Is there a best practice for using email/user accounts for 3rd part APIs in a business scenario? For example say my company domain is foo.com, and I need to access data from Flicker, youtube, twitter, facebook, jigsaw, Amazon, ebay, and many others. Should I have seperate email addresses/user names like flickerapi@foo.com,youtubeaip@foo.com, facebookapi@foo.com or something like apiuser@foo.com and have a consitent username used across services if they require a seperate user name? What do you do? Are there any disadvantages or advantages to one or the other? The obvious disadvantage to me of multiple would be remembering all the email addresses.
views:
21answers:
1There are many facets to the answer for this question, and I dont think there is obviously any single superior way.
To be safe you should plan on having multiple, just in case the one you are trying to reserve is already taken (its rare, but it happens). That way you can plan on using a single one but you are prepared if something in your design has to change.
The rest is about visibility, and how risk-averse you want to be. Having one account per service means that if one is compromised (password is discovered, etc) its the only one affected (assuming you use different credentials for each). The downside is that its very obvious these all point to the same place (not necessarily bad) and abuse of one could lead to problems in other places.
Having multiple accounts mitigates some of this, but you have other headaches, such as multiple passwords, managing multiple expiration processes, and auditing to make sure the accounts all still work, etc.