The Venmo Android SDK by Venmo implements billing and payments into mobile applications. It includes usage with the necessary steps to create an account, download files, and open a new screen to initiate payment activity.
The way the Square API delivers JSON output makes it possible for an attacker to engage in a cross-site scripting (XSS) under certain circumstances. The vulnerability was discovered by security researcher Ajay Chavda and reported to Square on August 7, 2015 through its bounty program on hackerone.
Twenty-one APIs have been added to the ProgrammableWeb directory in categories such as Payments, Banking, Cloud, Mail, and Blockchain. Highlights include several banking APIs from Singabore-based DBS Bank, and the AWS Cost Explorer API. Here's a rundown of the latest additions.