Matt Mower, working at PAOGA, is raising a very interesting point about the boundaries beyond which APIs are no longer a bless.

Where API’s make clear sense to me is stateless lookup services. Google Maps for example, I can totally see why I want the ability to get maps for locations and directions between them. No problem there. But where API’s make less sense to me is when things get personal.

For example I don’t want Amazon to give me an API to lookup information about my book purchasing history with them. Or the Four Seasons to give me an API to update my room preferences. Or anything which is really about me.

Generally APIs are considered the distinctive mark of Web2.0 applications, but I agree with Matt that this is not always the case. When it comes to handling personal data, Matt prefers to talk of dataslots.

Named, opaque, stores where an organisation can put a sanitized version of the information belonging to me and keep it up to date.

This definition really fit with the online password manager that Giulio Cesare and me are slowly implementing: a secure digital vault for confidential data. That is to say a special kind of dataslot where the organization storing and managing it (Clipperz Srl) does not have a clue about the content of the dataslot and its owner!