Apply HN: Brightwork – Making APIs More Intelligent
Meet Brightwork.
Brightwork is an API Developer Tool. But it’s so much more. With Brightwork Developers can now see usage information as well as performance information about the APIs they use with their application. They can also see cost projections for their APIs as it relates to competing APIs. However, we take it all a step further. Now Developers can simply click a button in the Brightwork dashboard and switch APIs without having to write one line of code. We do all the heavy lifting in the integration layer and move the API so Developers can spend more time building applications that are agile, meaningful, saves them time, and ultimately money.
On top of offering all of this intelligence with their APIs, we’re offering full stack profiles. These are what we’re calling “BrightStacks” but are pre-built API bundles that can be used in their full stack. So instead of programming these services individually, entire stacks can now be turned up in minutes, not hours or days.
http://brightwork.io
60 comments
[ 3.1 ms ] story [ 127 ms ] threadWith that said, I'm not sure I 100% grasp what Brightwork does from your description and website. Maybe you could describe a specific use case of how it would help me as a developer?
It seems that one of the use cases is easily switching between APIs that serve the same purpose (eg Google Maps to Mapbox). How big a use case do you think this will be? Ie if I use the Facebook API there's is no replacement. I have to use their API if I want to use their platform.
For our first sets of APIs we'll probably focus on payment since this is where we've heard consistently that this is a struggle. Either users cannot effectively switch easily or they want to use more than one. So we're focusing there.
As for APIs that may not have another solution like Facebook, not sure there's much we can do there. We're offering social integration for FB, Twitter, Github, etc.
Hope that helps.
a.) a number of new databases have come out recently that don't fit nicely into the SQL query paradigm
b.) many of the early ORMs (Hibernate, ActiveRecord, etc.) had terrible performance and that unfortunately has tarnished the reputation of all ORMs.
and c.) people try to use an abstraction layer, and then they actually switch databases and find out that the abstraction layer hasn't actually saved them any work.
It remains a contentious topic. Most programmers I know who learned to program in the 2000s think that you're crazy if you don't use an ORM, and setting yourself up for a lot of pain. Most programmers I know who learned to program in the 2010s think that you're out of touch if you do, and missing out on many of the new features in their favorite database. Most programmers I know who learned to program in the 1980s look on with amusement, because they know that the tech industry is driven by fads and you're screwed no matter what you do, so just muddle your way through it as best you can.
Be aware of this as you craft your messaging to different groups: this is not an effective comparison for the post-Node, post-mobile-app developers I know.
Will all of my API calls have to be proxied by brightwork? If so, is the only benefit to lock-in the cost projection?
All of the API calls go through Brightwork's API and the benefit is that you can have all of the information you're looking for in one place rather than cobbling together a number of solutions to get the same information. In the Brightwork dashboard you can now see performance (jitter, packet loss, etc), usage data, and cost projections.
We also have "BrightStacks" which are pre-bundled APIs that allow you to stand up an entire full stack in minutes.
Security is always a high priority and a fundamental feature for any stage of business. That is especially true when credentials and authorizations are intertwined.
It is SSL*.
Thanks, Josh.
As far as SSL/TLS you've got to generate a CSR, get it signed, go poke around in your load balancer and/or application server to reconfigure appropriately, and very probably iterate on your cipher list until SSL Labs (or equivalent) looks good.
If that isn't a contentious view, then I'll go further, building a product has hundreds of these "miniscule" tasks (your words) and added together that's significant time. Whilst you might not agree with the prioritisation, the response that they'd prioritised feature work over ticking off this box was at least honest.
Hat tip to the team for communicating so well in this thread.
If you need an instructional video on how to complete such a trivial task, let me know. I guarantee it will be less than 5 minutes on a variety of environments. What "hundreds" of these tasks are you speaking of? Please meticulously explain rather than fluff your speech to make the process seem more debilitating than it is.
Also: minuscule
Both solutions offload infrastructure hosting and management.
To get started on the Brightwork platform all you need to understand is basic RESTful services, JSON and JavaScript.
Our hopes is that on boarding a new developer on the platform who has the aforementioned skills will only take about 10 mins of setup and learning time.
The main reason is that you only need to learn the Brightwork constructs: BrightStacks (vertical APIs, Data, Storage, etc), BrightPacks (pre-bundled code and workflow, e.g. user registration) and BrightBots (your code).
In the future we hope to build a community around BrightPacks. Allowing users to contribute. For Example, the Core BrightPack will offer user authentication and registration. However, it will not offer secondary SMS verification. Maybe someone would want to build that and offer it as a public BrightPack for others to leverage.
Thanks for all your feedback!
It's hard to say by a simple landing page but the service looks quite different in terms of offering.
The visual workflow builder of Stamplay is just a fraction of the whole offering and can be used by developers to orchestrate services or build business logic of their apps quicker.
Aside from that we to offer out of the box User authentication and management API, social signup, Data storage API with automatic generation database and REST API on top of the data model you define, Serverless code execution to implement any custom logic (AWS Lambda like), 3rd party API integrations (Stripe, Sendgrid, Twilio, Firebase, AWS SNS, AWS SQS.. and more), Cronjobs, Webhooks, CDN backed hosting for static assets with SSL + custom domain support.
As long as you understand basic RESTful services, JSON and JavaScript you can use all our core API. Modularity is a key factor of our platform and developers can already share "Code Blocks" to add specific features to their apps.
Brightworks seems more close to be an API design tool and to manage it over the time but I look forward to see more :)
How would you address these objections regarding the risks of using Brightwork? (i.e. what if you guys go down, get too expensive, stop working, get acquihired, etc...)
And what's the expectation that Brightwork is going to fail vs expectation that the underlying service (Google, Mailchimp, etc) with a proven track record is going to fail?
Maps Email Analytics
I'm very interested to see how beta turns out. Your success heavily depends on enterprise and developer adoption. The fact that you're also baking in API analytics makes me think that you're likely going to pivot to full-blown API traffic/analytics platform in the next few months (ala Mashery).
We're not seeing much adoption in that space either as service-end products are doing the majority of that work already (ie ELK stack). Very interested to see where you guys go with this.
Is there a natural pairing between "monitor my APIs" and "switch between APIs"? I guess what I'm wondering is, if "monitor my APIs" is valuable, do you have plans to prod them synthetically so you're not vulnerable to, e.g. missing an outage because nobody buys things via Stripe at night?
1) What APIs has your team built before that qualifies them to build this?
2) How will you manage changes, bugs, and obscure documentation issues in the APIs that will be made available through you?
3) Will your API cache results from participating parties?
4) What language will the API be written in?
5) Regarding API access security: How will you handle access to multiple APIs for the same client when each API requires a different set of tokens?
6) What kind of security (aside from having an encrypted connection) will this system have?
1) I wrote my first API in 1998 to connect field agent laptops to DARPA's web interface for incident management. Been building distributed systems and APIS for private enterprise ever since. Unfortunately, this my first publicly available product.
2) A combination of things, lots of questions here. Major versioning will control access to new features or structural changes in features. Bugs will be patched as often and quickly as possible in a minor release. Obscure documentation problem will be blogged about and then linked into the BW docs. Registered users will receive communication about all the aforementioned items via email or inline in the BW dashboard as notifications.
3) No, at this time we will to support upstream API caching.
4) There are many subsystems involved in BW. Our core is written in NodeJS.
5) Every upstream API endpoint is tracked by BW, we keep audit and metric logs. Each endpoint that requires authentication will interact with Vault (https://www.vaultproject.io) for requesting and storing credentials.
6) There are multiple layers of security with BW. - SSL, to secure the wire - Network (public/private), the only publicly exposed system is the proxy. The proxy is responsible for all traffic in/out of BW. - App Token, All upstream API calls including BW services and 3rd party API services require authentication to the proxy using an app token. The app token is unique to each app you run on BW and using ACL security will allow access to only the services provisioned for that app (data, email, storage, user auth). - User Authentication/ACL, every BW account is secured from one another using ACL security. Audit logs are maintained for all requests made in BW. - Endpoint Security, as mentioned above if you are connecting to an upstream API endpoint that requires a token then BW will use Vault.
Thanks!
I have some questions:
1. What is the incentive for your enterprise customers to pay? If I classify your potential customers as (a)students, (b)hobbyists, (c)freelance developers, (d)startups, (e)small scale operations, (f) large scale operations, my first guess is that groups (a),(b),(c),(d) and (e) would use this service as opposed to building something in home, only (c), (d) and (e) would choose to use a "paid enterprise" solution and only (e) as potentially continuing to pay 5 years down the line. I don't see anyone continuing to pay for 10-15 years. I don't mean this as a judgement on your idea (it is my uninformed opinion in the end), I just want to hear your thoughts about this and how you think the market will play out.
2. While building your company, you will develop talent and technology in house that might prove to be more valuable than the product you offer. If this happens, what possible avenues do you see to take your company into more diverse markets? What can you potentially get into?
3. Do you plan to build an maintain a developer ecosystem around your product? If yes, what do you imagine it will look like?
4. Five years from now, how will you keep your documentation in order keeping in mind that APIs that plug into brightwork will keep changing, be fluid, and not support all international languages that you may have to support for your enterprise customers?
5. Are you familiar with the npn and kik stories recently? How would you have handled it assuming you operated strictly under the values you have set for Brightwork?
Thank you, and I wish you and your team the very best!
Q) What is the incentive for your enterprise customers to pay?
A) We have a few enterprise customers we're working with in which they want to take certain parts of our technology and roll it into their internal infrastructure or their own product offerings.
As for where the market will pan out, APIs are becoming more and more prevalent. Companies are starting to charge to access their APIs rather than just make them open to do whatever Developers want. So I don't see APIs going away anytime soon. Whether that's 10 years, 15, etc I really don't know. I believe they'll become more important as we roll into the new realm of VR and IoT.
Q) While building your company, you will develop talent and technology in house that might prove to be more valuable than the product you offer. If this happens, what possible avenues do you see to take your company into more diverse markets? What can you potentially get into?
A) This one is tough to answer because it's a huge hypothetical. Overall we want Brightwork to become a trustworthy platform that makes the development process more efficient and more accessible. Programming is the new literacy and we want Brightwork to be the platform that Developers trust can scale their solutions quickly and reliably.
Q) Do you plan to build an maintain a developer ecosystem around your product? If yes, what do you imagine it will look like?
A) Absolutely! We are setting the pieces together today to build out our Developer Evangelist program. We've all seen other companies do this well and their solutions end up being the "go to" technology. We want Brightwork to be built for and by the Developer Community.
Q) Five years from now, how will you keep your documentation in order keeping in mind that APIs that plug into brightwork will keep changing, be fluid, and not support all international languages that you may have to support for your enterprise customers?
A) We do this by staying ahead of this today and not putting ourselves in a position to fall behind or create documentation that provides no value. I'm a firm believer in more information is better. Today, we're putting together the documentation infrastructure to ensure we can quickly deploy incredible and accurate docs that are meaningful and valuable to the Developer Community.
Q) Are you familiar with the npn and kik stories recently? How would you have handled it assuming you operated strictly under the values you have set for Brightwork?
A) Not specifically familiar with what happened here. Might need some context.
Thanks!
Is this concept against the terms of third party APIs like Twitter/Facebook?
I have not seen anything in the terms that would put us of of compliance.
One friend who went through a top 10 accelerator pivoted their startup into your idea exactly about a year ago. On the surface it sounds great.
It didn't work out for a few reasons, but one of the most prominent was: When you abstract an API over several services you end with the lowest common denominator of features (losing anything that makes one better/unique... not every category is a commodity).