API Business Models

I have read the API Terms of service : the biggest lie of the programmable web

974views

tl,dr : “I have read the API Terms of Service” is the biggest lie from Developers, and may have deep consequences. In a research work for more open and trustworthy Digital Infrastructure, we need your feedback about your practice with API Terms of service in a quick survey (5 to 10min max) where you will discover potential solutions to make API ToS more transparent.

API Terms of Service are a key element of today’s digital infrastructure. Indeed, everytime you use a Software-as-a-Service via its API, you now integrate the technical contract represented by the interface itself. But behind it, you are also accepting the business and legal contract represented by the rights allowed in copying or consuming that interface.

Known cases of API Terms of Service change and enforcement bring Twitter to mind. Many times in the past, Twitter almost killed its entire ecosystem of applications by abruptly changing API Terms of Service, for example in 2013 and 2018, even if CEO Jack Dorsey apologized and declared wanting a better relationship with developers in 2015. Every day, many successful companies update their API Terms of Service, causing trouble in digital ecosystems, and killing the trust needed to build a sane, resilient and future-proof digital infrastructure.

Twitter is not alone, Google is also known for having killed API access to companies, for instance when they acquired QPX, an API for airfare data, or for suddenly changing API Terms of Service, like when they abruptly modified the free tier plan on Google Maps API and, according to developers, “inseenly increased pricing”. Hundreds of websites broke because of this API ToS Change. Google is known to have killed so many services that there is even a community-driven Google Graveyard. Recently, Google itself announced an “Enterprise API Label”, meaning a label that guarantees these APIs, showing the importance for APIs owners to build a trustworthy relationship with their users for the success of their business. 

In other fields, such as academic research,  scientific work is dependent on the use of API to have access to data or to publications. Although there was a huge movement towards open access to publications and data in research, APIs of publishers might become a new closed or controlled door slowing down the open science movement and free circulation of knowledge. 

APIs are also a major topic for regulators to support a fair and balanced ecosystem for various stakeholders and empower those with more vulnerability. 

Why such a situation today ? The main reason is that, as API users, we often don’t read API Terms of service. Even API builders have difficulties writing such contracts! These are legal documents, made by lawyers for lawyers and bearing in mind developers sometimes don’t even like to read the technical docs (Read The Fine Manual for its Bowdlerized version), they for sure won’t read the legal docs!

If we had read API Terms of service before ticking that box, we would have noticed that almost all of them declare that “They can revoke your access any time for any reason”. 

Impromptu revocation is not the only problem. To name a few : 

  • Breaking changes policy 
  • Re-use of the data
  • Ability to cache the data
  • Ability to store the data
  • Deprecation period 
  • Support
  • Service Level Agreement and performance

Of course, some API providers don’t act like that and guarantee contractually that you will have API access. Moreover, some current initiatives are trying to solve that lack of understanding, like the API Rating Agency measuring performance of different APIS and their underlying services or the API Terms of Service Generator (works only for Swedish law), as well as a governmental initiative called Open Terms Archive to track the evolution of Terms of Service.

Today,The research project APIToS is also working on making it easier for the whole ecosystem (developers, researchers, API producers, regulators, etc.). Funded by the Ford Foundation in the context of the Digital Infrastructure Grants, we are exploring ways to make API Terms of Service more easily understandable by humans and by machines.

In the second phase of the research (after conducting interviews) we are collecting feedback  to know your  daily use or interaction (or not) with API Terms of Service.

We made a 10 to 15min survey and we need your collaboration for research:

https://questionnaires.inno3.cricket/index.php?r=survey/index&sid=617738&lang=en

We will collect these results and design the most effective solution to make API Terms of Service more easily produced by API Providers and understood by APIs users. If the beginning of our research, Creative Commons, was the first intuition, the first phase of research led us to reopen the scope of potential solutions. 

Will it be a standard? A framework? A label? A certificate?  A machine readable contract? Help us find the solution, participate in the survey and share it with API practitioners and Developers you know.

Mehdi Medjaoui
Mehdi Medjaoui is the founder of the worldwide apidays conferences series he started in 2012 in Paris. Mehdi is highly involved in the API community and API Industry, as author, lecturer, consultant and investor in the API tooling space. His industry research involves publishing and maintaining the API Industry Landscape and the yearly State of Banking APIs. In 2018, he publishes as co-author "Continuous API management" (O’Reilly) and begins as lecturer and invited professor at HEC MBA and EMLyon Executive MBA. In 2019, Mehdi become H2020 European Commission expert to lead the APIS4Dgov study on public sector and government APIs. As entrepreneur, Mehdi co-founded in 2014 OAuth.io, an API middleware for OAuth intégration used by 40,000+ developers that has been acquired in 2017. Mehdi’s new venture GDPR.dev develops a Personal data API framework and protocol to democratize data regulations usage for mass users and compliance for applications developers, making GDPR programmable.

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture