256DEV | 4 years ago | on: What’s your API’s “Time To 200”?
256DEV's comments
256DEV | 4 years ago | on: What’s your API’s “Time To 200”?
So I actually do have a version of my API that doesn't require any sign up at all for the users that prefer this!
You can see it here: https://www.exchangerate-api.com/docs/free
That said, as much as some users want an open endpoint with zero authentication there are many others who want an actual account, commercial support, high availability, more features etc. These users are also the ones that pay for development, infrastructure etc. so my service has to be 95% built around the flow that includes signup.
256DEV | 4 years ago | on: What’s your API’s “Time To 200”?
My API currently does auth inline in the GET request URL in order to make this possible. An example request would be: GET https://v6.exchangerate-api.com/v6/YOUR-API-KEY/latest/USD
I've had a fair number of users send me feedback saying this isn't the best practice, I should use tokens in HTTP auth headers or use various other auth schemes.
But from my perspective, for an API that is offering really very simple functionality, using HTTPS & not handling user data etc. then this is quite OK - especially when you consider the benefits of how simple it is to get up and running.
I have quite a few university course conveners include my free API in their entry level CS classes because it's super fast & rewarding for students to go from finding my API to then having a JSON object in their code, no tokens required!
256DEV | 4 years ago | on: What’s your API’s “Time To 200”?
The Upload Spreadsheet button without any auth or form required is great. For any prospective users looking for this feature your time to being useful to them is approaching the theoretical limit. Only way faster would be to embed a small version of that page's form somewhere on your main landing page...
I really can't think of any other suggestions - your landing page is excellent, fast and I imagine highly converting with all the social proof. I also like the specific landing pages for each customer segment a lot, I really need to do that for my service.
Your site inspires me to work more on mine!
256DEV | 4 years ago | on: What’s your API’s “Time To 200”?
I've put a fair amount of work into getting this exact time as low as possible for my exchange rates API [1]. I've noticed slightly better conversion each time I've taken a major step out of the process.
I've specifically eliminated some of the steps this article cites in its example of a tedious flow - for instance I changed user accounts to be confirmed by default and then only disable them retroactively if a user doesn't click the activation link within 24 hours. This way you don't need to wait for the confirmation email. Even though I use Postmark delivery times can be surprisingly variable.
I'm not sure how I could further improve the current flow, which is 1. put your email into the landing page, 2. then choose a password for your account, then 3. you're presented with an example request format including your already activated API key. Suggestions welcome!
I guess because the scope of my service is so limited it's easy to have this fast flow, no complex libraries or auth is involved.
256DEV | 4 years ago | on: Stack on a Budget – A collection of services with free tiers
This is a great resource, my currency API [1] has actually been on this list for a while!
One thing that amazes me though is some of the places people rely on free services. As someone who has run a free and open access API for over 10 years now it never ceases to amaze me how people integrate free services into critical production code and high volume, high availability contexts.
Sometimes I can see from my logs and sometimes because users end up contacting me - developers happily include the version of my API that doesn't require any API key [2] in large corporate ERPs, apps in the Atlassian app store, shopping carts of super high volume e-commerce stores etc. etc.
Obviously I take great care in how my free APIs are provisioned and monitored, but it is still shocking to me that people just pick an API off a list and then rely on it in a system that probably cost millions in developer salaries to build...
[1] https://www.exchangerate-api.com [2] https://www.exchangerate-api.com/docs/free
256DEV | 5 years ago | on: Counterfeiting Stock – Explaining illegal naked shorting and stock manipulation
I find articles like this fascinating because to me they are indicative of just how substantial the magnitude is of the "bounty of capitalism" in the public markets.
On the one hand you have returns available to anyone prepared to invest consistently in the stock market across the last 30 years that are both well documented and very substantial. People like Warren Buffet & boggleheads make data-backed arguments about how well you could have done if you put money in even just broad index-tracking funds.
And yet on the other hand there are two massively powerful groups with materially more leverage and informational "edge" within the system compared to all the people with a 401K. These are the executives who actually run the public corporations (and can choose their own compensation as a class via board/exec rotation & internal influence) and the financial firms that are embedded both in the firms' operation and also essentially setting/playing the rules of the meta-game as evidenced by articles like this.
It feels like the fact that there are any returns left for a retail investor in public stock market investing speaks more to the quantities of wealth creation taking place than the absence of this sort of outrageous market rule capture.
Two disclaimers: 1.) the slider for wealth "creation" on the public markets in the US seems fairly obviously to be being dragged from innovation to ZIRP... whole separate matter. 2.) at a whole-society level obviously the availability of public market returns is limited to a tiny sliver of the population with the means to invest, so when I say "bounty of capitalism" above I'm more referring just to the sum of financial profits as a result of the system.
256DEV | 5 years ago | on: Personium – personal data store server
Agree - your comment makes me think of a tweet[1] I read recently:
"If you're collecting personal data, 'how should I protect this?' is actually your third question.
'Should I collect this?' is only the second question.
The first question is 'what would the worst people do if they got hold of this?'"
page 2
Basically hand out tons of short lived credentials right from a widget on the main landing page, together with each API response giving a link to a signup form that can convert the key into a fully fledged account.
Thanks for the suggestion!