M2P Raised $52 Million, Postman Supports gRPC, the Complete API Security Checklist

Bruno Pedro
4 min readJan 24, 2022

This is issue 2022.03 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you’ll get to know the most relevant API-related information from the week of January 17, 2022. Subscribe now, so you never miss an issue of the API Changelog.

Funding and M&A

WealthKernel, a provider of digital investment services and infrastructure, raised $7M in a Series A+ round. XTX Ventures led the investment, with participation from Digital Horizon, and Big Start Ventures, among others.

Pinwheel, a payroll connectivity platform, raised $50M in a Series B round. GGV Capital led the investment, with participation from Upfront Ventures, TQ Ventures, and Kraken Ventures, among others.

Routefusion, a product expansion platform, raised $10.5M in a Seed round. Silverton Partners and Canvas Partners led the investment, with participation from Initialized Capital, and Haymaker Capital, among others.

Smartcar, a vehicle API platform, raised $24M in a Series B round. Energize Ventures led the investment, with participation from New Enterprise Associates, and Andreessen Horowitz, among others.

M2P, an embedded finance company, raised $56M in a Series C round. Insight Partners led the investment, with participation from Tiger Global Management, MUFG Innovation Partners, and Better Capital, among others.

Frain Technologies, a developer tools startup, creators of Convoy, raised $473K in a Pre-seed round. Rally Cap Ventures led the investment, with participation from Musha Ventures, Future Africa, and Aidi Ventures, among others.

Remotelock, a universal access control company, raised $17.8M in a Series B round. Unit Leader led the investment, with participation from Kozo Keikaku Engineering, and Iron Gate Capital, among others.

Orca Security acquired RapidSec, a Web security startup. According to VentureBeat, “RapidSec’s technology is expected to be integrated into the Orca cloud security platform by the second or third quarter of the year.”


Algolia, a search API platform, announced that Walgreens is starting to use its AI-driven search solution. Among other things, the search solution helps Walgreens “better tailor experiences for their consumers and predict the types of things people need,” said Bernadette Nixon, Algolia’s CEO.

Postman, an API platform company, announced the support of gRPC in beta. ProgrammableWeb reports that “Postman is highlighting auto-complete while composing messages as a way of speeding up testing,” which is enabled by the ability to understand the proto file.

API3, a blockchain oracle project, announced the release of beacon data feeds with Amberdata. According to ZDNet, “API3 is partnering with Amberdata, a leading provider of digital asset data and insights into blockchain networks, crypto markets, and decentralized finance, to empower immediate traction on Beacons.”

Deutsche Boerse, the German stock market exchange, announced that it’s expanding its analytics suite by launching the Eurex Open Interest Insights. According to Finextra, “The data is available via API or Web GUI in a daily t+2 subscription file for the most active Fixed Income and Equity + Index products traded on Eurex®.”


Mike Welsh wrote “API First Development using OpenAPI Generator.” In this article, Mike explains how he broke a monolith and then guides you into the process he followed to manage different API definitions. Additionally, he shows you how you can use the API Evolution approach to achieve those goals.

Pratham Tamhan wrote “Architectural Constraints of RESTful web services.” Pratham explains in detail what the architectural constraints are. From the “stateless” to the “uniform interface” constraint, the article gives you plenty of information to understand what the Design principles of REST are.

Roman Kyslyi wrote “Good API design, bad API design.” In this article, Roman describes the differences between what he considers a good and a bad API Design and shares examples that you can follow.


Fernando Doglio wrote “API vs Microservices — Are you using 2 terms for the same concept?” This article disambiguates two terms that are often used to represent the same thing. Fernando shares the differences between APIs and microservices and concludes that they’re not the same thing, but they work very well together.

Kashyap Deorah wrote “The Power of An API.” In this piece, Kashyap takes you back to the early days of APIs and shares a story of how he managed to deliver a great product thanks to an API.

Bill Doerrfeld wrote “When to Use API Management and Service Mesh Together.” Bill shares four reasons why you should combine API management with service mesh. Bill shares that “adopting both API management and service mesh may be overkill for some scenarios.”

Karl Baumgarten wrote “How automating API Integrations benefits your business.” In this article, Karl shares his view on why the automation of API integrations can help you grow your business.


Eyal Katz wrote “The Complete API Security Checklist.” This article is a list of what Eyal considers the complete API security checklist. From OWASP threats to SQL injections, you have seven items to help you check the security of your API.

Sierra Mitchell wrote “What Happens to My Organization If APIs Are Compromised?” Sierra interviews Michael Isbitski, technical evangelist at Salt Security, and explores the topic of API security. According to Isbitski, “Attackers abuse APIs with brute-forcing and credential-stuffing techniques with the goal of compromising user credentials or account takeover.”