Microsoft Partner API Deprecation, Tingit €500K, Wallarm AASM
Microsoft Partner API Deprecation, Tingit €500K, Wallarm AASM
The API Changelog issue 2024.35
This is issue 2024.35 of the API Changelog, a mix of API news, commentary, and opinion. In this issue, you'll get to know the most relevant API-related information from the week of August 19, 2024. Subscribe now, so you never miss an issue of the API Changelog.
News highlight
The updated Slack AI, developed by Salesforce, poses security risks due to vulnerabilities to prompt injection exploits, as per PromptArmor. The security firm warns that attackers can misuse this to access and exfiltrate private data, including documents from within Slack channels.
Security researchers have discovered a way to trick Slack's AI assistant into sharing sensitive information and secrets with unauthorized users. The AI tool, which allows users to summarize unread messages, answer questions, and search for files, can be tricked into sharing sensitive data from private Slack channels. Security firm PromptArmor reported the flaw to Salesforce, which has patched the bug. The attack involves creating a public Slack channel and inputting a malicious prompt, which the AI reads. The Large Language Model (LLM) responds to queries for the API key by providing a clickable URL and sending the API key data to the attacker-controlled website. Hackers can also use this vulnerability to grab files uploaded to Slack, as the AI reads files as well.
See additional coverage on Cyber Security News, SC Media, and techradar pro.
This issue of the API Changelog was crafted with the help of Flotiq.
Flotiq is an intuitive content management system for designing OpenAPI-compliant APIs, offering unparalleled extensibility to accelerate development with easy-to-use SDKs, comprehensive API documentation, and a user-friendly interface for seamless API and content integration.
Announcements
Microsoft is pushing partners to adopt its new API by September 30 to prevent service issues, with under 20% compliance thus far. The new asynchronous API improves billing reconciliation with faster downloads and reduced latency. See additional coverage on CNR.
S. Mobile has launched an API for efficient MTN data bundle distribution, targeting banks and fintech for better customer data management. The collaboration with MTN aims to increase financial inclusion and enhance digital service offerings, setting a new standard in data bundle distribution. See additional coverage on Punch and TechAfrica News.
Zattoo is set to debut Stream API, featuring tools like server-side ad insertion and playback SDKs, at IBC 2024. The firm emphasizes cost-efficiency, technology mastery, and the significance of a TV-as-a-Service API in the evolving streaming industry. See additional coverage on BroadcastPro, 4rfv.co.uk, and NewscastStudio.
DMTF and PICMG have integrated the IoT.x firmware specification into the Redfish standard, advancing plug-and-play Industry 4.0 systems. These Redfish extensions will allow for improved management of factory equipment and sensor networks through cloud platforms.
CNH Industrial integrates with CropX's farm management system, enabling data from farm machinery to enhance agronomic decisions. The partnership allows for efficient data-driven farm management, bolstering productivity and sustainability. See additional coverage on PR Newswire, nocamels, and CropLife.
Case IH launches FieldOps, enhancing remote management of farm operations through an app, and introduces Connectivity Included to eliminate subscription costs. The company also offers customizable Precision Tech Packages for aftermarket technology upgrades on equipment.
FedEx introduces new paid digital visibility products that provide near real-time shipment insights and predictive analytics. These tools merge current tracking with advanced data through webhook technology, helping businesses optimize post-purchase customer experiences.
Funding
Vilnius-based startup Tingit has secured €500,000 in pre-seed funding to digitize the repair industry, starting with fashion items.
The funding was led by Firstpick, with additional backing from BADideas.fund, PurposeTech, and Heartfelt Capital. Tingit offers a seamless platform that connects consumers with repair specialists, handling everything from service booking to payment and shipping. The startup plans to launch a Service Provider Gateway, allowing independent repair specialists to offer their services through the platform, and an API for easy integration into e-commerce sites. The startup aims to expand into new markets by 2025 and introduce repair services for sports goods, toys, and consumer electronics, driving sustainable consumer habits. With the funding, Tingit aims to educate consumers and help them create sustainable habits. The startup plans to expand to other countries and introduce additional industries such as sports goods, toys, and consumer electronics.
See additional coverage on ain, ArticStartup, and Be Beez.
AI
Anthropic’s Claude model now has an API prompt caching feature for cost-efficient and faster API calls across its versions. While the cache has a 5-minute lifespan, Simon Last from Notion affirms prompt caching has optimized its AI operations. See additional coverage on Search EngineJornal, VentureBeat, and Marktechpost.
ApyHub, an API platform, has partnered with SharpAPI, introducing AI-powered APIs to its catalog for multiple industries. SharpAPI's AI tools will enhance developer productivity by streamlining integration and addressing challenges in HR, Travel, E-commerce, and Marketing.
Cloudinary, a media technology platform, enhances its video API with AI features like Dynamic Overlays, Auto Transcription, and Auto Chaptering. These AI tools automate complex post-production, enabling efficient, customized video delivery at scale. See additional coverage on businesswire.
Google has made its HeAR AI model for analyzing health sounds available to researchers via Google Cloud API, promising advances in health monitoring. HeAR surpasses other models in pattern recognition within health acoustics, offering valuable potential for diseases like TB and COPD detection.
Nylas, a leading API platform for email and calendar integration, has introduced Nylas ExtractAI to structure inbox data for product enhancement. ExtractAI analyses emails via AI to create personalized experiences and automate workflows, now accessible in Nylas Sandbox for development. See additional coverage on MorningStar.
NVIDIA's new Mistral-NeMo-Minitron 8B language model delivers top-notch accuracy in a size that fits on workstations. This efficiency makes advanced AI tools more accessible and cost-effective for various organizations.
Anthropic has updated its TypeScript SDK to allow CORS-supported API calls directly from the browser. Despite security concerns, this facilitates direct browser integrations, exemplified by a Haiku app that converts photos into poetry using the user's API key.
Fintech and Crypto
Zil Money Corporation, a major B2B payment platform, offers businesses secure and cost-effective ACH payment services. The platform also facilitates brand cohesion and trust by allowing businesses to integrate Zil Money’s API for customizable payment solutions. See additional coverage on EinPressWire.
D24, a payments provider, partners with Yuno to simplify online transactions in over 60 countries. This partnership aims to resolve global payment complexities and support companies' expansion with enhanced payment solutions and support.
The Commerce Commission has conditionally authorized Payments NZ to collaborate on an open banking API framework, despite potential conflicts of interest. Authorization for the beneficial open banking project is granted for 18 months, addressing anticipated regulatory interventions.
GTreasury partners with Necto to improve API connectivity, expanding its ClearConnect Gateway in APAC with more banks. This integration aids CFOs with real-time financial data and enhanced decision-making capabilities. See additional coverage on GlobeNewswire, Fintech Futures, StreetInsider, and Fintech Global.
Upvest is integrating Deutsche Bank’s banking infrastructure to enhance its investment API with cash management, virtual IBANs, and FX services. European investment platform Upvest partners with BlackRock, securing €30 million funding, to make investing more accessible via its API. See additional coverage on The Paypers.
Security
SentinelLabs reports a new tool, Xeon Sender, abused for bulk spam SMS via legitimate APIs of providers like Amazon SNS and Twilio. Despite varied rebranding, the tool, prevalent since 2022, largely retains its original features for smishing campaigns. See additional coverage on The Hackers News and ITPro.
17% of A/NZ organizations adopted AI/ML from F5 to address API attacks, as real-time API protection becomes a priority. The report indicates security misconfiguration is a top concern in A/NZ, with API Gateways being crucial for security strategies. See additional coverage on intelligentCiso.
Check Point researchers discovered a lapse in operational security by cybercriminals using Telegram Bot API tokens to exfiltrate data. Exposure of these tokens led to the uncovering of the operators and customers behind the Styx Stealer malware and connections to the Agent Tesla campaign. See additional coverage on MSSP Alert.
Wallarm introduced AASM, a new agentless technology aimed at discovering, analyzing, and securing API attack surfaces. The solution spots all external APIs and assesses the adequacy of existing protection methods. See additional coverage on Backersfield.com, The Fast Mode, StreetInsider.com, and businesswire.