Google Merchant API, LG Acquires Athom, Twilio Authy Breach

The API Changelog issue 2024.28

This is issue 2024.28 of the API Changelog, a mix of API news, commentary, and opinion. In this issue, you'll get to know the most relevant API-related information from the week of July 1, 2024. Subscribe now, so you never miss an issue of the API Changelog.

News highlight

Twilio confirmed an unsecured API at Authy exposed phone numbers, increasing users' vulnerability to phishing and SIM swapping. They have now secured the API and urged Authy users to update their apps for improved security against potential attacks.

Twilio advised users to update the app due to an unsecured API endpoint that allowed hackers to access the phone credentials of millions of users. The hackers compiled the list by entering a large number of previously captured phone numbers through the unsecured API endpoint. Twilio reports that they have adequately secured the exposed endpoint and can stop unauthenticated requests. The latest versions of Authy are v25.1.0 on Android and v26.1.0 on iOS. Twilio is also addressing potential damage by exposing SMS data to the internet through an unsecured AWS S3 bucket.

See additional coverage on Android Police, heise online, the Mac Observer, Forbes, Security Boulevard, Android Authority, Microsoft Start, The Verge, and siliconAngle.

---

What are the steps to create a successful API product? Learn about it by reading "Building an API Product."

The book targets Product Managers and non-technical people who want to know what it takes to build API products.

If this isn’t the book for you, perhaps someone you know would like to learn from it. Share it with your contacts and help us spread the word.

Get a copy of the book now!

---

Announcements

Amazon API Gateway WebSocket APIs are now available in 7 additional AWS Regions, supporting real-time bi-directional communication. They are cost-effective, integrate with multiple AWS services, and can be implemented via various AWS tools.

IBM has finished acquiring StreamSets and webMethods from Software AG to enhance AI and integration capabilities. These acquisitions will strengthen IBM's application and data integration offerings, supporting clients in the growing integration software market.

Google released the Merchant API Beta, introducing sub-APIs like Data Sources, Notifications, and Products for enhanced e-commerce management. While not yet on par with the Content API, future updates and developer feedback aim to refine its capabilities.

Microsoft introduced the general availability of the Data API builder for Azure Cosmos DB, featuring REST and GraphQL connectivity. The open-source tool streamlines database interactions and supports cross-platform operations with extensive functionalities.

Deutsche Telekom will integrate LotusFlare's DNO™ Cloud to enhance its API offerings for its MagentaBusiness service. The partnership positions LotusFlare as a key player in assisting CSPs to monetize 5G networks. See additional coverage on PR Newswire, Morningstar, and Yahoo!finance.

Opendock, Loadsmart's dock scheduling software, partners with Qued, integrating scheduling across carriers' TMS and reducing complexity. This partnership enables streamlined carrier scheduling, offering a unified, automated process connecting Opendock's extensive network with carriers' management systems.

Mortgage Capital Trading (MCT) announced integrations with Fannie Mae's API and product grids, enhancing transparency and pricing in mortgage lending. These integrations allow for more precise pricing on MCT Marketplace and support Fannie Mae's affordable homeownership efforts.

Allianz Trade and BPL collaborate via APIs on Whitespace, a Verisk platform, to streamline data sharing in insurance. The partnership, enhancing data entry efficiency and market growth, is now operational with a scalable, standardized framework.

Meritz Fire & Marine Insurance signed an agreement with Retrust Co., Ltd. to share APIs, aiming to streamline insurance services across platforms. Retrust introduces InsureTrust, easing insurance sign-ups using blockchain, and Meritz will issue NFT insurance certificates for convenience and as digital keepsakes.

Source.ag introduces APIs for real-time data sharing from various sensors to their AI-driven greenhouse solutions. The collaboration with companies like Aranet enhances growers' capacity for efficient and sustainable operations. See additional coverage on Global AG Tech Initiative.

nShift Go Native allows e-commerce platforms and B2C marketplaces to provide their retailers with multi-carrier delivery options. This integration streamlines shipping processes and enhances customer choice.

MultiOn AI has launched the Retrieve API, enhancing web data extraction with natural language processing. It outperforms competitors and simplifies integration for developers.

AI

Elastic has launched its Playground to facilitate developers with proprietary data integration for improving large language model (LLM) accuracy. The Playground enables rapid A/B testing and iteration within its AI platform, aiming to reduce "hallucinatory" responses and accelerate generative AI development.

LG Electronics acquires an 80% stake in Athom, targeting smart home integration with plans for a total buyout. The collaboration sets to pioneer an AI-driven home ecosystem, leveraging Athom's versatile Homey Pro connectivity.

Salesforce AI Research proposes APIGen, a tool for creating reliable, diverse function-calling datasets for large language models. APIGen's rigorous, multi-stage verification process produces datasets that significantly enhance function-calling agent performance.

XTM International released XTM Cloud 13.7 with XTM AI SmartContext, promising improved translation quality and efficiency. AI SmartContext, leveraging GPT-3.5 Turbo, offers consistency and style in translations without manual effort.

Fireworks AI provides a platform for businesses to fine-tune existing AI models for integration into their operations, enabling customization at scale. The company differentiates by offering cost-effective access to a range of generative AI models, streamlining AI adoption from years to days.

South Korea's generative AI startup Liner launched a beta Academic Mode AI Search for sourcing reliable academic information. It plans a three-month trial in 220 countries to refine the service with user feedback.

Fintech

Ripple, a blockchain payments company, has launched a "Try It" feature for developers to interact with their APIs. The tool allows for testing without login or authorization, simplifying the integration and evaluation process.

This feature allows users to send simulated API requests and receive responses from a mock server without logging in or providing authorization tokens and also enhances the developer experience and streamlines the testing process by eliminating the need for API credentials. Developers can use the feature by visiting the API reference page, entering a string in the Authorization text field, editing query parameters, and clicking Send. The feature is currently live and will be enabled for the Ripple Payments Direct API reference pages soon.

See additional coverage on Cryptopolitan, FXLeaders, Coinspeaker, The crypto Basic, Crypto News Flash, and Bitcoinist.

The Commerce Commission has a preliminary view to conditionally authorize Payments NZ for an API partnership framework with banks and fintechs. The Commission believes the benefits, like lower transaction costs, might outweigh possible detriments if proposed conditions are met. See additional coverage on NZA.

Pacific Premier Bancorp, Inc. announced Pacific Premier Trust will switch its wealth system to SEI Wealth PlatformSM in early 2021. This will enhance operational efficiency and extend IRA custodial services.

PortfolioCloud enters the UK market in partnership with Seccl, offering API-driven advice tools for efficient portfolio management. The collaboration simplifies adviser workflows and leverages Seccl's technology to enhance investment management, aiming to transform UK retail financial services. See additional coverage on The Fintech Times.

The NFTScan team launched Bitcoin-Runes Explorer, bolstering NFT data searches within the burgeoning Runes ecosystem on Bitcoin. NFTScan's developer platform now offers APIs like "Retrieve Rune," streamlining product creation on the Bitcoin network.

Mashreq has fully integrated its online platforms with Aani for instant corporate payments, aligning with the UAE's National Payment Systems Strategy. These advancements reflect Mashreq's commitment to transforming the Middle East's payments landscape and digital future. See additional coverage on The Paypers, Fintech Global, and IBS Intelligence.

Circle enhances its Web3 services, adding Solana support to Programmable Wallets, and unveiling a Smart Contract API and Circle Credits Program. They've advised developers to migrate to a new contract query API by September 30, 2024, and launched a credits program to aid with Web3 service costs.

EtherDrops releases Bot API, broadening user access to key updates across multiple platforms, with future enhancements planned. The API, allowing tracking of wallets, caters to both individuals and businesses, offering a free plan or a subscribable option with greater capacity.

Security

Radware enhances its API Protection with an AI engine for real-time detection and mitigation of business logic attacks, supporting OWASP API 2023 coverage. The company's Global Threat Intelligence Analysis Report shows a 171% increase in malicious API transactions in 2023, impacting the retail and transportation sectors the most. See additional coverage on Security Infowatch, Stock Titan, AIThority, and quantisnow.

Gadget Software launches TopicLake Policy Alerts and the TopicLake Policy Insights API to simplify compliance with federal regulations. The products, powered by AI, provide timely updates and insights to aid organizations in navigating the evolving regulatory landscape.

---