#33. APIs, the infrastructure of the Internet
APIs: the core of infrastructure of the Internet. The Indian API builder, cybersecurity threats, and in-depth analyses of India's tech.
Welcome! Have you ever wondered:
What is the story behind Postman, the king of APIs? 🔌🇮🇳
What are common cybersecurity threats using APIs? 🖥️🛑
Where to read great in-depth analyses of India’s tech? 👨💻🇮🇳
If so, keep reading…
If you wonder what Emerging Markets explorer 🧭 is about, start here.
Postman: relentlessly pursuing the API opportunity
API is the acronym for Application Programming Interface, which is a software intermediary allowing two applications to talk to each other. It is what allows you to sign up to Spotify with your Facebook account. They are everywhere in Internet infrastructure.
If you speak of building APIs, you will most likely run into Postman. Postman is used today by 17M developers worldwide, and 500+ enterprises. There are 27M developers worldwide.
Postman is a software company that placed its bet in APIs since day one, and the entire API lifecycle can be done in Postman. They allow companies to build, maintain, document, and test their APIs.
Back in 2012 the idea of APIs being as relevant as they are today was not as obvious. Postman was born as an internal tool in Yahoo, due to the pain of updating an API, which meant building it from scratch. The founders, Abhinav Asthana and Ankit Sobti built an early version of Postman and all the other developers at Yahoo wanted to use it. They also shared it in replies in Stack Overflow and went viral.
And they believe so much in APIs that they wrote a comic about them. Seriously, check it out.
They have almost created a monopoly in the API infrastructure market, with 63% of developers worldwide using it. They work under the principles of solving problems and using data from users.
Postman is valued nowadays at $5.6BN, after raising $225M in August, growing from a valuation at $2BN in November 2020. They have become the most valued cloud software company in India.
Failure story: Cybersecurity issues for APIs
Yesterday Samora Kariuki posted in Frontier Fintech an interview with Dr. Bright Gameli Mawudor, who is an expert in cybersecurity and the founder of AfricaHackOn.
He has also written about the cybersecurity threats for APIs. As much as APIs are an essential part of digital transformation, they are also the leading cause of Application security breaches in the recent past.
Exploitation is becoming easier and it only takes a few hours after understanding the APIs, most of which are quite similar.
Dr. Bright cites a couple of examples of cybersecurity breaches:
A loan application that lets you borrow from your device ksh5000, and abusing the API permits borrowing more shortly after from a non-registered phone. This is a case Dr. Bright finds fairly often when testing. A piece of advice he gives is placing stopgaps: a gap that would not allow the first user to borrow more money within a short timespan, and flag transactions happening in this period.
An insurance application allows the user to view the details of their cover. The exploitation of the API allows to view and manipulate details of other users. To prevent this, end-to-end traffic encryption is advised and ensuring that outdated TLS encryption is not an exploitation point.
You can read his full article here: https://www.linkedin.com/pulse/api-exploitation-leading-cause-modern-day-data-gameli-mawudor-phd/
Source recommendation: Integral
Integral is a weekly newsletter written by Shreyans Singh, who studies Computer Science and writes the newsletter as a side project. He provides an analysis of the most relevant tech news in India.
It’s a great curation of information mixed with an informal, fun tone that makes it easy to read.
His article on Postman was the one driving my attention to the company - I did know it existed, but not that it was India’s largest SaaS! You can read it here: