Recently, during one of our our RAW (Rapid API Workshops) with a retail customer, a great question came up - what are the major differences between a content and transactional API?
Probably not a complete list, but in general:
Content APIs are more likely to be open, without sensitive information. Think of a search, media, or mapping API. While the provider might want to track identity through API keys, these APIs often need no authentication, authorization, or encryption. Search results may be highly cachable, which might be helpful to support high concurrency for bursts of demand for popular content. Content APIs are also more likely to need throttling to protect the back-end and quotas to measure consumption - think about that grad student downloading your entire database one API call at a time. Users might have some tolerance of downtime for free content that can easily be requested again. Success for content APIs might be measured in terms of usage or engagement. (usage per consumer), so having API usage analytics might be important. If you can, make content APIs simple and easy to adopt with standards like REST.
Transactional APIs have sensitive data and therefore security needs go beyond identity and developer key level tracking to include API authentication and authorization. The data might need encryption and XML or API specific threat protection. Instead of quotas, the back-end business logic might already contain all the controls you need to measure consumption and monetization. There is probably no tolerance for downtime or lost transactions. And of course success for transactional APIs can be measured in existing financial terms.
|Content API||Transactional API|
|(Often) Open to all without authentication or encryption||Authenticated, authorized, and encrypted access|
|(Often) non-sensitive data||Audit and compliance requirements|
|Static or mostly static data -- highly cacheable||Dynamic data -- limited cacheability|
|May have higher volume||Natural volume limits (user may have to pay...)|
|More likely to require quota (prevent download of all content, excessive updating, etc.)||Natural volume limits|
|Some tolerance for downtime (user can just refresh)||Little tolerance for downtime (did you charge my card or not?)|
|Metrics == API usage||Metrics == Financial ($$ of orde|
What's your experience in the difference between content and transactional APis?