Cloud Storage for Your App Logs
We recently updated our API, and I wanted to share a couple of things in case you want to build a public API too.
A few years ago we decided Bugfender users could use an API to access the logs they capturing with our tool. We thought some people would build utilities to support their daily work, like integrations with other tools, data mining, or analytics. Some people could even make those tools public, as add-ons to Bugfender.
Building the API was fairly straightforward because we had made the decision to build Bugfender with the Single Page Application architecture early on, which meant there was already a working API, only it was being used exclusively by our frontend. We could reuse that.
However, when you make an API public there are some additional things to take into account:
When we launched the API, we were expecting people would build their own tools on top of Bugfender for data mining, integrations with 3rd party platforms, and whatnot.
Therefore, we built an API access model based on "apps" that connect to Bugfender. Some apps would be for personal use, some for use within a specific organization or team, and some would be public for use by any Bugfender user.
This is also why we chose OAuth 2.0, because it's specifically built for this use case.
When we launched API access, we purposefully didn't build a UI for it. We asked people to contact us if they wanted to use it.
In hindsight, that was a great decision because we can learn how people want to use the API and we can provide them with pointers on how to get started. We also can find opportunities for improvement both in the API and the documentation.
So, the most common OAuth 2.0 use cases work like this, and this is what we built:
However, most of the users requesting API access were not interested in building an "app". They just wanted to access their own logs and make queries or export them to another service. So they were expecting a flow like this:
After a bit of investigation, personal access tokens were not what they were looking for, either, because they might not want the application to have unlimited access to their account.
The piece in the puzzle we were missing were "service accounts". Service accounts represent an application in Bugfender, have their own credentials to access it, and can be given permissions like any other user.
Luckily, OAuth 2.0 client credentials grant is exactly for this use case! So we could easily adapt to this use case. Happy ending.
As a tiny bootstrapped company, it was a long road from reading up all we could find about ISO 27001, to drawing out all the documentation and processes required, to finally getting certified. It's been almost two years, but even as a small company, you can do it!
Here is how we did it and how I would recommend doing it:
Some benefits we experienced by implementing ISO 27001 in Bugfender:
In the last few months, we have been getting increasing attention from larger companies, and with it, questions about security and compliance. Whilst we have always been very proactive and transparent with our security practices, we have never been doing it formally. So we looked into ISO 27001 as a way to provide reassurance to our customers that their data is secure with us. A few months ago we passed our first audit and we're now preparing for a second one.
In the meantime, we have also had questions about HIPAA, and once ISO 27001 was in place, it was actually pretty easy to get it done. So, 2 for the price of 1! We're now both ISO 27001 and HIPAA compliant.
We have been offering logging for mobile applications for 6 years now, and we have always known web applications could benefit from the same technology, but we have been dragging our feet forever. We finally did it!
We accomplished this by treating it as a separate mini-project within the company, with a team exclusively devoted to it, with its own budget and calendar and it has worked very well so far. We will be applying this technique more often.
We have been offering logging for mobile applications for 6 years now, and we have always known web applications could benefit from the same technology, but we have been dragging our feet forever. We finally did it!
We accomplished this by treating it as a separate mini-project within the company, with a team exclusively devoted to it, with its own budget and calendar and it has worked very well so far. We will be applying this technique more often.
It’s nearly five years since we started Bugfender. We’d gotten tired of chasing users who were experiencing problems with our apps and wanted to build an internal remote logging tool that would feed the information straight to us.
To celebrate the $20k Monthly Recurring Revenue milestone and reaching profitability, we wrote an article with our learning and experiences. We hope you like it!
https://bugfender.com/blog/bugfender-growth-from-side-project-to-a-sustainable-20k-mrr-business/