Salt Security Discovered OAuth Flaw, OVHcloud IAM, Threads API
The API Changelog issue 2023.44
This issue of the API Changelog was crafted with the help of Zuplo. Make your business API-first with the first-ever edge API Gateway that's multi-cloud ready.
Zuplo is the only API Gateway that runs your OpenAPI definition directly. If you care about high-quality developer documentation, API analytics, and zero configuration deployments, give Zuplo a try today.
This is issue 2023.44 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you'll get to know the most relevant API-related information from the week of October 23, 2023. Subscribe now, so you never miss an issue of the API Changelog.
BlueBox Systems, an air freight tracking company, announced the data they provide is integrated into Siemens' AX4 logistics platform. According to the announcement, “Through the API solution, both applications can communicate independently and exchange data in real-time.” See Airports International for additional coverage.
SpiderRock Gateway announced SpiderStream over MLink, a new, highly scalable API that offers seamless access to live, in-depth option pricing analytics and U.S. market data. See additional coverage on bakersfield.com.
Jay Peters reported that Slack discontinued their integration with X. The official feature which allowed you to receive Slack notifications of new X’s posts has gone. According to the report, the latest changes in X’s API were at the origin of retiring the integration.
OpenAI announced its AI Preparedness Challenge. Their goal is to minimize the risks of AI as new models evolve. According to the announcement, they “will offer $25,000 in API credits to up to 10 top submissions, publish novel ideas and entries, and look for candidates for Preparedness from among the top contenders in this challenge.”
Threads announced that they are working on an API for developers. However, there are concerns about a potential increase in publisher content versus creator content. An API and third-party app ecosystem will provide alternative ways to explore the network. See additional coverage on Bollyinside, Head Topics, PC, and Businessworld.
Funding and M&A
Pier-Jean Malandrino published “Architecture Patterns: API Gateway.“ The author starts by defining what an API gateway is before going deep into features such as request routing and security. According to the article “an API Gateway can prove invaluable in achieving scalable, secure, and efficient system interactions.”
Thinkitive published “What is API Testing? Why is it Important?“ The article explains the importance of API testing. It also showcases the different types of testing you can perform and compares several API testing tools, including Karate, Jmeter, and Postman.
David Lambert wrote “APIs have usability, too!“ The article draws a parallel between application User Experience and the way developers interact with an API. According to the author, usable APIs should be discoverable and predictable to be considered usable.
Deepa Goyal presented “What API Product Managers Need.“ at the QCon Plus conference. The presentation shows the different facets of API Product Managers and helps attendees learn what’s needed to build successful API products.
Ars Technica published “Reddit finally takes its API war where it belongs: to AI companies.“ The piece shows how Reddit has been increasing the price of its API to demotivate consumers from misusing data from the platform. Additionally, it covers that Reddit is in conversations with major AI firms to get a price on the data they use. See The Verge for related coverage.
ZenML positions itself as an alternative to API-based AI services. Their thesis is that services such as the one provided by OpenAI won’t be practical for many companies. Instead, they’ll want the type of services that they can run locally, like the ones provided by ZenML.
Sergey Dudik wrote “Nginx and Keycloak: A Perfect Pair for Gateway Security.” In this article, the author explores the differences between authentication and authorization and shows how you can configure Nginx to use Keycloak to manage identity and access.
Lindsey O’Donnell-Welch reported that a stolen credential from Okta led to a breach that affected some of their customers. Affected customers included BeyondTrust and Cloudflare. According to the article, “Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it.”
Salt Security reported a flaw in the OAuth authorization protocol that attackers can use to take over accounts on popular services. According to the report, Salt Security found that Grammarly, Vidio, and Bukalapak, among others, were affected by the issue. The report also details how attackers can take over accounts by explaining how the OAuth protocol works. See Silicon Angle and Yahoo! Finance for additional coverage.
Secure banking APIs and FinTech are revolutionizing the financial industry. This article discovers how secure banking APIs are.