This Week in APIs - October 30-November 5 »

The best news in APIs this week. GET some! 

Alcatel-Lucent and GlueCon - a developer conference we love which focuses on APIs, cloud computing and other things that 'glue' the web together - is sponsoring a nationwide hackathon tour. Vote on where it should come over at ReadWriteWeb and maybe you'll get a chance to get Glue goodness locally. 

Facebook opened up its Write and Search APIs to Facebook Places - giving developers more functionality while allowing Facebook to collect more useful information in its databases. Write access means that API providers, their developers and app users can benefit from more data- something all providers should consider in a world where data IS value. 

Intuit launched an API for QuickBooks Online with OAuth and the ability to access a rich set of Quickbook data. It's still in beta but is publicly available to try, so check it out. APIs are bringing big disruption to traditional business software, making it more flexible, more open and more functional.  

Hot New APIs

• Google added a new Custom Search API and Translate API, to replace older APIs with greater functionality and ease of use. They also added some slick tools like the ability to create a team and work collaboratively with other developers. 
• Hey Gamers! Stribe opened up an API to connect to Guild Launch, which allows the 2 million-member Guild Launch community to access a social layer on top of the multiplayer gaming platform. 
• MSNBC's local news aggregator, EveryBlock, opened up a firehose API to give partners access to its content. The API delivers up to 24 hours of news items across EveryBlock's 16 cities- worth checking out, or into.  

What'd we miss? Let us know on Twitter. And don't forget to get your "I <3 API" stickers, totally free, anywhere in the world. 

Check Out Facebook’s New Places API »

How to explore Facebook's new Places APIs in the Apigee Test Console:

Don't have a minute to watch the video? Start by viewing the checkins at the Cookie Jar.

Explore the Facebook API and Simplify OAuth 2.0 »

We launched a new tool at Apigee-  the API lifecycle management platform we offer free to the community. We've created a Facebook Graph API Console- a whole new way to interact with, learn and debug the Graph API that lets you easily view requests/responses to the API, share what you are seeing and dig into errors.

The console supports OAuth 2.0 so you can log in using your Facebook credentials- check out the video: 

InsideFacebook has some great coverage by Josh Constine out today on the console and how it works; you can also hop over to the Apigee blog for more details. 

Introducing the Apigee Facebook API Console »

We're really excited to be launching the Apigee Facebook API Console today - a free tool that allows Facebook developers to easily learn, debug, interact with and develop on the Graph API. Here's a quick demo:

Introducing the Apigee Facebook API Console- A Better Way to Open Graph 

We're really excited to be launching the Apigee Facebook API Console today- a free tool that allows Facebook developers to easily learn, debug, interact with and develop on the Open Graph API. Here's a quick video:

The console presents a new way to API- making work with the Facebook API easier, faster, more social. We think of it as a "view source" or browser for the Open Graph API- lets you easily send and review requests and responses, learn the structure quickly, share what you are seeing with a "share" feature, and "crawl" the graph by jumping from object ID to object ID. It shows you what your program will see... and what other programs can see about you.  

There are a few features we added that make working with the console especially delightful. We support Facebook's implementation of the OAuth 2.0 draft specification, which means you can log in to the console with your Facebook credentials- or you can stay unauthenticated to see what information the API makes public. We also implemented an "awesome bar" (thanks Firefox!) which lets you start typing a request, method or object- it will make suggestions and autocomplete for you! The Open Graph API also has a few unique features- including file attachment and customer header parameters- and we let you view and interact with those too. 

Facebook has over a million developers and hundreds of thousands of applications in its ecosystem- a powerful example of the innovation and growth that APIs can fuel. We have lots of Facebook developers on our platform and wanted to make something that could help them out- and combined with our Twitter API console, we now support two of the top social platforms in the world.

And don't forget that you can also use us to get API analytics- like response time, usage, geolocation, and error rates- for your Facebook apps- you can sign up at https://app.apigee.com/sign_up. Another tool you might find helpful is our API Debugger, which you can use with any API to record and review requests and responses and dig into errors- you can access it from your Apigee log-in page.   

Check it out and let us know what you think- and of course, if you have any problems or suggestions, just drop us an @ sign on twitter - http://www.twitter.com/apigee - or join our support community http://support.apigee.com/.

The console makes working with the Facebook API easier, faster, more social. We think of it as a "view source" or browser for the Graph API—it lets you easily send and review requests and responses, learn the structure quickly, share what you are seeing with a "share" feature, and "crawl" the graph by jumping from object ID to object ID. It shows you what your program will see… and what other programs can see about you.

There are a few features we added that make working with the console especially delightful. We support Facebook's implementation of the OAuth 2.0 draft specification, which means you can log in to the console with your Facebook credentials, or you can stay unauthenticated to see what information the API makes public. We also implemented an "AwesomeBar" (thanks Firefox!) which lets you start typing a request, method or object—it will make suggestions and autocomplete for you! The Graph API also has a few unique features, including file attachment and customer header parameters, and we let you view and interact with those too.

Facebook has over a million developers and hundreds of thousands of applications in its ecosystem, a powerful example of the innovation and growth that APIs can fuel. We have lots of Facebook developers on our platform and wanted to make something that could help them out—combined with our Twitter API console, we now support two of the top social platforms in the world.

And don't forget that you can also use us to get API analytics, like response time, usage, geolocation, and error rates, for your Facebook apps. You can sign up at app.apigee.com/sign_up. Another tool you might find helpful is our API Debugger, which you can use with any API to record and review requests and responses and dig into errors. You can access the debugger from your Apigee log-in page.

Check it out and let us know what you think, and of course, if you have any problems or suggestions, just drop us an @apigee on Twitter or in our support community.

OAuth is improving, but still moving »

We've been following the fast-moving debate in the IETF regarding OAuth 2.0.  OAuth, for those of you who have not encountered it already, is a set of authentication technologies for the Internet designed around the concept of an access token.

Access tokens, in the words of Eran Hammer-Lahav, are like valet keys -- they give the holder access to a specific function, for a specific amount of time. For instance, you might use OAuth to give another web site the ability to read photos from your Flickr profile, but not to modify them. OAuth lets you do this, it lets you go back to Flickr and revoke the web site's permissions at any time, and it does it without requiring that you give the site your Flickr password.
 
The current spec, OAuth 1.0a, is implemented in lots of places, and it solves a lot of problems. However, implementing it is no picnic for either the API provider (the server) or for the developer who builds the client. (There are libraries, of course, not to mention products such as our own that simplify this process.)
 
OAuth 2.0 introduces many changes. The most important is that a client may now use a "bearer token." That's a fancy IETF way of saying that an access token can just be a string that the server gives you. On every request, the client passes that token back to the server, the server checks to see if the token is valid, and you're done. This is much simpler to implement than OAuth 1.0a, but it is only secure if you use SSL for every request. Applications that won't or can't use SSL may still use the old way of transmitting each token, which encrypts the token so that it is safe even if SSL is not used or even if it is intercepted by a proxy like Apigee.
 
However, OAuth 2.0 is far from complete. It is currently undergoing lots of discussion on the IETF mailing list, and the spec draft changes daily.
 
That's why I was surprised to read today that Facebook is using OAuth 2.0 to authenticate its own API. Now, some of the key players in OAuth work at  Facebook, and they have chosen to use only a part of the spec, and the part that's arguably the least complicated. I'm sure that they feel that taking this calculated risk now is in the best interest of Facebook and its developer community, but the possibility remains that the spec will change and Facebook will have to change its implementation to match.

(In fact, at the moment I write this, they do not -- the name of the query parameter that holds the token is "access_token" in the Facebook documentation and "oauth_token" in the latest version of the spec repository.)
 
In the meantime, developers building on top of these APIs may have to contend with OAuth 1.0a (the current spec), OAuth 1.0 (an older version that some sites may still use), the draft form of OAuth 2.0 as implemented by Facebook, and even "WRAP," which introduced some of the concepts used in OAuth 2.0.
 
So the good news is that there are lot of good standards being written that can make it easier to produce and consume powerful and secure APIs. The bad news is that those standards are still changing. So stay tuned, and be careful!

Flickr Photosets: Monitoring the Flickr API »

Because Apigee is a tool used by people who build things on top of APIs, we get to see a lot of cool mashups and tools — Flickr Photosets is one of them, built using the Flickr and Facebook APIs proxied through Apigee.

It's easy to see why this app has so many fans. It's the fastest and most intuitive Flickr app we've seen on Facebook. You can also view and share your comments.  And it's an impressive example of how community can make an app better — with both open source code available for any facebook developer and a rich community discussion forum for users to suggest improvements.

Brad Dougherty, the app developer, uses Apigee to monitor usage, errors, and response time from the Flickr API. We appreciate Brad's great feedback such as making it easy to identify (and rate limit) different URLs by API method calls specified by parameters - we've heard that across a few users, and we are working on it. We asked Brad for his comments on working with Apigee and for what he's learned through this project.

Although my app hasn't had any downtime since I started using Apigee, it's a great way to monitor that calls to the Flickr API are actually working, something I haven't been able to see in the past. The biggest lesson I've learned from this app is that it can be very taxing to keep up with the changes in Facebook's API. It's a battle to keep adding new features when you keep having to change things to keep up-to-date with Facebook.

Birdwatching on Facebook: Eyeing API response and error rates for a social app »

We spotted a great Facebook app in the wild.

Bird.im's Facebook app - apps.facebook.com/birdwatching - brings birdwatchers together to share and discuss their latest finds. 

This is a very well designed and full featured app - enabling sharing of bird photos, locations, discussions and connecting passionate enthusiasts with similar interests.   The Facebook platform at it's best.

The Birdwatching Facebook app provides an API for Facebook to consume when the user performs 'one-click' AJAX actions such as adding a bird, a country, or a photo for a spotting.  This streamlines entry creation by offering an alternative over a simple form and directly improves user engagement as users create and share more entries.   In the future, an iPhone app that enables entries from the field will also consume this API.

Hugo and the bird.im team (@birdim) use Apigee to measure API response rates and errors.  (see how Apigee calculates API response rates and API error rates in previous entries).

Thanks to Hugo for all the great feedback on our Apigee Feedback forum!