Our final segment of the Most Clicked, Shared and Talked About APIs of 2018 focuses on Security and Privacy APIs. Some sub-categories covered in this article include Validation, Authentication, Hacking, Recognition, Safety, Emergency, Identity and verification.
Perhaps as a result of a near blind faith in the API Economy, the Security and Privacy sectors this year suffered a number of breaches and attacks caused by API vulnerabilities. Victims included customers and users of T-Mobile, Docker, Twitter, Spotify, Venmo, GitLab, Panera, Grindr, OKCupid, United States Postal Service, Google/Android, the RSA Conference, and LocationSmart.
But any year-end round-up about Security and Privacy APIs cannot be complete without mentioning the privacy breach elephant in the room: the Facebook/Cambridge Analytics political scandal. While it's very existence as a "social network" should have clued users in to the fact that it isn't exactly "private", Facebook faced a tremendous amount of backlash for enabling Cambridge Analytics to sneakily harvest data from 87 million Facebook members via data mining, 3rd party apps and weak API permissions. The company responded by making drastic changes to its platform and APIs, such as restricting and shutting down APIs, including the Instagram API. Additionally, Facebook released a tool to help developers identify users who may have been compromised in an unrelated security issue related to access tokens.
All these breaches should leave developers pondering if the API in their app is a trojan horse, and API providers pondering how to maintain a balance of privacy while keeping services open enough for developers to create interesting applications.
But securing APIs, user data, and applications is not a hopeless endeavor, and many companies stepped up with tools and products to help out during 2018. Security API highlights include a bot-detecting API from Google, the 365 Secure Score API from Microsoft, Rapid7's application security testing API, and a security advisory API from GitHub.
Other Security and Privacy tools released include new standards for passwords, web authentication, and Consumer Data Rights. Also released were updated developer requirements from Twitter (including some aimed at stopping the spread of Fake News), solutions for API security analysis from Data Thereom, and Azure Confidential Computing for securing users data while it's in use. Other tools include an access tool for blockchain apps from Squarelink, enhanced Play Store requirements from Google, biometric functions for Android, as well as tools to prevent monitoring network activity, private endpoint for AWS API Gateway. Also from Amazon is the AWS Secrets Manager for managing credentials. Additionally, Netflix opened its bug bounty program, and the Webhose.io Dark Web API enables developers to build applications for identifying stolen credit cards or identity theft.
Finally, below is the full list of the Most Clicked, Shared and Talked About APIs of 2018 in Security and Privacy, as chosen by our readers, followers, and editors.
Microsoft Graph is a unified Endpoint for accessing data, relationships and insights from the Microsoft cloud. The Microsoft Graph Security APITrack this API allows users to connect with the Intelligent Security Graph to build security solutions that access security access alerts from several Azure and Windows services, unlock contextual data to inform investigations, and automate security operations. This API is listed under the Security category. See ProgrammableWeb's complete list of Security APIs.
GitHub Security Advisory APITrack this API provides access to a curated database of millions of security vulnerabilities aggregated from across the web. This data is available with the GraphQL Security Advisory service. The GraphQL API allows users request information queried about security related to commits, language, organization, team, users and more.
Hygger provides a product management Platform designed for Agile teams. Hygger features a collaborative idea bank used to define quick wins, big bets, and timesinks, which developers can use for user research, feedback, and to identify bugs. The Hygger APITrack this API offers JSON formatted data for managing clients, companies, tasks, and more.
Hygger is an Aigle software development tool designed for product teams. Image: 32dayz Inc./Hygger
Judge0 provides online tools for executing and grading untrusted Source Code. The service is useful for programming contests, education and research. The Judge0 APITrack this API supports code compilation and execution, and features more than 25 different compilers and interpreters. The RESTful API features methods for managing code submissions, statuses and languages, configuration and more.
CyberArk provides Privileged Account Security for businesses to protect their high value and critical assets. The CyberArk Conjur APITrack this API allows Integration to the platform and returns security data including Authentication, user, public keys, host, layers, host factory, role, audit, and utilities.
BioID Web Services (BWS) is a webcam based biometrics service for cloud, web, and mobile application developers. The BioID SOAP APITrack this API enables applications for liveness detection, yicketless check-in and fraud prevention with face, eye or voice recognition and similarity search. The technology features advanced anti-spoofing mechanism and anonymous binary data processing. This API is listed under the Identity category. See ProgrammableWeb's complete list of Identity APIs.
AlienVault Open Threat Exchange (AlienVault OTX) is an anti-malware security platform. The OTX Direct Connect API simplifies the synchronization of OTX's Threat Intelligence resources and a users's security monitoring tools.The API fortifies an application's security infrastructure and expedites the detection of threats targeting its environment.
Phish. AI provides anti-phishing solutions powered by Artificial Intelligence. The Phish.AI Public APITrack this API scans URLs with Phish computer vision and AI technology to get reports of completed scans. It surfs the submitted URL, takes a screenshot and then compares it with the Phish.AI database. It will then detect phishing websites that look similar but are hosted on a different domains.
Slipstream is a multi-cloud application management platform. The SlipStream APITrack this API in REST architecture uses HTTP protocol to access the Cloud Infrastructure Management Interface (CIMI). The API is useful for developers looking to run any application in any cloud, and supports Big Data, DevOps and Smart City strategies.
Apility provides IP blacklist checks and other services that allow developers to know if their users are legitimate. The ApilityIO REST APITrack this API returns data of legit and fake users with IP blacklists, email and domain analysis, custom algorithms, and API queries. Apility includes CORS restrictions and IP address restrictions, in addition to autonomous system lookup, objects, and errors as resources. This API is listed under the Reputation category. See ProgrammableWeb's complete list of Reputation APIs.
CloudSploit is a security and configuration scanner that supports the detection of threats to a user's AWS account. Developers can use the CloudSpoilt APITrack this API to trigger interactions between applications and the CloudSploit platform.
TruSTAR is a threat intelligence and fraud prevention provider that develops tools for private enterprises and sharing groups. The TruSTAR APITrack this API offers access to TruSTAR's assets including reports, indicators, tags, and enclaves in JSON format.
Turning.io provides a service platform for companies with on-demand job opportunities, including a payments tool to pay workers faster and identity database engines to screen workers in real-time. The Turn APITrack this API allows users to identify and check individuals for risk management or background checks.
SafeTrek offers services to help users get response in the case of a personal emergency. The SafeTrek APITrack this API enables applications to notify police, fire departments, or other first responders of emergencies, including fires, muggings, shootings, or medical problems.
When an application senses danger, SafeTrek sends help. Image: SafeTrek
Symantec DeepSight Intelligence provides data about cyberthreats to IT security teams. The RESTful Symantec DeepSight Intelligence APITrack this API provides cyber intelligence sourced from the largest civilian threat collection network. Retrievable content includes both technical intelligence such as vulnerabilities, malicious IP/URLs/hashes and adversary intelligence including actors/groups, campaigns, TTPs, and indicators.
SAASPASS allows users to authenticate to applications securely, replacing ID cards, single sign-on products, and password managers. The SAASPASS APITrack this API allows developers to integrate two-factor authentication (2FA) into their websites and applications.
SecurityTrails provides Domain, DNS, WHOIS and IP data. The SecurityTrails APITrack this API is available to integrate data into third-party applications for risk scoring, fraud detection, infrastructure assessment and management, cybercrime management, information security, and more. Use the API to retrieve the DNS history of any domain, discover what subdomains are available for any given domain, search any WHOIS information such as email addresses, and more.
Retrieve DNS history including organizations and usage dates via SecurityTrails API. Image: SecurityTrails
Burp Suite is a platform for performing security testing of web applications. The Burp APITrack this API provides a way to integrate with Burp Suite. The REST API currently supports launching vulnerability scans and obtaining the results, and additional functions will be added in the future.
Convert provides compliance and privacy software for Conscious Business. The Convert Governance APITrack this API identifies cookies, scripts, trackers, privacy scores, and performance impact of scripts. It can help with implementing the regulations of GDPR and ePrivacy. Interested developers can sign up for API and Documentation access.
Privacy is a payments product that keeps users' personal information private, providing a secure way to shop online. The Privacy APITrack this API creates virtual cards that freeze, unfreeze, and set spending limits. Users can obtain real cashback rewards and take control of personal finances.
Monapi.io collects, analyzes, and processes threat intelligence and blacklist data from more than 400 sources. The Monapi.io APITrack this API enables developers to help secure apps against fraudulent users. The API allows users to check the reputations of domains and IP addresses, verify email addresses, prevent bad signups, filter providers, and get geolocation data. Data is continuously updated and accessible via the API.