The API Landscape, Twilio Ventures, Is GraphQL Meant to Be Exposed over the Internet?
This is issue 2021.49 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you’ll get to know the most relevant API-related information from the week of December 6, 2021. Subscribe now, so you never miss an issue of the API Changelog.
Highlights
Platformable and APIdays launched the API Landscape. The landscape features more than 1,000 products distributed across categories such as IPaaS, API Lifecycle, and Backend Building Tools. In addition, you can add your product to the landscape, so it’s not a static directory.
Marc-André Giroux, a Platform Interface Engineer at GitHub, published “Response to ‘GraphQL is not meant to be exposed over the internet’.” As the title indicates, the article is a direct response to “GraphQL is not meant to be exposed over the internet.” Marc-Andre argues that the original article doesn’t expose the right reasons and disagrees with its author.
Funding and M&A
AdeptID, a talent matching API provider, raised $3.5M in a Seed round. Zeal Capital Partners led the investment, with participation from Better Ventures, and JFF’s Employment Technology Fund.
AgentSync, an insurance API company, raised $75M in a Series B round. Valor Equity Partners led the investment, with participation from Tiger Global Management, Nine Four Ventures, and Craft Ventures, among others.
Gadget, a developer productivity startup, raised $8.5M in a Seed round. Sequoia Capital and Bessemer Ventures led the investment, with participation from Greg Brockman from OpenAI, Koen Koppen from Klarna, and Solmaz Shahalizadeh from Shopify, among others.
Mambu, a banking API provider, raised €235M in a Series E round. EQT Growth led the investment.
Mnemonic, a B2B NFT API platform, raised $4M in a Seed round. Kenetic led the investment, with participation from Tribe Capital, Sound Ventures, and Coinbase, among others.
Belvo, an open finance API provider, raised a Series A round. Visa was the only investor on the round of an undisclosed amount.
Twilio launched its investment arm. Twilio Ventures is “a $50 million fund created to invest in companies using Twilio or those who are working on innovative adjacent ideas.”
Announcements
PandaDoc launched its API portal. PandaDoc for Developers to make it easier to “build and integrate customizable document workflows and eSignature capabilities into products, applications, and websites.”
Apiwiz, a low code APIOps platform, announced their partnership with Tonik, a Philippines online bank. “The partnership marks a milestone in how digital banks can streamline the process of developing, building, and running APIs to boost financial inclusion and offer solutions for unbanked communities.”
GCN reported that “the General Services Administration is creating an authentication service for Cloud.gov and other agency customers.”
Resto has been announced as “a CLI app that can send pretty HTTP & API requests with TUI.”
Fintech
The Paypers ran an interview with Deeptasree Mitra from Deutsche Bank to understand how they see Open Banking in Germany. “Open Banking in Germany: Deutsche’s perspective” mentions the challenges that Germany faces and how APIs are the key to enabling Open Banking innovation.
Finews published “How APIs Increase Transparency Within Payment Transactions.” The article defends that APIs can help with activities that increase transparency such as liquidity threshold alerting, liquidity reporting, and blocked payments notifications.
Practice
Ravindu Rashmin wrote “gRPC — Why, What and How.” In the article Ravindu explains what gRPC is and when does it make sense to use it.
Ethan Roberts published “Here are some ways to use Google Search as an API.” In this piece, Ethan explores different ways to use Google’s search API. Options include Google’s Programmable Search Engine, the Custom Search JSON API, and RapidAPI’s Google Search API.
Supakon wrote “How to use random values in Postman.” The article goes through Postman’s request examples and shows how to add random values to responses.
Liam Forde, Founder and Head of Product at Hookie Solutions, published “The 4 use cases for webhook API.” The use cases that Liam mentions include data synchronization, process automation, and improving the intelligence of your business.
Jason Byrne, CTO at Echelon Fitness, wrote “POST vs PUT vs PATCH: Make the right Restful API decision.” In the piece, Jason explains what are the differences between HTTP POST, PUT, and PATCH and when to use each of the different verbs.
Code With Travel wrote “How to implement API Authentication with JSON Web Tokens and Passport.” The how-to shows you how to start from scratch and have a fully working API authentication with JWT.
Holly Cardew published “Powering Everything: Why APIs Are The Future.” The article has a focus on e-commerce and explores how APIs are the catalyzer to better experiences.
DevOps Online wrote “Digital businesses transformation to be driving the adoption of APIs.” The piece focuses on adoption statistics and concludes that “it is vital that DevOps leaders encourage the best talent available to join and remain with their organization.”
GigaOm published “The Benefits Of A Performance Benchmark For API Management.” In this article, Phil Scoble shows how having high-quality API management can offer business benefits.
Holly Stotelmyer, a Software Engineer at PayPal, wrote “Using Documentation-Driven Design to Guide API Decisions.” In the article, Holly explains what documentation-driven design is and how it can help you make informed API decisions.
Security
iLounge published a basic guide to securing mobile APIs. The guide mentions the steps that you should follow to secure your mobile APIs. According to iLounge, you should build security into every step of your development process, protect any connected accounts with strong authentication, and also any used backend services.
Jonathan Greig, a Staff Writer at ZDNet, published “GraphQL API authorization flaw found in major B2B financial platform.” The piece reveals that Salt Labs discovered a vulnerability related to GraphQL that would let attackers “submit unauthorized transactions against customer accounts and harvest sensitive data.”
Security Boulevard published “Is your security testing ready for the API-first era?” This piece goes through several tools that can help you with your security testing activities.
Bill Doerrfeld considers that not taking good care of your APIs can lead to security threats. Bill wrote “API Sprawl a Looming Threat to Digital Economy” where he comments on the negative impact that APIs can have when not managed correctly.
VentureBeat published “Nearly two-thirds of orgs lack basic API security.” The article mentions how problematic GraphQL APIs can be and why not having a security strategy can be a threat.
