Less than a handful of years ago, mention the three letter acronym 'API' to a regular Internet user and you'd have got the look of "stay away from me, you scary unwashed software geek who is about to bore me to tears" (that's the bleeped version of the internal dialog). Now everything has changed. Not only is API part of the regular semi-tech word-dropping of web users, lack of one can raise questions about the viability of a modern web application. A publicly available API is a badge of honor for startup web apps that says "the information we have is worth being consumed by other apps, so its got to be good enough for you too".
The Application Programming Interface, or API, is the technical Lego brick that lets developers from across the globe plug into an application, to use the data and functionality of the website without the annoying user interface of that website getting in the way. It makes it easy for other applications to see the data that you as a regular logged in user can see, as long as you click the OK button to authorize it to do so. If you can see details of your friends lives, there is a good chance that by authorizing that app by entering your password that app can see the details of your friends lives too.
In the majority of cases the API itself is not the problem. It is what it stands for in terms of the sheer amount of data a web service has. Re-phrasing what I said at the beginning:
"API" says that a web app collects, stores and makes accessible a lot of potentially personal information that any number of third-party applications might find valuable to consume and reuse
The real problem is that in most cases the information web apps have is not original data and a work of exceptional creativity. It is data collected from its users who enjoy sharing details of their lives with their friends and occasional strangers. It is the data stored in LinkedIn, Facebook, Twitter, et al. The data is largely personal and untouched, beyond being transformed in a way that allows it to be retrieved in an instant. When you read "API" on a social networking site, consider this: the website in question probably collects a lot of personal information about its users and their daily habits and actions. Can you trust the developers that tap into your data through the API as much as you trust your friends?
Labels: api, facebook, linkedin, privacy, twitter