To develop a Twitter application, the developer must clear a significant hurdle and it requires going beyond the authentication process. That can be a chore for the uninitiated.
Part of the problem comes with cURL, the standard for making HTTP requests through an API. cURL was first developed in 1997. It is built into every command tool created but it does not know the steps that come with authentication, particularly with OAuth, the standard for authorization with Twitter and a host of other applications.
The answer: move cURL to the cloud and into application developer platforms. That's what Apigee is now providing with the latest version of its free, API development platform.
"cURL doesn't know the OAuth dance," said Marsh Gardiner, product manager at Apigee."The best way to solve it is cURL in the cloud."
Much of the issue is the user interface. The way to use cURL is via command tools. Apigee has automated that process and built it into its platform.
The move is illustrative of the larger efforts to automate manual processes to make it easier for development. By doing this, Apigee has the ability to give more developers access to its API platform, which today they have expanded to include consoles for Soundcloud, Twilio, Foursquare, Linkedin and also Paypal.
Clay Loveless is chief technology officer for Mashery. He says lowering the bar has always been a hallmark for the company:
"Since our very first release, Mashery has offered several off-the-shelf authentication options which enable API providers to simply whitelist our IPs and let us handle 100% of the authentication for them.
That system has offered 3 "stock" Auth schemes ranging from:
- "known key": not too secure, only requires that the caller know the API key
- HTTP Basic Auth: Also not secure, unless used over SSL (which we have long offered)
- "shared secret": requests must pass a key and a signature, created with the key and a secret the developer and Mashery share (which Mashery issues)
This system is pluggable, and we've been doing custom auth implementations (Define Your Own Algorithm) for some of our customers since mid-2007.
We were also active very early in the OAuth community, with the first version of our OAuth Accelerator in production in mid-2008. Our OAuth Accelerator has allowed companies like Netflix and Best Buy to implement a fraction of the entire OAuth provider requirements, while Mashery carries the brunt of the burden of fulfilling the spec.
These features have been in Mashery's service for a long time, and they have helped dozens of companies get their APIs to market faster. Since the real challenge is in enforcing authentication, not making authenticated requests, we feel like this has helped developers-providing and developers-using APIs."
The move to lower the bar for developers is an overall trend that we are seeing in the market. Developers are being offered new tools that automate the processes that once had to be done manually. That's a trend that we don't see slowing down any time soon.