Bridging the Gap Between APIs and Customers

I recently gave a talk at the APIdays Mediterranea in Madrid where I started with a question: “Who are your customers?“.

The single, most important thing you want to understand about your API is how you can generate revenue from it. It all depends on who your customers are and how they can obtain value through your API.

What customers need is represented in one of the slides as the “API Hierarchy of Needs“, an adaptation of Maslow’s Hierarchy of Needs to the context of APIs from a customer point of view.


Who’s using your API?

“Who’s using your API” was the title of my presentation at the API Strategy & Practice Conference that happened on February 21 and 22, 2013 in New York City.

One of the conference takeaways was the concern that almost everybody had with their customers. Almost everyone I talked with was in one way or another worried about how the API distribution model is affecting the way their customers interact with their app.

Companies that survive are the ones that are obsessed with customer experience. — Jeff Lawson, CEO twilio

My talk was focused on the way customers interact with companies when using applications developed using APIs: who controls your customers’ experience when they’re using third-party applications?

I propose an alternative distribution model where companies can expose their APIs as integrations that can be used by the final customer. This will increase proximity with the end users without losing control of how they perceive the product.

Speaking at the first BarcelonaJS meetup

I’ll be speaking at the first BarcelonaJS meetup on January 30th in MOB, Barcelona.

I’ll be presenting node-fs and talking about my experience trying to fix the common problem of recursive directory creation, failing to get it accepted into the core of node.js, and planned features for node-fs.


Other speakers include Pablo Casado, who will be talking about how to start with node.js, and also Jordi Romero, discussing a hybrid solution that leverages node.js and Rails.

BarcelonaJS is a monthly meetup started and being organized by Patrick Heneise.

Is OAuth Really Secure?

“Is OAuth Really Secure?” is the title of a talk I gave at the IBWAS’10 conference, last December.

Is the OAuth protocol really secure? Even though the OAuth authorization protocol has been published as the RFC 5849 and is being widely adopted by large Internet companies, it’s important to stress out its possible security vulnerabilities.

This talk focuses on the OWASP Top 10 Application Security Risks and how OAuth is affected by them. While some of the security risks are mitigated by OAuth, developers need to take some action to prevent other risks from affecting their implementations.

If you have time to watch, there’s also a video of the talk.