AWS Data Exchange for APIs, How to Protect Your APIs, APIs Aren’t Just for Developers

This is issue 2021.48 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you’ll get to know the most relevant API-related information from the week of November 29, 2021. Subscribe now so you never miss an issue of the API Changelog.

Funding and M&A

Upbound, a multi-cloud management startup, raised $60M in a Series B round. Altimeter Capital led the investment, with participation from GV, Intel Capital, and Telstra Ventures.

Telr, a payment service provider that operates in the United Arab Emirates (UAE) and Saudi Arabia, raised $15M in a post-Series A round. The investment was made by Cashfree Payments.

Victor, a fintech API company, raised $6M in a Seed round. MVB Edge Ventures led the investment.

Centra, a headless SaaS e-commerce platform, raised €10M in growth equity funding from Verdane.

Announcements

Zendesk announced their new Help Center Unified Search API. The new API makes “programmatic search across multiple content types easier,” reveals Gorka Cardona-Lauridsen, a Zendesk Product Manager.

InfoQ reported that AWS Step Functions gained integrations with over 200 services. AWS Step Functions is a low-code visual workflow service. The number of integrated services grew from 17, to increase the variety of workflows that can be configured.

TechCrunch shared that AWS launched Data Exchange for APIs. The new product “lets you access AWS software development kits (SDKs) and use AWS authentication and governance tooling to access and update third-party APIs in this automated way.”

Travel Pulse reported the launch of Hotelbeds Compass Pro Service. Travel Pulse shares that “Compass Pro offers API clients the ability to understand data easier, so they can use it in more impactful ways.” Hotelbeds is a Spanish company that offers APIs to connect different players in the hospitality industry.

Finextra wrote about the release of DueDil’s Ultimate Beneficial Owner API. The new API will “improve onboarding speed and customer experience, whilst vitally mitigating regulatory, financial, and reputational risk.”

Fintech

Crypto API company 0x expanded their partnership with Celo to distribute $4.5M to the DAO ecosystem. Cointelegraph reported that the announcement “follows an agreement penned in mid-November between the two firms to integrate a zero-cost 0x API functionality on the Celo blockchain to enhance the experience of DeFi developers.”

FX trading database FlexTrade integrates Tradefeedr’s data analytics API. “The integration allows clients to review their trading mark-outs, impacts, and spreads directly with liquidity providers within FlexTRADER EMS,” according to FinanceFeeds.

FinLync, a provider of banking APIs, partners with Standard Chartered. The partnership “will allow corporates to make decisions faster, more frequently, and based on more-precise information,” announced Standard Chartered. FinLync recently launched the first corporate bank API catalog.

API-first

digitalML wrote an article explaining how non-developers use APIs and why that is important. “APIs aren’t just for developers” defends that “adding business and product stakeholders to the API lifecycle provides the next opportunity to accelerate digital strategy.”

The Hacker News published a piece on “ensuring visibility across the entire API lifecycle.” The article makes the case that there are different visibility layers that must be revealed. API anomalies, traffic, schemas, and inventory, are examples of the types of visibilities to care about.

Chathura Ekanayake, a Software Architect at WSO2, wrote, “Does my organization need API management? What to expect from it?” Chathura goes through different elements of API governance such as security, usage control, insights, and ecosystem management.

Kemal Payza published “API-First Approach to Fintech.” In the article, Kemal goes through the benefits of APIs and explains how fintech would benefit from an API-first approach. Kemal also states that “most companies need APIs, but the number of companies offering an API is not very high.”

Practice

Raman Sharma, VP of Product Marketing at DigitalOcean, published “Twilio — Intentionally Clever or Accidentally Genius?” In the article, Raman argues that Twilio’s “Ask Your Developer” slogan “is essentially an appeal to a non-developer person who may be in a decision-making position.” Raman thinks Twilio’s branding is a good example of virality, urgency, and philosophical belief that product-led companies should follow.

Anand Bhaskaran, a Senior Software Engineer at Beekeeper, wrote “No-code serverless Rest-API with AWS and Dynamo DB.” In the article, Anand explains how to create an API that connects to your Dynamo DB.

Wundergraph wrote “Namespacing for GraphQL: Conflict-Free merging of any number of APIs.” The article shares tactics to successfully merge different APIs by using namespaces.

Epic Programmer published “Fetching Data from GraphQL APIs with Apollo React.” The piece is a step-by-step guide on how to connect your front-end to a GraphQL backend.

Joyce Lin, Head of Developer Relations at Postman, wrote “Dynamically create custom environments with code.” Joyce explains how you can create Postman environments programmatically and generate a “Run in Postman” button for your API.

G. Nervadof wrote “Monitoring API Call Retries.” The article explains what you can do to get better at understanding your API calls using Datadog.

Cengkuru Michael wrote, “How to easily build an API from a CSV file.” In this piece, Cengkuru shows you how to transform a CSV file into an API using Retool.

Alfredo de Candia, the author of “Mastering DeFi,” wrote, “How to Import Crypto APIs into Excel.” Alfredo shares a step-by-step guide on how you can get live financial data into Excel using public Crypto APIs.

Security

Kyle Alspach, writing for VentureBeat, reports on AWS release of enhanced cloud vulnerability management. In addition, AWS announced several features for automating vulnerability management. Among those features is the Amazon CodeGuru Reviewer Secrets Detector, and the calculation of a contextualized risk score with Amazon Inspector.

Caleb Olojo, a front-end developer and technical writer, wrote, “How To Protect Your API Key In Production With Next.js API Route.” The article is a step-by-step guide explaining how you can ensure that you are not leaking API keys through browser developer tools.

Francois Lascelles, a Distinguished Engineer at Broadcom, published “How to Protect Your APIs from OWASP API Security Top Ten.” Francois goes through different OWASP concerns and shares his thoughts on how you can protect your API from them.

Helga Labus, a news editor at Help Net Security, wrote “API security awareness: The first step to better assessing the risk.” The article shows how API security awareness can help companies fight existing and new threats.

Emma Chervek, editorial assistant at SDxCentral, published “Cisco APIClarity Eases Dev-Sec Tensions Over Shifting Left.” In the article, Emma shares how Cisco APIClarity can increase your API visibility and help prevent attacks.

Ronan Mahony shares what according to him are the “Biggest API Security Attacks of 2021.” Among the attacks mentioned by Ronan, you can find the Parler API hack, the Clubhouse leak, and the LinkedIn breach.

Tim Mackey, Principal Security Strategist at the Synopsys Cybersecurity Research Center, asks “Are APIs Your Weakest Security Link?”