Nordic APIs Start With Focus on Security, World Bank API Standards

A series of conferences known as the Nordic APIs have started a four-day tour of four countries in Northern Europe. The mission: Bringing API discussions to the capitals of Sweden, Denmark, Finland and Norway. Presentations by sponsors MuleSoft (parent company of ProgrammableWeb), Ping Identity, Twilio, Axway and Layer 7 are joined by local speakers in each country under the overarching theme of “Private, Partner and Public APIs.” The first event, held in Stockholm today, was fully booked, with events in Copenhagen and Helsinki also expected to reach audience capacity. ProgrammableWeb spoke with presenters and participants at the opening event.

Audience reaction to Nordic APIs

“Nordic countries are very comfortable with moving forward with new technologies and recognize that it is business-critical to be thinking in terms of Digital Transformation,” said one participant.

ABOVE: Nordic APIs participants discussing the presentations during a break

Several attendees had come particularly to hear about how to move from a private API implementation — where they use APIs internally to their business -- to making them available to third-party developers in an open API strategic approach. “Right now, our internal services have a non-RESTful, or what i call a STRESSful API, but potential customers have been coming to us with a list of interesting use cases for what they would like to do with our service,” said Andre Fischer from Postify. As CTO of App Promotions, which manages the image-to-postcard cloud service Postify, Fischer is heading up a team that is planning an initial API release in the coming weeks. The team will test their new API service with trusted partners before opening it more widely. Fischer was most drawn to presentations by Travis Spencer from Twobo Technologies and David Gorton of Ping Identity, who both addressed neo-security protocols of Authentication and identity management in API architecture.

“It made me think about looking at linking identities so you can get your images from Facebook but also from Dropbox or anywhere else you store them in the cloud,” Fischer said. Spencer had talked about the need to separate policy from app performance: “Applications shouldn’t be answering the questions who are you and what are you allowed to do,” Spencer told the audience. “That should be pulled out by an API [and handled separately]. In a neo-security Platform, applications must not perform authentication."

Gorton agreed. He advocated for secure API design with the emerging OpenID Connect, which does not currently have as much traction as SAML and OAuth 2 being used together, but is expected to rise up as the new standard in secure user authentication and identity management.

World Bank talks API-led problem solving

Swedish developer Pernilla Näsfors works with the World Bank on opening up aid development data via API. The World Bank has released a number of APIs aimed at opening access to its indicator data sets, as well as data on climate change, and on program and project implementation. The World Bank is leading a disruptive effort in development aid by turning aid reporting on its head: by using the World Bank's Open Aid APIs, countries can report how much aid they receive, and eventually will be able to match receipts with the aid that donors say they have allocated.

In a timely piece of synchronicity, the morning had begun with the Gates Foundation tweeting: “Sweden is of course very generous. There is also a lot of effort to ensure this generosity is well spent.” Approaches like the World Bank’s Open Aid APIs enable more transparency and clarity in the convoluted world of developmental aid policy and spending. Greater transparency in how money for aid is allocated and spent can build better international relationships by encouraging cooperation, creating greater stability, reducing corruption, and possibly even highlighting the most effective, funded initiatives.

To ensure mistakes are not repeated in development aid reporting when moving to an open API approach, the World Bank is implementing a standard known as the International Aid Transparency Initiative API (IATI). This standard ensures consistent reporting of aid data sets via the API's XML schema that contains information about who is involved, the details of funded activities, and other key factors.

Näsfors—whose presentation for the event was singled out by Slideshare to be shown on the site's front-page showcase—finished her talk by challenging the audience to think about how to use APIs to make the world a better place. It was a challenge that Ben Nunney from Twilio took up in his final presentation of the day, which included several case studies of how the Twilio API is being used. One of these use cases, from 2008 to 2009, focused on US not-for-profit agency Juma Ventures, which used Twilio’s API to allow registered homeless youth to be informed of new employment opportunities or when when shift work in their cafe became available at short notice. “It had a simple Front-end and messaging approach that lowered the barrier to entry by sharing details of available work opportunities with homeless youth,” Nunney demonstrated.

The Nordic APIs tour continues Tuesday through Thursday. ProgrammableWeb will cover key announcements across the next few days from leading presentations. Readers can also follow along via #nordicapis.

By Mark Boyd. Mark is a freelance writer focusing on how we use technology to connect and interact. He writes regularly about API business models, open data, smart cities, Quantified Self and e-commerce. He can be contacted via email, on Twitter or on Google+.

Be sure to read the next News Services article: Mendix Unfurls RAD Development Environment in the Cloud