Gemini OpenAI Compatibility, Qpoint $4M, Ollama's Security Flaws
The API Changelog issue 2024.46
This is issue 2024.46 of the API Changelog, a mix of API news, commentary, and opinion. In this issue, you'll get to know the most relevant API-related information from the week of November 4, 2024. Subscribe now so you never miss an issue of the API Changelog.
News highlight
Cybercriminals are using the Docusign API to send fake invoices to corporate users, which appear authentic and may not trigger typical security defenses or user suspicions.
Researchers at security firm Wallarm discovered that attackers are creating a legitimate, paid Docusign account using the software that allows them to change templates and use the API directly. The campaign involves attackers taking advantage of Docusign's "API-friendly environment," which allows malicious actors to scale their operations. Researchers observed abuse of Docusign's "Envelopes: create API" to send automated emails to multiple users and recipients directly from the platform. The fake invoices use various tactics to lend authenticity to the scam, including offering accurate pricing for a company's products, adding expected charges, including direct wire instructions or purchase orders, and sending different invoices with different items. The attack vector may not be limited to Docusign, but other e-signature and document services could be equally vulnerable to similar exploitation tactics.
See additional coverage on msn, Security, Cyber Security News, Bleeping Computer, Security Boulevard, The Register, Forbes, SC Media, Information Security Buzz, KnowBe4, SecurityWeek, Security Boulevard, and techradar pro.
This issue of the API Changelog was crafted with the help of Theneo.
Unlock the future of API documentation with Theneo—trusted by over 12,000 companies. Theneo automates your API docs using advanced AI. Automatically update docs when your APIs change, stay ahead with automatic API changelogs, and support any type of API. Collaborate in real-time and create customizable docs that reflect your brand.
Announcements
Avalara has launched its E-Invoicing and Live Reporting solution for Workday users, providing compliance with global e-invoicing regulations. The Avalara ELR integrates via a single API on Workday, simplifying setup and maintenance to meet ever-changing e-invoicing mandates.
Vinesign today announced a new Public API to improve business efficiency by integrating e-signature solutions with existing systems. The API allows for automatic document sending from CRMs, ensuring security and boosting productivity.
Floworks' ThorV2 architecture has been developed with IITs, offering greater accuracy and cost-effectiveness for LLMs handling API calls. Their new model is touted to outperform even OpenAI's latest in speed, reliability, and efficiency.
Moshtix introduced a free Conversion API integration for enhanced marketing attribution and campaign tracking amidst stricter data privacy rules. This innovative service connects directly with platforms like Meta and TikTok, bypassing traditional cookie tracking and enriching reporting tools.
Epic has enhanced its APIs to provide developers with broad patient data access, aligning with USCDI v3 standards for better healthcare apps. The APIs are available through Epic's open.epic platform, showcasing their commitment to interoperability and facilitating over 500 billion data exchanges annually.
PDFRest has launched a suite of Prepress Preflight Print tools tailored for the commercial printing industry. The tools aim to streamline PDF workflows, ensuring print-ready quality and reducing production errors.
5G Americas publishes a white paper on the evolution of 5G to APIs and programmable networks, predicting significant revenue growth and enabling diverse as-a-service models. The report emphasizes that the service-oriented, API-driven architecture is key to versatile, scalable networks and new business opportunities for CSPs. See additional coverage on MorningStar and sdxcentral.
Funding
Qpoint secured $4 million during pre-seed financing to refine its product and address growing customer needs. The startup empowers platform teams with advanced eBPF technology for unparalleled insight and control over external app dependencies.
Groov, a platform developing orchestration for embedded lending, has secured £1.5 million in Seed funding led by Fuel Ventures. The investment will advance Groov's aim to bridge the $1.2 trillion SME funding gap with an innovative multi-product and multi-region lending platform. See additional coverage on Fintech Global.
Boulder-based start-up Tilled raised $12.5 million to expand and enhance their PayFac-as-a-Service offerings, collaborating with Handpoint for more card-present solutions. This funding increment boosts Tilled's total capital to nearly $40 million, fueling their remarkable 550% YoY revenue growth and broadening partnerships within the payments sector.
Emidat raised €4 million in a seed round led by General Catalyst to enhance environmental data for material labeling in construction. The platform aims to reduce embodied carbon in the industry by streamlining EPD creation and offering a data-rich API-accessible database.
AI
Ollama's AI framework exhibits six security flaws, enabling DoS attacks, model poisoning, and theft. Oligo Security found over 9,831 exposed Ollama instances, primarily in China and the U.S.
ElevenLabs released an API for its Voice Design tool, enabling developers to build apps with custom AI voices. Additionally, it launched 'X to Voice,' an open-source project to create unique voices from X profiles.
Anthropic's latest AI model, Claude 3.5 Haiku, improves upon its previous version with higher pricing yet lacks image analysis. The model boasts enhancements in text output and modern data reference but raises questions about the company's future pricing strategies. See additional coverage on Neowin.
Elon Musk xAI has debuted a public beta of its API, allowing integration of its Grok models into apps. The xAI API is priced higher than OpenAI's GPT-4 but offers model access and various developer tools. See additional coverage on Gadgets360.
SambaNova and Hugging Face have streamlined AI deployment, enabling button-click ChatGPT-like integrations for developers. This integration simplifies AI chatbot creation, facilitating rapid development while challenging enterprises to ensure effective, ethical AI use.
Developers can now access the latest Gemini models through the OpenAI Library, promising more compatibility to come. Google AI Studio introduces Grounding with Google Search in the Gemini API, also catering to Vertex AI Enterprise customers.
Fintech
Yuno has unveiled Payout to consolidate global payment operations for businesses through a single API. The feature simplifies multi-provider payment processes, allowing efficient worldwide fund transfers and operational enhancements.
The Consumer Financial Protection Bureau (CFPB) finalized an open banking rule mandating secure API usage over riskier screen scraping for data access. The rule limits third-party data use to what is necessary for service provision, with no exceptions for using deidentified data for secondary purposes.
GSMA and UK Finance have launched Scam Signal in partnership with UK mobile operators to curb payment fraud. The API-based Scam Signal, revealed by Vodafone UK, uses real-time data to detect scam-related bank transfers, cutting fraud by 30%. See additional coverage on telecoms.com and Fintech Magazine.
OnlineCheckWriter.com, powered by Zil Money, offers a customizable API for businesses to quickly launch branded financial services. The platform supports multiple payment options and has processed over $84 billion, serving nearly one million users globally.
Brankas integrates its open banking compliance solution with API suite and ADVANCE.AI's eKYC for streamlined adherence to regulations like Indonesia's BI-SNAP. Banks can now utilize Brankas' platform enhanced with ADVANCE.AI's tech to launch new products, ensuring compliance and reducing fraud.
US-based American Express has partnered with MX Technologies to offer customers enhanced control over their financial data sharing. The integration utilizes American Express' API and OAuth2 for secure, seamless digital banking experiences without sharing login credentials. See additional coverage on Crowdfund Insider.
Security
Imperva, a Thales company, highlights the urgency for retailers to address AI-driven cyber threats, with business logic abuse and DDoS attacks being the most prevalent. Retailers must implement robust security measures and strategies to mitigate these threats as increased holiday traffic amplifies risks.
The eFORT project utilizes its Intelligent Platform API to ensure seamless data exchange, enhancing energy grid resilience and cybersecurity. Ensuring interoperability, the API undergoes development for secure, standardized communication among diverse devices amid challenges like scalability and cyber threats.
APISentry, an API security platform, has launched a Startup Security Programme for African startups, offering up to $150,000 in credits. Eligible startups with MVPs can apply for the program, which also provides mentorship and support to bolster cybersecurity.
Cequence Security disclosed a 9.8 CVSS-rated vulnerability within a major food and drug retailer's IT network, affecting subdomains with sensitive data access. Attackers exploiting this could hijack AppDynamics' admin controls, jeopardizing customer data and operations integrity. See additional coverage on SecurityBrief.
Malicious JavaScript libraries in the npm repository aim to spread stealer malware to Roblox users via open-source platforms. Security researcher highlights supply chain vulnerability and advises developers to inspect code and confirm package names carefully.
Your blog always provides valuable insights! I appreciate how you stress the importance of user experience in API design. EchoAPI has been a great tool in helping me create APIs that prioritize usability.