RSS

API Encryption News

These are the news items I've curated in my monitoring of the API space that have some relevance to the API definition conversation and I wanted to include in my research. I'm using all of these links to better understand how the space is testing their APIs, going beyond just monitoring and understand the details of each request and response.

An API For Encrypted Storage Of All Your Accounts, Data, Files, And Setting

I've been working on expand upon my API security research, but it can be difficult to find API focused security solutions. Exactly what is security when it comes to APIs can vary. Are you looking to secure your APIs? Are you looking to secure your data or content using an API? This is why I started a research projects so that I can turn on my keyword monitoring, and begin scouring the landscape in real-time--the more I conduct research in an area, the better I get at it.

The best part of my research is that sometimes when I write about things, companies just come to me. This happened the other week, with an encrypted database API provider called SecureDB. What this brand new API driven platform provides is default security for your accounts, data, files, and settings--exactly what we need in this cyber-insecure world we have created for ourselves.

I do not store any sensitive data, but if I did, I would not want to be in the business of storing it. Period! SecureDB gives you everything you need to manage your users account and identity, create the data stores you need, and store your appilcations files and settings in a secure environment. All identity data is encrypted by default, and you get to set the encryption levels for all your data stores, allowing you to make sure everything sensitive is not readable on the server, even if it is compromised.

SecureDB is just getting started, but they have a lot of things in the works, including on-premise, containerized implementations, version that run on Heroku, white label solutions, and much more. I will be working with them to help them craft a marketing and storyteling strategy around their encrypted database solution, and establishing a deeper partnership between them and API Evangelist.

I'm pretty stoked on my ability to attract these types of API service providers just by publishing my research regularly, and talking about the areas these companies are providing solutions in. I'm just telling the first story about SecureDB to let you know they are out there, and get them established in my monitoring system, and overall research--stay tuned for much more on SecureDB, and the security solutions they provide--I couldn't think of a better time for an API like this, we are so going to need it.


50 Building Blocks Of The API Economy

I spend a lot of time looking through the websites of API companies, trying to understand not just the way they do business, but their role in their overall industry, or possibly how they influence other industries.

I have been spending more time looking through the payment API space lately, and recently pulled together a list of key players in this space, as well as the common building blocks being used across the sector.

Much like other significant areas of APIs like cloud computing, messaging, geo, and social, I can’t help but consider the impact these payment APIs will have across all business sectors, and our government.

The 50 building blocks I identified as part of my payment API research will not just be the essential components of the payment API space, but will ultimately be some of the building blocks of the API economy itself--take a look.

Merchant Account - Creation, management and integration with merchant accounts that are required to process credit cards.
Bank Account - Integration with existing bank accounts, for linking with payment workflows.
Processor / Gateways - Access to multiple payent processors and gateways in multiple countries.
Currencies - Ability to conduct transactions in multiple currencies, handling all the conversions for developers.
Credit Card Transactions - The option to process major credit cards.
ACH Transactions - The option to process transactions over the ACH network.
Checks / Wire Transactions - The option to do bank to bank, wire and check transactions.
Cash Transactions - The option to accept cash payments at retail locations.
Virtual Transactions - The option to accept transactions for credits via virtual accounts.
Aggregate Transactions - Tools for performing multiple transactions at once.
Credit Card Reader - A physical credit card reading device.
Credit Card Scan / Picture - A mobile phone scan or picture of a credit card.
One Click / One Touch / Instant Buy - The ability to enable single action transaction
Recurring Payments - The ability to perform recurring or subscription based transactions.
Pre-Payments - The ability to setup payment(s) prior to designated payment date.
Metered Payments - Payments based upon some metered usage of a resource.
Estimates - Estimations of payments, with payment handling at designated time.
Invoices - Physical or online invoicing of customers as request for payment.
Mobile Billing - The ability to perform transaction against mobile users monthly phone bill.
Social Payments - An option for making and accepting payments via social platforms like Facebook and Twitter.
Email Payments - Tools for sending and receiving transactions via email.
SMS Payments - Tools for sending and receiving transactions via SMS.
Carts - Ready to go online shopping cart solutions to support payment services.
Checkout - Ready to go checkout pages, to support payment services.
Forms - Embeddable HTML and JavaScript forms to conduct transactions.
Buttons - Embeddable HTML and JavaScript buttons to initiate transactions.
Marketplace - The ability to facilitate marketplace style transactions between sellers and vendors.
Fraud Protection - Tools and services that assist developers in preventing payment fraud.
PCI Compliance - Tools and services that help developers achieve PCI compliance.
Encryption - Providing necessary encryption tools and services to protect communications.
Sandbox - A safe environment for developers to develop applications against, ensuring quality of service in production environments.
Webhooks - Registering of developer provider URLs for making HTTP calls when specific events occur.
Push Notifications - A push notification framework for developers to use when delivering push features in their applications.
Barcodes - The ability to generate barcodes that represent potential physical or virtual transactions.
Products - Separate systems for managing products that transactions will include.
Orders - Separate systems for managing orders in which transactions support.
Customers - Separate systems for managing customers who make transactions.
Coupons - Separate systems that issue coupons which can be applied against transactions and affect the balance.
Loyalty - Separate systems for managing customer loyalty programs.
Expenses - Separate systems or managing expenses that involve transactions.
Time Tracking - Separate systems for tracking time associated with transactions.
Cards - The ability to issue physical or virtual gift, membership and other types of cards.
JS Libraries - Supporting Javascript libraries that provide embeddable integration with payment services.
Mobile SDKs - Supporting mobile SDKs for iOS, Android, Windows and others, to facilitate mobile payments.
On-Premise - The ability to deploy payment services on-premise, keeping transaction local.
Cloud - The ability to deploy payment services in the clouds, with centralized security.
3rd Party Shopping Carts - Integration options for popular 3rd party shopping carts.
Platform as a Service (PaaS) Integration - Integration with popular PaaS platforms like Salesforce and Amazon.
Frameworks - Integration with popular programming frameworks like Backbone and Angular.
Automation - Integration with popular API automation platforms like Zapier and IFTTT.

One of these building blocks is the cloud, think about what you get when you take these API driven resources and combine them with the common building blocks of cloud computing? You start seeing being able to see the moving parts of the API economy.

I'm going to work to continue defining the other cornerstone areas I list in the history of APIs, like commerce, social, and mobile, and try to map out the building blocks like have with payments and cloud computing--see what I can learn.


Some Of The Common Building Blocks of Payment APIs

I'm taking a look at the world of payment APIs right now. As with all my other monitoring of the API space, I am only looking for the best approaches, by the most interesting companies in the space--I don't have time to track on everything, 

I am looking to take a snapshot of the payment API space, understand who the key players are, and how they are delivering valuable payment API resources that developers are actually using. Last week I puled together 38 payment APIs that I'm watching, and this week I am spending some time going through their sites, looking for what I'd consider to be some of the common building blocks of payment APIs. 

Currently I have 50 building blocks I found across these 38 payment providers:

Merchant Account - Creation, management and integration with merchant accounts that are required to process credit cards.

Bank Account - Integration with existing bank accounts, for inclusion in payment workflows.

Processor / Gateways - Access to multiple payment processors and gateways in multiple countries.

Currencies - Ability to conduct transactions in multiple currencies.

Credit Card Transactions - The option to process major credit cards.

ACH Transactions - The option to process transactions over the ACH network.

Checks / Wire Transactions - The option to do bank to bank, wire and check transactions.

Cash Transactions - The option to process major credit cards.

Virtual Transactions - The option to accept transactions for credits via virtual accounts.

Aggregate Transactions - Tools for performing multiple transactions at once.

Credit Card Reader - A physical credit card reading device.

Credit Card Scan / Picture - A mobile phone scan or picture of a credit card.

One Click / One Touch / Instant Buy - The ability to enable single action transactions.

Recurring Payments - The ability to perform recurring or subscription based transactions.

Prepayments - The ability to setup payment(s) prior to designated payment date.

Metered Payments - Payments based upon some metered usage of a resource.

Estimates - Estimations of payments, with payment handling at designated time.

Invoices - Physical or online invoicing of customers as request for payment.

Mobile Billing - The ability to perform transaction against mobile users monthly phone bill.

Social Payments - An option for making and accepting payments via social platforms like Facebook and Twitter.

Email Payments - Tools for sending and receiving transactions via email.

SMS Payments - Tools for sending and receiving transactions via SMS.

Carts - Ready to go online shopping cart solutions to support payment services.

Checkout - Ready to go checkout pages, to support payment services.

Forms - Embeddable HTML and JavaScript based forms to conduct transactions.

Buttons - Embeddable HTML and JavaScript buttons to initiate transactions.

Marketplace - The ability to facilitate marketplace style transactions between sellers and vendors.

Fraud Protection - Tools and services that assist developers in preventing payment fraud.

PCI Compliance - Tools and services that help developers achieve PCI compliance.

Encryption - Providing necessary encryption tools and services to protect communications.

Sandbox - A safe environment for developers to develop applications against, ensuring quality of service in production environments.

Webhooks - Registering of developer provider URLs for making HTTP calls when specific events occur.

Push Notifications - A push notification framework for developers to use when delivering push features in their applications.

Bar-codes - The ability to generate bar-codes that represent potential physical or virtual transactions.

Products - Separate systems for managing products that transactions will be part of.

Orders - Separate systems for managing orders in which transactions will be part of.

Customers - Separate systems for managing customers who perform transactions.

Coupons - Separate systems for coupons which can be applied against transactions

Loyalty - Separate systems for managing customer loyalty programs.

Expenses - Separate systems or managing expenses that involve transactions.

Time Tracking - Separate systems for tracking time associated with transactions.

Cards - The ability to issue physical or virtual gift, membership and other types of cards.

JS Libraries - Supporting JavaScript libraries that provide embeddable integration with payment services.

Mobile SDKs - Supporting mobile SDKs for iOS, Android, Windows and others, to facilitate mobile payments.

On-Premise - The ability to deploy payment services on-premise, keeping transactions secured locally.

Cloud - The ability to deploy payment services in the clouds, with centralized security.

3rd Party Shopping Carts - Integration options for popular 3rd party shopping carts.

Platform as a Service (PaaS) Integration - Integration with popular PaaS platforms like SalesForce and Google Apps.

Frameworks - Integration with popular programming frameworks like Backbone and Angular.

Automation - Integration with leading API automation platforms like Zapier and IFTTT.

As with all of my research, this is ongoing. My hopes is to better educate myself (and you too), about the payment API sector, which I consider a pretty critical aspect of the overall API economy.

If there are any building blocks that you think should be included in my research, let me know at @kinlane, and I'll see about including.


Supporting Encrypted Cloud Storage for Modern Web Languages

As more of our lives move online, into the clouds, encrypted backup and storage of not just our vital data, but our personal photos, files and streams is becoming critical--this responsibility to provide secure cloud storage and backup solutions is up to developers of the software, people use every day.

IDrive is working to provide these solutions for developers by delivering two interfaces for developers to integrate encrypted storage into their applications:

  • Command Line Utility - Develop highly scalable, reliable and fast applications to manage your storage on IDrive EVS. Best for desktop applications and also ideal for CRON jobs.
  • REST APIs - An interface designed to allow developers to easily build web and mobile applications to manage storage on IDrive EVS.

To help support our REST APIs users, IDrive has developed three new libraries supporting modern web languages:

Using these libraries, web and mobile applications developers can provide secure cloud storage and back-up, that works with the IDrive platform. In addition to providing users with secure storage within their own apps, developers can also leverage the entire IDrive ecosystem of consumer web and mobile tools already developed for users to manage their data.

There is no reason to leave users data unencrypted, while storing in the cloud, something security experts warn everyone about, but developers can only do with IDrive. Take advantage of the IDrive web client libraries, and use a secure REST API for storing and backing up files in your PHP, Python or Ruby web application.


Encrypted Cloud Storage with Python

IDrive now has a set of Python samples complete with full library you can use when developing your encrypted, versioned cloud storage for your web application.

Python is one of the fastest growing, interpreted, interactive, object-oriented, extensible programming language--embraced by giants like Google. IDrive has added samples to each of the 19 REST API Methods:

 

You can also visit the download center, where you will find links to Github repositories containing entire Python libraries for integrating your web application with all the functionality available via the IDrive EVS REST API.

As more of our daily lives move online, encrypted backup and storage will be critical to Python developers, building the next generation of secure web applications in the cloud. Take advantage of the IDrive EVS platform for securing your users data storage and backup.


Build Secure, Encrypted Cloud Storage Solutions with PHP

IDrive now has PHP samples complete with full library you can use when developing your encrypted, versioned cloud storage for your software solution.

PHP is widely is in many web applications today, so it’s a language we couldn’t ignore. We’ve added samples to each of the 19 REST API Methods:

 

 

You can also visit the download center, where you will find links to Github repositories containing entire PHP libraries for integrating your web application with all the functionality available via the IDrive EVS REST API.

IDrive is the only fully encrypted cloud backup and storage provider, which is a huge opportunity for PHP developers to deliver secure storage and backup for their users.


If you think there is a link I should have listed here feel free to tweet it at me, or submit as a Github issue. Even though I do this full time, I'm still a one person show, and I miss quite a bit, and depend on my network to help me know what is going on.