Discover more from The API Changelog
Fidel API Raised $60 Million, New Relic Partners with Postman, GitHub OAuth Leak
The API Changelog issue 2022.15
This is issue 2022.15 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you'll get to know the most relevant API-related information from the weeks of April 4, 2022, and April 10, 2022. Subscribe now, so you never miss an issue of the API Changelog.
Funding and M&A
Fidel API, a financial infrastructure platform, raised $65M in a Series B round. Bain Capital Ventures led the investment, with participation from QED Investors, and Nyca Partners. See additional coverage on TechCrunch.
Corsha, an API identity and access management platform, raised $12M in a Series A round. TenEleven Ventures and Razor's Edge Ventures led the investment, with participation from 1843 Capital. See additional coverage on Technical.ly, and VentureBeat.
SmartBear has acquired Pactflow, an API contract testing platform. According to the announcement, "The addition of Pactflow and Pact, solves the complex challenges of testing microservices and API integrations that companies face as they accelerate cloud-native application development and digital initiatives."
Alphadoc, an API documentation startup, raised an undisclosed amount in a Pre-Seed round. Dimebox, Founda Health, and Spryng, among others, participated in the round. Job Rietbergen, the co-founder of Alphadoc, announced the investment.
Singapore announced that it has started the development of a maritime API marketplace. "The Open/Common Exchange And Network Standardization Application Programming Interface (API) eXchange (OCEANS-X) platform will be a common marketplace for data consumers, providers, and app developers."
Frain, a fintech startup, announced that it's building an open-source webhooks service. The service is called Convoy and is an out-of-the-box webhooks infrastructure solution. According to the announcement, "Convoy allows companies to ship APIs faster and have one less infrastructure component to worry about."
New Relic announced the release of API Monitoring with Postman. New Relic partnered with Postman to launch "a two-way integration to empower developers to monitor the functionality and performance of their APIs." See additional information on how to use the integration.
Cequence Security announced a partnership with Software AG. The partnership consists of the integration of Cequence's API Sentinel with Software AG's webMethods Gateway. According to the announcement, "The Cequence API Security Platform complements and extends the webMethods capabilities with holistic API attack surface area discovery, misuse and attack detection and is the only solution available that natively mitigates API attacks in real-time."
AWS announced the release of Lambda Function URLs. The new feature bypasses Amazon API Gateway to allow Lambda Functions to be exposed via HTTP. According to the announcement, "each function URL is globally unique and can be associated with a function’s alias or the function’s ARN, implicitly invoking the latest version." See additional coverage on Security Boulevard, and the DEV Community.
Pinterest announced the release of its API v5. The new API version lets developers build separate applications and will finally be open to anyone. Previous versions were limited to Pinterest partners only. According to the announcement, "The new API includes Shopping, Content and Analytics elements, which will enable all new functionality within third-party apps and tools, providing more ways to manage and maintain your Pin presence." See additional coverage on Adweek.
Rory Blundell wrote "Six Things You Should Know About the Financial-grade API (FAPI) specification." In this piece, Rory introduces the FAPI specification and explains why it's important in the context of financial services. According to the author, "FAPI strengthens security by mandating the use of specific, safe processes that improve interoperability and allow for the acceleration of secure digital systems to enable open banking."
Signature Bank, a full-service commercial bank, announced the release of an API to initiate real-time Fedwire transactions. According to the announcement, the new feature "enables Signet clients to execute both Signet blockchain and traditional Fedwire payments through one API, providing clients with greater flexibility in automating treasury management workflows via Signature Bank’s integrated payments service."
CIOApplications published "Major Challenges of Designing API-Driven Experience." This article shares the common challenges that organizations face while adopting an API-first development strategy. According to the article, the most common challenges are related to scale and infrastructure costs.
John Vester wrote "Exploring the API-First Design Pattern." In this article, John shares how the API-first approach can be compared to their approach to writing. The author then shares the common traits of the API-first Design Pattern with a step-by-step example using Kong Insomnia.
Labrhabr published "API Lifecycle Best Practices." This piece explores how an API Lifecycle can be designed to provide the best results. The author asks several questions to help understand what influences the success of an API. According to the author, "The API journey goes through many steps, but your delivery process should encompass all these phases to be truly agile, stable and profitable as well as meet the needs of your clients and partners."
Nick Stockton wrote "Automation and The Future of Coding." In this article, Nick asks how and when will automation take over the job of developers. The author shares a few examples of existing services that can already replace humans in the craftsmanship of software.
George Sequeira wrote "Zapier: The $5B Unbundling Opportunity." This piece explores the way Zapier grew into a $5B company and how its different areas can be decomposed into separate products for different verticals. According to the author, there's a latent business opportunity in unbundling Zapier. "As a large horizontal platform with a growing number of users, there are clusters of Zapier users in need of focused alternatives."
Maxime Topolov wrote "How does the rise of APIs boost no-code adoption in the world?" The author starts by explaining why there is a rise in the API-first approach, and then goes on to draw a parallel between APIs and no-code products. Maxime believes that "by leveraging APIs of existing products and no-code and low-code platforms, you’ll be able to build unique experiences."
Truong Nguyen wrote "HTTP/2 and GRPC: The De Facto Standard for Microservices Communication." This article covers different API architectural styles and how they compare to each other. In particular, the author highlights how HTTP/2 and gRPC are "totally suitable for high performance, reliability, and robust microservices' communication."
Christoper A Perez wrote "An Amateur Approach to JSON Mock Server and Local Data Storage for API Testing." In this piece, Christoper shares the experience of using json-server to quickly create an API from an existing JSON document.
Charles wrote "Understanding APIs using JSONplaceholder." This article explores the use of JSONplaceholder to show how an API can be used. "JSONplaceholder is a simple and free fake API." The author uses Postman to demonstrate how to make the requests to the fake API that JSONplaceholder provides.
Satyen Kumar wrote "Everything You Wanted to Know About GraphQL (But Were Afraid to Ask)." In this article, Satyen shares their view of GraphQL, its advantages, disadvantages, and how to compare it to the REST approach. The author defends that "the core difference between GraphQL and REST APIs is that GraphQL is a specification, a query language, while REST is an architectural concept for networked systems."
Lindsey Benson wrote "How to Create Your First Node.js API: Step-by-Step Guide." This article is a HOWTO that guides you into the creation of a Node.js API from scratch. The author covers topics such as setting up the Node.js project, and configuring your API routes.
Aditi Lonhari wrote "Designing APIs." In this piece, Aditi shows you an approach to designing APIs. The author splits API Design into the steps of coming up with a description, creating a diagram, writing a definition, and producing documentation.
The Hacker News published "GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens." This piece covers the breach detected by GitHub involving the stealing of OAuth tokens from third parties. GitHub itself disclosed the attack vector mentioning "that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm." See additional coverage on Bleeping Computer, and Security Week.
Dan Moore wrote "The complete guide to protecting your APIs with OAuth2." This piece covers all the details related to OAuth2 and how it provides security protection to your APIs. The author shares that "While OAuth can be complex, it handles numerous use cases. You separate out the concern of authentication to a specialized component, while using a standardized temporary credential (the token) in the rest of your system."
Bleeping Computer reported that "GitHub can now auto-block commits containing API keys, auth tokens." The report mentions that "Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning."
Edward Roberts wrote "The Cost of Innovation: Are New APIs Compromising Security?" In this article, Edward shares how APIs can compromise security and how a solution can be achieved by balancing innovation with security.