Unified API (marketplace)

[Stanislav Kaluhin]

Hello guys, nice to meet you all. 

As I understand all of you are working with APIs and you are really professional in this field. 

Me and my team are working on a new project called bNesis. This is a marketplace of APIs where you no need to integrate all services which you are interested in separately you just can integrate only one our API and you will get an access to dozen of services (clouds, social networks, CRM, marketing, Analytics and other systems ) in a matter of hours. All of these you can get in the restfull option (Web services) and SDK (Desktop - Windows; Mac; iOS; Adnroid; WP). 

And even you can add your services to our platform and making it available for other developers and potential customers.

Now we need your help guys, as we are startup we have already launched an MVP version recently and really interested in your professional opinion

Here the link on the MVP - https://www.dropbox.com/sh/on8ebhjy419b89w/AABU1wEft12HnnM64n9BNYiwa?dl=0

(we really sorry about the not full technical documentation, some bugs and limited functionality this is our first MVP and till 8 of september we will launch the updated MVP version with a perfect technical documentation and we will fix all the other stuff). 

We really need help with your professional feedback.

I will be glad to any comments and feedbacks.

Thank you all.

My contacts: email: s...@bnesis.com (Stanislav Kaluhin) or skype: akylo4ka91

[Chris Mullins]

This seems on topic, so I'm (personally) fine with the this. 

Some feedback after a quick glance:

• Auth. Your Auth model seems, um, incomplete. Why not just OAuth? These days seeing an SDK that requires the following code seems... less than ideally secured
  

bNesisClass bNesisAPI = new bNesisClass();

string token = bNesisAPI.Regist(loginTextBox.Text, passwordTextBox.Password, emailTextBox.Text);

This is especially weird as you're trying to broker access to other API's. I don't want you to have my password. I don't (really) even want to you see my OAuth Bearer Tokens, as you could then use them in replay attacks. 

• No TLS. Your IP endpoint that's asking me to post a password is not TLS. That just sets off all the red flags. 
• Docs.  The Word docs seem like they should probably be Swagger files. That would give you an API playground, tooling, and provide me (the API consumer) with what I expect to see these days. 
• APIs. After spot checking a few API's it seems like you're trying to provide abstractions over other APIs. For example, your Upload API. This approach seems problematic, as the real APIs offered by DropBox, OneDrive, GDrive are quite a bit more full featured. There is a real impedance mismatch if my understanding is indeed correct. 
• Headers. Some of your API choices seems weird. For example, in your Auth sample, you show a curl example. This puts the Username and Password at HTTP headers. This is... unexpected. I would expect these to be a JSON Body inside a POST request. 

Keep up the good work. I'll look forward to seeing this as it becomes more complete! 

Cheers,

Chris

[Stanislav Kaluhin]

Chris Mullins, thanks for your feedback I really appreciate it. An updated version of our MVP will be launched at 8 of September with all functionality and bug fixes and good technical documentation.

Thanks a lot for your help, I will send you an updated version of our solution.

Best wishes

--
You received this message because you are subscribed to a topic in the Google Groups "API Craft" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/api-craft/nxu46UW_kyQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to api-craft+unsubscribe@googlegroups.com.
Visit this group at https://groups.google.com/group/api-craft.
For more options, visit https://groups.google.com/d/optout.