Simon Palmer’s blog

December 15, 2008

Shirlock Holmes and the case of the broken API

Filed under: Uncategorized — simonpalmer @ 9:43 pm

I’ve been adding integration points between my apps and for the last couple of years and I think that it is cool that you can create mashups with a real piece of a company’s operational infrastructure. There’s no doubt that having their API available publicly across the web affords me some very intriguing opportunities in terms of value added application creation.

And, I have also managed to almost completely remove the need for any Administration interface in my application because I can devolve the data acquisition tasks to my users – even though they aren’t the most patient or technically able crowd. This makes a great story, and a much simpler solution.

I have grand visions of supplanting the entire user experience piece by piece by building it into process driven appealing interfaces that people will enjoy interacting with and are designed to fit in with people’s day to day activity – rather than the reverse. But that’s naked ambition. I’ll get there, but it’ll take me a while.

And meanwhile I have the sticky issue of suddenly being unable to access their API at all through the front door due to a bug which they must have introduced with a recent change to the cross domain security policy they enforce.

My particular situation may be reasonably unique in that I am writing Flex interfaces and hosting them on my own servers, i.e. I am not using the platform, nor visualforce or anything like that, I am standing on my own little planet and relying on then keeping the radio on at their end so I can continue talking to them.

Just recently they changed channels. All of a sudden access to their app from outside stopped working from within my app. After posting on the developer boards (here and here) I spent a frustrating couple of weeks in complete darkness. I even posted on StackOverflow (here and here), but (predictably) didn’t really get what I needed.

So, I dug out my curly pipe, put my deerstalker and cape on and turned detective.  I followed a few of the responders links back to their blogs and posted questions there to see if they would divulge the names of their contacts to me. At the same time I trawled the open source code I use for the Flex / bridge looking for any unsuspecting email addresses embedded in code headers. Sure enough I found some.

After about a week of sending out my messages in bottles, all of a sudden I got lucky and was put in touch with a support engineer and one of the original developers on the flex interface.

From that point on it was just a matter of proving that the issue was not just me being stupid and to create a test case which was reproducible outside my software. Thanks to James Ward’s I could show that me and all my users hadn’t just forgotten our passwords and security tokens in some mass amnesia event, but there genuinely was a problem.

Turns out that they did introduce an issue which means that if you connect to the API through the www front door you will get bounced because it cannot resolve you to your designated server (you have a designated server because they balance traffic load by providing affinity between accounts and servers at their end).

The workround I have had to implement until they fix the issue is to get my users to provide the server that they are attached to. This is a *horrible* thing to ask them to do as it makes me and my software look techy and klunky and if they get it wrong it fails and I look buggy and… sigh. Fortunately all they need to do to get their server is log in to directly and they can see it in their browser address bar, but even so, it is a horrible experience and exactly the opposite of the carefully crafted non-technical image I am trying to present.

As for a fix; now that has acknowledged there is a problem – which they did very graciously, I add – I don’t have a way of tracking it. And I think this is the most frustrating part of all. Unless you are really in the family it is hard to get much traction with them developer to developer. I think that if they really want their platform to take off they are going to have to move a long way towards the immediacy that you get from an open source developers forum trying to do the same thing.

Actually, at the end of the day, I think that they are likely to fail in their aspirations to make the platform the operating system of the enterprise web future precisely because they are not culturally disposed to the mindset of openness and freedom that is relied upon by developers.  And that will turn developers off. Until that changes they’ll remain an expensive clique.

As for me tracking my issue, I am supposed to contact my partner representative (a person I have never had any contact with and from the spam I get has changed 9 times since I started working with their API) and get a tracking number. It would have been a lot easier for me if the support person I was talking to could have done that, but hey, that’s all part of what have to learn before they get it right.

Meanwhile I check daily in case they have done it yet.

Try it yourself if you have a account, I have posted details and instructions here.

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: