This is a guest post by Trevor Tye of http://www.optionkey.ca/
APIs and OpenID: What are they?
In today’s wonderful computing world you have a number of really popular companies (such as Twitter, Google and Facebook to name a few), and they have a huge user base. To allow these users access to your web services you can use something called an API or Application Programming interface.
An API allows a programmer to integrate a product or service into their particular product or service (such as a WordPress blog). An example would be having a Gmail account and creating or accessing your WordPress account. This is made possible by their APIs (which is why you see buttons like “Connect with Facebook” or “login with your Gmail Account”).
Plugins such as the WordPress Open ID plugin allows users to login to their local WordPress account using an OpenID. This also allows the enabling of commenters to leave authenticated comments using OpenID. The plugin also includes an OpenID provider, enabling users to login to OpenID-enabled sites using their own personal WordPress account. XRDS-Simple is required for the OpenID Provider and some features of the OpenID Consumer.
Since the focus of most OpenID providers (such as Google, Yahoo and AOL) is in identity management, they can be more thorough about protecting your online identity. Most website operators are less likely to be as dedicated to protecting your identity as the OpenID providers, whose focus is on securely hosting user identities.
A good API that most people should have integrated into their website is Open ID. OpenID is a safe, faster, and easier way to log in to web sites. Check here to set up an account: http://openid.net/. You will then be able to use an account you already have (so long as that account uses OpenID) to login and join your site or web community without having to fill out an additional sign up form.
OpenID is very useful when setting up a website with a CMS like WordPress as well. The web developer that sets up such a site can then allow you to use an open ID login to access the site.
What are some benefits of using OpenID?
Most websites ask for an extended, repetitive amount of information in order to use their application. OpenID allows you to sign in to websites with a single click. Basic profile information (such as your name, birth date etc) can be used to pre-populate registration forms, so you spend more time engaging and less time filling out annoying registration pages.
Allowing the user to use Open ID will help reduce frustration and keep the user to a minimum number of multiple usernames and passwords which they may find difficult to remember. Since password recovery process is tedious the user will be more inclined to use the site that makes it easiest for them to use. However using the same password at each of your favorite websites poses a security risk. With OpenID, you can use a single, existing account (from providers like Google, Yahoo, AOL or your own blog) to sign in to thousands of websites without ever needing to create another username and password. This makes OpenID is the safer and easier method to joining new sites.
OpenID is a decentralized standard, meaning it is not controlled by any one website or service provider. You control how much personal information you choose to share with websites that accept OpenID. Multiple OpenIDs can be used for different websites or purposes. If your email (Google, Yahoo, AOL), photo stream (Flickr) or blog (Blogger, WordPress, LiveJournal) serves as your primary online presence, OpenID allows you to have a portable identity across the web.
Many web users deploy the same password across multiple websites. And since traditional passwords are not centrally administered, if a security compromise occurs at any website you use, a hacker could gain access to your password across multiple sites. OpenID is more secure because passwords are never shared with any websites, and if a compromise does occur, you can simply change the password for your OpenID, thus immediately preventing a hacker from gaining access to your accounts at any websites you visit.
Use of APIs to share content
The practice of publishing APIs has allowed web communities to create an open architecture for sharing content and data between communities and applications. In this way, content that is created in one place can be dynamically posted and updated in multiple locations on the web.
- Photos can be shared from sites like Flickr and Photobucket to social network sites like Facebook and MySpace.
- Content can be embedded, e.g. embedding a presentation from SlideShare on a LinkedIn profile.
- Content can be dynamically posted. Sharing live comments made on Twitter with a Facebook account, for example, is enabled by their APIs