A main question I have working with open APIs with the API Rating Agency is the question of “What is Open?”
Lots of companies have understood why they need to be open, for evolving with their ecosystem and benefit of all the external work, expertise and ideas of the “crowd”.
These companies now say that they are open, with open APIs, but what is to “be open” for them? They often don’t have the same definition.
In IT and logic doors for example, this is binary. You are 0 or 1, you are closed or open.
If you are not closed, you are open. No middle.
After all, a door a little open is an open door right?
Bur for business as for APIs , the notion of open is more tricky.
Let’s take the example of my house.
My house has an entrance door with 4 stairs before, a kitchen, a bathroom and many rooms on 2 floors.
Would you consider my house open if :
- I let only few selected people come into and let the other outside? this the the question of neutrality
- I let the door open to everybody, they can go in the 1st floor but nowhere else in the house? this the question of exposed ressources and transparency
- I make it $1000 for entrance fee? Or if people with wheelchairs have to go up with 4 stairs?Or if I ask a secret password? this is the question of access ans authentication
- I let people enter but they have to follow my rules, by avoiding specific debates or touching nothing? The question of freedom, hackability and re-usability
So, what is an Open API?
- Transparency :
Transparency is how far the company exposes its internal assets, services and APIs to developers.
To be open in this case is :
- exposing the same ressources (as far as possible) you use inside the company to the third party
- notice about the API strategy, changes and explaining to developers their roadmap
This for example how Amazon exposes its EC2 or S3, Salesforce expose its APIs or Google exposes Appengine or Bigquery.technology.
For example, Governments in the open data movement have to expose the same ressources as they use internally.
- Access and authentication :
Access is the fact that the API is accessible to a user.
It is also about the work you make for :
- a developer portal to make it easy to register
- API design to make it easy to use
- Authentication protocol to access to a data. In this case open is to make always the lightest protocol needed to access to a ressource.
- The business model and the price of the APIkey. In this case open is to have at least a free version to test and build already stuff that enables a good user experience for few users
- Freedom and re-usabilty :
This is the question about Terms of Service and Developer Policy.
It is here about how developers have the right to hack on your API and use it for their own purpose with their own model.
To be open in this case is :
- having Terms of Service well explained and simple to understand
- letting it hackable with no restrictions to specific use cases or business model restrictions
- not to say that you have the right to revoke anybody for any reason (often without notice !)
- Neutrality :
This is the fact that how far an API provider will have the same behaviour concerning :
- Policy, rate limits and Tos
- Quality of service without tiering
with every API user.
So open is not a binary logical choice as we can know in computer science. It is more some time philosophical , or even juridical than only technical and it can be represented as a patchwok of transparency, access, freedom and neutrality
Have you any thought to add about how to define better what is open?
Edit : I found a Openness definition here, from opendefinition.org, and it follows the upper principles, but more detailed about general data.