The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
This is the fourth part of ProgrammableWeb’s series on Understanding the Realities of API Security based on testimony by ProgrammableWeb’s editor-in-chief David Berlind to the ONC’s API Security and Privacy Task Force. This part considers if developers and providers should be certified for privacy.
Dashlane and Google want to simplify security and authentication on Android devices and have an API to do it. App developers can use the new Open YOLO API to access the credentials stored in password managers to log users into apps and services. The idea here is to improve security.