APIs Considered Harmful
I have an uneasy relationship with APIs. Part of me thinks that the
concept of an API is the most useful abstraction since binary logic.
Part of me thinks that APIs are a root cause of a wide range of ills,
including vendor lock-in and exploding software maintenance costs.
This week, I am firmly in "I don't need no stinkin' API" mode. I have
been doing some Web application development that involves uploading XML
instances to a Web server programmatically by performing HTTP POST
requests. Basically, my task was to do, programmatically, what a
browser does when it submits an HTML form.
My first port of call was the truly indispensable Ethereal
(http:\\www.ethereal.com). This is a free network protocol analyzer
that allows you to monitor what is happening on a TCP/IP network.
Using Ethereal, I was able to launch my browser and get to the point
where I was submitting the "Upload XML" form. I then started recording
HTTP traffic with Ethereal.
When the upload was done, I was able to look at the HTTP POST request
and response pairs to figure out what my program needed to do to
emulate what the browser had done. So far, so good. I dug out my trusty
development tools, which positively ooze APIs for doing this and that
on the Web, and set to work.
It was all downhill from there. Each HTTP API I tried had a different
conceptual model describing what was going on underneath. Some allowed
me to accumulate HTTP headers by tacking them together. Others provided
a hashtable interface that enforced the uniqueness of HTTP header
names. The former type did not support MIME-encoded payloads; the
latter supported MIME, but in using them I could not control the order
in which the headers were omitted, making it *very* difficult to know
if the stuff I was generating was the same as the stuff recorded in the
Ethereal traffic log.
Some APIs blurred the distinction between URL-encoded parameters and
body-encoded parameters. Some handled redirects transparently, others
did not. Every one of them had a different view on cookies, ranging
from "cookies are just another HTTP header" all the way to "cookies are
the one true reason for living."
After a few days of this, I gave up and went back to basics. "How hard
can it be?" I said to myself.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
