Security continues to be a huge concern for application users, developers, and API providers alike. In the past year there were massive breaches (such as the Equifax breach) that exposed holes in security workflows, as well as other breaches (at T-Mobile and Accenture) that illustrated the perils of ignoring basic API security best practices. Before releasing an application, developers need to be aware of vulnerabilities using Webhooks APIs, bot attacks, and other potential threats and vulnerabilities to defend against these exploits. Security APIs for securing applications can help, and along with Privacy, Verification, Background, Passwords, Identity, Biometrics, and Privacy APIs, are covered in this segment of the most interesting APIs of 2017.
Cisco Umbrella is the company's Secure Internet Gateway in the cloud. The Cisco Umbrella Investigate API integrates cloud security and allows the querying of the Umbrella DNS database. With the API, developers can get data returned such as domain status, pattern search, and other security information.
Castle provides a platform for application developers to protect their apps and users from hackers and other malicious attacks. Castle API can analyze user and site behavior to reveal suspicious activity.
Digify offers secure file sharing capabilities which can be used for digital rights management, and compliance. The Digify API offers several services including tracking, encryption, and watermarking. Digify supports several output formats such as PDF, Word, PowerPoint, Excel, and more. Digify offers 3 paid plans, and also an enterprise solution.
Wallarm is a security platform that detects and defends against threats against applications and APIs. Theeir solution provides a Web application firewall (WAF) and vulnerability scanner. The Wallarm REST API allows developers to integrate the service and set up searches, manage users, and retrieve events and event logs.
Twizo is a fully encrypted Two Factor Authentication (2FA) and verification service. The Twizo API returns data of secure 2-factor authentication, including number lookup and messaging as verification options.
Sqreen is a provider of in-app security and data protection solutions. The Sqreen API supports the detection of hidden security risks in data. The API screens emails and IP addresses to determine their validity. For example, it is capable of detecting emails from anonymous sources or IP addresses that are Tor exit points.
Dark Gray Engines offers user intelligence tools and data mining services for application builders. The platform provides organizations with advanced machine learning, predictions, credit card fraud detection, address verification, proxy detection, language prediction, and sentiment analysis, plus a number of security APIs for passwords, authentication, and fraud risk.
Active Intrusion Detection is a service that can detect and trace data leaks as they happen. The Active Intrusion Detection API detects when fragments of sensitive data are sent to third parties with insecure connections and alerts network administrators. Further security measurements can be applied such as password resets and IP tracking. This system can be used to secure databases, passwords, and credit cards.
Apozy provides services and tools for cybersecurity practices. The Apozy API allows developers to access and integrate the functionality of Apozy with other applications. API access comes with enterprise account service.
Yoti is an identity system that can reduce fraud and improve customer experience in online platforms and face to face interactions. The Yoti API is used to verify customer login information without passwords, to integrate identity checks and for in person age checks.
This short video explains how the Yoti application can verify indentity Video: YouTube/Yoti
WebKit is an engine for rendering web pages primarily used by Apple's Safari and AppStore. The WebKit Content Blockers API integrates security measures via the browser, by blocking unwanted content.
Density is a people counter platform. It counts people by tracking movement and not by recognizing faces, alleviating privacy concerns. The Density API supports the counting, recording, and monitoring of people traffic in particular locations in public or private domains. This includes business premises, public facilities, schools, and security installations, among others.
Bark is an internet safety platform that allows parents and schools to help keep their children safe online. The Bark REST API allows developers to access and integrate the functionality of Bark with other applications. The main API method is returning safety messages from the Bark platform.
VirusTotal is a malware detection service and maintains a blacklist of files and URLs known to be harmful. Users can upload files or submit URLs to VirusTotal to be scanned for worms, viruses, trojans, and more. The VirusTotal Private REST API exposes the information generated by its scanners to developers for integration and third-party access. The API is available with account service, is REST-based and includes methods for retrieving scan reports, uploading files for scans, and managing URLs to scan, plus more.
Threat Connect provides threat intelligence services to companies and organizations. The Threat Connect API integrates intelligent analytics to detect threats.With the API, developers can implement cyber defense measures, plus query account holders, threat observations, groups, campaigns, incidents, documents, victims and more.
Elastic Beam announced their flagship security product during June, 2017, API Behavioral Security (ABS). It's not actually an API, but ABS is Artificial Intelligence powered solution that claims to be able to detect and block cyberattacks that target APIs.
Another product for protecting APIs is the Distil Networks Bot Defense for API, a service that that protects API servers from bots by determining whether a browser is present, and if a human is using a verified browser or mobile device to gain access.
BackgroundCheck REST API is a source of background screening records, including criminal records, addresses, court documents, and more. The API can be accessed and integrated with other applications
NSnitch provides a DNS server which records the IP address of requests made against it and then makes that IP available via JSON API. Developers can get more complete picture of their DNS privacy and security settings with this API. It also provides lookups for Tor Node membership, DNS blacklist status and Geo data. Tenta provides an encrypted browser with built-in VPN with no setup or email required.
Prifender PAPI API is a privacy API that works to help corporate applications make effective use of personal information that is available across the enterprise. This API offers a data access portal, data for workflow initiation systems, connectivity for DLP solutions, and integration with security and e-discovery tools. See the provider's website for access information.
Swift Email Verifier API provides real-time email validation services. With the API, email addresses can be verified without sending them to Swift Email Verifier's servers, ensuring total privacy. Swift Email Verifier also detects emails with greylisting enabled, catch-all emails, role/function accounts, disposable email addresses, temporary unavailability of email accounts, and malicious/bogus email domains and emails.
Authentimate Recover is a password recovery API that enables developers to add password recovery services to their applications with a single API call. Recover features easy integration with HTML, DKIM, or SPF, just a single API call, and is secure with communication over HTTPS.
nanoSDK One-Time Password API allows users to generate and validate time-based one-time passwords.
Kount offers security solutions for online merchants, online banks, and payment processors. Kount's algorithms determine risk, and stop gateway connections in case of fraudulent activities. Kount also offers device fingerprint integrations for online merchants and retailers to enhance fraud detection. The Kount Fraud Management API is a fraud monitoring system that checks account information such as IP address, email address, card details, billing info, and order details prior to establishing a payment gateway connection.
Amazon introduced the Alexa Door Lock API in February, 2017, that allows internet-connected lock providers to enable their locks to lock and eventually unlock doors with Amazon Alexa. The Door Lock API is part of Amazon's Alexa Skills Kit, a collection of APIs and tools that developers can use to add skills to Alexa, the voice-activated intelligent assistant that powers Echo.