In Other API Economy News: Bullet Streaming Query Engine, Bot Defense for APIs and More

Today we offer a review of the stories we couldn’t cover with a look at what what going on in the world of APIs. We start off with news that Yahoo is open sourcing Bullet, a new streaming data query engine that lets users run ‘look-forward’ queries. Most streaming engines such as  Splunk, Logstash/Elasticsearch, and others need to cache, or look back, at the data already collected but Bullet allows you to query data after you submit the query, thus allowing you to act on data that has yet to arrive instead of on previously collected data. Bullet was designed to not use a persistence layer. While this design choice keeps it light weight, it also means that queries cannot be repeated on the same data, repeated queries instead run on new data arriving after that submission. The engine is multi-tenant and includes a RESTful API. Bullet is open-sourced and currently available on Github.

We’ve seen in the past how bots can be behind numerous types of attacks such as the one on the Pokémon GO API last summer. As was the case then and in many other attacks, the bot targets the API servers behind the application or website. Now Distil Networks, a company specializing in bot detection, has released a suite of products aimed at protecting these servers. Their Bot Defense for API product looks to verify traffic to API servers and mobile app APIs to ensure that an authorized human is trying to gain access. The solution uses what Distil calls a Hi-Def fingerprint that relies on over 200 device attributes in order to prevent API exploitation through the website. If an API call lacks a valid fingerprint, the request is blocked. A mobile SDK is also included to place bot detection capabilities inside mobile apps.

Lastly, Facebook announced the latest updates to their Graph APITrack this API. On October 16, version 2.10 will require an access token to Fetch Page videos, posts and comments for all Graph API versions. The tokens are meant to help Facebook identify which apps are calling the API and if necessary send alerts to targeted developers. The update also introduces a change that allows users to intentionally update Open Graph objects without being rate limited. Prior to the update, a call to GET/{ URL} triggered a scrape for previously un-encountered URLs. Those requests no longer trigger the scrape, instead if users want to do so, they can issue a call to POST /{url}?scrape=true.

Be sure to read the next Streaming article: When Push and Streaming APIs Are Just Too Hard To Do, Outsource Them