The authors present the design, implementation, and evaluation of an API for applications to control a Software-Defined Network (SDN). Their API is implemented by an OpenFlow controller that delegates read and write authority from the network's administrators to end users, or applications and devices acting on their behalf. Their API serves well as the next layer atop current SDN stacks. Their design addresses the two key challenges: how to safely decompose control and visibility of the network, and how to resolve conflicts between untrusted users and across requests, while maintaining baseline levels of fairness and security. Using a real OpenFlow testbed, they demonstrate Their API's feasibility through microbenchmarks, and its usefulness by experiments with four real applications modified to take advantage of it.