Dial2Do API
13
-
Upload
sean-o-sullivan -
Category
Technology
-
view
1.597 -
download
0
description
PDF of Presentation at Developer API War and Facebook Garage event in Dublin March 5th 2009
Transcript of Dial2Do API
Dial One Number to …
“sandy”
“Evernote”
“Mosio”
“RTM”
“text”
jaiku
“jajah”“twitter”
“NYT”
“Huff Post”
“tumblr”
“Blogger”
Currently 40+ services
Interactive, Two-Way service (not just voice to text)
Integrates with existing web applications
One number, many services
Technical Overview
APIs
Lots of API usage in our projects
Mobile and Telephony (SMS, on-device APIs, Ribbit …)Classic Web APIs (Google, Facebook, twitter, ping.fm, Jajah…)Other telecom APIs (Parlay, Parlay-X)Also provide our own Dial2Do APIs (not public yet)
Good news
Good Examples
Broadly speaking, many APIs
Facebook APILast.fmGoogle
Are well-documentedAre well-structuredHave associated documentation and code samples
IssuesSecurity
Each service tends to have a different approach toauthenticationOpenID, OAuth, Token-based (by user or by service), orworst case username/passwordOften multiple forms of security supported (Google, Yahoo)
Architecture and Design
Dependencies on third parties - outages outside your controlIs twitter down for everyone or just me? :-)Defensive design and coding (async, failure cases)
OtherSome services not well documented (Bebo)
Authentication
Token based, perservice Usernames and Passwords don’t need to be stored
User control to revoke individual servicesYour service looks/feels better
Oauth or OpenID based
Standard with some widespread adoptionGoogle, Yahoo, others…Good documentation, good tools
Token based, peruser
Usernames and Passwords don’t need to be storedToken is at user account levelRevoke the token, revoke all services
Username /Password Least desirable - YOU have to store username/password
Bet
ter
Authorisation
OpenID
Has not as yet seen wide adoption - but will most likely getthere (URLs, more complex to grasp for end user)More features than OAuth
Cool Off Period
Have to protect against brute force auth attacksNeed cool-off periods after multiple auth failse.g. dictionary attack on twitter
OAuthWe are a Consumer but not yet a provider
