Most of the world is probably aware of the 5th Amendment to the Constitution of the United States. Most countries have their own version:
No person … shall be compelled in any criminal case to be a witness against himself…
While it is an essential part of a good legal system, we all know that there’s always a cloud that hangs over its use in certain situations. Why did they take the 5th? What are they hiding? For individuals, it’s a right and it should be defended. But what about an API? Compare the 5th Amendment to this clause from a fairly standard API Terms and Conditions of use:
You agree not to use, nor permit any third party to use, the Developer Platform to access the Developer Platform for competitive purposes (including to connect to a competitive product or to create your own competitive product) or publicly disseminate performance information or analysis (including uptime, response time and/or benchmarks) relating to the APIs.
The first clause is extremely fair. No, having access to an API should not grant permission to build a competing product using another suppliers technology. But what about the second clause?
We have a lot of issues with this.
First, why wouldn’t you want to publicly disseminate performance information on your APIs? The question that comes up is, what are you trying to hide, and who does provide that data? When we’ve asked that question of people who’ve pushed back about our product being used to verify SLAs, they’ve been clear – they provide all the SLA data that their customers need, thank you very much. Second, we have had clients read this to mean that their customers and partners – people either paying them for API access, or providing business necessary access to an API for information where both parties benefit – cannot independently verify what the performance of a particular API is. Basically, they provide all the SLA data and what they say is the truth.
That’s not good enough.
Monitoring isn’t about the cloud IT version of taking the 5th. It’s about a providing a distributed and open way of doing business that needs to be transparent and independently verifiable. Service Level Agreements must be the same, otherwise they’re essentially meaningless.