When my smartphone plays a certain tune in the morning, I know it's time to set out for the bus. If I dawdle on the way, the phone vibrates and I quicken my step a little. As always, I arrive at exactly the same time as the bus at the bus stop, and just g et on. This also works without a hitch if the bus is late.

Is this what the future of a Smart City looks like? But why future? Such an app is relatively simple and can be written in the course of a weekend. And all the data is available; the buses are equipped with GPS and transmit their current position to the bus coordinator in real time. But, how does the app access this data?

More than the sum of its parts

The three magic letters are API, which stands for Application Programming Interface. APIs make it easy for data and functions to be made available to other users. These users can then combine different data sources to generate services or other data that is more than the sum of its parts.

The concept of an internet-based API became popular in the dotcom era 20 years ago. APIs were also the focus when Jeff Bezos transformed his online department store Amazon into a technology company in 2002. Not only did Bezos demand of his developers that in future all Amazon software must communicate via API (otherwise they would be "fired"), but he also insisted that these APIs be accessible both internally and externally ("without exception"). This – among other things – was how Bezos paved the way for Amazon to become three times larger than its competitors as a cloud service provider.

APIs are not the problem

Many people are exceedingly critical of APIs. Just a short time ago, they were at the heart of the incident involving Facebook and Cambridge Analytica. Here Facebook gave access to user data via an API to some 60 partners. These partners were able to read personal information about Facebook users who had given their consent, and what’s more, they could read the data of the friends of the users, and of the friends of the friends. In my view, the crux of the matter is not that Facebook provides data via an API, but rather to whom Facebook offers which data. In general, we need to keep a careful eye on APIs.

Not just for large companies

Swiss authorities, cantons and cities are currently in a frenzy of digitization, considering which innovations would make their citizens happy and launching new tasks forces and strategies (see the Smart City strategy of the City of Zurich, in German).

However, shaping the future is not the core competence of an administrative body. The authorities should focus instead on how access to their data store can be regulated sensibly and securely. Which data can be made available (in real time!) to interested third parties? How are data protection, access frequency and write permission regulated? Which data is public, which data can be accessed with special authorization, and which is off-limits?

We shouldn’t just entrust data – as is all too often the case – to powerful large companies; we must also make it available, via API, to small companies and individuals. Because real innovations often happen on a small scale. I’m sure that ETH students would enjoy developing apps that make good use of the data. The authorities should help enable a variety of innovative concepts to emerge. For then we'll get Smart City too – as I get my bus.

Editor’s note:this article was originally published by ETH Zurich and republished here with permission.

The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.