Today in APIs: Snapchat's User phone Numbers Published, and 15 New APIs

Snapchat's 4.6 million usernames and phone numbers may have been published. Why API delivery is more important than application delivery. Plus: single sign on APIs and Integration merge, and 15 new APIs.

Snapchat's Usernames and Phone Numbers Possibly Published

Here is a brutal lesson when you incorrectly claim that an attack on your site would be "theoretical." On December 25th, the details of a security breach was made public. In what looks like a response, on December 27, Snapchat wrote in a blog post that,

"Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the U.S., they could create a database of the results and match usernames to phone numbers that way. Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse."

So, in response to that claim, researchers creating the site SnapchatDB used that breach to publish this on New Year's eve:

The site it appeared on is now down; we took this from Dylan Tweney's report on Venturebeat. As Ken Yeung reports in The Next Web, users have options:

Developers Will Smidlein and Robbie Trencheny say they’ve set up a checker script that allows anyone to look to see if their account was included in the leak.

API Delivery to Become More Important than App Delivery?

Tis the season for bold predictions for 2014. Will APIs, whose importance has been surging for years, now eclipse apps?  In an interview with Gartner analyst Paolo Malinverno, Jason Tee, writing in TheServerSide, reveals the shift in importance:

"Here's Paulo's real shocker for all the enterprise app developers out there: "Going forward, IT departments will worry less about applications and more about APIs created to support applications developed by others." Interfaces and platforms are multiplying. Even cars are coming along with a reasonable amount of computing power on them. That's just too much variety to handle.

Plus, the new generation of workers will not put up with apps that are sub-optimal for their work. They will find a way around this, and APIs will give them that way out. In fact, Malinverno foresees a time when the everyday employee will simply create apps for themselves. App development is getting to be so simple and so modular that a monkey will eventually be able do it. Fortunately, it will still take some pretty smart cookies to develop the APIs that make these apps work."

Malinverno argues that APIs that at the root of the shift is that the world is going mobile. It's all about the granular view--what patterns can you see in the data, and to answer that and exploit the answer, APIs are the key. Among his suggestions, pay attention to security and identity management (see previous story above...). Also critical to success, he says, is design, design design. Get that right before you start.

API News You Shouldn’t Miss

15 New APIs

Today we had 15 new APIs added to our API directory including a database of u.s. currency production, a visual pharmaceutical pill identification database, a housing assistance agency information service, a federal land records and historical documents service and a syndicated government health information service. Below are more details on each of these new APIs.

Annual Production Figures of United States CurrencyAnnual Production Figures of United States Currency API: The Annual Production Figures of United States Currency API is a service of the Bureau of Engraving and Printing (BEP), a bureau of the U.S. Department of the Treasury. The API details the number of $1, $5, $10, $20, $50, $100 notes printed each year back to 1980.

C3PI RxImageAccessC3PI RxImageAccess API: The Computational Photography Project for Pill Identification (C3PI) is a National Library of Medicine service that intends to build a standardized information infrastructure for identifying unknown Oral Solid Dosage Pharmaceuticals (pills) from digital pictures. In addition to images, the project is generating metadata such as pill descriptions and dimensions.
The C3PI RxImageAccess API provides developer access to the project’s collected data. The API is able to query for images using numerous descriptive parameters such as color, shape, imprint, size, and much more. The API returns a customizable list of metadata, including elements such as active/inactive ingredients.

Department of Housing and Urban DevelopmentDepartment of Housing and Urban Development API: The U.S. Department of Housing and Urban Development (HUD) exposes information on certain HUD related agencies and businesses through a RESTful API. The API allows developers to programmatically search for information describing both Housing Counseling Agencies and Section 3 Businesses. This freely accessible API returns JSON formatted responses.

General Land Office RecordsGeneral Land Office Records API: The Bureau of Land Management (BLM) General Land Office (GLO) provides access to Federal land conveyance records, including image access to records between 1820 to the present. GLO exposes these records through a SOAP Web Service. The API exposes information describing Federal Land Patents, survey plats, field notes, and Land Status Records.

Health and Human Services SyndicationHealth and Human Services Syndication API: The Department of Health and Human Services (HHS) Storefront allows developers to programmatically import content from many HHS websites. Content is accessible through a RESTful interface. The API is able to deliver a topic-based news Feed or directly access HHS content.

InstantorInstantor API: Instantor allows users to quickly and securely certify their identities and credit ratings for online loan applications and purchases using the log-in information for their regular financial institution. Instantor uses the same security measures as leading financial institutions to protect users' data, and no one at Instantor can access users' login information, change any information, or make transactions from users' accounts. The Instantor website is available in English and Swedish.

InvoicesOnlineInvoicesOnline API: InvoiceOnline is a an invoicing service designed for small business that also offers a customer database feature. The InvoiceOnline API allows users to integrate the invoicing service into third-party applications. The service uses REST calls and returns JSON. An account is required with service.

LaCuentaLaCuenta API: LaCuenta is an invoicing service used to create and manage custom invoices with on computers or iPads. Users can scan products, manage stock and print receipts with the integrated point of sales system. The LaCuenta API uses REST calls, returns JSON, and allows users to get API keys, interact with printers, create documents, create customers, and perform other calls. An account is required with service.

National Terrorism Advisory SystemNational Terrorism Advisory System API: The National Terrorism Advisory System (NTAS) is a service of the Department of Homeland Security designed to effectively communicate information about terrorist threats. The NTAS is exposed as a simple API able to deliver alerts as discreet XML files or as an XML feed. Alerts contain structured data fields such as summary and details, location or region, duration, “how to help”, and much more.

PopClogsPopClogs API: PopClogs is a website where people can post and share their life goals - things they want to accomplish before they "pop their clogs." People can explore each others' goals and lists to get inspiration for their own. The PopClogs API allows users to manage their goals, retrieve lists of goals, manage their comments, follow other users, and manage their own accounts programmatically.

RBL WatcherRBL Watcher API: RBL Watcher allows users to check and monitor IP addresses against 77 Real-time Blackhole Lists (RBLs). These are lists of IP addresses linked to activities such as spamming. Developers can use the RBL Watcher API to retrieve all of the IP addresses they're watching and, of those, the ones that are blacklisted and the ones that are not blacklisted. They can also add or remove an IP address from their watchlist or retrieve details on a given IP address.

RoninAppRoninApp API: Ronin is a time tracking and invoice service designed for small businesses and freelance workers. Ronin manages clients, projects, invoices and estimates. The RoninApp API provides programmatic access to account data through REST calls and a returns JSON or JSONP. An account is required with service, and SSL is used for Authentication.

SmallInvoiceSmallInvoice API: SmallInvoice is an invoice servce designed for small and medium sized businesses, as well as freelance workers. The base service is free to use, and additional tiers of service are available. The SmallInvoice API uses REST calls and allows users to perform tasks involving user accounts and invoices. Sample calls include creating invoices, submitting invoices, accepting offers, drafting receipts, and other calls. An account is required with service.

WorldCoin Price TickerWorldCoin Price Ticker API: WorldCoin Price Ticker is a free service that provides the current average WorldCoin price. WorldCoin is a cryptocurrency similar to Bitcoin. The Price Ticker website provides the exchange rates between WorldCoin and Bitcoin and between WorldCoin and U.S. dollars. These prices are updated once per minute.

Yodlee InteractiveYodlee Interactive API: Yodlee is a financial service provider that serves banks and financial services firms. The service aims to provide a full financial picture of consumers to optimize sales and solutions to best suit customer needs. The Yodlee Interactive API is a REST based service that allows third-party applications to interact with the Yodlee Platform to create and manipulate customer data. The API can be used to categorize transactions, reduce fraud, drive activation, enable new FinApps, and grow a user base. An account is required with service.