[jeffreymcmanus]

This is the kind of thinking which, taken to its logical conclusion, compels people who exist on a certain brain-disorder spectrum to build a cabin in the woods and live there.

Every business has dependencies and suppliers. This includes the magical Google. Did you ever notice how many copyright notices appear at the bottom of every Google Maps page? Did you ever wonder why those are there? It's because Google licenses data and technology from third parties to make their Maps product happen. How does the data get there? That's right, through an API.

An API is just another kind of supplier. Every business can be disrupted by its suppliers, and that's true for APIs as well.

As a thought experiment, to test how sensible this rant is, replace the word "API" with the following other kinds of suppliers: hosting provider, internet service provider, payment processor, employees. All have the potential to disrupt your business. What matters is what your contingency plan is.

[ecommando]

Interesting viewpoint, Jeff...

Google licenses the data, but has the resources to acquire the data, and the company that owns it. If you go to the vendor and try to license the data, the cost is now so high that a startup without funding will be unlikely to afford it.

With the exception of "employees", you are correct.

Each is a single point of failure that should be considered, each with its own set of criteria. If there is a sufficient supply of vendors, then the single point of failure (or sourcing in this case) does not pose a threat to your "business".

In the event where the payment processor keeps your customers credit card information, for example, you risk losing your customers when you have to go back to your customers to re-acquire the data should the provider cease to exist, or their policies prevent them from being used. This can be mitigated by using gateways that don't hold the data (like PayPal) as an exclusive processor, and managing that data yourself.

Risk mitigation should be applied to every aspect of your business that has a reasonable risk of becoming a choke point for operations.

R

[jeffreymcmanus]

Google licenses the data for the same reason you do -- because creating the kind of business they want to create is prohibitively expensive to do otherwise.

Google has resource constraints too. They can't pour billions of dollars into their Maps product (or any other product) just because it's cool. There has to be a reasonable return. And just because they're operating at a different scale as you doesn't change the fundamentals.

[ecommando]

| And just because they're operating at a different scale as you doesn't change the fundamentals.

What? Which fundamentals?

Google licensing the data from the provider doesn't make it less expensive for anyone else, it makes it more expensive. They get exclusive licenses that allow them to resell access, thus removing a potential vendor from the pool of possible vendors, and making Google ultimately the only vendor available as they tie up the access points.

I suppose as long as you're okay with Google controlling your access to the information you require, full steam ahead.

That still doesn't change the fact that you no longer control the future of your business. If that's the path you choose, Google owns your business. If they decide to deprecate the very data your business depends on, you're done.

[okaramian]

A car is basically the implementation of a large series of APIs

[ecommando]

Except that throughout the years, the manufacture of cars has become commoditized, and there are many more engine manufacturers than there were, so it's virtually impossible for a single manufacturer to corner the market on engines. Additionally, since the parts can all be fabricated by a multitude of vendors, there's no risk to the car company of a single point of failure.

[jeffreymcmanus]

OK, so your argument isn't about APIs, it's about single points of failure. Great. Manage that problem.

[ecommando]

It's about risk mitigation as it pertains to the use of third party APIs. I believe there are too many startups basing their businesses on the APIs of others.

Had I simply written about risk mitigation, it would have been up to the reader to apply it to the use of API's, which clearly startups are not doing.

With respect to the use of those APIs as a core business function, the viability of their continued use is only as secure as the CEO of the company that offers them is honest.

If history is any measure, that's not very secure.

[jeffreymcmanus]

Every technology company, without exception, bases their business on the API of others.