Are consistent patterns applied? Do all API designs across all groups share consistent patterns?
Easy to Read
  • Are APIs easy to read? Void of cryptic names, acronyms, and other things that will be difficult to understand?
Easy to Learn
  • Does simplicity translate into an API being easy to learn, with the design patterns being intuitive?
Audience Focused
  • What considerations are made regarding the intended audience during design?
Experience Over Resource
  • What type of experience around the design have been crafted?
Use Your Own APIs
  • Are all APIs also used by internal groups as well?

Requests
These are the core considerations when you are designing an API. They are extracted from publicly available, and some private API design guides of leading API platforms. They are not meant to be hard fast rules, but the core design elements to consider for organizations to consider along their own API journey.

SSL
  • Is use of SSL default?
Host
  • What host(s) are used as part of the API design process?
Resource
  • What are the patterns for designing resources?
Action
  • How are actions expressed as part of the API design?
Verbs
  • Are all HTTP Verbs used as part of API design?
  • How are verbs applied? Are they inline with HTTP?
Parameters
  • Is there a central dictionary of parameters?
  • What are patterns used for naming parameters?
Headers
  • Is there a full dictionary of headers that are applied?
  • Are headers used throughout the API design process?
Body
  • Is the body a primary method of transport across API design?
  • What are the design patterns used for the body across API design?
Versioning
  • What are the versioning practices?
  • Are APIs versioned?
Pagination
  • Is pagination consistent across all APis?
  • How is pagination handled across APIs?
Filtering
  • How is data filtered as part of API requests?
Time Selection
  • What is the standard pattern for allowing time / date selection in API calls?
Field Selection
  • Can users decide which fields are returned?
Sorting
  • What are the patterns for allowing the sorting of data returned via API requests?
Granularity
  • How granular of API resources (aka microservices) should be considered in the API design process?
Relationship
  • How are relationships between resources expressed and handled in API design?

Response
What design considerations go into the response an API returns. It can be easy to focus on the request surface are for an API, but a response has a number of things to consider as ewll.

Schema
  • Do all schemas validate?
  • Are available schemas complete?
  • What schemas are available to describe response body?
Status Codes
  • What status codes are default to return with each response, beyond 200?
Error Handling
  • Is error handling consistent with other API designs?
Rate Limits
  • What are the elements in which rate limitng will be applied?
  • What rate limits will need to be applied to this API?
Caching
  • Is caching being applied to this API?
Compression
  • Is compression being applied to this API?
UTF-8
  • Is the proper encoding being applied to API responses?
CORS
  • Is there proper access to enable CORS?
  • Is CORS enabled?
JSONP
  • Is JSONP needed?
  • Is JSONP enabled?

Media Types
A media type (also known as MIME type and content type) is a two-part identifier for file formats and format contents transmitted on the Internet, assigned by he Internet Assigned Numbers Authority (IANA). There are a handful of default media types that every API should consider as part of the API design process.

text/html
  • Is HTML used?
application/json
  • Is JSON used?
application/xml
  • Is XML used?
application/csv
  • Is CSV used?

Open Standards
There are a number of existing open standards that should be considered as part of the API design process. Designers and architects should resist reinventing the wheel when it comes to many of the aspects of API design, as things have already been done. These are just a handful of the open standards that are used by other companies in their API design.

JSON Schema
  • Is JSON Schema used to describe request body and parameters, as well as response data model.
Markdown Syntax for Object Notation (MSON)
  • Is MSON used to describe request body and parameters, as well as response data model.
Schema.org
  • Are Schema.org patterns used as part of the API schema design?
iCalendar
  • Is iCalendar used for calendar event formats?
vCard
  • Is vCard used for contact formats?
UUID
  • Are universally unique identifier (UUID) used in resource design?
ISO 8601 (Date / Time)
  • Is ISO 8601 used for date and time formats?
ISO 4217 (Currency)
  • Is ISO 4217 used for currency formats?
ISO 3166 (Country)
  • Is ISO 3166 used for country code formats?

Design Process
Beyond request and response design concepts that go directly into the overall design of the API, there are many other elements that go into the overall design process to consider.

Definitions
  • Are multiple API definition formats applied across API design?
  • What API definition formats used?
  • Are common API definition formats used as part of the API design process?
Editor
  • Is an editor used as part of the API design process?
Forkable
  • Are all API design projects forkable?
Sharing
  • Is there the ability to share API designs publicly or privately throughout the process?
Collaboration
  • Do multiple API stakeholders collaborate throughout the API design process?

Organization
How is the API design process organized, centralized, or collaborated around? What services, tools, processes, and concepts are in play when it comes to the long term, as well as short term organization of the API design line along the life cycle.

Guide
  • Is the API design guide publicly available?
  • Is the API design guide up to date?
  • Is there an organization wide API design available?
Collections
  • Are APIs organized by collections, providing the ability to group them by purpose?
Contact
  • Is there a contact, and relevant information associated with each API design?

Other
What are some of the other nickel and dime items, as part of design process that should be considered? This is my general catch-all bucket for the API design line, where I put links to other lines, stops, and just loose items that will affect API design, and should be thought about.

Github Sync
  • Are API designs synced with Github repositories at any stage of the process?
Hypermedia (Back to Top)

Core Concepts
These are the core areas of hypermedia that I am breaking out so far. This is by no means a comprehensive guide to hypermedia, and is meant to be an introduction to the concepts, as well as a loose outline to think, and apply hypermedia. More awareness will come, when you pick a specific format, and begin implementing.

  • Where can core hypermedia concepts get applied as part of API design, documentation, SDKs, and clients?
  • Hypermedia Formats
    Now, lets get to the actual hypermedia formats themselves. These are the specific, registered, hypermedia media types that are being applied throughout the space.

  • Have any hypermedia formats been considered as part of the API design process?
  • JSON API
    • Is there somewhere JSON API could be applied, and enhance API design?
    Collection+JSON
    • Is there somewhere Collection+JSON could be applied, and enhance API design?
    Siren
    • Is there somewhere Siren could be applied, and enhance API design?
    Hypertext Application Language (HAL)
    • Is there somewhere HAL could be applied, and enhance API design?
    DNS (Back to Top)

    Core DNS
    DNS is a central actor in the world of web APIs. While not immediately seen as active player of API life cycle, it is. Here are some of the core considerations when it comes to DNS.

    Domain
    • Is there control over the domain(s) used for API operations?
    Record
    • Is there record control over the domain(s) used for API operations?
    Zone
    • Is there zone level control over the domain(s) used for API operations?
    Registration
    • Is registering new top level domains part of API operations?
    • Is there the ability to register new domain names?
    Cache
    • Are there services and tooling for caching at the DNS level?
    Geo DNS
    • Are there services and tooling for managing geographic regions at the DNS level?

    Stability
    What does it take to achieve stability when it comes to DNS? What are the threats, and what tools and services are available to us, to make sure DNS is as stable as possible.

    Monitors
    • Are there services and tooling setup for monitoring DNS stability?
    Threat Analysis
    • Are there services and tooling for monitoring DNS stability for API operations?
    Whitelist / Blacklist
    • Is there ability to establish white or black lists at the DNS level?
    Denial of Service (DDOS)
    • What services and tooling is available to defend against a Denial of Service (DDOS) attacks?
    • Is there a plan to thwart Denial of Service (DDOS) attacks?

    Utility
    What other utilities are there for managing DNS in support of APIs? These are some of the utility aspects of DNS operations.

    Analytics
    • Are there analytics available that provide view into DNS configuration and operations?
    Import
    • Can DNS configuration be imported?
    Export
    • Are DNS exports organized and stored anywhere?
    • Can DNS configuration be exported?
    API
    • Is there an API available for managing and automating DNS configuration and operations?
    Deployment (Back to Top)

    Data
    Leverage existing data sources for the deployment of APIs, either through one time or regular dumps, all the way to life connections that keep the API and data source in sync.

    Database
    • Is there systems, services, or tooling for deploying APIs directly from databases?
    Spreadsheet
    • Is there systems, services, or tooling for deploying APIs directly from spreadsheets?

    Code
    The code that is used to actually drive an API. All the server-side code that makes an API work, connecting to datasources, providing frameworks, and anything else needed to deploy an API.

    Framework
    • Which frameworks are used when developing and deploying APIs?
    • Are frameworks used when developing and deploying APIs?
    Serverless
    • Is serverless technology used in the deployment of APIs?
    Github
    • Is Github used as part of the API deployment process?

    Connection
    Technology solutions that allow for APIs to be deployed by connecting to existing systems, web services, FTP locations, and other APIs, through a variety of approaches.

    Gateway
    • Which gateways are available for use?
    • Is a gateway used when deploying APIs?
    Proxy
    • Which proxies are available for use?
    • Is a proxy used when deploying APIs?
    Connector
    • Which connectors are available for use?
    • Are connectors to other API services used when deploying APIs?

    Web
    Using content and data that is already on the web for deploying APIs, something that usually involves scraping or harvesting of content and data, then normalization before an API is deployed.

    Scraping
    • Is web scraping of data or content a part of the deployment of API?

    Backend
    The behind the scenes architecture that is used to deploy an API, either one time, or ongoing infrastructure elements that is used to deploy APIs.

    On-Premise
    • Are APIs deployed on-premise?
    Cloud
    • Are APIs deployed in the cloud?
    Hosting
    • Are APIs deployed using traditional hosting providers?
    Virtualization (Back to Top)

    Core Virtualization
    Containers are about managing virtualization at the compute level, where API virtualization is looking to focus on the virtualization of APIs themselves, and the data, content, and other resources that are being made available via APIs.

    Mock
    • Are mocking services or tooling available for APIs?
    Sandbox
    • Is there a sandbox available for an API?
    Record
    • When APIs are virtualized, can it be recorded?
    Playback
    • When APIs are virtualized, can it be played back from previous recordings?
    SSL
    • Is SSL available s part of the API virtualization process?

    Data Virtualization
    What are some of the considerations when it comes to data virtualization? How are providers, and platforms allowing for data to be virtualized, and made available via APIs.

    Templates
    • Are templates of datasets available for use in API virtualizations?
    Dummy Data
    • Is dummy and sample data available for use in API virtualization?

    Import / Export
    Like every other area of the life cycle, API virtualization is being driven by common API definition formats. This are is in duplicate of every other area of this research.

    Import OpenAPI Spec
    • Can OpenAPI Spec definitions be imported to generate virtualizations?
    Import RAML
    • Can RAML definitions be imported to generate virtualizations?
    Import API Blueprint
    • Can API Blueprint definitions be imported to generate virtualizations?
    Import Postman
    • Can Postman collections be imported to generate virtualizations?

    Other Elements
    A general bucket for grouping anything else that may be used within the API virtualization area.

    Reporting
    • Is there reporting available on the API virtualizations that occur?
    Analytics
    • Are there analytics available for the API virtualizations that occur?
    Teams
    • Are there team opportunites around the API virtualization process?
    Containers (Back to Top)

    Core Concepts
    Containers are making a big impact on API operations, and APIs play a big role in container adoption. What are some of the common considerations when it comes to containers and APis.

    Containers
    • Are APIs deployed within containers?
    Images
    • Are container images made of APIs?
    Volumes
    • Are volumes included as part of APIs deployed in containers?
    Registry
    • Is a container registry used to list APIs that are deployed in containers?

    API
    Container solutions all have APIs, which allow you to control all aspects of their deployment, operation, and deprecation.

    Containers
    • Are the container APIs used to manage APIs that are deployed in containers?
    Image
    • Are the container image APIs used to manage APIs that are deployed in containers?
    Volumes
    • Are the container volume APIs used to manage APIs that are deployed in containers?
    Management (Back to Top)

    Onboarding
    What is the process for on-boarding of new users? Walk through what a new user will experience, looking at each step from landing on home page, to having what I need to make my own API call. Reduce as much friction as I can, and making on-boarding as fast as possible.

    Portal
    • Is the portal publicly available?
    • Is there a central portal for this API?
    Getting Started
    • Does this API have a getting started guide applied to its operations?
    Self-Service Registration
    • Is this API available for self-service registration?
    Sign Up Email
    • Do API consumers receive an email upon signup for an account?
    Best Practices
    • Does this API have a best practices page applied to its operations?
    FAQ
    • Does this API have a frequently asked questions (FAQ) page applied to its operations?
    Google Authentication
    • Is Google Authentication available for platform signup and login?
    Github Authentication
    • Is Github Authentication available for platform signup and login?
    Facebook Authentication
    • Is Facebook Authentication available for platform signup and login?

    Code Management
    What resources are available for managing code across the platform. This are focuses on just the services, tooling, and process associated with code management, not always the code itself.

    Code Page
    • Is there a page in the portal dedicate to the code available for a platform?
    Github
    • Is Github used to manage code that is part of API operations?
    Application Gallery
    • Is there an application gallery available for applications that are built on top of the API?
    Open Source
    • Are there open source code, and applications available as part of API operations?
    Community Supported Libraries
    • Does the platform accept and list community supported libraries?
    SDKs.io
    • Are SDKs published to the SDKS.io service?

    Communications
    What are the communication elements available as part of the overall feedback loop for an API platform. There should be at least a minimum viable communications present, otherwise it is unlikely anyone will learn that a platform exists.

    Blog
    • Is there a blog for API communications?
    Blog RSS Feed
    • Does the blog have an RSS feed?
    Twitter
    • Is there a Twitter account for API communications?
    Email
    • Is there a email account for API communications?
    LinkedIn
    • Is there a LinkedIn account for API communications?
    Slack
    • Is there a Slack channel for API communications?
    Email Newsletter
    • Is there an email newsletter dedicated to API communications?

    Resources
    What other resources are available for API consumers to take advantage of? Common resources provide a wealth of usually self-service knowledge resources that API consumers can consume on demand, as part of their API integration journey.

    Case Studies
    • Are there case studies available showcasing how APIs can be put to use?
    How-to Guides
    • Are there how to guides assisting consumers in understanding how to integrate with an API?
    Webinars
    • Are webinars conducted, introducing consumers to platform operations?
    Videos
    • Are there videos available to assist consumers in understanding what a platform does, and how to integrate with it?

    Research & Development
    APIs are often R&D departments for companies, organizations, institutions, and even within the government. What are some of the ways that these organizations are pushing forward R&D using APIs? There are a number of common elements to consider.

    Labs
    • Are projects in the lab available for consumers to learn about?
    • Is there a labs environment dedicated to the API?
    Ideas
    • Can API consumers and partners submit potential ideas for the API lab environment?

    Developer Account
    Consumers of an API platform always need an account where they can get access to API authentication, usage reports, and other common elements of API operations. What does the developer account, or area look like, and what resources are available for developers to take advantage of.

    Developer Dashboard
    • Is there a dashboard for API consumers?
    Account Settings
    • Can API consumers manage their account settings?
    Reset Password
    • Can API consumers reset their passwords to their account?
    Application Manager
    • Can API consumers manage the applications setup to integrate with API?
    Usage Logs & Analytics
    • Can API consumers access logs and analytics for their API consumption?
    Billing History
    • Can API consumers see billing history for their accounts?
    Message Center
    • Is there a messaging center for API consumers to communicate with the platform, and receive notifications?
    Delete Account
    • Can API consumers delete their account?
    Service Tier Management
    • Can API consumers change / update the tier of service their account exists in?

    Corporate
    What are the corporate considerations for platform operations? Showcasing the team, and individual faces behind API operations at an organization. There are a handful of common approaches to providing the corporate face of API operations.

    Team Showcase
    • Is the team behind API operations showcased on a page available to consumers?

    Management API
    It may seem silly, but what APIs are available for managing API management related elements? API consumers are increasingly needing programmatic control over all aspects of their API accounts, as the number of API used increases. There are a number of API platforms that provide API management APIs, something that is easy to do with modern API management infrastructure.

    User Management
    • Is there an API for managing users who have access to any API?
    Account Management
    • Is there an API for managing account level information?
    Application Management
    • Is there an API for managing applications that have access to any API?
    Service Management
    • Is there an API for accessing service level details for available APIs?

    Internationalization
    When it comes to API operations, what is needed to reach an international audience? There are number of building blocks emerge that are being used by leading platforms to make sure their properly internationalized for a global audience.

    Documentation Language
    • Are there multiple languages for the documentation available?
    Internationalization
    • Are there other internationalization considerations?
    Documentation (Back to Top)

    Elements
    What is provided when it comes to documentation for the platform? There are a number of proven building blocks available when it comes to API documentation.

    Documentation
    • Is there documentation for the API?
    List of Endpoints
    • Is there simple list of endpoints available?
    Interactive Documentation
    • Is there interactive documentation or a console available?
    Error Response Codes
    • Are error response codes and detail documented anywhere?

    Solutions
    There are a growing number of open source API documentation solutions out there, for API providers to choose from when deploying and supporting documentation for their APIs.

    Swagger UI
    • Is Swagger UI used for API documentation?
    Slate
    • Is Slate used for API documentation?
    Lucybot Console
    • Is Lucybot Console used for API documentation?

    Changes
    API consumers need to be kept up to date with any documentation changes, as this usually means there was also a change to functionality an API supports.

    Crowd Sourced Updates
    • Does the platform allow the community to edit, and submit changes to documentation using Github, or other mechanism?
    Notifications
    • Are there notifications that are sent out as part of any change that is made to documentation?
    SDK (Back to Top)

    Language Samples
    Small, simple use samples in a variety of languages, and potentially for a variety of platforms, demonstrating each API call available via a platform.

    PHP
    • Is there PHP samples for each endpoint?
    Python
    • Is there Python samples for each endpoint?
    Ruby
    • Is there Ruby samples for each endpoint?
    Node.js
    • Is there Node.js samples for each endpoint?
    C Sharp
    • Is there C Sharp samples for each endpoint?
    Java
    • Is there Java samples for each endpoint?
    Go
    • Is there Go samples for each endpoint?
    Scala
    • Is there Scala samples for each endpoint?

    Language SDKs
    What SDK generation capabilities are available? These SDKs might be hand crafted, or auto generated, but should be available in a variety of languages, encouraging the jumpstarting of integrations by a wide as possible audience.

    PHP
    • Is there a PHP SDK for the API?
    Python
    • Is there a Python SDK for the API?
    Ruby
    • Is there a Ruby SDK for the API?
    Node.js
    • Is there a Node.js SDK for the API?
    C Sharp
    • Is there a C Sharp SDK for the API?
    Java
    • Is there a Java SDK for the API?
    Go
    • Is there a Go SDK for the API?
    Scala
    • Is there a Scala SDK for the API?

    Mobile Solutions
    There are many overlaps with mobile in the regular SDK portion of this research, but some providers are publishing more resources specifically dedicated to the support of mobile integrations.

    Mobile Overview
    • Is there a page dedicated to the platforms mobile integration resources?
    iOS SDK
    • Is there an IOS SDK?
    Android SDK
    • Is there an Android SDK?
    HTML5
    • Is there an HTML5 SDK?
    Appery.io
    • Is there an Appery.io SDK?
    Windows Mobile SDK
    • Is there a Windows Mobile SDK?

    Discovery
    How are SDKs discovered by developers during development? What are the considerations for making sure existing SDK efforts get found.

    List SDK
    • A listing of available SDKs.
    Search SDK
    • A search tool for available SDKs.
    Browse SDK
    • All the browsing of available SDKs by category or tag.
    Rating
    • Providing a rating system for SDKs.

    Import / Export
    Like most other stops along the modern API life cycle, the SDK portion is being defined by a range of common API definition formats, which allow APIs to be imported and exported as needed.

    Import OpenAPI Spec
    • Allow for the importing of OpenAPI Specs and the auto generation of SDK resources.
    Import RAML
    • Allow for the importing of RAML definitions and the auto generation of SDK resources.
    Import API Blueprint
    • Allow for the importing of API Blueprint definitions and the auto generation of SDK resources.
    Import WADL
    • Allow for the importing of WADL definitions and the auto generation of SDK resources.
    Import Postman
    • Allow for the importing of Postman Collections and the auto generation of SDK resources.

    Platform Development Kits (PDK)
    Beyond language specific SDKs, there are a growing number of platforms who make platform specific SDKs available, assisting developers in successfully integrating with existing 3rd party platforms.

    Wordpress
    • Providing an SDK for integration of API resources into WordPress.
    Heroku
    • Providing an SDK for integration of API resources into Heroku applications.
    SalesForce
    • Providing an SDK for integration of API resources into SalesForce.

    Single Page Applications (SPA)
    Like platform development kits, Single Page Applications or SPAs are playing an increasingly central role in API development. There are a number of considerations for API providers, when it comes to supporting SPA integration and developments.

    Angular.js
    • Providing an SDK for integration of API resources into Angular Single Page Application.
    React.js
    • Providing an SDK for integration of API resources into React Single Page Application.

    Browser Development Kits (BDK)
    Open source kits and resources for developing and deploying browser plugins for popular browsers, allowing API resources to be put to use in the browser experience.

    Chrome Extension
    • Providing an SDK for integration of API resources into Chrome extensions.
    Firefox Add-On
    • Providing an SDK for integration of API resources into Firefox add-ons.
    Bookmarklet
    • Providing an SDK for usage of API resources through bookmarklets.
    Embeddable (Back to Top)

    Embeddable Tools
    There are some embeddable tooling that is being employed by API providers to make content, data, and other resources available. These are a handful of the approaches being used out there.

    Widgets
    • Are there widgets available for consumers to embed on websites, that uses the API?
    Buttons
    • Are there buttons available for consumers to embed on websites, that uses the API?
    Badges
    • Are there badges available for consumers to embed on websites, that uses the API?
    Bookmarklet
    • Are there bookmarklets available for consumers to embed on websites, that uses the API?

    Embed Formats
    What are the common embeddable formats available to API providers? There are two leading open formats available, that I track on.

    Open Graph Protocol
    • Is the Open Graph Protocol used in API platform operations?
    oEmbed
    • Is the oEmbed used in API platform operations?

    Embed Engines
    Beyond simple tooling, there are more robust embeddable engines that are used in support of API operations, and integrations. These are a couple of the embed engines being employed right now.

    JavaScript API
    • Is there an official JavaScript API available for AP consumers to build on, that goes beyond just supporting existing embeddable tooling?
    Widget Builder
    • Is there a widget builder available, allowing API consumers to build embeddable tools?
    Real Time (Back to Top)

    Technology
    The diverse, fast moving technology that is available for delivering real time experiences on top of APis.

    RSS
    • Is RSS available for any platform resources?
    Atom
    • Is Atom available for any platform resources?
    Webhooks
    • Are webhook services available to support real time activity?
    Websockets
    • Are websockets employed to support real time behaviors on the API platform?

    Features
    The general features of real time, providing the actual elements that make an API resource u0022real timeu0022, delivering an expected result for API consumer, and end users.

    Presence
    • Is presence of user, client, or device offered as part of platform operations?
    Push Notifications
    • Are push notifications send as part of real time behaviors on the platform?
    Messaging
    • Is real time messaging features offered as part of platform operations?
    Scheduling
    • Is there scheduling available to deliver real time behavior?

    Management
    The general management of real time activity, and how the infrastructure, resources, and users are operating as expected.

    Analytics
    • Are there analytics available for any real time behavior that is available?
    Rate Limiting
    • What are the rate limits applied to real time resources?
    Logging
    • What does logging look like for real time infrastructure and activity?

    Geo
    Geographic specific elements of real time, or inversely, the real time elements that geographic data from mobile devices delivers.

    GeoLocation
    • Are there geo location capabilities offered as part of real time infrastructure?
    Geofencing
    • Are there geofencng capabilities offered as part of real time infrastructure?

    Architecture
    The architecture that is often available with real time technology and from the providers that are making real time experiences part of API platforms.

    Compute
    • What compute resources are dedicated to supporting real time activities via the platform?
    Containers
    • How are containers used in support of real time activities via the platform?
    Database
    • What database resources are dedicated to supporting real time activities via the platform?
    Storage
    • What storage resources are dedicated to supporting real time activities via the platform?
    Content Delivery Network (CDN)
    • What Content Delivery Network (CDN) resources are dedicated to supporting real time activities via the platform?
    Caching
    • What caching is available when it comes to real time activities via the platform?
    Compression
    • What compression opportunities are available when it comes to real time activities via the platform?

    SDK
    Software development kits that are dedicated to delivering the real time elements of platform operations.

    IOS
    • Is there an IOS SDK with real time features?
    Android
    • Is there an Android SDK with real time features?
    JavaScript
    • Is there an JavaScript SDK with real time features?
    Webhooks (Back to Top)

    Core
    This is an exploration of the core aspects of Webhooks operations, providing a common set of building blocks that can be considered as part of API operations. Webhooks provide a two way street that benefit both provider and consumer, and can help make platforms more efficient.

    URL
    • Can API consumers add, edit and delete webhook URLs?
    Payload
    • Do webhooks carry a payload?
    Event
    • Can webhooks respond to events?

    Inbound
    What tooling and services are available to manage the inbox targeting of platform Webhooks.

    Webhooks Targets
    • Can API consumers add, edit and delete inbound webhook targets?

    Outbound
    Webhooks tooling and services are available to manage the outbound targeting of platform webhooks.

    Multiple Destinations
    • Can multiple destinations be set for outbound webhooks?
    Scheduling
    • Can outbound webhooks be scheduled and run like a CRON job?

    Operations
    What Webhooks tooling is available to manage the overall operations, giving more visibility into Webhook exchanges.

    Emails
    • Can emails be send as part of webhook activity?
    Logging
    • Is webhook activity logged?
    Alerts
    • Can alerts be triggered as part of webhook activity?
    Analytics
    • Are there analytics for webhook activities?

    Utilities
    What other utilities are available in support of Webhooks operations. This is the general catch-all for the Webhooks research.

    Transformations
    • Can transformations be applied as part of webhook activity?
    Scripting
    • Are there scripting opportunities as part of webhook activity?
    Retry
    • Can webhooks be retried?

    3rd Party Integration
    What 3rd party integration options are available for Webhooks, from defining to running, and importing and exporting.

    Github
    • Does webhook activity include Github integration?
    Support (Back to Top)

    Self-Service Support
    What support services are available 24/7, that developers can take advantage of without requiring the direct assistance of platform operators.

    Forum
    • Is there a forum available that provides self service support options?
    Forum RSS
    • Does the forum have an RSS feed?
    Stack Overflow
    • Is Stack Overflow used as part of the support strategy for the platform?

    Direct Support
    What support services are available that developers can take advantage of, that involves direct employee attention.

    Email
    • Is there an email for API consumers to receive direct support?
    Contact Form
    • Is there an contact form for API consumers to receive direct support?
    Phone
    • Is there a phone number available for API consumers to receive direct support?
    Ticket System
    • Is there a ticketing system available for API consumers to receive direct support?
    Social
    • Is community support also offered via existing social network profiles and channels?
    Office Hours
    • Are office hours available, and posted for API consumers to take advantage of?
    Calendar
    • Is there a calendar of events for office hours, and other support related events?
    Paid Support Plans
    • Are there paid support plan options available for the platform?
    Monitoring (Back to Top)

    Core Details
    What are the core elements to API monitoring that I am finding used by API providers, and offered by API service providers.

    Request Editor
    • Does monitoring services and tooling allow for editing of monitoring requests?
    Request Retry
    • Does monitoring services and tooling allow for retry of monitoring requests?
    Request Sharing
    • Does monitoring services and tooling allow for the sharing of monitoring requests?
    Request Playback
    • Does monitoring services and tooling allow for the playback of monitoring requests?
    Request Scheduling
    • Does monitoring services and tooling allow for the rescheduling of monitoring requests?
    Request Commenting
    • Does monitoring services and tooling allow for commenting upon monitoring requests?

    Management Monitoring
    Monitoring is not always about monitoring the APIs themselves. This section explores the monitoring of other aspects of API operations.

    Documentation Monitoring
    • Is monitoring the documentation of APIs part of the monitoring activities?
    Pricing Monitoring
    • Is monitoring the pricing of APIs part of the monitoring activities?
    Terms of Service Monitoring
    • Is monitoring the terms of service of APIs part of the monitoring activities?

    Targeted Monitoring
    How can we monitor from various dimensions like location or with specific providers.

    Provider Based Monitoring
    • Are APIs monitored from a variety of provide specific locations?
    Region Based Monitoring
    • Are APIs monitored from a variety of geographic regions?
    Public Monitoring
    • Are monitoring approaches applied to public 3rd party APIs that are used?

    Authentication
    What authentication approaches are available to us? Do our API monitor tools and services cover all the authentication schemes we will use across platforms.

    Basic Auth
    • Can Basic Authentication be used in API monitoring?
    API Keys
    • Can API keys be used in API monitoring?
    OAuth
    • Can OAuth be used in API monitoring?

    Utility
    What are the other utilities available to use as part of the monitoring process.

    Collections
    • Can API tests be stored in collections, for better access, and organization.
    Teams
    • Does monitoring services, tooling, and process allow for team interactions?
    API
    • Is the API used to automate and manage API monitoring?
    • Is there an API for API monitoring?

    Notification
    Monitoring is all about awareness, so notifications is an important part. What are some of the common ways API monitoring notifies either provider or consumers of an API.

    SMS
    • Are SMS used in notification of monitoring events?
    Email
    • Is email used in the notification of monitoring events?
    Webhook
    • Are webhooks used as part of the notification of monitoring events?

    Import
    What options are available for importing, and exporting of API monitoring test, details or other aspects of API monitoring. There are some common formats emerging, that are used for allowing the import and export API monitors.

    OpenAPI Spec
    • Can OpenAPI Specs be imported and used for setting up monitors?
    RAML
    • Can RAML definitions be imported and used for setting up monitors?
    Postman
    • Can Postman Collections be imported and used for setting up monitors?
    HAR
    • Can HAR files be imported and used for setting up monitors?

    Reporting
    Reporting is an essential step when it comes to monitoring, providing real-time to historical access to API monitoring information and visualizations.

    Dashboard
    • Is there a dashboard available for managing API monitoring?
    Analytics
    • Are there analytics available for understanding API monitoring activitiy?
    Embeddable
    • Are there embeddable tools for publishing monitoring results to websites?

    3rd Party
    APIs are all about 3rd party integration, and it is common for API monitoring services to provide ready to go integrations, to integrate services with other platforms you depend on. These are some of the common 3rd party integration elements present in API monitoring services.

  • Are there 3rd party integration solutions for API monitoring events and results?
  • Testing (Back to Top)

    Core Testing
    Beyond monitoring, how are APIs tested, there are some areas of overlap with monitoring, but testing is about more refined monitoring, and verifying very detailed needs are met. What are some of the core elements?

    Load Testing
    • Is there the ability to virtualize APIs before load testing?
    • Is there the ability to load test APIs?
    Response Header Inspector
    • Is the header of responses being inspected as part of API testing?
    Response Body Inspector
    • Is the body of responses being inspected as part of API testing?
    Request Retry
    • Is there the ability retry API testing requests?
    Request Sharing
    • Is there the ability share API testing requests?
    Request Playback
    • Is there the ability playback API testing requests?
    Request Scheduling
    • Is there the ability to schedule API testing requests?
    Request Commenting
    • Is there the ability comment on API testing requests?

    Targeted Testing
    How can we test from various dimensions like location or with specific providers.

    Provider Based Testing
    • Are APIs being tested from a variety of provider platforms?
    Region Based Testing
    • Are APIs being tested from a variety of regions?

    Authentication
    What authentication approaches are available to us? Do our API testing tools and services cover all the authentication schemes we will use across platforms.

    Basic-Auth
    • Is Basic Auth available for use in API testing?
    API Keys
    • Are API keys available for use in API testing?
    OAuth
    • Is OAuth available for use in API testing?

    Utility
    What are the other utilities available to use as part of the monitoring process.

    Collections
    • Can API tests be organized into collections for better access and organization?
    Teams
    • Are there team opportunities around the API testing process?
    API
    • Is there an API for managing API testing?

    Import
    What options are available for importing, and exporting of API monitoring test, details or other aspects of API monitoring. There are some common formats emerging, that are used for allowing the import and export API monitors.

    OpenAPI Spec
    • Can OpenAPI Specs be imported and used for setting up API tests?
    RAML
    • Can RAML definitions be imported and used for setting up API tests?
    Postman
    • Can Postman Collections be imported and used for setting up API tests?
    HAR
    • Can HAR files be imported and used for setting up API tests?
    JUnit XML
    • Can Junit XML s be imported and used for setting up API tests?

    3rd Party
    APIs are all about 3rd party integration, and it is common for API testing services to provide ready to go integrations, to integrate services with other platforms you depend on. These are some of the common 3rd party integration elements present in API testing services.

  • What 3rd party integration is there for API testing and results?
  • Road Map (Back to Top)

    Future
    How are we planning, and communicating updates to the platform? Providing a map of how things have changed across the platform, from versioning of the API itself, to even documentation, and other aspects of platform operations.

    Road Map
    • Is there a road map shared with API consumers?
    Idea Submission
    • Can API consumers and partners submit ideas for inclusion in the road map?

    Now
    What is currently happening on an API platform, providing a real time heart beat of the current status of API resources.

    Status Dashboard
    • Is there a status dashboard available to API consumers?
    Status RSS
    • Does the status dashboard have an RSS feed?
    Status History
    • Is status history archived, and available for review alongside the current status?

    Past
    What has already happened with a platform, providing a single archive of all changes made to the platform, for consumers to review at any time.

    Change Log
    • Is there a change log available for API consumers to review, to better understand what changes have been made?

    Notifications
    Notifications about changes to the road map, and status of overall operations that will impact API consumers.

    Email Change Notifications
    • Are email notifications sent to API consumers where there is a change in the roadmap or status of API platform?
    Authentication (Back to Top)

    Overview
    Authentication is central to many other lines of the API life cycle. There are several common elements present in modern API solutions that address authentication.

    Authentication Overview
    • Is there an authentication overview available?
    Authentication Tester
    • Is there an authentication tester available?
    OAuth Scopes
    • If OAuth is employed, is there a page dedicated to sharing OAuth scopes.

    Approaches
    There are a handful of approaches to authentication that have been embraced by leading APIs, as well as the overall industry.

    Basic Auth
    • Does the platform employ basic authentication for accessing API resources?
    Key Access
    • Does the platform require API keys for accessing API resources?
    JSON Web Token
    • Does the platform require JSON Web Tokens for accessing API resources?
    oAuth
    • Does the platform require OAuth for accessing API resources?

    Additional
    Any additional considerations when it comes to API Authentication for providers, and consumers.

    Two Factor Authentication
    • Is two factor authentication available for the platform?
    Security (Back to Top)

    Overview
    The details of security an API platform. Since web APIs often use the same infrastructure as websites and applications, some of the approaches to security can be shared.

    Security Practices Page
    • Is there a page dedicated to providing an overview, and some times detail of security practices?
    Security Contact
    • Is a security contact published as part of platform operations?

    Auth Considerations
    Beyond the formats themselves, what are some of the considerations when it comes to security and authentication?

  • Is platform authentication considered as part of security practices?
  • Input Validation
    Focusing specifically on the area of inputing, and making sure only safe data and content is being able to be inputed. What are the specific input security considerations?

  • Is API input validation considered as part of security practices?
  • Output Validation
    Like the input, is the return output what it should be? Let's go through some of the considerations when it comes to output validation.

  • Is API output validation considered as part of security practices?
  • Transport Level Security
    Are we considering everything beyond the request and the response? Are we allowing for the proper security in transport?

  • Is all data encrypted as part of transport?
  • Abuse of Functionality
    Considering the general areas where attackers are abusing common functionality, to find different ways in, or overall system failure.

  • What is being done when considering the abuse of API functionality?
  • Data Structure Attacks
    How are we looking for an attacker manipulating and exploiting characteristics of system data structures in order to violate the intended usage and protections of these structures.

  • Are data structure attacks considered as part of security practices?
  • Embedded Malicious Code
    A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.

  • What is done to secure against the embedding of malicious code within API requests?
  • By Force
    What can be injected to adversely affect platform operations?

  • What plans are in place for addressing brute force security threats?
  • Path Traversal Attack
    A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder. What is being done to address this are.

  • Are path traversal attacks considered as part of security practices?
  • Probabilistic Technique
    An attacker utilizes probabilistic techniques to explore and overcome security properties of the target that are based on an assumption of strength due to the extremely low mathematical probability that an attacker would be able to identify and exploit the very rare specific conditions under which those security properties do not hold.

  • Are probabilistic techniques considered as part of security practices?
  • Protocol Manipulation
    An adversary takes advantage of weaknesses in the protocol by which a client and server are communicating to perform unexpected actions.

  • Is protocol manipulation considered as part of security practices?
  • Resource Depletion
    An attacker depletes a resource to the point that the targetu2019s functionality is affected. What are some of the common considerations for resource depletion?

  • How is resource depletion addressed as part of API security?
  • Other Security Considerations
    Other elements that can be used as part of overall API security planning and execution. There are a number of things that I'm seeing out there, but it doesn't have its own category to exist in yet.

    Certification
    • Are there any security certifications for the platform?
    Bug Bounty Program
    • Is there a bug bounty program operating in support of the platform?
    Terms of Service (Back to Top)

    Key Considerations
    I only have a single bucket for my API terms of service research. I'm still gathering data about terms of service for popular providers, and eventually, I will have more of a breakdown by category.

    Sites Covered
    • What website domains are covered by this terms of service?
    Opting Out
    • Can API consumers opt out of the terms of service in any way?

    Data & Information
    Terms that apply to data and information that is acquired, generated, stored, and shared via an API platform.

    How We Use Your Information
    • How is information used?
    Personal Information
    • How is personal information used?
    Non-Personal Information
    • How is non-personal information used?
    Aggregate Information
    • Is information aggregated?
    Access To Information
    • Who has access to information?
    Accuracy of Information
    • What is the accuracy of the information?

    Information Storage
    Details on how information is stored, providing an overview of how this portion of the service can be expected to operate.

    Log Files
    • How are log files generated, stored, archived and deleted?

    Tracking Used
    In what ways are users and activity on a platform tracked, providing details on technology, processes, and details of what is tracked, and how it is used.

    Cookies
    • How are cookies used?

    Sharing Approaches
    How is data, content, and other resources shared within the platform, with partners, or possibly with the public when making information available online.

    Web Beacons
    • Are web beacons used anywhere in API platform operations or tooling?
    Information Sharing
    • How is information shared?

    Concerns For Minors
    What are the considerations for minors who may end up on the site, or be actively using it. What has been put in place to set the standards for this area.

    Childrens Privacy Overview
    • How is children's privacy addressed?
    Childrens Online Privacy Protection Act (COPPA)
    • How is Childrens Online Privacy Protection Act (COPPA) supported?

    Linking To Other Sites
    How does the platform, APIs, and applications link to other web and mobile sites, providing reference to other resources.

    Links to Non-Operators Web Sites
    • How are links to non-operator web sites addressed?

    Services
    What portions of the terms of service specifically apply to the actual service, enforcing a quality of service, how APIs are deployed, debugged, and even deprecated.

    Service Level Agreement
    • Is a service level agreement (SLA) available for the API platform?
    Deprecation Policy
    • Is there a deprecation policy available for the API platform?

    Monetization
    What are the considerations for how API consumers can make money on top of API resources, providing as much guidance as possible, making sure consumers are not in competition with the core platform.

    Monetization Guidelines
    • What guidelines are there regarding how API resources can be monetized by consumers and partners?

    Corporate
    What are some of the general corporate considerations involved with the terms of API service.

    Trademarks
    • What trademarks are involved with platform operations?

    Regulation
    What regulatory concerns are addressed within the terms of service, making sure platform operations are in alignment with business law.

    Compliance
    • What regulatory compliance need to be met as part of API operations?
    Privacy (Back to Top)

    Data & Information
    What are the privacy considerations and details specifically regarding data and information that is acquired, generated, stored, and potentially shared via operations.

    Use of Personally Identifiable Information
    • How is personally identifiable information used?
    User Submissions
    • How are user submissions used on the platform?
    User Discussion Lists and Forums
    • How are user discussion lists, and forum information used?

    Usage of Service
    Privacy details involved with the usage of service, providing consumers with more details on how their privacy, and the privacy of users will be affected.

    Permitted and Prohibited Uses
    • What are prohibited uses of API services?
    • What are permitted uses of API services?

    Legal Department
    The general legal aspects of the privacy policy, providing a general bucket for putting elements, until a better categorization makes itself known.

    License
    • What licenses are agreed to that involve privacy?
    Intellectual Property Rights
    • What intellectual property rights might impact privacy?
    Liability
    • What liability concerns are in place that may impact privacy?
    Warranty Disclaimer
    • Are there any warrant disclaimers in place that impact privacy?

    Technical Details
    What are the technical limitations and details that could effect the terms of service, providing technical ceilings for what can be expected of API operations.

    Technical Requirements and Limitations
    • Are there any technical requirements or limitations that affect privacy?

    Site Linkage
    Details about how privacy is considered, or impacted through the linkage of external sites, and other destinations outside the coverage of the privacy policy.

    Links to Other Materials
    • Is there any external site linkage that impacts privacy?

    Platform Changes
    Looking at changes to the platform for potential areas that would impact privacy, and possibly sharing approaches to mitigating privacy concerns at this time.

    Termination
    • Are there any service termination considerations regarding privacy?
    Changes
    • How is privacy addressed when platform changes occur?
    Licensing (Back to Top)

    Server Code
    For many APIs, your server code will be your secret sauce and kept proprietary, but for those of you who wish to open source this critical layer, here are some options. To help you navigate the licensing, I recommend using Github's Choose a License.

  • How is server code that is made available licensed?
  • Data
    Serving up data is one of the most common reasons for deploying an API, and the Open Data Commons, provides us with some licensing options.

  • How is data that is served up via the API licensed?
  • Content
    Separate from the data, APIs are being used to server up short, and long form content, where liberal Creative Common licenses should be considered.

  • How is content that is served up via the API licensed?
  • API
    The part of the discussion be defined (unfortunately) by the Oracle v Google Java API copyright legal battle, and in light of the ruling, I urge you to consider one of the more liberal Creative Common licenses.

  • How is the API definition licensed?
  • Client Code
    Separate from your server side code, you should make sure all of your client side code SDKs, PDKs, and starter kits have an open source license applied-o-remember you are asking them to potentially integrate this into their business operations. Again I recommend using Github's Choose a License to help you navigate this decision.

  • How is client code that is made available licensed?
  • Branding (Back to Top)

    Overview
    I just have one bucket for the branding area of my research. Like terms of service, and privacy, I am just getting going on this legal side of the API research, and it will evolve with time. There are the main areas of concern for branding at the moment.

    Dedicated Branding Page
    • Is there a dedicated branding page for the platform?
    Use of Brand Name
    • Are there instructions on the appropriate use of the platform brand name?
    Use of Brand Logo
    • Are there instructions on the appropriate use of the platform brand logo?
    Use of Product Titles
    • Are there instructions on the appropriate use of the platform product titles?
    Naming Your Application
    • Are there instructions on the how to name your application?

    Assets
    What media assets are available for API consumers to use as part of their integration into websites, mobile and device applications, keeping the brand of API provider in tact across all implementations.

    Image Assets
    • Are there image assets available for API consumers to put to use?
    Icon Assets
    • Are there icon assets available for API consumers to put to use?
    Other Assets
    • What other assets are available for API consumers to put to use?

    Requirements
    What are the specific branding requirements of API consumers that they should be following when putting API resources to use in their applications.

    Content Display Requirements
    • Are content display requirements published?
    Data Display Requirements
    • Are data display requirements published?
    Linking Requirements
    • Are linking and attribution requirements published?

    Guides
    Resources that provide API consumers with detail guidance around the branding goals of a company, its products and services.

    Branding Examples
    • Are branding examples available for API consumers to see and learn from?
    Full Style Guide
    • Is there a full style guide available for API consumers to consult?
    Monetization (Back to Top)

    Acquisition
    What are the acquisition considerations for API monetization--what costs go into acquiring everything there is needed for API operations.

    Discover
    • What did it cost to initially discover the API idea?
    Negotiate
    • What was spent on negotiations around any acquisitions for the API?
    Licensing
    • Are there any licensing costs associate with the acquisition of what was needed for the API?
    Purchase
    • What products, services, content, and other data was purchased as part of acquiring what is needed for any API?

    Development
    What are the acquisition considerations for API monetization--what costs go into developing everything there is needed for the platform to operate.

    Investment
    • What has been invested into development of an API?
    Grant
    • Was any grant money applied to the development of an API?
    Normalization
    • What did it cost to normalize resources for use in API?
    Design
    • What was spent on design of the API?
    Database
    • What has been spent on database development?
    • What has been spent on database software?
    Server
    • What has been spent on development of the server to support an API?
    • What has been spent on servers to develop an API?
    Coding
    • How much as been spent on coding for an API?
    DNS
    • How much as been spent on DNS for an API?

    Operation
    What are the acquisition considerations for API monetization--what costs go into operating everything there is needed for API to function daily.

    Definition
    • What does it cost to maintain an API definition?
    Compute
    • What is spent on compute to operate an API?
    Storage
    • What is spent on storage to operate an API?
    Bandwidth
    • What is spent on bandwidth to operate an API?
    Management
    • What is spent on general management of an API?
    • What is spent on API management services to support an API?
    Code
    • What is spent to maintain code that operates an API?
    Evangelism
    • What is spent on API evangelism?
    Monitoring
    • What is spent on API monitoring?
    Security
    • What is spent on API security?
    Virtualization
    • What is spent on API virtualization?

    Direct Value
    What are the units of currency the platform uses. What are the individual value units applied to each API, and how are things calculated. Most like this is done in dollars, or euros, but other units are emrging as well.

    Value
    • What is the direct value associated with an API?
    Usage
    • What direct value does API usage deliver?
    Volume
    • How does volume usage of an API deliver value?
    Limits
    • How is value maintained by imposing limitations?
    Users
    • How does having more users generate value?
    Applications
    • How does having more application generate value?
    Integrations
    • How can more integrations with other systems generate value?

    Indirect Value
    Beyond the obvious, APIs are generating a lot of value for platform providers, and consumers. What are some of the common ways to look at indirect value generation.

    Marketing Vehicle
    • How are APIs used as a marketing vehicle for an organization, products or services?
    Traffic Generation
    • How is an API used for generating traffic to other websites, mobile applications, or devices?
    Brand Awareness
    • How is an API used for increasing brand awareness of an organizations, and its products or services?
    Data & Content Acquisition
    • How does the acquisition of data or content via an API generate value?
    Syndication
    • How does the API generate value through the syndication of data, content, and other digital resources?

    Partner Revenue Generation
    How is revenue being generating specifically for partners? There are a number of common approaches to revenue sharing with partner tiers of API access.

    Link Affiliate
    • How can revenue be generated using affiliate links?

    Reporting
    How is revenue form APIs tracked, organized, and reported on. API value should be quantified in as many ways as possible, and shared accordingly to make sense of revenue generated.

    Timeframe
    • What type of reporting is available by timeframe to better understanding API monetization?
    Users
    • What type of reporting is available by user to better understanding API monetization?
    Applications
    • What type of reporting is available by application to better understanding API monetization?
    Plans
    • What type of reporting is available by plan to better understanding API monetization?
    Plans (Back to Top)

    Elements
    These are the key elements of API plans that I have gathered from across hundreds of API providers. These elements can be associated with specific plans that are available, but they do not have to, and I often use them to generally describe the plans, or perceived plans behind API operations. These are the elements you should be considering as part of your own plans. You do not have to use all of them, but hopefully they will help you better understand the possibilities when it comes to API planning.

    Overview
    • Is there a page dedicated to providing of all the plans available via the API platform?
    Private
    • Are there private APIs available via the platform?
    Internal
    • Are APIs available via the platform used internally?
    Partner
    • Are APIs available via the platform used by partners?
    Public
    • Are APIs available via the platform availably publicly?
    Free
    • Are there free API access via the platform?
    Commercial
    • Is there commercial usage of API resources?
    Non-Commercial
    • Is there non-commercial usage of API resources?
    Educational
    • Is there educational access to API resources?
    Wholesale
    • Is there wholesale versions of API resources available?
    Government
    • Is there government access levels to API resources?

    Metrics
    Beyond the overall elements, and timeframes to consider, what are the specific metrics that are being applied to overall API operations, as well as individual plans and access tiers. Depending on the resource, there are a number of metrics being used across the API space, by leading API providers. This layer of the journey is meant to walk through the metrics you will want to consider in your API journey, allowing to cherry pick the ones that are most import to you. Not all metrics apply in all situations, but they are the building blocks of good API plans.

    Access
    • Is access (or not access) used as a metric in monetization, or can you buy access to some API resources?
    Calls
    • Are API plans metered by individual API call?
    Transaction
    • Are API plans measured by overall transactions completed?
    Message
    • Are API plans measured by number of messages sent?
    Compute
    • Are API plans metered by the amount of compute resources available?
    Storage
    • Are API plans metered by the amount of storage used?
    Bandwidth
    • Are API plans metered by the amount of bandwidth used?

    Limits
    What are limitations and constraints applied as part of the API planning operations. How are these crafted, applied, and reported upon.

    Overview
    • Is there a page dedicated to helping understand API limits in place?
    Range
    • Are API rate limits based upon limits of metrics applied to API resources?
    Resources
    • Are API rate limits applied to individual API resources?
    Unlimited
    • Are there places where there are no limits applied?
    Increased
    • Can rate limits be increased?
    Inline
    • Are API rate limits available inline for each API in the documentation?

    Resources
    What specific approaches are being used to apply planning down to the specific resource level, allowing API plans to be applied at such a granular level.

    Endpoints
    • Are different endpoints available in different ways, in different API plans?
    Verbs
    • Are different endpoint HTTP verbs available in different ways, in different API plans?

    Timeframes
    The consumption of API resources is often measured within timeframes, in addition to the wide number of other metrics that can be applied. Having meaningful timeframes defined for evaluating how APIs are consumed, and using as part of overall planning, when it comes to all aspects, ranging from rate limits to billing.

    Seconds
    • Are elements of plans metered in seconds?
    Minutes
    • Are elements of plans metered in minutes?
    Hourly
    • Are elements of plans metered by the hour?
    Daily
    • Are elements of plans metered daily?
    Monthly
    • Are elements of plans metered monthly?
    Annually
    • Are elements of plans metered annually?

    Geo
    What are the geographic considerations and variable when it comes to API planning. Are their specific regions, zones, and other things that can be leverage as part of plan operations.

    Overview
    • Is there a page outlining the different geographic opportunities across API plans?
    On-Premise
    • Are there on-premise opportunities for API deployment, and management?
    Country
    • Are there multiple, and in country opportunities for API deployment, and management?
    Partners (Back to Top)

    Program Details
    The communication around partner levels of access is critical to overall health and balance with other tiers of access. Providing as much detail for partners, but also potentially other levels of access is important. Here are a few of the building blocks employed to help manage partner details.

    Landing Page
    • Is there a landing page dedicated to the partner program?
    Program Details
    • Are the program details available via a landing page, as well in a portable, shareable format(s).
    Program Requirements
    • What are the requirements to be part of the partner program?
    Program Levels
    • What are all the levels of the partner program, and what are the details?

    Partner Showcase
    For many leading API providers, showcasing partners is an important aspect of platform partner operations. Showcasing who is involved, provides transparency, as well as incentive for other platform users, both external and internal.

    List of Partners
    • Will there be a list of partners available for other partners and consumers to view?

    Partner Program
    Beyond the details, and showcasing partners, what are the core elements of the program itself? Here are some of the common elements put to work as part of partner programs in operation across the space.

    Application
    • Is there a partner program application available for prospects to fill out?
    Private Portal
    • Do partners have a separate portal, or additional tooling, beyond regular API consumers?
    Certification
    • Is there certification available as part of partner program.

    API
    Like many other aspects of the API life cycle, there are increasingly APIs available for managing aspects of partner access, program details, and overall partner program operations. These are some of the common building blocks being applied using APIs for partner tiers.

    Quota Increase
    • Will partners get a default, or custom API quote increase?

    Early Access
    Partner programs are often to give preferred access, to the trusted levels of partner access. This early access takes on many forms.

    Early Communication
    • Are there early communication opportunities around releases and other platform activities for partners?
    Early Opportunities
    • Do partners get early access, and first choice for partner opportunities available via the platform?
    Alpha & Beta Access
    • Do partners get alpha or beta access to new APIs, features, and tooling?

    Legal
    Beyond the usual terms of service, privacy policy, and legal aspects of platform operations, the partner program will often have their own set of legal constraints and protections.

    Agreement
    • Is a partner agreement available?
    Privacy Policy
    • Is there separate privacy policy elements for partners?
    Code of Conduct
    • Is there a code of conduct for paratners?

    Marketing Activities
    Partners may also enjoy special marketing activities, only available to these higher, more trusted tiers of access. These are some of the common marketing activities being applied across the space.

    Blog Posts
    • Are there blog post activity opportunities available to partners?
    Press Release
    • Are there press release opportunities available to partners?
    Facebook Post
    • Are there Facebook post activity opportunities available to partners?
    Twitter Post
    • Are there Twitter activity opportunities available to partners?

    Support
    Partners may also enjoy specific support opportunities, allowing them to get more access to platform support resources, via their partner level access.

    Discounts
    • Are there discounts of free support opportunities for partners?
    Office Hours
    • Are there office hours just for partners available?
    Training
    • Are there training opportunities available to just partners?
    Advisors
    • Are there advisors available just for partners to take advantage of?

    Content
    What kind of content relationships can be established as part of partnership activities. Content generated from existing, successful relationships, can be a big driver in forming new partners, as well as keeping existing ones healthy.

    Quotes
    • Are quotes from partners being gathered?
    Testimonials
    • Are testimonials from partners being gathered?
    Use of Logo
    • Are partners given different usage permissions around logos?

    Communication
    What communication channels are maximized for partner platform usage? There are a handful of approaches used by leading API partner platforms.

    Blog
    • Are new partners, and important partner milestones blogged about?
    Spotlight
    • Is the spotlight being put on partner integrations, and applications?
    Newsletter
    • Are partners begin featured in the newsletter?
    Evangelism (Back to Top)

    Goals
    What are the core goals of the API operation? These need to be precise, measurable, and obtainable goals. While there may be unique ones to your situation, these are some of the common ones I see.

    Growth in New Users
    • Is growth in the number of new users a goal?
    Growth in Existing User API Usage
    • Is growth in usage by existing users a goal?
    Brand Awareness
    • Is increase brand awareness a goal in evangelism?
    More Applications
    • Is a growth in the number of applications integrated with API a goal?
    New System Integrations
    • Is a growth in the number of system integrations a goal of evangelism?
    Other Goals
    • What other goals are there around evangelism of the API?

    Consumer Outreach
    Reaching out to API consumers is essential, not just to attract them as new users, but after they've registered, and as they are putting to the platform to work. Do not confuse sales with outreach, and make sure it is meaningful engagement.

    Fresh Engagement
    • How are new developers engaged after they sign up for API access?
    Active User Engagement
    • What does the process look like to engage existing users and get them more active?
    Historical Engagement
    • How are inactive users engaged, either to reactivate them, or verify for removal?
    Social Engagement
    • What is the establish tone of social engagement when it comes to outreach?

    Blogging
    How does blogging occur via the platform? What approaches are being used to generate, produce, and syndicate stories, keeping a regular stream of information flowing from the platform.

    Projects
    • What projects are occurring that can be showcased as part of the API effort?
    Stories
    • Is storytelling a regular thing that occurs on blog(s)--with dedicated resources?
    Syndication
    • How will blog posts by syndicated out?

    Landscape Analysis
    Every API operates within a specific space, and understanding the landscape of the space is very important to the health and effectiveness of evangelism efforts.

    Competition Monitoring
    • Who is the competition?
    • What are the barriers to entry in place?
    Industry Monitoring
    • What industry organizations and resources are available?
    Keywords
    • What are the top key words and key phrases that apply to this effort?

    Forum Management
    Forums play a big role in the self-service, and ecosystem nature of API operations. Forums can be within a platform, as well as on existing public forums. These are some of the considerations with forums when it comes to evangelism.

    Forum Conversations
    • Are the conversations that occur on forums considered as part of overall evangelism and storytelling?
    Forum Posting
    • Are stories, and conversations from other channels posted on the forum, to help stimulate conversations?
    Stories
    • What stories are being told, derived from forum activity, or monitoring?

    Support
    What role does support play in the overall evangelism workflow. Evangelism is not just about marketing and sales, and much of the tone of evangelism gets set by a common set of support elements.

    Email Coordination
    • Are there resources dedicated to email coordination with the platform community, and the public?
    Email Needs Tracking
    • Are issues, and conversations that occur within email support considered as part of other activities like the roadmap, and blogging?

    GitHub Management
    Github plays a central role in many areas of the API life cycle, but the social nature of Github lends itself well to evangelism efforts. Here are some of the common elements I am seeing.

    Github Repository
    • Are Github repositories used for code, support, content, and other parts of outreach?
    Github Relationship
    • Does the platform engage with other users through issues, wikis, and other social channels available on Github and around repositories?
    Github Organization
    • Is there a Github Organization dedicated to this API effort?

    QA Management
    Question and Answer (QA) sites and forums play a big role in the developer community. Here are some of the considerations when it comes to QA management for evangelism.

    Stack Exchange
    • Is Stack Exchange part of evangelism, support and outreach, engaging in conversations, and feeding other aspects of operations?

    Social Management
    Social media plays a big role in business operations, and are just as critical to API evangelism efforts. Here are some of the common ways API providers are using social services to engage consuers.

    LinkedIn
    • Is there a LinkedIn user associated with API efforts?
    • Is there a LinkedIn page associated with API efforts?
    Twitter
    • Is there one or more Twitter accounts associated with API efforts?
    Facebook
    • Is there a Facebook user associated with API efforts?
    • Is there a Facebook page associated with API efforts?

    Social Bookmarking
    Beyond just social networks, some social bookmarking sites are important to the API evangelism workflow. Here are some of the social bookmarking sites in use today.

    Reddit
    • Is Reddit use for discovery, and sharing of news and stories?
    Hacker News
    • Is Hacker News used for discovery, and sharing of news and stories?
    Product Hunt
    • Is Reddit use for discovery, and sharing of new products, services, and tooling?

    Roadmap
    The roadmap plays an important role in evangelism efforts, Right now just having one is the only element I'm adding ehre.

    Roadmap
    • Is the road map shared as part of regular evangelism efforts?

    Reporting
    How are evangelism activities being reported upon. What are some of the common approaches to reporting on API evangelism efforts.

    Activity By Group
    • What are the activities going on around evangelism, broken down by group?
    New Registrations
    • What do new registrations look like?
    Volume of Calls
    • What does API activity look like in general, but the number of calls?

    Events
    Events are the in person face of any API operations. While much work can be done in an online environment, making sure you are available at events where API consumers will be. There are a number of proven events, that work for API evangelism.

    Conferences
    • What conferences are being attended, spoken at, and sponsored?
    Meetups
    • What local meetups are being attended, spoken at, and sponsored?
    Hackathons
    • What hackathons are being attended, presented, sponsored, or put on?

    Internal
    Evangelism is not just an external thing. How is the platform being evangelized internally, even for publicly available APIs. Internal evangelism is very important for maintaining trust, and the ability to fund necessary platform resources.

    Storytelling
    • What sort of storytelling about platform gets told internally with leaders, and other stakeholders?
    Participation
    • What sort of participation internally occurs to get people involved in platform operations?
    Reporting
    • What kind of reporting happens internally, keeping people in tune with what is going on with the platform?

    I am constantly updating, reordering, and evolving these building blocks based upon what the space is doing, and depending on the amount of work I've done in each of my research area.