Ditch software without API!
What is an API, is it contagious, and why is Pyramedium launching one?
An application programming interface (API) is some code that enables interaction with other software, much in the same way that a user interface facilitates interaction between humans and computers.
If you are dying for a specific, detailed, explanation, you can also read the excellent wikipedia entry: http://en.wikipedia.org/wiki/Application_programming_interface
An API represents a set of functions that Pyramedium makes available to other programs and developers so that they can directly talk to our software without actually accessing the source code
Mon Dieu! Isn't this akin to committing business suicide? Shouldn't a company strive to keep its data model as private as possible and make it really hard for customers to have access to their data so that they feel they have to pay high maintenance fees? Some of our competitors like to think so and I would be that many an ERP company would go belly under if customers could change provider easily and quickly. If holding data hostage is a company's business plan, it cannot work long term.
This mindset is the old approach, and at Pyramedium, we believe in something different, we believe in the power of the API!
We have a great software and architecture in place and our strength is in maintaining and increasing the scope of that architecture.
At the same time, certain customers may have some very specific needs (such as a detailed report or specific module). This is where the API comes in. You can build a new app, or repackage your data to fit your needs...without our help. Of course we can help you if you'd like but if you have the competencies in-house, you should be leveraging this knowledge. Basically it is your data, why should be prevented from accessing it!?
Is there a catch? Well, there is a small one. To hit our API, you need to be registered with Pyramedium. At this time, we want to keep this level of control so that we can better help our API developers as our software expands.
However, it may well change in the future and we might release some even more public API.
If you are a developer and want to build an app for our software, make sure to drop me a line!
Cashiering is live!
Great news on the software front, the cashiering system is now live and we have transactions going through! This is a great milestone for us with many more to come of course.
Stay tuned for longer updates next week!
Pyramedium Software update
Why so much delay between updates? It has nothing to do with a slowdown in our work but rather a slowdown in my ability to post updates! On August 2nd, Erin and I welcomed Emma to the world and it's been a whirlwind since then. It definitely reinforces that conversation I had with Balsamiq's founder about working while they sleep!
So while I am perfecting the art of diaper changes and swaddling, we're also making some great strides on the Pyramedium front!
- Big month coming up for B2H with the cashiering system going live at Berkeley and Davis!
- In B2H, we have multiple ways to void transactions. Voids are like refunds in terms of general accounting, however, they are handled differently in terms of day-to-day operations. If it sounds confusing, don't worry, it is!
- In B2H, admin user can now create as many pricing levels as they wish and then assign them to inventorial items.
- In B2H, the reports can be exported as PDF and fully leverage Crystal Reports
- We have finished integrating PIMS into the general B2H architecture, this gives us a lot more flexibility and provides our customers with new software options to better run their operations.
- Speaking of PIMS, our new module, a Rental system is progressing quite nicely, stay tuned for news, screen shots, and updates in the coming weeks.
- For quite a few months, the first version of our B2H API has been running. If you are wondering what an API is, I will post a more global blog update soon. This API really sets Pyramedium apart from many other companies. We are soon going to release a website describing how to use the API and which methods can be used.
- Levi attended Shibboleth training. Shibboleth is the name given to the identity management system pushed forward by the schools that are part of the in-common federation. If your university uses Shibboleth, we can quickly integrate B2H into your identity management system, hence creating a much more integrated,and secured, experience for your end-users.
The second semester is off to a good start!
Rethinking the need to store Protected Data
As part of B2H, we are currently on working on a way to store restricted data. If you are wondering what restricted data is, it can be summarized to often representing health information or specific private information. If you've signed a Hipaa release form at your doctor's lately then you have been in contact with restricted data.
What makes our current work particularly interesting is that the state of California has some very strict rules as to how that data can be stored, viewed, retrieved, and shared when stored digitally. For us, there is no work around. If B2H is going to collect protected data, we must meet the standards and pass different audits.
Let's be honest, figuring out the right way to meet the rules is a cross between head-banging, dead language deciphering, and circular reasoning. More so, dealing with this question in light of the rise of social networking and instant communication is making wonder both the need for some of these rules and, directly related, the need to collect such data.
Let me explain.
From a hardware and software standpoint, the security layers are numerous and costly. The standards are high and difficult to reach and go way beyond just making sure that in case of a breach an intruder would not be able to match the restricted data to a given person. Oddly enough, of all the burdens, this may be simpler one! Like the proverbial onions (or in this case, Dante's circles!) the requirements have many layers and chances are you will start crying as you peel them one by one!
So much so that once all the costs are factored in, an organization would be well off reviewing the projected ROI. It's a very black and white proposition: If you are going to collect this data your system must be able to pass an audit (here is a hint, don't trust the vendor, they will not be the ones paying your legal fees if you get sued)
Is the cost worth it and can you afford to pass it on to your customers (or have it eat your margins)? Do you have an alternative? Do you even need this data (hint number two, if the only reason for collecting data is that you've always been collecting it, you probably don't need it)
This is where things get complex because there is a tremendous gap between the legislation and common sense (I know...what a shock!). The gap grows even greater when looking at people's perception of security/privacy (My data is mine) vs. what they do online ("view the video of my kid on pain killers")
Here are some examples to highlight the problem:
"I really need to know that you are allergic to bees". Do you really? If I am allergic to a bee and get stung, I am bet I will swell up a lot faster than you'll have the time to look at my medical history, even on a printout.
And let's take this example to the extreme: I am stung by Maya and need to be taken to the ER. No ER doctor is going to fully trust a printout of medical conditions for an individual. They are going to treat the emergency.
"Maybe a bee was extreme, I need to know about your kids' peanuts allergy to plan for the meals"... Let's think about this one from a few angles.
Whether it is FERPA data or Hipaa data, we must make sure that this info is secured so that a potential hacker cannot know that it is my kid that has the food allergy. Yet, everyone from the camp counselor to the cook to the chaperons to the other kids will know about the allergy by lunch time as I seriously doubt that the counselor would have kids come behind a screen to pick the meals and then have eat separately to keep the information private.
This is where the legislation falls short: Why restrict it so much in its digital format yet, be lenient in the physical world. Also, if this data can be used to protect an individual, why make it so hard to access it and share it?
The dilemma is similar for adults. If I come to your class and a meal is involved, you are probably more interested in knowing my food preference rather than storing my allergy data. This is what the airlines do when you fly international: They ask you for your meal preference (diabetic) not if you are diabetic. A meal preference is not restricted data and you will be able to plan just as well, without the protected data headache.
"I don't want other people to know about my medical conditions so it should be secured"... I agree, I definitely would not want Pfizer to know about my medical history but in this case, we are no longer dealing with securing the data (I highly doubt that large medical labs try to hack databases to gain market shares by the way!!!) but information sharing and this is an entire different topic. In B2H, we don't share this data. End of the story. But do me a favor, if you are so private about your medical information, don't go to a triathlon forum posting your blood results and asking if you are anemic...consistency is good!
So what to do with restricted data?
The first step for any organization is to really ponder if there is a need to collect that data. For most business there should not be any needs. Truthfully, other than someone working in a medical field, I cannot see who would need to collect this data.
From a legal standpoint, I also hope that the legislature takes another look at the reach of the regulation. If protecting one's data is the prime concern (which I am quite comfortable with), then shouldn't there be much stronger restrictions on how that information can be transmitted in the physical world and how it should be audited?
And our software keeps on growing!
Given the way the software is growing, I may have to go to weekly reports rather than bi-monthly! As I have mentioned before, the summer is a key period for B2H as the universities are going to start using the cashiering features for a full fall release.
• Enhanced reports: When we released the online payment system for B2H, we developed our own reports. They work really well but we realized that we could use some flexibility and enhancements so this time around, for cashiering, we are using Crystal Reports. This move is for two reasons: First, it will simplify the formatting and display of the reports and seconds it will also facilitate the exchange of reports amongst our customers.
• Sections. We are trying to bring the most flexibility possible in how customers define their sales items. First we added Sessions and now we have sections! It actually greatly simplifies the management of sales items and makes it simpler for the end-users to figure what they want to purchase.
• Tiered-pricing has been slayed and in the midst of it, eligibility was also handled! When we go into support mode for the cashiering system in August, I hope we find some time to create a small video on how tiered-pricing and eligibility work as it is a key feature of B2H.
• Head Cashiers can handle voids in a much cleaner and simpler way. Hopefully they don't get to use that too often since voids mean refunding money for a same day transaction!
• Speaking of cashiering, we added a few security layers to the hardware. It's actually a fun exercise as it leverages some of the work we are doing with the B2H API. The API is also going to be an important element of B2H. It will enable our customers to move data freely in and out of B2H.
What's coming up for us in the coming weeks? Well, more reports, that's a given! Some cool news about Pims are around the corner. There is a trip to Chicago in the wings. Oh and a huge improvement on how waivers are managed!
Last but not least, our design group is keeping very busy. Not only have they done some subtle, yet awesome, changes to the main site (www.pyramedium.com), they are going to help an existing customer relaunch her website: Dog Gone Good Training is going to update its web presence!