APIs under control

APIs under control

The speed at which fake news travels has endorsed application programming interfaces. The danger is there, but it's easier to avoid if we have the APIs under control. 

12 Nov. 2019

It came to prominence during the United States presidential campaign which led to Donald Trump's victory, and in Spain during the heat of the challenge by the independence movement in Catalonia. But it has always existed, and always will.

The danger is there, but it's easier to avoid if we have the APIs under control. APIs (Application Programming Interface) are the shortest route to connect two IT systems and are today behind practically all information exchanges on the net.

The democratization of APIs has made it possible for the services offered by different companies and people to exchange functionalities, data and resources while they interact with each other, generating business opportunities and the possibility of offering services in a way that was previously impossible. But this information exchange must be secure.

From the technological point of view, APIs have helped solve recurrent problems in the world of integration between companies, and particularly concerning security and protection, according to Enrique Caballero from UST-Global. He believes that one of the main characteristics of API management tools is that they provide protection capacities against external threats (control over access, authorization, code injection, DoS attacks, among others). It is essential to design and implement the security and protection of APIs to prevent this type of unwanted situations. The responsibility for Big Brother control is shared among the users –who hand over their information for a particular purpose– and the companies that must undertake to use this information only for that purpose, and to safeguard it and protect it from improper use.

Some developers have come up with APIs that help detect and clean our social networks so the public can have the right tools to tackle so-called fake news. For example, the Chrome extensions Fake News Alert, BS Detector and Clean Speak API, among others.

Enrique Navalón, Tech Lead at BICG specializing in APIs, believes that the new data protection regulation (General Data Protection Regulation or GDPR) represents a step forward in this area. “We also need to work to create a climate where the reputation of the source is important and valued above that of the owner or the click-bait”, he says.

Providers have been working on standards to improve the security of APIs and make them easier to implement. The arrival of social networks and microblogging platforms has revolutionized the way users access content, communicate and stay informed. Over three million messages a minute are sent on Facebook alone, with no intermediation by experts or journalists. As its use has become widespread, fake contents have multiplied exponentially. Placing a security layer ahead of the business layer is not a difficult task.

Fake news is nothing new, but why didn't we realize that before? “Both the media and the broadcasting agents were constrained, whereas now fake news reaches anyone the issuer has close contact with”, explains Omar del Valle, API Evangelist & Solutions Architect. “All is not lost”, he jokes when contemplating the possibility that fake news may maliciously alter the shape of public opinion. Indeed APIs can be useful for verifying the information we read and for maintaining our data under control. In his opinion, they also contribute to managing an ecosystem that encourages innovative initiatives between companies and communities of developers. In short, he says “they are the digital glue that leads us to a more interconnected world”.

With the governance of APIs you can make sure the information arrives at its destination, says Joaquín Copete, API Management Architect at Scrum.  “The same thing happened in the past with the exchange of Excels (the Falciani case), databases or photocopies (the McLaren/Ferrari spy case)”, to cite two examples. But despite everything, he advises calm and says that in general APIs –at least public APIs– do not allow the extraction of a large amount of information. “Everything that's protected in the app or on the website is also protected on the API”, he says.

If you want to know more about BBVA´s APIs, visit this website.

Follow us: @BBVAAPIMarket

Sign up!

Sign up to the BBVAOPEN4U newsletter and receive tips, tools and the most innovative events directly in your inbox.