Frequently Asked Questions

What is an API?

→ API stands for "Application Programming Interface." Basically, an API is how devices and systems talk to each other to share data. Since web applications are generally built with a modular architecture; for instance, a iphone application that display current weather conditions will request data through an API. The iphone will make an HTTP request to a web server, who returns data on current weather conditions. APIs have been around for decades, however recently business are seeing a benefit to publish APIs to the public, and creating a cost-effective distribution channel for their unique content and services.

Do I need to have an API to use Mashery?

→ Mashery provides the supporting infrastructure around an API, however the actual data service is specific to you business, so you need to have a web service to take advantage of the Mashery solution. The advantage of Mashery is once you have exposed a data service, the rest of the solution is taken care of by Mashery.

I already have an API. Do I have to change my API to take advantage of Mashery?

→ Absolutely not! We recognize that you already have developers who have built applications using your API, and we have designed our service to minimize the impact on your existing developers - and, of course, on your own engineering team. You can continue to use your API, and even your existing developer keys within Mashery. Additionally, we provide protocol translation so if you had say a SOAP based web service, Mashery can protocol translate that to REST for external consumption.

How is Mashery different than other API Management providers?

→ We at Mashery understand that winning APIs rely on a holistic approach that encompasses a well thought out strategy, rich developer community, superior API infrastructure management and operational excellence. With our API expertise, Mashery has helped launch and manage over 100 API programs, a network of more than 70,000 developers and more than 10,000 live applications. We provide our customers with industry leading platform strategy, innovative developer community, cutting edge products, and operational expertise to design, implement and manage their successful API programs.

What support services does Mashery provide?

→ The Mashery customer support team acts as a true extension of your IT department. Our insight into each and every API call means we are on the front lines responding rapidly to any issues, reacting quickly and effectively.

What size developer communities can you accommodate?

→ Mashery is an effective way to manage communities of half dozen developers, or tens of thousands. Whether you are looking to do a small, private group of external partners or encourage widespread adoption of your web services, our tools will scale to your needs.

Can you really scale quickly enough to accommodate the growth of web services?

→ Absolutely! Our engineering team has experience building and maintaining high-volume services running a wide variety of applications, and we have built Mashery to accommodate high volumes. Our entire service runs on Amazon EC2 and S3, so we can add new server capacity in minutes as needed.

What if I have already issued developer keys - do my developers need to re-register?

→ No. We will work with you to integrate your keys - and, if you want - your authentication database - with Mashery so that your users will be able to use existing authentication with Mashery.

How secure are your developer keys?

→ Mashery issues 24 character, randomly generated developer keys based on microtime and randomly generated salts.

How does Mashery handle rate limiting?

→ Mashery supports two forms of rate limiting for each API it manages. First, the API vendor specifies how many calls per second they are willing to accept from a particular developer key to avoid a particular developer overloading the API from a burst of activity. If they exceed that, they will receive an HTTP/1.1 403 error ("Forbidden - Over rate limit") until the next second begins. Second, the API vendor specifies how many calls each developer key can make over a predetermined period of time (generally a day or a month, but it is configurable). If they exceed that, it is up to the vendor how we handle - we can allow the traffic but notify the API provider and the developer, we can return a 403 error, or we can create a notification, but allow the overage up to a certain higher level Mashery API access tiers provide varying levels of API access to internal, partner and third-party developers. API access tiers create a foundation for opening up content to the public or based on established business relationships, providing a viable framework for companies to monetize online data.