Twitter API v2, The Future of Slack, OpenAI’s API generally available

This is issue 2021.46 of the API Changelog, a weekly mix of API news, commentary, and opinion. In this issue, you’ll get to know the most relevant API-related news from the week of November 14, 2021. Subscribe now so you never miss an issue of the API Changelog.

Highlights

Last week, Twitter was in the news because they made their API v2 the official programmatic interface to their platform. TNW published a great piece reporting Twitter’s official launch. Even though Twitter had made their latest API available since July 2021 under an “Early Access” label, this launch makes v2 their default API. Developers will now have fewer restrictions when accessing Twitter API, as reported by The Verge. Behind this release is Twitter’s interest in becoming a trustworthy platform, enabling third-party apps to flourish. ZDNet adds more to the story by sharing that Twitter is on its way “to building an open developer platform in public” and creating “opportunities for developers to monetize their innovation in the future.”

Slack introduced what they’re calling “flexible automation for everyone.” Their next-generation platform offers workflow integrations, the ability to attach metadata to events, easy-to-use app development tools, and deployment infrastructure hosted and maintained by Slack. It feels like Slack is investing considerably in enabling third-party app development. With this beta release, they want to own the entire Slack integration lifecycle.

OpenAI announced the general availability of their API. Initially available through a long waiting list, their GPT-3 API is now open to anyone. VentureBeat followed the story and reported that this release is possibly related to Microsoft since they had invested $1B in OpenAI in 2020.

Funding and M&A

Stytch, an API-first password-less authentication product, raised $90M in a Series B round. Coatue Management LLC led the investment, with participation from Benchmark Capital, Thrive Capital, and Index Ventures, among others.

People Data Labs, a company that offers a data-as-a-service API, raised $45M in a Series B round. Craft Ventures led the investment, with participation from Flex Capital, among others.

Ribbon Health, an API layer for health data on doctors, raised $43.5M in a Series B round. General Catalyst led the investment, with participation from a16z, BoxGroup, and Rock Health, among others.

Plug, a payment-as-a-service API, raised $2.7M in a seed round. Costanoa Ventures led the investment, with participation of Verve Capital, and Norte Ventures, among others.

Mastercard announced it has completed its acquisition of Aiia. Aiia is an open banking provider operating in the European market. With this acquisition, Mastercard will have access to a network of over 2,700 banks connected via Aiia’s APIs.

Netlify announced the acquisition of OneGraph. OneGraph is a GraphQL IPaaS. The acquisition will fuel Netlify’s solutions to decrease developers’ friction while integrating with external APIs.

Fintech

Defacto is a new startup that offers credit products through an API. TechCrunch reported that “companies are embedding Defacto within their own products so that their customers can access Defacto’s products.” Defacto recently raised €3M in a pre-seed round. Global Founders Capital led the investment, with participation from Headline, among others.

Corserv Solutions launched a “payment cards as a service API.” Key features of the solution include physical cards, virtual cards, fraud management, spend controls, and mobile wallets.

Alchemy, a crypto infrastructure company, launched a new tool to help NFTs go mainstream. Coindesk reported that Alchemy launched an “NFT API that can bridge assets like CryptoPunks with websites, social media, and other non-crypto-native platforms.” Alchemy recently raised $250M in a Series C round led by a16z.

API-first

Jayadeba Jena, Head of API Platform at PayPal, has been writing a playbook for API-first transformation at scale. The playbook is split into a series of articles. Last week, Jayadeba focused on the delivery infrastructure platform. He first shared an article that summarizes what the delivery infrastructure platform is and why you should care. He followed the article with a second piece that goes into all the tools and services that comprise the platform.

Ivan Letenko, a Lead Engineer at Infobip, wrote an article where he advocates focusing on the API-first process and not on the tools. In “Don’t go OpenAPI first, go API first,” Ivan shares that you should “think about your API as a product for other developers even if it’s an internal service.” He shares his journey at Infobip, where they manage more than 1,600 applications, and they see “no need to dive into the complexity of OpenAPI right away.”

Practice

John Philip wrote “5 Best Practices to Follow for REST API Development.” In John’s opinion, you should use an appropriate HTTP verb for various requests, use status codes and messages to handle responses, leverage API documentation, consider API versioning, and follow a common endpoint formatting.

Matthew Reinbold wrote “How to Improve an API Ecosystem with Mapping,” where he shares what the ten pillars of an API ecosystem are and how to create maps that represent the score of each of the pillars. The ten pillars are strategy, design, documentation, development, testing, deployment, security, monitoring, discovery, and change management.

Mukta Sharma wrote “What are Composite APIs?” This is an easy-to-read article where she explains that whenever “you send multiple calls to the server at once in a single API request and receive one response,” you’re interacting with a composite API.

Dânesh Hussain Zaki wrote “An Approach to Building Self-Healing APIs.” Dânesh starts by sharing that the everyday operational issues related to APIs are connectivity, security, rate limits, data errors, and versioning. He then explains how you can build APIs that heal themselves whenever there’s an issue.

Liam Forde wrote “Securing your webhook API — the 13 requirements you need to know.” In this article, Liam shares requirements across the CIA triad-confidentiality, integrity, and availability.

Frank van Wijk wrote “I want a mock API and change responses on runtime,” where he explains why you need a mock API and how you can dynamically change the mock responses at runtime. The article describes how to use a library written by the author where you can use scenarios in unit tests and a Storybook.

Enock Lubowa wrote “Why you need to use DTO’s in your REST API.” A DTO, or Data Transfer Object, is used to “carry data between processes to reduce the number of method calls.” Enock explains how the DTO approach can help you decouple the service layer from the domain layer.

Security

Security Boulevard published an article explaining how OWASP can address API security. The article claims that “what OWASP does is help raise awareness around API security challenges.” OWASP API Security Top 10 can help API practitioners navigate the possible threats their APIs face.

Toolbox published a piece sharing the five mistakes that developers often make with API security. Those five mistakes can, according to Toolbox, “cost organizations money, time, trouble, and damage in reputation.”

VentureBeat reported that “that there is a need for a much greater focus on API security across industries.” In 2022, 90% of all Web apps will expose more interfaces in the form of APIs than via human interaction. VentureBeat shares different vendors that offer API security services that are relevant at this point.