Advantages and Disadvantages of Open API

written by: Giulio Delgado; article published: year 2006, month 07;



In: Categories » Internet » APIs and Web Feeds » Advantages and Disadvantages of Open API

Under an open API, absolutely no security or authentication methods are used. A query is received from the wild, and the system makes its best effort to respond to it appropriately. This has several advantages and disadvantages.

Advantages:

  • Absolute minimum barrier to use — By not using encryption or special authentication methods, anyone with access to the Internet should be able to begin working with your API quickly.

  • Easily distributed code — Login accounts or developer key programs that make use of your API can be widely distributed and used right out of the box.

  • Less to worry about — If you aren't managing user accounts or development keys, it's one less thing to keep track of, and your code efforts can concentrate solely on developing the API itself.

Disadvantages:

  • No control — Anyone, anywhere, can use the API, and while this may sound like the goal of web services, it drastically limits your response if abuse requests begin pouring in. If those requests are coming from an application on a single machine, it is easy enough to recognize the requests and block them at the firewall. But should an application that behaves poorly reach wide distribution, you will have a very difficult time dealing with the requests.

  • No encryption — All requests and responses are visible to anyone between the requesting server and the API server.

  • Can't contact developers — Because anyone anywhere can access the API without any prior registration, you are left without any method of directly engaging developers using the API. You may want to contact developers in situations where their application is being abusive, when changes are being made to the API that will affect their application, or to seek suggestions on how to improve the API itself.

  • Abuse — Unfortunately today, systems with little or no security or authentication make prime targets for abuse by some less ethical elements out there. Even if you feel that the risk is minimal, you may end up surprised at what others can take advantage of.

With those elements in mind, the only situations in which a completely open API would be appropriate are ones where the API is used only to request information, never to publish it, and where the information being requested is generated (or cached) in a very CPU nonintensive manner. A perfect example would be the National Weather Service API. It only accepts requests for information, and those requests are easily cached for a full hour on the server. In cases where the API allows information to be pushed to it, some authentication is required to determine who is pushing the information, and when requests can be CPU-intensive, the remote application needs to be identifiable so incoming requests can be throttled if necessary.

legal disclaimer

1) Our website is not responsible for the information contained by this article as well for any and all copyright infringements by authors and writers. E-articles is a free information resource. If you suspect this article for any copyright infringements, please read the Terms of service and contact us to investigate the problem.
2) The E-articles directory team is not responsible for inaccuracies, falsehoods, or any other types of misinformation this tutorial may contain and will not be liable for any loss or damage suffered by a user through the user's reliance on the information gained here. Please read the Terms of service

Useful tools and features

Translate this article to...    Send this article to you or to a friend

Link to this article from your page   
If you like this article (tutorial), please link to it from your web page using the information above. Linking to this page, this is the only way to help us improve our service, the same time providing your visitors with a way to improve their online experience.

related articles

1. How REST Works
Generally speaking, a REST request will involve sending a request to a special URL (similar to what you would see after filling out a form using the GET method), then receiving an XML document containing the server's response. The XML response is then parsed, and the desired information is extracted and acted upon. Each REST request generally has several common elements: Endpoint URL — The full address for the desired script. A REST service might have only a single script that handles all request type...

2. How to implement the REST technology
There are two sides to this tale, the first is how to generate legitimate REST requests, and the second is how to handle the responses correctly. Generating Requests When it comes to generating the request, you have three main options. First, you can generate the request manually, using PHP's header functions. This gives you complete flexibility in generating the request, but does involve the most coding. Second, you can use one of PHP's built-in request functions such as file_get_contents() or file()/fopen(), fread(...

3. Important Considerations When Using Feeds
XML feeds provide a great resource of information, but their use is not without its own special considerations. Security and legal concerns go hand in hand whether you are producing or consuming feeds. Consider if you will the implications of going away for the weekend, only to discover that your aggregator has been attacked, your site is now displaying wildly inaccurate information provided by the attacker, and your legal department is fielding not-so-nice phone calls regarding the current content of your homepage. Also consider how often...

4. Advantages and Disadvantages of Client Side Certificates
The API server can generate a certificate and provide it to the client via a secure channel before any requests are made. This certificate is then used in the authentication process; this confirms the identity of both the client and server before requests are made. Although this method provides the greatest level of security (barring a dedicated VPN connection, which won't be covered here), it also has the most strenuous requirements on both sides: not all modules (say, NuSOAP) can handle client-side certificates. Advantages:...

5. What are Feeds ~ RSS and ATOM Feed Specifications
You can think of feeds as small modules of information that can be plugged into existing websites, consumed by clients on their desktop, or consumed by aggregators to be presented by users with other feeds. Aggregators also offer searching functionality to users, allowing new users to locate your site and feed (a great reason to provide a feed in the first place). Websites such as Yahoo! produce web feeds. Software that downloads and uses feeds is said to consume or aggregate feeds. Sites such ...

6. Introduction to Web APIs ~ REST vs SOAP
When interacting with web services, generally the choice of which method to use will be made for you. The majority of services operate in either REST or SOAP, not both (Amazon is a notable exception to this rule). When given the choice, however, there are several points to consider: Overhead — REST requests are relatively slim. SOAP requests, on the other hand, contain a lot of additional information, which can really add up. Transparency — With REST requests (even when completed ov...

7. Common API Performance Techniques
Websites are designed to be accessed by individuals, and as such tend to rely on the relatively slow speed of the user to avoid any performance bottlenecks. This technique fails miserably with APIs because they are going to be consumed by other servers with high-speed connections, often designed only with their own performance in mind (they won't cache your responses for you, and will instead make exactly the same request time and time again). Designing your API with performance in mind can help keep the server fast even when many req...