APIs Community

What makes up a high-quality API

With third-party APIs, developers can leverage the power of external expertise to enhance the functionality of their applications. However, to ensure success, they must carefully evaluate the quality of APIs before incorporating them into their applications. This chapter aims to investigate the key characteristics that make third-party APIs high-quality, according to developers.

In recent years, application programming interfaces (APIs) have become a key part of modern software development. APIs act as intermediaries that facilitate communication between different applications through established protocols and definitions. By using APIs, developers can leverage the power of other applications without needing custom integrations. In turn, this allows them to focus more on building the core parts of their applications and less on recreating features that already exist or are not feasible.

With this in mind, it is unsurprising that almost all developers (89%) report using APIs in their projects. According to our data, 74% of developers use third-party APIs while 15% state that they only use private or internal APIs. Using private/internal APIs makes it easier for developers to link their in-house applications together and ensures that only authorised personnel can access their systems and internal information. On the other hand, using third-party offerings gives them access to external expertise but introduces additional dependencies that can affect their projects.

high-quality API

74% of developers use third-party APIs

With so many developers relying on third-party APIs to expand the scope of their applications, modern services are becoming increasingly more likely to offer public APIs. However, not all APIs are created equal. Just as high-quality APIs can enhance the capabilities of a given application, adopting a low-quality API can be detrimental to its success. Implementing low-quality solutions can create a wide range of issues such as poor performance, negative user experience, and security vulnerabilities. Therefore, developers must carefully evaluate the quality of APIs before incorporating them into their applications.

In the latest edition of our global developer survey, we asked developers who use third-party APIs to identify the most important characteristics of high-quality API offerings. Our results indicate that developers consider security, documentation and sample code, reliability, ease of use, and performance to be the most important characteristics of high-quality APIs. These five qualities separate themselves from the rest as the core pillars of strength developers look for when considering third-party APIs. In fact, 89% of those who use third-party APIs mention at least one of these characteristics in association with high-quality APIs.​

Security is the most important factor in evaluating the quality of third-party APIs, according to 42% of developers. Using third-party offerings opens up a line of communication with external services that can expose their users to unauthorised access to sensitive data and other security risks. To keep up with the rapidly evolving landscape of threats, developers and modern businesses must ensure that the APIs they use are secure to protect their assets.

Developers consider security to be the most important attribute of a high-quality API

Having access to clear documentation and sample code can make it substantially easier for developers to incorporate APIs into their applications. Our data suggest that 39% of developers consider documentation and sample code to be among the most important qualities in third-party APIs.

These features allow developers to quickly understand the capabilities and limitations that a given API brings and make it easier for them to get started. This goes hand in hand with ease of use, which is mentioned by 37% of developers who use third-party APIs.

On the other end of the spectrum, reliability (38%) and performance (36%) of third-party APIs can directly impact the success of a given project. If an API proves to be unreliable, it can lead to issues ranging from minor errors to system failures and data breaches.

On the other hand, reliable APIs help developers minimise the risk of something going wrong and ensure the highest chances of success in their projects. Similarly, applications can only perform as well as the APIs they use.

Therefore, it is essential for APIs to be fast and capable of handling high volumes of requests to be used in modern applications.

high-quality API

Those who are new to the field of software development tend to work on less challenging problems and can often turn to their peers and mentors for support. As such, they are the least likely (20%) to cite documentation and sample code as an important characteristic of a high-quality API and tend to prioritise other features.

However, as they gain expertise and take on more complex projects, developers begin to appreciate the benefits that clear documentation and sample code bring to the table. In fact, 65% of developers with 16+ years of experience mention documentation and sample code among the most important characteristics of high-quality third-party APIs, surpassing even security (51%).

Highly experienced developers value API documentation and sample code significantly more than beginners

With a greater reliance on self-guided learning, experienced developers become less likely to focus on the community when evaluating the quality of third-party APIs. However, technical issues can arise regardless of experience and may be difficult to resolve or diagnose without expert-level knowledge. In turn, technical support appears to retain its above-average importance for all but the most experienced developers.

high-quality API

With more years of experience, developers gain a deeper understanding of what is essential for their projects. For some, performance may be critical, while others may focus more on ease of use. By focusing on the right characteristics of third-party APIs, developers can enhance the functionality of their applications and deliver better products.

Would you like to contribute to similar findings?

Participate in our latest wave of the Developer Nation survey!

Complete the survey to access our amazing virtual Goody Bag filled with subscriptions, resources, and more!

Sign up for the chance to win prizes, earn loyalty points, and receive updates on survey results and future opportunities.

Take the survey anonymously here


8 Java Programming Tricks; Unlocking developer-led growth and How to Build a Fast and Lightweight API

Welcome to yet another resource-packed newsletter by Developer Nation. In this one find Java tricks you should know about, build lightweight APIs with NodeJS and learn the difference between Agile-VS-Scrum, the terms often used interchangeably in modern Software Product Lifecycle.

Community Huddle

We invite you to Subscribe to our Youtube channel where you can find videos, podcasts, webinars and updates which will help you master new skills, notify you of our upcoming surveys and take your career to new heights. We hope to see you there supporting our new initiatives. 


💡 8 Java Programming Tricks Every Java Developer Should Know

In this article, we’ll explore eight Java programming tricks every Java developer should know, including how java developers for hire can help you implement them in your projects.

🪪 Why Custodial Wallets Remain Popular Among Some Crypto Users

For storing, transmitting, and receiving digital assets, cryptocurrency wallets are crucial tools. Custodial and non-custodial wallets are the two major varieties that are available


🛠️ How to Build a Fast and Lightweight API with Node.js and SQLite

In this article, we’ll show you how to create a Node.js API that uses an SQLite database to store product information.

🧪React Native run-android: How to Test Various Device Types

One of the key benefits of React Native is its ability to test apps on various device types, including emulators, simulators, and physical devices.

Hacks, Tips and Tricks

🤗 Welcome to Rails Cheat Sheet
Agile 🆚 Scrum
Subscribe below to the Developer Nation Newsletter for more interesting blogs, job postings, upcoming events, free tickets, giveaways and more. 
Community Tips

Protecting APIs by Merging Tools and Security Best Practices

Rapid uptake in adoption by industries ranging from banking to retail to autonomous vehicles of customer- and partner-facing and internal application programming interfaces (APIs) to drive internet traffic has resulted in an equally rapid growth in endpoint attacks – more than 11 billion over just 18 months according to a report from edge computing security leader Akamai. It makes sense that they are more vulnerable to threats from malicious actors, given API endpoints’ similarity to internet-facing web servers, and their role as pipelines between divergent platforms.

For DevSecOps teams, protecting APIs is a top priority; they are vital to mobile, SaaS, and web applications and paramount to a healthy software development lifecycle. API security is also a natural extension of DevSecOps’ push to break down silos between development, security, and operations and move toward automation and design that integrates security as a shared responsibility. 

Thus, it is time to view API security not as an external bottleneck, but as a part of a stable long-term strategy. This can be achieved by altering company attitudes and investing in API tools that facilitate testing, enforce governance standards, and automate recurring security tasks.

Adopt an API-as-a-Product Strategy

A primary reason digital transformation efforts have failed for many brands is because they do not see APIs adding value. As such, they’ve lost track of the potential return on investment (ROI) APIs can deliver. When APIs are not viewed as assets or value-generating, they aren’t subject to the appropriate level of protection or security performance oversight. In fact, Akamai’s report highlighted the fact that many enterprises relegate API security checks to the end of the lifecycle and rely on traditional network security solutions which aren’t designed to protect against the attacks to which APIs are subject.

This is starting to change, however, as API-as-a-Product strategies gain traction within the developer community. There is a notable shift away from delivering project features based on budgets and deadlines to holistically examining APIs as products and assessing their capabilities. Further, as the concept of monetizing APIs gains prominence, their protection becomes a higher priority at the outset, with organizations more inclined to adopt a human-centered design approach. 

What this means is moving API regression tests to the forefront rather than treating them as an afterthought. It means adopting a design-first approach – wherein everyone on the team speaks the same language and every tool is able to leverage the same design – from the outset with the help of an API management platform. This will also help ensure that APIs are built on established authentication and authorization mechanisms such OAuth 2.0, which is the industry-standard protocol for authorization, and OpenID Connect.

API testing tools are critical for protecting something upon which most services in use daily rely. These tools let developers see if an API is reacting adequately to unexpected inputs or possible security attacks. They show immediately if an application is running with optimized functionality, reliability, and security.

Whether it is running user authentication, parameter tampering, unhandled HTTP, or fuzz testing, it is imperative to test an API contract to ensure that services can communicate and that the data they share is consistent with a specified set of rules or standards. Further, there are many solutions in the API testing market, including cross-cloud API testing software, software that supports asynchronous testing and continuous integration/continuous deployment (CI/CD) integrations, and end-to-end testing – as well as solutions that support various formats eliminating the need for developers to learn new languages. 

Continuous testing is essential across the DevSecOps pipeline, as is robust test coverage based on API contracts that have been designed and approved. Plus, by chaining together complex API transactions and workflows, cases can be tested on-demand using continuous delivery or CI/CD to reduce downtime. 

Security in 360-degree Lifecycle Management

While API security considerations have typically been an afterthought to ever-increasing business demands, the reality is that no enterprise can afford for software security checks to be the last stage of an API lifecycle. Rather, security must be part of a 360-degree API lifecycle management strategy. It should be incorporated into every level, from planning and design to developing, testing, and release management – all the way out to deprecation.

Developers must also have oversight throughout the entire API lifecycle – which is where an API management platform comes into play. A dedicated platform can provide workflow visualizers that show an API’s complete lifecycle in a single view with issue alerts, which helps accelerate production using CI/CD in the DevSecOps pipeline to build trusted artifacts and more rapid iterations, thereby guaranteeing a security-first mindset. 

API tools also allow perimeter scans, which enable the discovery and inventory of APIs and allow for easy breakdowns for DevSecOps teams to work with. The best platforms will leverage a command line interface (CLI) – a unified tool for managing and controlling multiple services from the command line or with automation through scripts – to make APIs more easily discoverable. The team can easily determine where and how many APIs are deployed; a level of visibility that is mandatory for enterprises. 

Tools for Success

In short, an API team is only as successful as the set of tools at its disposal.

API security best practices are no mystery to seasoned security professionals – and they start with establishing solid API security policies through an API management platform. 

Finally, a collaborative approach to API governance – in line with the DevSecOps mission to eliminate siloes – is imperative for any organization’s security. 

About APIWizAPIwiz is a low-code, API automation platform allowing developers to build and release reliable APIs quickly. With APIwiz, API teams have complete control, visibility, and predictability over their entire API program, allowing organizations to stay open and connected.


Taking a Proactive, Governance-Based Approach to API Security

Security breaches are among the greatest threats confronting enterprises today, and application programming interface (API) abuse is typically central to the attacks. For that reason, API governance is critical to the success of any digital business.

Ensuring that governance results in a long-term stabilizing strategy requires following strategic API security, monitoring, and open cultural practices.

Common Errors

Just knowing when something is not right with a system or that a bug requires fixing isn’t enough knowledge to make informed decisions about security. What is required is a keen understanding of the health of a specific project throughout its entire life cycle. This includes knowing its current state, having proper visibility into the traffic running through apps and infrastructure, and recognizing error patterns – and being able to act upon any issues before they impact the customer experience.

When it comes to APIs Lifecycle and management, we’ve discussed it in great detail in this workshop recording that can be found here.

The problem with most enterprises in this regard is that they tend to be project- instead of product-driven; budgets and deadlines are tied to delivering features rather than holistically examining a product and its capabilities. This, coupled with the failure to see APIs as adding value, are why many brands have failed in their API journeys and digital transformation. They’ve simply lost sight of the return on investment (ROI) properly governed APIs can deliver.

As a result, these enterprises leave API security to the end of its life cycle when regression tests are run to determine whether it is working properly, declaring it “secure” if it passes a confined set of tests. It is a last-mile mindset that is behind the daily reports of personal healthcare data, payment information, and billing address breaches – and why API security must be everyone’s responsibility at every stage of the life cycle and built into the product design itself. 

Governance can work only when API security is considered at the outset and supported with the proper tools to ensure the team is prepared to stave off attacks from every angle.

Creating a Governance Mindset

The first step toward effective API governance is to create an organization-wide mindset rather than having it rest solely with those who develop processes. Governance must go beyond ensuring that a specific set of projects functions in a certain way and adds value. Transformational success requires continuous feedback that bridges the gap between the consumer and provider.

Adopting a dedicated API management platform to automate API security best practices throughout the API life cycle is a smart way to automate many aspects of governance. Doing so provides a top-down approach that leverages a powerful security toolkit and knows what questions to ask and when. 

Among the questions required for governance in the API are:

  • Why do I need this API?
  • Who are my API’s consumers?
  • What are consumer’s usage patterns?
  • Do they need this API?
  • What is the behavioral design for this API?
  • What is my ROI?
  • Does this API add value to my consumers?
  • How is this API being integrated with my partners?
  • Which devices are calling this API
  • What barriers are there for people to access this API?
  • How could my APIs be compromised?
  • What is being cached on local browsers?
  • How many retries are permitted when trying to access your API?

When and How to Pose Questions

When a company is scaling, taking a manual approach to continually asking and answering these critical questions becomes far too error-prone to be effective. It becomes too easy to lose track of data and too tempting to cut corners to meet deadlines. Thus, API security needs to be built into API modeling – in both test-driven design and communications with every aspect of the business.

For example, information must be continuously evaluated to determine if it is sensitive, as API governance has different security policies for internal APIs, external APIs, open-source APIs, and partner APIs.

Leaving monitoring of sensitive information in the hands of API analysts, who are tasked with building an API specification under OpenAPI, is a mistake as their focus is solely on the user interface (UI), necessary data models, and consumer demands. Too often this dedicated focus causes them to overlook essential vulnerabilities, resulting in sensitive data being built into API headers and query patterns.

Rather, everyone should be responsible for asking if a user ID is needed as part of the API and, if so, if it should be part of an encrypted payload. The API and the user ID passing through it should be considered part of the query parameter pass-through browsers with sufficient caches and cookies. 

Finally, where requests are coming from must be understood. APIs need to be designed based on the systems and devices they with integrate with as they are a growing threat from hacks – putting sensitive information at risk.

Arming a “Security First” Culture

To create a “security first” culture, proactive companies adopt self-learning systems as part of their API security toolkit that leverage the power of artificial intelligence (AI) to gather information about plan behaviors. These solutions reveal patterns and trigger appropriate actions, for example shutting down vulnerable systems before the clients risk them.

Because a team is only as successful as the tools at its disposal, every API security toolkit should include the following:

  • AI-powered API security, which self learns and self creates rules to recognize and proactively respond to attacks.
  • Straight sets of issue alerts to inform the right people as things go awry.
  • Dashboards, which enable teams to see patterns that contribute to a security-first mindset.
  • Data governance, to ensure data is being securely exchanged and being exposed only in ways that align with security policies.
  • API gateways, which are vital to API orchestration and integration.
  • Firewalls, to protect against threats like SQL injection attacks.

Security must be incorporated into a 360-degree view of the API life cycle from the outset and run through planning, designing, developing, testing, and release management. New threats emerge every day, so it’s imperative that learning be continuous.

Security must also be part of the user story and not just a box to check off in the release plan. As tooling – which should be accessible to everyone within the organization – is used to recognize user patterns, it contributes to that user story and develops a sequence of use cases from API keys to tokens to audit logs and more. This does more than give an enterprise empathy with its users; it provides valuable insight into potential system risks.

Retroactive Governance Repairs

For those organizations that did not build security into the API life cycle from the outset, it is not too late to revisit and rectify the situation. 

One common challenge for these organizations is when the CIO or other key players don’t realize an API exists until it’s already been hacked. This can be overcome with use of proper enterprise-grade API tooling that provides a complete overview of connecting APIs and the resources and information they expose. Tooling can also enable continuous API discovery, so while developers are given DevOps autonomy, others are still aware of every open-source or subscription API to which they connect.

It is also critical for these APIs to be monitored, which is where self-learning security systems play an important role. These powerful solutions detect current anomalies and feed this intelligence back into the system’s coverage and into the company’s new “security first” culture – saving it from public humiliation down the road. 

Getting Proactive with API Security

Enterprises caught up in data leaks tend to be reactive when it comes to API security. As such, they don’t have in place the right systems between consumer and provider. It’s a recipe for certain disaster that leaves the organization searching for the source of the service denial attack and creates distrust among consumers who will think twice about sharing their personal information.

Success requires a proactive approach, one that integrates security into governance at every stage of the agile process. This enables the continuous learning mindset around API security that is the only way to succeed. 

About APIWiz: APIwiz is a low-code, API automation platform allowing developers to build and release reliable APIs quickly. With APIwiz, API teams have complete control, visibility, and predictability over their entire API program, allowing organizations to stay open and connected.

APIs Platforms Tools

Do-it-yourself NLP versus wit, LUIS, or




Alex and I have been building bots for about 1.5 years and have talked to hundreds of bot devs through our BotsBerlin meetup, which now has over 1,000 members. Something we get asked a lot is whether it’s worth investing in building your own NLP engine, or whether it makes sense to use a third party service like, LUIS, or

What does a chatbot’s NLP engine do?

Let’s say you’re building a restaurant bot. These tools will help you take a sentence typed by a human, and turn them into structured data, for example:


NLP Module chatbots


Do you build yours or use third-party tools? Let us know in our DE Survey.

The structure on the right is something computers can actually work with, and you can pass this on to the business logic of your bot. For example, you would probably query the Foursquare API and fetch a list of restaurants. If there are some popular restaurants matching those constraints, you would probably suggest those to your user. If not, you might suggest a Chinese restaurant instead.


Foursquare has already done the hard work of finding matching restaurants, so the trickiest part of building this MVP is finding a way to generate structured data from natural language. The great thing about tools like wit, LUIS, and is that they make this part so easy that you can build an MVP like the above in an afternoon. In our experience, 3rd party tools are an excellent way to build quick prototypes. You could just as quickly build a bot to find videos with the YouTube API, or products from Product Hunt.

Reasons to do it yourself

If your restaurant bot is a runaway success, you will inevitably want to become independent. We see that the more advanced bot teams are all developing their own NLP. Data from the Developer Economics surveys, which polled the opinions of thousands of developers interested in chatbots, are pointing towards a democratisation of chatbots through open source projects (there’s a live survey out now if you want to contribute to this knowledge pool).
Here are three real-life examples of why people switch.

API constraints

databot was a Slack app we built at the start of 2016. Databot would connect your data warehouse to your Slack, so you could ask

what was the ROI like for October’s facebook ads?

and databot would generate the corresponding SQL query and answer your question.

We started off using, which would always default to guessing that October referred to the following October, not the previous one. So we had a lot of fun with our date library to build a workaround. Of course wit could add a feature to let you customise this default, but that’s missing the more general point. If you use an API you are have to live with someone else’s engineering decisions, and that friction tends to grow as your project matures.

Data ownership

We talked to a startup building a commerce bot, specifically one which let you look for presents for friends and family and find good deals, e.g. “my sister likes running and craft coffee and I want to spend around $30”. For them, gathering the data around people’s purchasing intentions is core to the value of their business, and they want to make sure it belongs to them. Moreover, for privacy sensitive verticals like insurance, health, and banking, sending every message to a 3rd party is not an option, users and businesses just aren’t comfortable with it.


Admithub is an education startup. This team actually has one of the most technically advanced NLP modules I’ve seen, it can recognise thousands of intents. Their bot helps university students by updating them about events and deadlines, and can answer questions ranging from “when are housing applications due?” to “can I have a salamander in my dorm room”.

AdmitHub found very quickly that third party tools weren’t up to this task (they tend to optimise for the small data use case, performing well even when a developer is getting started and there are only a few examples). Most also failed to handle misspelled words, which are common when chatting with teenagers. While simple bots are generalizable, sophisticated bots are all complicated in their own way. Every algorithm has trade-offs, and a one-size-fits-all approach can let you down when your use case becomes more advanced.

Bonus: Control your own fate

Ultimately, technological independence is compelling for many teams. It’s great to use free tools developed by big tech companies, but they may not stay free (Microsoft have started charging for LUIS) and they may disappear with little notice (like Parse did).

The rise of do-it-yourself NLP

{wit,LUIS,api}.ai are wonderful tools that make prototyping very quick. But from talking to dozens of bot teams, I’m convinced that everyone will eventually become independent. Early indications from the state of AI survey are that virtually all businesses are uncomfortable relying on APIs for their AI, and that doesn’t surprise me given the examples I’ve just talked about. The engineering case is that web APIs just aren’t the solution to every problem in programming. The business case is that you really want to own your data and be independent.

In 2017 we will see the bots that have traction moving away from 3rd party NLP services. The biggest drawback, until now, has been the engineering investment and machine learning talent required to build a custom NLP engine. It makes no sense every bot team to reinvent the same things, so at LASTMILE we decided to open source ours. You can find out more at


Are you involved in ML and/or AI? Take the Developer Economics Survey and shape the future of ML/AI development.

News and Resources Tools

Oculus previews a new untethered VR headset

Welcome to DeveloperEconomics’ weekly news roundup. In this edition Oculus previews a new untethered headset, Cyanogen shifts business strategy to a modular OS program and online furniture store Wayfair releases its first API. Read on for the full news rundown.


Oculus working on cheap untethered headset


Oculus revealed plans to release an untethered VR headset during its developer conference last week. The new VR device is intended to sit between mobile and full PC experiences, without relying on a separate smart device, like Google Daydream. The device is currently in a prototype stage and Oculus has remained silent on a release date.


Cyanogen shifts to Modular OS program


Cyanogen has appointed a new CEO and says it will shift its business model toward a Modular OS program. The new Modular OS program gives developers more freedom to borrow from Cyanogen’s technology, removing the limitations of the full Cyanogen OS stack. The company previously admitted it was having difficulty scaling its userbase and laid-off 20% of its staff earlier this summer.


iOS 10 adoption outpacing all other iOS versions


iOS 10 is now installed on 66% of active devices, according to marketing firm Fiksu. The adoption of the latest version of Apple’s mobile OS has been faster than all previous versions, according to the company. A Fiksu representative said: “We’ve never seen this kind of acceleration in the adoption curve for an iOS upgrade.” Apple’s official numbers dispute Fiksu’s and claims the OS has reach 54% of devices.


Oculus introduces $499 VR-ready PC


Oculus showed-off an VR-ready PC costing just $499, during its developer summit last week. The rig meets new Oculus minimum requirements, enabled by asynchronous spacewarp technology, which lets 45 frames per second look like 90 frames per second. The new price point is half the cost of the VR-ready PC Oculus introduced last year.


WaveMaker enhances app tool API integrations


WaveMaker has updated its platform to allow enterprise devs to create hybrid mobile apps. The update supports integrations of apps on any stack, including Java, .NET, PHP, Python and Node.js. WaveMaker says its new platform also doesn’t require the deployment of server-side components, required to access data from systems independent of the technology stack.


Wayfair launches 3D model API


Online furniture retailer Wayfair has released its first API. The API gives developers access to over 10,000 “realistic” 3D furniture and décor models. Wayfair says it’s also working on its own VR and AR app that allows customers to view its catalogue of furniture in their own home.


NetBeans 8.2 releases ahead of Apache hand-off


Oracle has released version 8.2 of NetBeans. Version 8.2 is the last NetBeans release before the Java IDE leaves Oracle and becomes part of the Apache Software Foundation’s Incubator Project. New features include ECMAScript 6 support, Docker Support, PHP7 support and NodeJS enhancements.


Facebook open-sources Yarn, a JavaScript package manager


Facebook in collaboration with Exponent, Google and Tilde has open-sourced Yarn, a new Javascript package manager. Facebook are already using Yarn in production. It greatly improves speed compared to the official npm client and adds security by comparing checksums of the modules installed.


Visual Studio Code updated with TypeScript 2.0


Microsoft released version 1.6 of the code editor, bringing TypeScript 2.0 and more. Other improvements include Format on Save, Switch Windows (partially addresses this issue), search term history and more.


Facebook launches Workplace, enterprise social networking


Facebook has launched Workplace, an enterprise-focused messaging and social networking service. Workplace has chat, live video and audio calling, multi-emotional reactions and automatic translation services. Workplace has the Graph API for building custom integrations

Sign up for our weekly newsletter, with the latest facts and insights on the app economy.

News and Resources

Google planning hybrid Android/Chrome OS tablets

Welcome to DeveloperEconomics’ weekly news roundup. In this edition Google is reportedly planning hybrid devices that run both Android and Chrome, game developers boycott Oculus due to its founder’s support for Donald Trump and Google takes its Daydream SDK out of beta. Read on for the full news rundown.


Google planning hybrid Android/Chrome OS tablets

Google is reportedly planning hybrid devices that run both Android and Chrome, according to 9to5Google. The Andromeda project bakes Chrome OS features into Android and is reportedly being released on a Nexus-branded tablet and a convertible laptop. Rumours suggests the laptop device will launch in Q3 2017.


IBM releases IBM Bluemix Runtime for Swift

IBM has introduced a production-ready Swift runtime on the IBM Cloud. The release allows enterprises to take advantage of the server-side capabilities in Apple’s programming language, for building microservice APIs on its cloud platform. IBM says by unlocking Swift for enterprises it’s “reached another milestone” in its “shared journey with Apple.”


Microsoft announces 400m Windows 10 users

Microsoft says Windows 10 now has over 400 million active users. The last update on user growth was in July, when the OS hit 350, just before it ended its free upgrade period. Microsoft’s original goal was to have one billion devices running Windows 10 by 2018, but the company has since backtracked and is not specifying when it will hit the one billion milestone.


Oracle announces new products for cloud platform

Oracle unveiled 20 new products and services for its Oracle Cloud Platform at the annual OpenWorld conference last week. New products include the cloud-based Oracle Database 12c Release 2, along with an SaaS offering, which combines third party data with real-time analytics for “adaptive” app development. During the announcements, Oracle’s CTO Larry Ellison said Amazon now has “serious competition going forward.”


SoundCloud devs must submit application for API access

SoundCloud has announced changes to its API policy, requiring devs to apply for access. The application form asks devs what categories their app falls under, how it makes money and whether the app plays content from the SoundCloud API. SoundCloud says the changes were made to stop apps from using content without the permission of creators.


Mopub modular ad SDK reduces app sizes

Twitter’s MoPub ad network has announced a new SDK that lets devs cut out the ad formats they don’t use. The modular SDK means devs can save up to 60% on disk space for Android apps and up to 35% for iOS apps, without losing any functionality. MoPub says the space savings will be particularly useful for Asia-Pacific devs, where expensive data plans can impact bigger apps.


Google takes Daydream VR tools out of beta

Google has released a new VR SDK, allowing devs to build VR experiences for Daydream-ready phones and headsets. The Daydream VR SDK 1.0 supports “integrated asynchronous reprojection, high fidelity spatialized audio and interactions using the Daydream controller.” The release also supports native integration in both Unity and Unreal Engine 4.


Facebook rolls-out Profile Expression Kit SDK

Developers can now integrate Facebook’s Profile Expression media into the apps. The Profile Expression Kit lets users turn media – such as Vine videos, Bommerang GIFs and Lollicam stickers – into profile pictures. Facebook says profiles are the second most visited surface on Facebook, allowing Expression Kit apps to generate a lot of exposure.


Onsen UI 2.0 now available

The Onsen UI team has released version 2.0 of its UI framework, which helps developers create native mobile apps with HTML5. While Onsen 1.x was based on Angular JS, the new version has no library dependencies, as well as new Material Design components. The team has also released new and improved documentation to make it easier for devs to get to grips with the framework.


Developers boycott Oculus over Trump-supporting founder

A number of Oculus developers are boycotting the VR platform due to the political views of its founder, Palmer Luckey. According to a Daily Beast report, Luckey funded a pro-Trump activist group, which posted anti-Hilary Clinton ads. Developer Scruta Games said it will “cancel Oculus support” unless Luckey steps down from his position at Oculus.

News and Resources

Angular team announces final release of version 2.0

Welcome to DeveloperEconomics’ weekly news roundup. In this edition, Google announces the release of Android Studio 2.2, Oracle confirms rumours of a Java EE 8 delay and Microsoft has been crowned the new king when it comes to open source contributors. Read on for the full news rundown.

Google app ads beat Facebook with 3 billion installs

Google says its ad products are now responsible for more than three billion app install ads. The announcement follows Facebook’s claim in April that its ads have generated over two billion installs. Google says it’s also experiencing a decline in average ad prices, down 9% year-on-year, due to the continuing growth of YouTube ads.

Microsoft has most open source contributors, says GitHub

Microsoft has beat Facebook to become the organisation with the most open source contributors on GitHub. Microsoft racked-up 16,419 contributors, beating Facebook’s 15,682 and Docker’s 14,059. GitHub’s report also found that JavaScript is the most popular language, Font Awesome is the repository with the most open source contributors and Homebrew is the repository with the most users reviewing code.

Java EE 8 not ready until end of 2017

Oracle says the release of Java EE 8 will be delayed until the end of next year. The delay, which was rumoured for some time, was announced at the JavaOne conference last week, where a new roadmap was proposed. Oracle now plans to release Java EE 8 with basic microservice and cloud capabilities, before releasing EE 9 sometime in 2018 with more features.

Affectiva emotional analytics platform now free for indie devs

Start-up Affectiva is allowing any company that earns less than a million dollars a year to use its SDK and API. The Affectiva platform uses “emotional analytics” to analyse user sentiment via chatbots or surveys. The company also announced a partnership with Giphy, which will see Affectiva encode Giphy gifs for sentiment analysis.

Angular team announces final release of version 2.0

The Angular team has announced the final release version of Angular 2.0. The new version of the JavaScript framework features better support for modern browsers, modular functionality that makes it easier to use third-party libraries, and is recommended for use with Microsoft’s TypeScript. Google also says it will provide devs with more guides to learn Angular 2.0 faster.

Android Studio 2.2 released

Android Studio 2.2 is now available to download. The update brings a significant number of new features, including an improved layout editor, an activity recorder that generates Espresso code for automated testing, and an emulator that can simulate data from different sensors. The new IDE also boasts an APK analyser, GPU debugger and much more.

GitHub announces project management tools and support for formal reviews

GitHub has announced the “biggest update yet” to its platform, bringing project management features to the table. The built in Trello-like project management tool lets users move cards with pull requests and switch cards between columns such as “in progress” and “done.” GitHub also now lets devs formally approve all pull requests and leave review summaries.

Kochava releases free version of app analytics tool

Kochava has launched Free App Analytics, a tool to measure and optimise app ad campaigns. The free tool lets devs optimise campaigns across big networks such as Facebook, Google, Amazon, Twitter and Snapchat. The tool also includes a global index of integrated ad networks. However, features such as scaling are only available in Kochava’s paid Enterprise offering.

Microsoft opens Desktop Bridge for Win32 app conversion

Microsoft’s Destktop Bridge is now ready to use, allowing devs to repackage desktop apps, including Win32 apps, for the Window Store. The Desktop Bridge also converts apps to the Universal Windows Platform, allowing Win32 apps to run on any device running Windows 10. Microsoft says the bridge has already been used by the likes of Evernote, Arduino IDE and doubleTwist to bring full featured apps to Windows Store.

Oracle announces ‘drag and drop’ chatbot platform

Oracle has unveiled a new platform for building and running chatbots. The tool doesn’t require any coding experience – featuring a drag and drop graphical interface – and is positioned an easy-to-use bot builder for enterprises. According to Oracle, its bots will work with all modern messaging platforms, such as Facebook, Slack and Kik.

Google acquires API.AI bot building start-up

Google has bought API.AI, a start-up that provides dev tools for building conversational bots. According to Google, over 60,000 developers are using API.AI’s tools to build conversational experiences for environments such as Slack, Facebook Messenger and Kiki. The terms of the acquisition have not been disclosed.

News and Resources

News round up – Razer launches new fund for VR & gaming start-ups

Welcome to DeveloperEconomics’ weekly news roundup. In this edition, Blackstorm raises $33.5m for a ‘post-app store”, Razer launches a new fund for VR and gaming start-ups and Kony releases a new survey on the challenges of wearable development. Read on for the full news rundown.

Blackstorm raises $33.5m for ‘post-app store’ platform

Blackstorm has raised $33.5 million for what it calls a “post app store” solution, letting developers share apps outside of typical store fronts. Blackstorm offers a universal IDE designed to create apps that are shared across different distribution channels, such as messaging apps and mobile browsers. The company says its goal is to power “the infrastructure to trade and distribute software to all the post app-store platforms.”

Aruba announces platform to accelerate enterprise IoT adoption

HP’s Aruba has released the Aruba Mobile First platform, which aims to build a dev eco-system around its ArubaOS operating system. Aruba says the platform, which incorporates ArubaOS 8, lets third party devs quickly improve apps or create new ones based on its wireless networking technologies. The platform also collects data from IoT and mobile devices and customises networking functions dynamically in real time.

Google issues Nougat security update

Google has released a security update for Android Nougat. The update fixed a vulnerability that could enable remote code execution on an affected device. However, Google added that it’s had no reports of active customer exploitation or abuse of the fixed issues.

Korean firms consider legal action over Apple’s API policy

A group of Korean financial tech firms are reportedly launching a complaint to state regulators against Apple’s closed API policy around NFC functions. The companies complain that Apple is blocking providers such as Samsung Card and BC Card from accessing the NFC features. A similar complaint was previously lodged by Australian banks with regulators in the country.

PerfectlySoft releases Perfect 2.0 framework for Swift 3.0

PerfectlySoft has released the latest version of its server-side development framework for Swift 3.0. Perfect 2.0 features support for additional datasources, such as Redis and Filemaker, as well as “significant” performance and scalability enhancements. The company says Swift is “evolving extremely rapidly” and its framework helps developers keep up with the changes.

AWS SDK for C++ now available for production use

Amazon has released version 1.0 of its AWS SDK for C++. The SDK has received a number of improvements following developer feedback, including an improved Transfer Manager and symmetric cryptography support. The SDK also now follows semantic versioning so devs can upgrade within the 1.x series without breaking their build.

InfluxDB version 1.0 releases

InfluxData has released version 1.0 of its InfluxDB open-source time-series database. Influx DB was written in the Go programming language and is already being used by companies to monitor network infrastructure, security, container infrastructure, solar panels, and more. InfluxData says the database has been in development for nearly three years.

Box releases updates to attract more developers

Storage platform Box has released a series of updates aimed at developers. The platform now supports annotations, watermarking and new content types. Devs using the JavaScript SDK can now benefit from HD video, 3D models, VR files and 360-degree content. Box is also releasing a UI Kit that makes it easier to integrate elements into their web apps.

MySQL 8.0.0 Milestone Release is available

MySQL have announced that their 8.0.0 milestone release is now available for download. In their blog post, the engineers have outlined the most significant changes, some of which address problems that have plagued MySQL. The source code is available at GitHub.

Razer launches $30m fund for VR, IoT and gaming start-ups

Gaming hardware company Razer has launched zVentures, a new fund for investing in start-ups focused on gaming, VR, robotics and IoT. Razer is looking to fund early-stage start-ups with investments ranging from $100,000 to $1 million. The fund is based out of San Francisco and Singapore.

Survey highlights top challenges around wearables development

Kony has released a new survey looking at the challenges around developing apps for wearables. According to the survey, wearables will be “commonplace” in the enterprise by 2020 and 78% of devs surveyed said they are working on 2 wearable apps or more. Forty percent said the lack of communication between designers, stakeholders and developers is the biggest challenge for wearable development.



API Management tools: How to find the one for you

Launching an API is hard. You need to make sure your service is reliable, secure and well-documented. This is where API Management tools come into play. They provide the means to expose your API to external developers in an easy and affordable manner. One of the best definitions of API management is the one introduced by APIacademy:

But first, let us know which are YOUR favourite API management tools. Take the Developer Economics Survey and you may win amazing prizes and gear.


“Creating a centralized API architecture that makes the process of composing, securing and managing high-performance interfaces significantly simpler and more consistent.”

Features of an API Management service

API management services have a multitude of features. Their main focus is to make designing, deploying and managing an API easier, as well as to ensure that it is safe, secure and functional. Some of these tools facilitate integrations, transformations or API orchestrations. Ideally, an API management service should at least cover most of the below basics:

  1. Documentation – Sounds boring, right? Still, one of the most common problems of developers is figuring out how an API works. Development time is too precious to waste in trial and error of an undocumented API. An API management service has to provide an easy way to read the documentation and enable developers to “try before they buy”. In some cases it is even possible to provide interactive documentation. Simplicity and usability are the keys!
  2. Analytics and Statistics – It is critical to understand how people use your API and get insights for your business.
  3. Deployment – Should be flexible and support public or private clouds, on-premises implementations, or combinations.
  4. Developer engagement – Engaging with your API consumers, developer or partners is important. Getting an easily accessible developer portal will significantly facilitate onboarding.
  5. Sandbox environment – This feature will increase both the value of an API and its adoption rate. What better than being able to develop and test your code.
  6. Traffic management and caching abilities.
  7. Security – APIs carry sensitive data, so it is important to protect the exposed information. The service has to at least provide identity and access management for users and developers.
  8. Monetization – Provide the capability to monetize your API.
  9. Availability – Should be available, scalable and redundant. An API environment can become demanding and the service should be able to deal with any kind of errors, problems or temporary traffic spikes.
  10. Support of Legacy systems.

To Proxy or not to Proxy?

The vendors in the API management space provide a number of solutions across the above main categories but that does not mean they support everything. They are implementing their solution in three different ways: Proxies, Agents or Hybrid.

  1. API service providers that use the concept of a Proxy. Their solution “sits” between the customer and their users and the traffic goes through them. Proxies provide caching capabilities and protection of customer’s back-end infrastructure from traffic spikes. The main criticism they receive is that they increase the cost and bring up privacy and latency issues. Apigee, Mashape and Mashery are examples of such implementations.
  2. API service providers that use the concept of agents. Agents are plugins that integrate with your server. They do not get in the way of the API calls like proxies. As a result they do not introduce network latencies or 3rd-party dependencies. On the other side, features like caching are not easy to implement. 3scale is an example of such implementation.
  3. API service providers that use a hybrid approach. This means you may get an agent and a proxy. For example you may want to use a proxy for the caching and the agent for authentication. Companies like Apigee or 3scale we talked before are also moving to hybrid solutions.

13 API management tools

Deciding on an API Management Tool, you are faced with lots of choices. Available solutions may focus in one or two or cover many of the features discussed above and vary greatly in price. There are tools that were acquired by bigger vendors like Intel or CA or Microsoft. Open source tools are also available. Last but not least, some tools are heavy enterprise focused and other much less so.

Name Type License Stackoverflow questions Market segment Strong Points
3scale Agent, Proxy Commercial 15 Startups to Enterprises Wide range of tools
ApiAxle Proxy GPL 9 SMBs to Enterprises
Apigee Proxy Commercial 598 SMBs to Enterprises Powerful Analytics
Axway Proxy Commercial 9 SMBs to Enterprises
CA Layer7 Proxy Commercial 35 Enterprises Advanced support for mobile applications
IBM API Management Agent, Proxy Commercial 17 Enterprises Large Scale, User friendly
Mashape Proxy Commercial 106 Startups to Enterprises Monetization, discoverabilty
Mashery Agent, Proxy Commercial 57 SMBs to Enterprises API strategy services
Microsoft’s Azure API Management Agent, Proxy Commercial 262 Startups to Enterprises
MuleSoft Proxy Commercial 134 Enterprises Based on proven open source technology, programmableweb
Oracle SOA Proxy Commercial 213 Enterprises Large scale, SOA
Akana (formely SOA Software) Proxy Commercial 3 Enterprises
WSO2 Agent, Proxy Apache 4421 Startups to Enterprises Open source


3Scale is very active on the API management space with a wide range of customers, ranging from startups to enterprises. They provide a hybrid solution to help you deploy, manage, distribute and monitor your API. They offer an on premises API management solution along with cloud based API administration, analytics, reports, developer and partner portal.
More about 3Scale:


Mashape does not offer an API Management service per se. They provide important features that are part of such services though. You may test an API, generate code, and get a developer portal and user management. Most importantly they provide out-of-the-box monetization, a developer community and discoverability through their API marketplace.
More about Mashape:

Microsoft’s Azure API Management

Microsoft’s Azure API Management became available to the public rather recently. You can provide and manage an API, get developer portals, documentation, security management, performance management, statistics and analytics. They have on-premises and cloud versions (not limited to the Azure cloud).
More about Azure API Management:


Apigee provides a range of services, from free API tools for developers to large API management solutions for enterprises. Their solution can be deployed in the cloud or on-premises. They offer API analytics, developer portal, transformations, traffic and performance management. Apigee seems to provide the richest API analytics platform compared to other companies. In mid-2014, they launched the new version of their big data predictive analytics platform.
More about Apigee:


Mashery is an Intel company since 2013. They provide an all-around API management solution that supports SaaS and on-premises implementations as well as a few hybrid oriented ones. Their services cover from API technology and infrastructure to business strategy.
More about Mashery:

CA Layer7

Layer7’s API Management is heavily enterprise directed. They offer on-premises and cloud deployment solutions. Their services range from integration, security management, performance management, mobile API gateways, mobile optimization and developer portals. CA’s support for mobile applications is considered to be more feature reached compared to other solutions.
More about CA:

IBM API Management

IBM’s solution comes either as on-premise or cloud hosted. It covers a lot of the API management needs of a large company and it is considered a much user-friendly platform.
More about IBM API Management:

Oracle SOA

Oracle provides an API Management solution that consists of its API gateway and SOA suite. The API gateway is used for securing and managing APIs and as a first line of defense in SOA environments.
More about Oracle SOA:


MuleSoft’s solutions is based on open source technology. They offer easy API design, advanced integration and testing features. It is widely used and they also work a lot with developer communities.
More about Mulesoft:

Akana (formely SOA Software)

They provide a unified Enterprise level API management and SOA Governance solution. It can be implemented on-premises or in the cloud. They offer a horizontal solution from design and building an API to policies, security and lifecycle management.
More about SOA Software:


They offer an API Gateway that provides everything you need to develop, integrate and manage APIs. They provide security management and of course an API Portal for developers and partners.
More about Axway:


WSO2 is considered the most complete open source solution today. It covers API integration, management, identity and mobile. It supports public, private clouds, and hybrid implementations. WSO2 follows an open development process, where customers can provide input.
More about WSO2:


It is an open source API management and analytics solution. It is a proxy that sits in front of your API and manages caching, security, performance and traffic. As an open source project, you may contribute to its code base.
More about ApiAxle:


Not all companies launch API programs and not all API programs have the same goals. Some APIs are used as a revenue model or part of a product or service, others are free. Certain APIs are used to provide access and information to an ecosystem of companies. As the requirements vary, the tools diversify. So choose your API strategy and pickup the right tool.


Which are your favourite tools? Let us know and shape the future of developer economics. Take the survey.