This article illustrates several things we can learn from an API expert. You can apply similar methodologies to learn from experts in other industries as well.

Before I tell this tale, I want to make it clear I am not looking to disparage anyone mentioned in this article. This is purely my opinion and does not reflect my employers view.

If you’re working on Application Programming Interfaces (API), you should be familiar with the name “Kin Lane”, which appears in many articles, interviews and social networks related to API.

Many articles and interviews label “Kin Lane” as an API expert:

  • World-renowned experts from industry and academia, including David Berlind (Chief Editor of Programmable Web), Mehdi Medjaoui (Co-founder of the APIDays conferences), Kin Lane (the “API evangelist”) (source: European Commission: APIs as enablers of the digital transformation of governments

  • I had the pleasure of sitting down with Kin Lane, an API Evangelist, blogger at KinLane.com and API Evangelist, contributor to Programmable Web, and all-around expert in APIs. (source: The Business of APIs: Interview with an API Evangelist)

  • Of particular interest was a lecture held by Kin Lane, an API expert, that has tried/reviewed all of the APIs available, which is more than 11 thousand. This lecture, called “The Kin Lane Show” is a dynamic, an amalgam of previous lectures and Kin Lanes own experiences and ideas. (source: Vicert @ “Berlin API DAYS 2014”)

  • An API expert explains why Postman Collections should be a default part of your API documentation, just like an OpenAPI definition should be a part of API docs. (source: Using Postman to Explore the Triathlon API. Disclaimer: this article is written by Kin.)

He’s also a high achiever working on 100+ projects and many people such as startup founders, venture capitalists tried to pick his brain.

He’s also good at understanding complex concepts and aced the advanced portion of a computerized test for a big global consulting firm.

That’s awesome. Let’s see what we can learn from this guy.

Book Authors

Let’s start with a book he published. if someone writes a book on certain topics, we will normally assume that person is knowledgeable in these topics. Kin Lane published a book called “The business of APIs” in 2011. It was highlighted as an achievement:

His profile in the Presidential Innovation Fellows (PIF) program website:

His profile in the Presidential Innovation Fellows (PIF) program website

In MOTION FOR LEAVE TO FILE BRIEF OF 78 AMICI CURIAE AND BRIEF OF 78 AMICI CURIAE COMPUTER SCIENTISTS IN SUPPORT OF PETITIONER

MOTION FOR LEAVE TO FILE BRIEF OF 78 AMICI CURIAE AND BRIEF OF 78 AMICI CURIAE COMPUTER SCIENTISTS IN SUPPORT OF PETITIONER

So looks like the book is pretty good, isn’t it?

One can find the reviews of this book on Amazon, GoodReads and Google Books. Unfortunately, most reviews are negative. This one in GoodReads stands out as it reviews the book chapter by chapter. I understand book reviews can be fake but what about reading it yourself as the book is just 54 pages (with 7+ blank pages) and coming up with your own conclusion? By completing the form at the Slackdot Media Resource Center (I’m not affiliated with SlashDot Media), you can get a free electronic copy (PDF).

The book is supposed to get regular updates:

“Because the world of APIs is constantly we changing, we will be updating the book regularly, and releasing new versions.”

I’ve never seen a second edition of the book in the paperback form or Kindle. Let me know if you find it and I am happy to dive into the updated version to learn more about the business API, hopefully with a real-life example.

Work Experience

To learn more about Kin’s professional background, check out his LinkedIn profile or resume (source deleted, Internet Archive).

It is safe to presume that someone who serves as a director of an API infrastructure for a publicly traded firm is knowledgeable or an expert in API. Kin was previously the director of API infrastructure at F5, which is a listed company with a market cap of ~15 billion USD in Jan 2022. Kin joined F5 as an API architect after stepping back as API Evangelist in Jan 2019 (source deleted, Internet Archive) when the API industry lacked nutrition to financially support his works on apievangelist.com. 9 months later, he joined Postman as the chief evangelist. In an interview by JSON Schema team in 2022, when asked to talk a bit about himself, Kin said:

“I was a director of API infrastructure at f5 networks so I was brought in to map out the existing API landscape and propose and lay the groundwork for what would be the next iteration of in their API journeyfor all of their APIs.”

Here is a screen capture with the closed captions:

JSON Schema in Production - #2 Kin Lane at F5

But in his Linkedin profile, his job tile is API architect. In the Postman press release, it also refers him as an API architect:

“Lane was most recently an API architect for F5 Networks and an API evangelist at Mimeo.”

Here comes the question. Did he get a promotion from a non-director level position to the director in API infrastructure after leaving F5 ? If so how is it even possible? Or he simply forgot to update his resume, in which case Postman didn’t know the promotion either? I thought Postman interviewers or HR should know he is the director of API infrastructure at F5 networks since that was his job during the interview process.

As the keynote speaker of InstructureCon 2013 (Jun 2013), Kin shared a bit more about his background:

I’m a developer. I’m a recovering IT director. I used to run IT for SAP. And I worked for Google for a while. So I know what it’s like to butt your head up against IT.

But later in the blog post “Sorry Google, Your Programming Test Is Not A Valid Measurement Of My Skills”, he mentioned

“This is the 3rd round of talks I’ve had with Google while being the API Evangelist, talks that historically go nowhere because of their programming test, which is a super silly aspect of their HR process.”

“I was straight up with the Google recruiter a couple of weeks ago when she first emailed me, and again when we talked on the phone last week—I do not take programming tests to open up doors for employment conversations, sorry.”

I totally respect Kin’s viewpoint in not taking programming tests, even though he’s fluent in PHP but here comes the question. How did he pass the interview before as he “worked for Google for a while”? In his resume, there’s no mention of his work experience at Google. Neither “IT director” nor “SAP” are mentioned in his resume. And why these professional experiences — which are undeniably accomplishments in one’s career — were not mentioned in the Postman press release?

Later, Google and Kin’s paths crossed again as part of the Google LLC v. Oracle America, Inc. lawsuit. Kin provided a nice summary in a Postman blog post (please make sure you read the comments about different viewpoints too). In his apievangelist.com blog post “API Copyright: Restaurant Menu” (22 Nov 2019), he said:

“One of the old concepts I had worked through back in May of 2014, and was used by Google as part of their argument, was the notion that your API is just a menu for your organizational digital resources–I wanted to take a fresh look at this concept, and add it to the toolbox for when we head to DC.”

In Apr 2021, he wrote a blog post about his Oracle vs Google API Copyright Journey

“I’d say this list represent my work as the API Evangelist well, in that some of it is very notebook ideas, with spelling and grammar mistakes, with others being deeper looks into how we start separate the layers of an API so that we can apply licensing, all the way to some pretty valuable contributions like the API Commons, and the usage of the restaurant analogy for APIs, which Google’s lawyers used as part of their defense after I provided.

Did Kin come up with the restaurant menu analogy? His first blog post that mentions “restaurant menu” is “Restaurant Menus As Analogy For API Copyright”:

“One of the interesting conversations that came out of the APIStrat Un-Workshops at Gluecon this week, was the exploration of the analogy of applying copyright to restaurant menus, and applying copyright to APIs. This type of conversations is why 3Scale and API Evangelist support these types of events.

When you Google the topic of restaurant menu API copyright, you get a wealth of contradictory answers that show the difficulty of applying copyright to menus.”

Nowhere in the blog post did he mention he is the one who came up with the analogy. It seems to suggest it’s coming from a conversation with a group of people. As he said, one will get “a wealth of contradictory answers that show the difficulty of applying copyright to menus” with a Google search so looks like this topic/analogy is nothing new (and I’m pretty sure Google lawyers can search for that as well, using Google of course). Based on the information I’ve collected so far, I can not tell if he’s the first one coming up with the idea.

In his Linkedin profile, he was the advisor at SkyLight Digital but on the company website he’s an API architect:

“Kin served as a Presidential Innovation Fellow, and is a world-recognized expert in APIs. Since 2010, he has written over 3,000 articles and spoken at over 50 events on API-related topics. Kin also specializes in software engineering, microservices, data science and engineering, cloud computing, and enterprise software. He lives in California.”

Does this imply that he advised SkyLight while also serving as an API architect? Do other employees listed on the SkyLight website serve as company advisers as well?

In 2015, Kin co-found a company called Apiware.io which offers services for development, management & support of APIs:

“Built and maintained by the APIware API development consultancy co-founded by Kin Lane, it’s their first product release, so we’re excited to see what they came up with.”

In his Linkedin profile or resume, there is no mention of Apiware.io at all in his job experiences. Some other co-founders did clearly state it in their Linkedin profiles.

Kin is probably too busy with his API research and couldn’t find the time to update his resume and Linkedin profile. Still, I’m sure we all can learn something from his career path even though it’s not clearly documented.

Education

Kin honestly tells everyone in his blog he’s a high school dropout. He was already a high achiever back in high school: setting up the entire computer lab for his 7th-grade math teacher back in 1983 and even having a job programming the software used by schools in the State of Oregon in COBOL but eventually, he was kicked out in his senior year and drugs took him on a different path. Luckily, he’s fully recovered and is no longer a drug-addict.

Even though he didn’t have a university degree, he was working on curriculum for the University level, and will be soon trying to adapt to other school levels. He also works closely with the universities, e.g. giving a workshop on API testing to Computer Science Students at Tecnológico de Monterrey and spoke with computer science class at Loyala Marymount Universityin 2012, 2013 and 2014. In Oct 2013, he talked about “Access, Interoperability, Privacy and Security Of Technology Will Set The Stage For The Future of Education” at the Minding the Future conference.

In 2010, he started apievangelist.com, which was kind of a PhD into how much of the web, mobile, and connected device works, as APIs drive almost everything today. In 2019, he found a job at Postman (right before that he was with F5 Networks) after working on an API PhD for the last 9 years:

“I feel like I’ve been working on an API PHD for the last 9 years, have finished my dissertation, and now I’m ready to actually begin applying what I know in the real world.”

This is the first time I heard someone self-studying a PhD. To be clear, I’m not against anyone self-studying a PhD, which is just one of the ways to pursue knowledge. Should he at least get a supervisor mentoring his self-studied Ph.D?

In May 2021, he’s one of the 32 computer scientists who signed the Amicus Brief Filed By EFF In The Oracle vs. Google API Copyright Case. In his TechCrunch article on the U.S. Supreme Court’s April 5 ruling in Google LLC v. Oracle America Inc.:

“I was one of 83 computer scientists — including fiveTuring Awardwinners and four National Medal of Technology honorees — who signed a Supreme Court amicus briefstating their opposition to the assertion that APIs are copyrightable, while also supporting Google’s right to fair use under the current legal definition.”

In his Presidential Innovation Fellows profile, he also described himself as a computer scientist and ‘API Evangelist’:

“Kin is a computer scientist and ‘API Evangelist’ working to understand the technology, business, and political aspects of Application Programming Interfaces (APIs) and to help share this insight with the world.”

I simply assume computer scientists should at least have a degree or something equivalent and at least one publication to computer journals that I couldn’t find any via Google Scholar but clearly my assumption is wrong as a high school dropout simply self-studying a PhD without a degree can get this title.

For those who wants to become a computer scientist, studying a PhD in a university is the traditional way, but just so you know now there’s another proven way and one day you may sign the Supreme Court amicus brief with other computer scientists including Turing Award winners.

Research

One thing that Kin Lane pioneers is his research on “API Lifecycle” which started with 50+ stops such as spreadsheets, “Low Hanging Fruit”, “Real-Time”. He coined the term “API Life Cycle” around Jan 2016. Since its inception, he has expanded the API Life Cycle to cover more research areas. In Feb 2021 the API LifeCycle covered almost 100 stops, including blockchain, machine learning, Internet of Things, and more. Adding the latest trendy technologies and researching these new stops undoubtedly keeps the API lifecycle up-to-date and valuable.

But for some reason, he removed “API Life Cycle” from APIEvanglist.com front page in Mar 2021. You can still access his research on API life cycle from the Internet Archive and learn from his research.

He also published a whitepaper on University API in Aug 2014 (28 pages while 10 pages are just logos) so please take a look in case you are interested in University API.

The Presidential Innovation Fellows (PIF) program

The Presidential Innovation Fellows (PIF) program brings the innovation economy into government, by pairing talented, diverse technologists and innovators with top civil-servants and change-makers within the federal government to tackle some of our nation’s biggest challenges. According to his Linkedin profile, he joined in Jun 2013 and left in Oct 2013. You can find his profile on the PIF official website. Before he joined the program, he already coached some of the PIF (Class of 2012) back in Oct 2012:

“I was honored this month to receive an invitation from Todd Park (@todd_park), the U.S. Chief Technology Officer, on behalf of the Presidential Innovation Fellows Program, to come out to Washington DC and spend an afternoon coaching and working with some of the Presidential Innovation Fellows on the Open Data Initiatives project.”

That sounds very impressive as PIFs are top innovators from the private sector, non-profits, and academia. I’m sure coaching them is not an easy task.

He didn’t apply for the PIF program. The White House invited him to join instead, according to his presentation “The API evangelist API journey” in the JRC APIs4DGov Workshop:

“… in 2012 I was asked to come do a talk at the WhiteHouse and then I got a call a couple weeks later and said hey would you like to be a presidential innovation fellow and work out with the Obama team and I said sure I guess so and they said well can you be here by Monday and that was Friday at 2:00 so I shaved my beard shaved my hair cut my hair bought a suit and I went to DC and I was a positioned at the Department of Veterans Affairs …“

Just so you know the second class of the PIF program included 43 fellows selected from over 2000 applicants.

You may wonder why he left after 60 days. He explained with details in his (deleted) blog post (2013-11-15):

“After 60 days, I decided to leave the program. The main reason is that Audrey and I couldn’t make ends meet in DC, on what they paid, and after spending our savings to get out there, with no credit cards to operate on, and experiencing the shutdown, and facing another shutdown this winter–it just wasn’t working for us.”

Another reason is that he was told to shut down all the APIs but he refused to:

“… the government doesn’t get funded all the api’s get shut off when you leave federal agency this is actually the reason I left government in 2013 is during the government shutdown I was told to shut down all my api’s and I refused to so I quit …“

Looks like there is more than one reason why he left the program. Here are more:

After he left the program, he blogged on 2013-11-15 how the PIF could be improved and how he felt like working in the government:

“In my case, being a government employee was not beneficial. I don’t aspire to establish a career in government, as I hope will be case with some future PIFs, and the role didn’t really open up enough access, to make it worth my while.”

Even though Kin only stayed a short period of time with the White House, he later presented lessons learnt from the implementation of API strategy in the United States of America under Obama’s administration in the JRC APIs4DGov Workshop.

One interesting thing that Kin later revealed in a (deleted) blog post (Apr 2018) is that he failed the background check:

“I just received notification I was denied a role on a project for a federal agency because I couldn’t produce enough documentation regarding my troubled past – specifically criminal charges (not convictions) involving my drug use 20 years ago, and my divorce / bankruptcy a decade ago.”

I’m all for giving people who made mistakes a second chance. I think this is how our society works. But here comes the question: If he cleared the background check when joining PIF back in 2013, why did the federal agency have to perform another background check on him in 2018?

According to PIF FAQs:

“All government positions require some level of background check. Most roles at PIF require a public trust position clearance, which is more thorough than most private-sector background checks but not as intensive as a higher government security clearance. The clearance process adds some time and forms to the hiring process, but the GSA Human Resources team will guide you through it. GSA is the federal agency under which PIF operates.”

“The pre-employment process can take weeks or months depending on the depth of the background check, and your speed of responsiveness to the different steps (i.e. fingerprinting, completing security forms, etc.).”

Coincidentally the background process may take weeks or months (or 60 days) to complete. Is there by any chance Kin didn’t pass the background process when joining PIF?

Here is another interesting finding. Right before he left the PIF program in Oct 2013, he created another GitHub account “timlanedev” on Sep 22, 2013 with the name “Tim Lane”.

Oh wait, is “Kin Lane” not his birth name? No idea but I’m pretty sure he owns this account as he used “timlanedev” to create a GitHub repository https://github.com/timlanedev/api-offices. As show in the commit history (a chronological list of changes), there are changes made directly by “kinlane” (Kin Lane’s primary account in GitHub) as shown in the detailed commit logs below and the email address of the author “info@kinlane.com” in the commit log proves my point:

git log

If you were “Kin Lane”, what would be your motivation to create another GitHub account with the name “Tim Lane” right before you left the PIF program? Did the background check uncover his birth name as “Tim Lane” (or “Timothy Lane”) instead as well as his troubled past?

Regardless of Kin’s journey as a PIF with the White House, I still recommend applying this program if you want to work with the top innovators and make a positive impact to the society.

Technical skills

Is Kin technical? Looks like he is according to his Tweet

“It never surprises me when folks dismiss what I do as less than their engineering work, because I just tell stories. You just let me know how successful your engineering work is without telling any stories. Not even considering that I can build anything I tell stories about.”

Kin has worked professionally as a database engineer for 30 years and used to building his own relational databases, writing his own indexes, relationships and other things:

I have worked professionally as a database engineer for 30 years this year, with my first job building COBOL databases for use in schools across the State of Oregon in 1987.

I got my first job working on databases in COBOl in 1987. I have worked with almost every database platform out there, and I love data. I remember writing my own indexes, relationships, and other things we take for granted now.

I remember building my own relational databases, and generating stacks of floppy disks to distribute software to clients

In his blog post “The Next Decade is Going to Be A Wild Ride”, he mentioned:

“I had just had a very meaningful experiences in scaling architecture for SAP and Google, powered by application programming interfaces (API) and the cloud.”

That sounds very technical as he’s scaling architecture for both SAP and Google.

Kin is also fluent in PHP

“PHP may not be the choice of API champions, but I was fluent in it, and I new that when the time came, and I open sourced the back-end for API Evangelist, that if everything was straight up LAMP stack, I would reach the widest possible audience.”

Kin publishes many of his works to GitHub. We are in luck that we can learn from someone who is fluent in PHP.

There are a few ways to search for PHP code that he wrote in GitHub:

user:kinlane language:php will show all PHP code in all repositories under his account. author:kinlane language:php will show PHP changes (commits) in all repositories in GitHub (e.g. https://github.com/mimeoconnect/Mimeo-Cloud-Print/commit/4dcbff8d33496c229c97c0c8f58735ae98086226 - Kin worked as an API evangelist at Mimeo before according to the Postman press release so the commit makes sense.)

One can also search for code snippets that he shares in his GitHub Gist: user:kinlane language:php will show all the PHP code snippets under his account.

One way to evaluate the code is code analyzers. There are many out there and in this article we use SonarCloud and CodeClimate and here are the results:

SonarCloud results

CodeClimate results

The results range from A to E. These are for your reference only and please do not use it as evidence to falsify Kin’s statement that he’s fluent in PHP.

Another way is of course to review these repositories manually and here is what I found:

  • Sadly, none of the repositories I reviewed includes any tests. It’s better to add tests and ensure these tests are run as part of the CI/CD pipeline.
  • Almost all the PHP codes I reviewed are not properly format. Use an IDE or PHP linter.
  • Many debugging code (commented) is left in the code base. Removing these will make the code cleaner and more readable.
  • Use Composer to manage dependencies since I couldn’t find any composer.json under his GitHub repositories.

What about learning from his PHP code by reviewing his PHP GitHub repositories yourself?

As someone who’s so technical, how does he debug? Let’s find out.

From his “github-micro-tool” repository, you can see a lot of commits for debugging. Here are a few examples:

His debugging technique is very interesting. First of all, he pushed the change for debugging to GitHub so as to troubleshoot the issue using GitHub pages, but all these can be done locally as explained in “Testing your GitHub Pages site locally with Jekyll”. In other words, the issue/bug can be fixed in one single commit/change if correctly tested in a local environment with Jekyll. Including all these commits for debugging does not make the change history pretty so one should avoid doing so (or should at least try to squash these commits into a single one when merging a pull request) but I’m not here to judge whether this debugging methodology is effective or not.

You can find all other commits on how he debugged in his GitHub repositories with a simple search for “author:kinlane debug” on GitHub and lots of commits shown up. Hope you learn something from how he debugs.

API Security

Kin Lane has written and presented a lot about API security.

He also published “The API Evangelist API Security Industry Guide” (52 pages for $20USD)

Looks like he’s very knowledge in API security. Security and CyberSecurity are also part of his API Life Cycle research area. You can dive into his research to learn more and understand the differences between the two.

Unfortunately, Kin accounts were hacked several times before.

His AWS account was compromised in Sep 2020 according to his Tweet (deleted).

Woke up early to do a dry-run for a talk later this week in India. Opened inbox and had email from AWS saying my account has been compromised, and the current EC2 running will be 17K per day. Managed to operate for 14 years without compromise…WTF.

His Instagram account was also compromised before the 2016 United States presidential election.

then sometime in 2016 my account got hacked by Russians (really), and the timeline filled up with spam and propaganda and the account followed like 10K other Russian accounts

According to Kin, his website has been hacked a few times, which is unfortunate. That’s why he decided to outsource his security to GitHub and CloudFare.

“I like managing my sites this way, but the primary reason I migrated to this setup was because of security. After a couple of online events where I stepped up to defend my girlfriend Audrey Watters (@audreywatters) I woke up to all of my sites being down, by some friendly hacker.”

“I admit I don’t have the best security practices. I have the skills to do it, but everything I do is public, so security is really not a concern”

When this is coupled with CloudFlare for my DNS, and offloading my DNS security to their experts, I figure I’m coming out ahead when it comes to securing my public presence, and what is most important to me–my research.

Don’t get me wrong. I’m not implying those who use Clouldflare, GitHub are not security experts. It’s also perfectly fine to honestly acknowledge one does not have the best security practices.

Sometimes these real life experiences of being hacked are what makes someone an API security expert.

In his blog post “Please Refer The Engineer From Your API Team To This Story” (Sep 2018), he acknowledges setting up SSL certificate is hard in the comment section of his blog post “Please Refer The Engineer From Your API Team To This Story”:

“Boy you got me. I’m gonna pack it in now man. Why the fxxk would you feel compelled to leave a comment like that? Ain’t you got anything better to do with your life? Get the fxxk off my domain - https://apievangelist.com/ Yeah, certs are really fxxking hard to do. I wonder what I’m installing on CloudFlare, and all my servers on a regular basis? Or maybe you are asking why I don’t enforce encryption? That would be a different conversation and since you didn’t ask, I ain’t going into it.”

I would simply assume security experts at least know how to set up SSL certifcates properly, but my assumption could be wrong.

As mentioned previously, I’m able to find some PHP code written by Kin published to GitHub. Here is one example but this may subject to SQL injection. Here is another example in his “apis.how” project, which is his own URL shortener. Please also avoid hardcoding passwords in the config files (I’m not going to provide an example for this one). These codes were written several years and I’m sure Kin now writes more secure PHP code for production usage.

Kin built many websites using GitHub pages, but most I inspected are still using outdated software libraries.

I reviewed some of the websites he published in his GitHub repositories and surprisingly, most dependencies seem to be outdated. Here is one: https://github.com/kinlane/blueprints/blob/main/Gemfile.lock#L31

github-pages version 180 was released on March 26, 2018 and the latest version 227 was published in Jul 2022. Is he unconcerned about using outdated software packages/libraries with security issues? Uploading Gemfilie.lock to audit.fastruby.io shows 26 issues such as remote code execution in Kramdown.

In his blog https://apievangelist.com, it’s still using jquery v1.11.1, which was released in May 2014 and you find the usage of jquery v1.11.1 on his website since Sep 2014. There are known security vulnerabilities with this version. Users are recommended to update jquery v1.11.1 to newer version such as v3.5.0 to mitigate security risks.

In his personal blog https://kinlane.com (that he wiped out and rebuilt in May 2021), it’s still using bootstrap.min.jsv4.0.0, which was released in Jan 2018. Not to your surprise, it also contains some security vulnerabilities.

I’m not denying Kin is a security expert but still I strongly recommend him or anyone reading this to keep the software stack up-to-date to avoid any security issues due to outdated libraries.

Kin also invents innovative approaches to address his very unique IT security needs. He stored his private keys in a private GitHub repository and use it a single source of truth in the authentication layer of his applications (http://api-keys.apievangelist.com/). Sounds like a brilliant idea? The short answer is NO. Please do NOT follow his practice as David Calaverahas pointed out: github doesn’t encrypt not segregate your private repos, which means all these keys, tokens, etc. are stored in plain text, which is totally a bad idea.

Standards

Swagger

Kin makes a lot of contributions to API standards and I truly appreciate people working on standards to make the API industry better. Let’s learn from his works on various standards.

Swagger is a set of open-source tools built around the OpenAPI Specification (formerly Swagger Specification) that can help you design, build, document and consume REST APIs. The major Swagger tools include Swagger Editor, Swagger Codegen, SwaggerHub and Swagger UI. Kin played a significant role in popularizing Swagger according to his blog post “How to build an API brand through consistent storytelling”:

“Along with the value brought to the table by Tony, and the community, I do feel I played a significant role in where the Swagger brand is today. I did this through building tooling with Swagger, searching out what others were doing, and telling the story all along the way. I wrote 160 stories in 2015 alone, and I did this all via my own blog.”

He also built up and popularize Swagger, as well as the transition from Swagger to OpenAPI in his blog post “Swagger reflects the short signtedness of many API industry service providers”:

“Seven years later, Swagger still dominates search engines and many folks still think it is the specification, and do not understand the difference between Swagger and OpenAPI. I was involved in the whole journey, helping build up and popularize Swagger, as well as the transition from Swagger to OpenAPI, and now I am writing this story as my team continues to think critically about how we can help clean up this mess.”

Luckily, Swagger is open-source and hosted on GitHub. We can find out all the awesome contributions (code changes, documentations, etc.) made by Kin and learned from his contributions.

When I did a search for “author:kinlane” under “swagger-api” organization account, I got the following (a free GitHub account is required to perform the code search):

kinlane search

Basically, he didn’t make any change to projects hosted under “swagger-api” such as swagger-api/swagger-ui. He only opened one single issue in Mar 2015 about “Swagger UI 508 compliance”:

To confirm the search expression works as expected, I searched for changes made by the creator of Swagger: Tony Tam. The search for “author:fehguy” under the “swagger-api” organization account confirmed the search query works:

fehguy search

Maybe he used another GitHub account to make the contributions? I tried with “apievangelist”, “timlanedev” but still no luck. I though someone who played a significant role in Swagger’s success, at least makes some changes in the Swagger projects but my assumption could be wrong.

Kin heavily uses OpenAPI/Swagger in his projects as one can easily find the API specification files (e.g. swagger.json) in his projects. His screen capture API is one example and you can find swagger.json in the root level of the project to describe the API. Even though I am no expert in OpenAPI/Swagger, swagger.json looks pretty easy to understand to me. One suggestion is to use security to document appkey and appid, like what he did in another specification file in the “template-bootstrap” project, instead of documenting these as query parameters. One should also validate the specification files in the CI/CD pipeline to ensure these files are still valid after changes. Providing the following specification files to online validators (https://editors.swagger.io, https://apitools.dev/swagger-parser/online) shows a few errors:

swagger editor errors swgger cli errors

OpenAPI

OpenAPI Specification is an API description format for REST APIs. Here is the definition from Wikipedia:

“The OpenAPI Specification, previously known as the Swagger Specification, is a specification for machine-readable interface files for describing, producing, consuming, and visualizing RESTful web services.[1] Previously part of the Swagger framework, it became a separate project in 2016, overseen by the OpenAPI Initiative, an open-source collaboration project of the Linux Foundation.”

However, Kin didn’t join the OpenAPI Initiative (OAI) as a founding member in Nov 2015 because he felt it wasn’t the right time. Even he didn’t join right after OAI was formed, he still provided valuable feedback to point out 2 areas in which OpenAPI spec (aka Swagger) needed improvements in his blog post “API Blueprint Has Been Evolving In Two Critical Areas Where OpenAPI Spec (aka Swagger) Falls Significantly Short”:

“Media types, and body are two areas that OpenAPI Spec (aka Swagger) is deficient. Something that gives Apiary a pretty interesting head start when it comes to two pretty fundamental building blocks of the web, and therefore APIs. I was going to start using vendor extensions, to begin playing around with content-type negotiation in my OpenAPI Spec files, but I might just invest my energy into sharpening my API Blueprint skills, and definition repository instead.”

He later joined OpenAPI Initiative in Feb 2017 as he felt like we need as many voices at the table as we possibly can.

I found it weird that someone who was involved in the transition from Swagger to OpenAPI didn’t joined OpenAPI Initiative in its early days and only changed his mind 13 months later. Does anyone know the details of his involvement in the transition from Swagger to OpenAPI? Please leave a comment below and I would love to learn more.

But later he exited his member status in 2019. Even though he’s no longer a member, a project built by Kin still joined OpenAPI Initiative in 2021:

“In 2020 I find myself totally immersed in the API landscape as part of my API Specification Toolbox project which grew out of Postman becoming a member of the OpenAPI Initiative, and I wanted toht spend why Saturday afternoon (I know I have a problem) thinking about the API landscape at the 250K.”

apis.json

Kin Lane is the co-author of the standard “apis.json”, which can be described as follows:

APIs.json is a machine readable specification that API providers can use to describe their API operations, similar to how web sites are described using sitemap.xml. Providing an index of internal, partner, and public APIs, which includes not just the the OpenAPI, JSON Schema, and other machine readable artifacts, but also the currently only human readable elements like documentation, pricing, and terms of service.

By the way, http://apisjson.org does not automatically redirect to https://apisjson.org with secure connection and even https://apisjson.org shows some warnings related to the SSL certificates in Firefox: Error code: SSL_ERROR_BAD_CERT_DOMAIN. Looks like the certificate of the site has not been correctly set up.

SSL_ERROR_BAD_CERT_DOMAIN

The latest version v0.15 was published back in Apr 2015. They proposed a new version v0.16 in Sep 2020. All these versions are still “Draft for Comment”. On Sep 06, 2020, the blog post “The Future of APIs.json (2020 Edition)” mentions the roadmap for v1.0 of apis.json:

“Refreshing the website, updating the blog and Twitter account were the first business items on the list. Next we want to continue the conversation around the next version of the specification, getting us closer to an official 1.0 version that the community has helped define.”

In the GitHub page, it lists out 31 users (companies, organizations, projects, etc.) with direct links to their apis.json but unfortunately 16 are broken links. For those that are still accessible, most are using v0.14 (released on Jun 2014) and only 1 has updated to the latest version v0.15. In the list, two are actually maintained by Kin lane himself.

  • API Evangelist, which was “created”:”2017-06-24” and “modified”:”2017-06-30”
  • Kin Lane, which was “created”: “2016-02-14” and “modified”: “2015-01-22” (yes, you read it correctly. Likely these dates are swapped by mistakes)

Both are still using v0.14 so looks like the migration to v0.15 is not that easy and it’s also hard to keep api.jsons up-to-date since the last update was already 5 years ago.

You may think naming a standard with data format such as JSON is a rookie mistake. Nope, have a look at the bottom of the https://apisjson.org homepage and you will notice the following:

“do you prefer yaml? apis.yaml

He got it covered as well. There’s a equivalent of the standard but in YAML format called “apis.yaml”.

But it can still be popular, right? I did a search in StackOverlfow, a very popular developer platform and no one has mentioned “apis.json” at all (no luck with “apis.yaml” either). What about discussion board like Hacker News, there only 3 mentions with one comment.

According to Kin, he was seeing more native adoption of APIs.json in leading API management providers.

“I am seeing more API providers begin to deploy APIs.json for their providers, and I have two of the leading API management providers about to release APIs.json as a native part of their API management workflow, with others in the works. It is good to see APIs like Fitbit see the potential of indexing their API operations with APIs.json, something where the benefits are only going to grow over the coming years, as new tools, and services emerge that depend on APIs.json for engaging in the API economy.”

But I just couldn’t find which API management provider(s) have adopted it. Does anyone know? Please leave a comment below.

He also hopes that Microsoft Visual Studio would adopt apis.json in deliverling APIs via IDE:

“I have talked about delivering APIs in Atom using APIs.json, and have long hoped Microsoft would move forward with this in Visual Studio. All APIs should be discoverable from within any IDE, it just makes sense as a frontline for API discovery, especially when we are talking about developers.”

He later made a point that seamlessly integrating Microsoft APIs into Visual Studio is a no brainer.

If Microsoft was smart, all their APIs would be seamlessly integrated into Visual Studio, as well as allow developers to easily import any other API using OpenAPI, or Postman Collections.

And looks like his efforts started paying off in 2020 as mentioned in a tweet:

“Spending time today talking with @njyx and @picsoung about the future of @APIsjson - Lots of movement on tooling side, and new conversation about how to use in a diverse API toolbox world, renewing investment for a next version -http://apisjson.org”

As demonstrated in Kin’s article showing how his storytelling plays significant role in popularizing Swagger, one can use Google Trend to measure the growth of a product/standard. Using Google Trend and comparing apis.json with other standards such as JSON Schema and OpenAPI sadly illustrate apis.json did not gaining traction at all in the past 5 years, despite being mentioned 60+ times in his blog posts.

Google Trends on apis.json, JSON schema, OpenAPI

So why apis.json doesn’t seem to gain any traction?

We all know working on a standard is not something easier, not to mention to making it popular despite Kin has firsthand experience popularizing “Swagger” himself. Looks like a lot work ahead and we can foresee Kin’s storytelling (not marketing) will play a significant role in popularizing apis.json. Looking forward to the v1.0 release so that the API community can benefit more from Kin’s awesome work.

Key Opinion Leader (KOL) / influencer

Not to your surprise, Kin is also a Key Opinion Leader (KOL) or influencer recognized by many.

https://opentravel.org/advisors/kin-lane/

Let’s walk through his presence in popular social networks:

Hacker News:

Hacker News (HN) is a social news website focusing on computer science and entrepreneurship. It is run by the investment fund and startup incubator Y Combinator. In general, content that can be submitted is defined as “anything that gratifies one’s intellectual curiosity.”

He found the Hacker News audience pretty trollish as mentioned in his blog post “The Alpha API Evangelist Workbench”:

“I have a lot of ideas coming off the assembly line around my own infrastructure, Docker, microservices, and other more forward leaning areas. Normally I dump a lot of this mundane exhaust from my world over on Kin Lane, but that site gets picked up by DZone, due to historical connections, and that audience is pretty trollish, second only to Hacker News. I’m not looking to get into petty fights over choice I made around my own infrastructure.”

What’s “trollish” based on Kin’s definition? Here is an example (not saying all comments in that article is trollish). You can review and make your own judgment.

Kin did explain why the Hacker News community doesn’t like his blog posts

“I used to work hard to write blog posts on API Evangelist that would have broad appeal with the Hacker News community, and at first I didn’t have any luck, after trying to engage with readers on posts, I found myself blacklisted, where nothing I submitted showed up. I lived in some kind parallel universe, all because I argued with a couple influential HN users, who didn’t like what I had to offer.”

Sorry to hear that he was blacklisted in 2014 but some other users (no idea if these user accounts are created by him) still submitted his blog posts to Hacker News, but unfortunately looks like those submissions gain no traction as most submissions do not have a single comment).

You can find some of his arguments and comments on HackerNews below:

Source: “apievangelist” submissions, comments on Hacker News.

StackOverflow

Stack Overflow is a question-and-answer website for professional and enthusiast programmers. That’s his StackOverflow profile: https://stackoverflow.com/users/1217549/kinlane. His best answer (out of 4) got 3 upvotes while the worst one got 1 downvote.

Quora

What about Quora, which is a social question-and-answer website? He created an account before with ~500 followers but it’s now marked as deactivated. You can still learn from his questions and answers.

Twitter

Kin’s Twitter accounts @kinlane and @apievangelist have 17k and 13.7k followers respectively. He shares lots of wisdom there (example). However, looks like he constantly wipes out his tweets for some unknown reasons. Tweets sent from @kinlane between 2017-07-08 and 2021-11-08,2012-03-01 and 2017-04-17 are gone:

but you’re not out of luck. You can still search for replies to these deleted Tweets to learn more from these conversations:

Please make sure you follow his Twitter accounts and learn from his tweets before he deletes those one day.

Blogs

He also shares a lot of wisdom in his blogs: https://apievangelist.com and https://kinlane.com. As said before, https://kinlane.com was wiped out so most of the old blog posts are no longer accessible. Fortunately, GitHub saves the day. https://kinlane.com is hosted on GitHub. Several users have forked his repositories therefore some of the deleted blog posts can still be recovered. Here are some forks:

To give you an example, the blog post “Sexism in the Tech Space” (source deleted. Internet Archive) has been deleted. Here is a direct link to the source found in the forked repository.

https://github.com/gbinal/kin-lane/blob/gh-pages/_posts/2012-12-30-sexism-in-the-tech-space.html

Please do not prematurely conclude Kin was in prison after reading the above blog post. He only said, “After that I would love to put all you misogynistic fuckers into jail for a while, let you defend yourself. Have you been to jail? I have. I was arrested when I was 18, downtown SF”. Jail and prison are not the same things. In April 2021, Kin said in a (deleted) Tweet:

“I was arrested in 1996 as part of the Oklahoma City Bombings. However, it was due to mistaken identity. The two brothers I was mistaken for are associates of Timothy McVeigh. I’ve never been to prison. There is really a good story there I am happy to share, and not ashamed of.”

This helps clarify Kin has never been to prison.

But sometimes Kin also deleted the source files from his GitHub repositories. Here are some examples that the URLs are no longer accessible, the source files were deleted from his GitHub repository hidden from the public websites but are still available in the Internet Archive:

One can also find all the archived posts for a particular domain with a simple search:

You may wonder why Kin writes so openly about his past. Not to your surprise, his (deleted) blog post has an answer:

“I had NEVER talked about my earlier drug use, criminal history, and mental illness before that moment. Anthony Bourdain openly talking about his own struggles on his show taught me that I could still be successful, even if I was open about my past. I’m thankful to him for this.”

In the “REST Fest 2018” conference in which Kin is a keynote speaker, he also honestly acknowledged some of the “stories” he told as part of his “storytelling” is not 100% real in the keynote of the “REST Fest 2018 Conference”. Transcript (1:13:00) below:

“…so storytelling is a super critical part of this. She’s really helped me understand how important it is the Bezos Amazon story how many people have heard or told the, you know, Steve Yagis Bezos mandated API’s across everyone, you know, Moses came down off the mountain and all that stuff. So that’s, you know, that’s a myth. That’s not true. It’s not a true story. It’s half kind of sort of true. But I wrote up that story in January 2010, or 12, excuse me. It does. 2000 page views a week. Still, to this day. It’s number one story on my blog. I still get people emailing me about this. I’ve seen that story framed in a bank in Amsterdam, seeing it framed in an IT group in Sydney, Australia. I’ve seen it on the homepage of IT groups and federal government. It’s an important story, even though it’s not true. Stories. I mean, this is the folklore in the storytelling myths stuff as most of APIs stories are not true. But that’s all right. To a degree but stories are super important.”

In case you’re unfamiliar with the “Bezos Amazon story”, you can still read it in his blog post “The Secret to Amazons Success Internal APIs” or watch his presentation “The Secret to a Successful API is Internal”

Youtube

What about his YouTube presence? He owns a YouTube channel called “API Storytelling” (created on Mar 5, 2021) with 59 subscribers and 27 videos uploaded (a total view of less than 1500 as of Aug 2022). His own YouTube channel (created on Aug 13, 2006) has 153 subscribers with 37k views.

He also hosts the show “Breaking Changes” by Postman in which he interviewed many IT professionals on APIs. Most interviews have 200 to 500 views.

He also did many presentations and interviews such as the interview with JSON Schema team in which he revealed his executive job title - the Director Of API Infrastructure at F5 Networks, and you can find those with a simple search “Kin Lane”.

If you want to be a KOL/influencer in a particular domain, please make sure you maintain a good presence on different social networks to build your audience.

Conclusion

Thanks for taking your time to read through this. I hope you guys have learned something from Kin.