SnapLogic Raised $165 Million, Twitter's Security Keys Implementation, So You Want to Be API-First?
The API Changelog issue 2021.50
This is issue 2021.50 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you'll get to know the most relevant API-related information from the week of December 13, 2021. Subscribe now, so you never miss an issue of the API Changelog.
Funding and M&A
Noname Security, an API security platform, raised $135M in a Series C round. Georgian and Lightspeed led the investment, with participation from Insight Partners, Cyberstarts, and Next47, among others.
Staircase, a mortgage API platform, raised $18M in a Series A round. Bessemer Ventures led the investment, with participation from RRE Ventures, Avid Ventures, and Clocktower Technology Ventures, among others.
Kevel, an API ad infrastructure platform, raised $10M in a Series B round. Fulcrum Equity Partners led the investment, with participation from Commerce Ventures, JARS Labs, and AperiamVenture, among others.
Cequence, an API protection company, raised $60M in a Series C round. Menlo Ventures led the investment, with participation from T-Mobile Ventures, Telstra Ventures, Shasta Ventures, and Menlo Ventures, among others.
Trellis launched a car insurance API platform. The platform is "the industry's first end-to-end API solution to enable consumers to instantly compare and purchase car insurance within a partner's app or website."
Kong announced five key tech predictions for the enterprise in 2022. Kong believes that in 2022 the adoption of vendor-neutral APIs will grow. Large organizations will be more prudent in their use of public clouds, centralized load balancers will disappear, Open Policy Agent will become a new standard, and there will be new Kubernetes strategies.
The New Stack reported five takeaways from Smartbear's recent State of Software Quality Report. According to the report, API adoption and development are becoming more established, the majority of organizations use different protocols, API QA and testing are getting more important, API standardization is the top challenge, and teams spend more time building interoperability.
Speedscale announced that they're making its API observability tool available to developers. "Speedscale SaaS platform is designed to enable DevOps teams to replay how calls are made between APIs and external mock services to make it easier to diagnose issues."
OFFISTRA announced the launch of their SEC EDGAR filings API. OFFISTRA says that their "experts have worked hard to develop the API, and now is the time to start offering the new service for our existing and potential clients."
Anna Oleksyuk wrote "The API Economy in Finance: Payoffs of Getting Connected." The article shows how critical it is for fintech companies to get connected to one another through APIs. Anna gives a few examples of successful companies and concludes that "to profit from BaaS and the open banking movement, you'll have to get your core in better shape."
The Payers ran an interview with Christian Schäfer from Deutsche Bank about what's next for the SEPA API Access Scheme. "SEPA API Access Scheme – the evolving ecosystem and what's next for the Scheme" goes through the different stages of the SEPA API and explores how the future will look like.
Fable Fintech announced the launch of an API hub to accelerate open banking adoption. The API hub "solution is designed for banks to offer an independent platform to its corporate banking clients and their ERP systems." Fable Fintech had recently raised a Series A round from Pentathlon Ventures and others.
Xero partnered with Investec to launch a digital bank feed. IT-Online reported that "this fully digital bank feed means that small businesses and their accountants can import their banking transactions automatically and securely, directly from Investec into their Xero organization."
Oryan Omer published "So you want to be API-first?" This thought-provoking piece goes through the different elements that make an API-first strategy. According to Oryan, going API-first has the advantage of minimizing dependencies, parallelizing development, speeding up the development cycle, having QA embedded at the design stage, and designing for reusability.
Hitesh Baldaniya, a Technical Architect at Contentstack, wrote "Four Principles for Designing Effective APIs." Hitesh starts by establishing the current reality and offers advice on what good API Design is. Designing APIs is an activity that, according to the author, should follow accepted standards, keep API responses easily understandable, secure APIs, and offer good support and documentation.
Security Boulevard published "Active Testing: Runtime Detection for Log4j Vulnerability in APIs." The article exposes how "APIs are both a new attack vector for the Log4j exploit, and attackers can extend their reach via APIs." It then shows how you can use the Noname API Security Platform to potentially detect Log4j vulnerability in your APIs.
InfoQ published "An Overview of Twitter's Security Key Implementation." The piece goes through Twitter's journey migrating from legacy 2FA to physical security keys. The article reports that "Twitter chose YubiKey 5 NFC and 5C NFC keys that support USB for laptops and NFC for Android or iOS mobile devices." According to Twitter, choosing Yubikey made the procurement and distribution of physical keys easy because they offer an enterprise API.
The New Stack reported how Neosec tied its API Security Platform to Kong's API Gateway. The article explains how Neosec's partnership with Kong offers "a complete enterprise-class solution for managing and securing APIs and microservices."