The Internet as we know it today is built on APIs. Services like Twitter and Facebook wouldn’t have grown as large as they are today if they hadn’t allowed developers to build on top of their data. If those APIs disappear without warning, it can lead to real headaches for those developers.
That’s exactly what has happened to iOS app developer Malcolm Barclay. His two apps aimed at public transport users in London, London Travel Deluxe for iPhone and London Tube Deluxe Pro for iPad suddenly stopped working a week ago. The reason? The Transport for London journey planning API that the apps were built on was removed without warning.
Barclay says in a blog post about the incident that London Travel Deluxe has been downloaded 100,000 times and has 35,000 – 40,000 users per month, including blind and visually impaired people who rely on iPhone VoiceOver features which are built into the app.
In the week since his apps stopped working Barclay says he has been in the dark, simply being told “There was a vulnerability”. Late yesterday, following his blog post, he was contacted by Transport for London and told the API was taken off-line as part of security update and that the capital’s transport authority was “working on restoring the service ASAP.”
A happy ending? While Barclay will be relieved to hear that his service will be restored, he relies on the apps he develops as his sole source of income. With his two London transport apps having already been offline for a week, it wouldn’t be surprising if many of his regular users had defected to rival apps which use different sources of data. Meanwhile, Barclay has been forced to remove the apps from the iTunes App Store and his reputation as a developer has potentially been damaged in the eyes of users who don’t know the reason for the fault and simply see a “broken” app.
This case shows why developers need to be aware of the real risks of building businesses that reply on web APIs. It also shows that those who run APIs have a responsibility to treat developers who use them with respect and be aware that any changes can have serious implications on developers’ livelihoods.
UPDATE 27 October 2010: Two days after this post was published, the API was restored. You can read Malcolm Barclay’s thoughts on his blog here.
It’s a fair point but any developer should know about this as a very immediate and possible risk. You normally assess that risk dependant on the financial backing or established nature of the company providing the API. However the bigger point is the providers of API’s, who want them used, do have a responsibility to developers to either provide a (out of date) backup stream on their API or notify properly of down time.
Secondly if the data allows for caching (backup) on your side so your app doesn’t rely on an API to run that is some safeguarding. In the case of the transport information that doesn’t really work as the longer the data is out of sync and not up to date the less useful it is. As a commenter says here a real risk of the app was depending on that feed being available and here demonstrates a flaw in that approach, not that he necessarily had any way around it.
I can’t see any reason for removing what should be publically available data, any security risks are posts into the system and so why this affects read only data only TfL can answer with some technical detailed information.
I think in the future we’ll seen an improvement in communication as these apps become more of a revenue stream for the API providers – especially public service organisations that are going to need the revenue they can provide.
Its more that likely at the moment that there is a lack of mediation between developers and the techies who are responsible for the data.