Bridging the Gap Between APIs and Customers

I recently gave a talk at the APIdays Mediterranea in Madrid where I started with a question: “Who are your customers?“.

The single, most important thing you want to understand about your API is how you can generate revenue from it. It all depends on who your customers are and how they can obtain value through your API.

What customers need is represented in one of the slides as the “API Hierarchy of Needs“, an adaptation of Maslow’s Hierarchy of Needs to the context of APIs from a customer point of view.

Speaking at the first BarcelonaJS meetup

I’ll be speaking at the first BarcelonaJS meetup on January 30th in MOB, Barcelona.

I’ll be presenting node-fs and talking about my experience trying to fix the common problem of recursive directory creation, failing to get it accepted into the core of node.js, and planned features for node-fs.


Other speakers include Pablo Casado, who will be talking about how to start with node.js, and also Jordi Romero, discussing a hybrid solution that leverages node.js and Rails.

BarcelonaJS is a monthly meetup started and being organized by Patrick Heneise.

Is OAuth Really Secure?

“Is OAuth Really Secure?” is the title of a talk I gave at the IBWAS’10 conference, last December.

Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it’s important to stress out its possible security vulnerabilities.

This talk focuses on the OWASP Top 10 Application Security Risks and how OAuth is affected by them. While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.

If you have time to watch, there’s also a video of the talk.