« BerkeleyDB & other distributed high performance key/value databases | Main | Product: Yslow to speed up your web pages »

What is Mashery?

In the Amazon Services architecture article the podcast mentions Mashery. I went to their site at, but I can't quite figure out what it is. They want to:

Unleash and manage channels for your API responsibly with Mashery’s combination of security, usage, access management, tracking, metrics, commerce, performance optimization and developer community tools.

An example would help, because I am not getting it.

Reader Comments (4)

Mashery lets you outsource the technical infrastructure of your API... it seems to be aimed at companies who think they need one, but don't want to be bothered with its upkeep. Seems like a contradiction to me - an API is such a core component of an application, how could it be outsourced?

November 29, 1990 | Unregistered CommenterMichal Migurski

> an API is such a core component of an application,
> how could it be outsourced?

Agreed. But I would be interested in hearing their take. Obviously the envision some sort of market niche.

November 29, 1990 | Unregistered CommenterTodd Hoff

You can outsource the boring but necessary parts of your API to mashery. They handle the rate throttling and the authentication, two things that are essential for a successful api but also generic and boring. You set up the subdomain to point to mashery's servers, and they check that the person's API key is valid and that the person hasn't sent a million requests in the past minute. If that all checks out they forward the request on to your box. Your box assumes that any request forwarded on by mashery is a good one, so it can focus on being a cool API instead of worrying about how many times it is getting hit, and whether the person is authenticated. None of the actual API functionality that's unique to your app is handled by mashery.

I think it's a great idea. I met with their founder a few months ago to talk about using the service for our site. (But we're not using it for the time being -- we'll wait until our api has grown up a bit more and is getting more use.)

November 29, 1990 | Unregistered CommenterCory Forsyth

@Cory - thanks for stepping in and saying such nice things about us. You're hired! :)

Cory got the concept right. All APIs are different. At its core, an API provides direct access deep into a web service (lower case - a service that is provided on the web) and turns it into a Web Service (upper case) that people can use as a building block. What makes it an API is the infrastructure that sits in front of it, attracts developers to use it, secures it from misuse and provides the metrics and management needed to turn an internal web service into a Web Service managed through an effective distribution channel, and providing strategic and/or financial benefit.

While each API is different, the infrastructure I have described is consistent across virtually all of them, so it is neither economical nor effective to reinvent the wheel for each API someone wants to release. It is similar to the concept of an adserver - all websites have different content and fucntionality, but the concept of selecting and serving an ad, tracking it, and targeting it is pretty consistent across sites; as a result, there are many sites that use a handful of adserver providers.

In addition to allowing companies to focus on their core business without having to build peripheral, non-core services, using a third-party service who is focused on providing that service allows you to benefit from ongoing development and enhancement, and from features that would be prohibitively expensive to build for just a single provider.

As for an example? check out sites such as"> or">, our first two customers (we have many more, but I like to give props to our early adopters). In addition to documentation and community, they have developer key issuance, instant self-service developer provisioning, usage and rate throttling, and tracking. What you don't see, but our clients enjoy, is a dashboard where they can assign different access levels, rates or limits to each developer on a key-by-key basis, customize error messages and other API parameters, and see detailed reports of API usage on a developer-by-developer or overall basis. Building all of that takes time and money; we offer it as an instantly-deployable on-demand service with no up-front investment, and our customers seem to find it an excellent value.

Thanks for writing about us, Todd!

Oren Michels, CEO

November 29, 1990 | Unregistered CommenterOren Michels

PostPost a New Comment

Enter your information below to add a new comment.
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>