Business Concerns Around APIs Monitoring Their API Consumption
29 Jun 2018
I heard an interesting thing from a financial group the other day. They won’t use APIs because they know that API providers are logging and tracking their every API request, and they don’t want any 3rd party providers to know what they are doing. It is the business version of privacy and security concerns, where businesses are starting to get nervous about the whole app, big data, and API economy. Exposing another way in which bad behavior in the space will continue to come back and hurt the wider community–all because we refuse to reign in the most badly behave around us, and because we all want to be able to exploit and capture value via our APIs–sometimes at all costs.
I’ve been a big advocate of keying up valuable data and content, requiring developers to authenticate before they get access resources, allowing API providers to log and analyze all API traffic. When done right, this can help API providers better understand how consumers are using their resources, but it can also be something that quickly becomes more surveillance than it is ever about awareness building, and will be something that will run developers off when they become aware of what is happening. This is one of the reasons I have surveillance as a stop along the API lifecycle, so that I can better understand this shift as it occurs, and track on the common ways in which APIs are used to surveil businesses and individuals.
As surveillance, and the extraction of individual, business, and government value continues at the API layer, the positive views of APIs will continue to erode. They will eventually be seen as only about giving away your digital assets for free, and be seen as a mechanism for surveillance and exploitation. While I miss the glory days of the API space, I don’t miss the naivety of the times. I do not have any delusions that technology is inherently good, or even neutral anymore. I expect the business and political factions of the web to use APIs for bad. I’ll keep preaching that they can be used for good, but I’ll also be calling out the ways in which they are burning bridges, and running people off. As the badly behaved tech giants, and venture backed startups keep mining and surveilling their way to new revenue streams.
When APIs fall out of popularity, and companies, organizations, institutions, and government agency fall back to more proprietary, closed-doors approaches to making digital resources available, I won’t be surprised. I’ll know that it wasn’t due to any technical fault of APIs, it is because of the business and political motivations of API providers. Profits at all costs. Not actually caring about the privacy and security of consumers. Believing they aren’t the worst behaved, and looking the other way when partners and other actors are badly behaved. It is just businesses in the end. It isn’t personal. I’m just hoping that individuals begin to wake up to the monitoring and exploitation that is occurring, in the same way businesses are–otherwise, we are all truly screwed.