WebProNews

Tag: API

  • Cloudflare Rolls Out API Abuse Detection

    Cloudflare Rolls Out API Abuse Detection

    Cloudflare, one of the leading content delivery networks, has announced API Discovery and API Abuse Detection.

    Application programming interfaces (APIs) are used by companies in every industry. APIs provide a way for different programs and platforms to communicate with each other or hardware components. Many companies use hundreds, or even thousands, of APIs. Unfortunately, despite their value, APIs can be easily abused.

    Cloudflare is looking to address that issue with two tools: API Discovery and API Abuse Detection.

    API Discovery is designed to help companies keep track of the APIs they have. In some cases, companies have so many that they lose track of them, or easily confuse similar ones.

    API Abuse Detection uses a two-prong approach to detecting abuse: volume and sequence. Based on the estimated volume a company should realistically expect on a given API, Cloudflare can detect when volume is higher than it should be.

    Similarly, an API has a valid sequence of events when it’s used properly. Cloudflare can monitor an API for calls that are out of sequence, a likely indication it’s being abused.

    The new tools are currently available in early access.

  • UK Set to Adopt Apple/Google API For Contact Tracing

    UK Set to Adopt Apple/Google API For Contact Tracing

    The UK has reversed course, adopting Apple and Google’s API for its contact tracing efforts.

    Contact tracing has been touted as one of the main components to successfully combatting the coronavirus pandemic. Efforts to roll out the technology have split along two lines. Some countries have focused on solutions that store data in a centralized, government database, while others have adopted the privacy-focused API that Apple and Google created.

    Initially, the UK went with the centralized approach, but is now going with the API instead.

    “Following rigorous field testing and a trial on the Isle of Wight, we have identified challenges with both our app and the Google/Apple framework,” says the Department of Health and Social Care.

    “This is a problem that many countries around the world, like Singapore, are facing and in many cases only discovering them after whole population roll-out.

    “As a result of our work, we will now be taking forward a solution that brings together the work on our app and the Google/Apple solution. This is an important step, allowing us to develop an app that will bring together the functionality required to carry out contact tracing, but also making it easy to order tests, and access proactive advice and guidance to aid self-isolation.”

    While the press release does not specifically mention privacy, it likely played a role in the overall decision. As a rule, centralized solutions have not been widely adopted by users, who view them with suspicion due to privacy concerns. Apple and Google’s solution, on the other hand, is built around a decentralized, privacy-first approach that many are more comfortable with.

  • Twitter Rolls Out ‘Hide Replies’ to Developers

    Twitter Rolls Out ‘Hide Replies’ to Developers

    Twitter’s Hide Replies feature is now available to developers as an API that can be included in their own software.

    Twitter, as well as most social media platforms, have been under fire for not always doing enough to combat trolls and online harassment. Back in November, Twitter unveiled the Hide Replies feature, giving users more power over the discussion in their threads.

    Now the company is making the Hide Replies API available to developers so they can include that same functionality in their tools. According to TechCrunch, “these sorts of tools will be of particular interest to businesses and brands who maintain a Twitter presence, but whose accounts often get too many replies to tweets to properly manage on an individual basis. With Hide Replies now available as a new API endpoint, developers can create tools that automatically hide disruptive tweets based on factors important to their customers — like tweets that include certain prohibited keywords or those that score high for being toxic, for example.”

    Twitter worked with a small group of developers prior to the API’s launch and the company says it is making improvements based on their feedback. It remains to be seen if the feature will be a success or not, as some critics worry it could create as many problems as it attempts to solve if it ends up being used to censor speech.

  • Twitter Suffers Serious Security Incident: Usernames Matched to Phone Numbers

    Twitter Suffers Serious Security Incident: Usernames Matched to Phone Numbers

    Twitter has disclosed a serious security incident that allowed bad actors to link usernames with phone numbers.

    According to a blog post on the company’s privacy site, on December 24, 2019, Twitter “became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers.”

    The company took immediate action to suspend the fake accounts but, upon further investigation, Twitter discovered additional accounts that may have been exploiting the API. The API in question allows users to find other people they know by using their phone number, provided the other person has the “Let people who have your phone number find you on Twitter” option turned on and have a phone number linked to their account. The fake accounts, however, misused the API to link phone numbers and usernames of accounts they had no connection to.

    Although the fake accounts’ IP addresses traced back to locations all around the globe, Twitter says there was an unusually high number that traced back to Iran, Israel, and Malaysia. As a result, Twitter says it’s “possible that some of these IP addresses may have ties to state-sponsored actors.”

    The company has changed how the API works to make sure this can’t be exploited in the future and apologized to its users for the incident.

  • New Google Chrome Feature May Drive Users to Firefox

    New Google Chrome Feature May Drive Users to Firefox

    The Register is reporting on a new feature in an upcoming version of Google Chrome that has privacy-conscious users worried. A recent API called getInstalledRelatedApps may allow websites to determine what apps are installed on a user’s device.

    At first glance, the API seems to have an admirable purpose. If users have both web and native applications installed, they could be bombarded by duplicate sets of notifications. If a website can determine that its native app is installed, it would then prioritize notifications for the native app. Unfortunately, the API doesn’t really seem to be aimed at improving the experience—not for the user at least.

    In response to a question from Opera developer Daniel Bratell, expressing concern about how this API would help users, Google engineer Rayan Kanso wrote:

    “Although this isn’t an API that would directly benefit users, it indirectly benefits them through improved web experiences,” Kanso wrote. “We received very positive OT [off-topic] feedback from partners using this API, and the alternative is them using hacks to figure whether their native app is installed.”

    In other words, this API is more about making it easier for web and app developers’ marketing needs than it is truly making users’ lives easier.

    The privacy implications are clear: If websites can determine what apps are installed on a person’s phone or tablet, it can provide a relatively complete picture, otherwise known as a fingerprint, about that person’s habits.

    As The Register points out, Peter Snyder, a privacy researcher at browser maker Brave, voiced his own concerns:

    “I don’t follow the claim about non-fingerprint-ability. If I’m a company with a large number of apps (e.g. google), with 16-32 apps registered in app stores, the subset of which apps any user has installed is likely to be a very strong semi-identifier, no, and so be extremely risky for the user / valuable for the fingerprinter, no?

    “Apologies if I’m misunderstanding, but this seems like a very clear privacy risk.

    Put differently, if this isn’t a privacy risk, whats the rational behind disallowing this in private browsing mode?”

    With browsers like Firefox and Safari placing an emphasis on privacy and security, it’s a safe bet this is yet another move that will drive users away from Chrome.

  • Roughly 100 Developers May Have Improperly Accessed FaceBook Groups Data

    Roughly 100 Developers May Have Improperly Accessed FaceBook Groups Data

    The last few weeks have seen the news go from bad to worse for Facebook, especially on the privacy front. Now the company is admitting that roughly 100 developers may have improperly accessed Groups member data.

    In April 2018, Facebook made changes to the Groups API to limit what information administrators could access. Prior to the change, admins could see identifiable information, such as member names and profile pictures. Following the change, group members would have to opt-in for an admin to see that information—at least in theory.

    According to Konstantinos Papamiltiadis, Facebook’s Platform Partnerships Head, an ongoing review discovered that some 100 developers had retained access to member information. Papamiltiadis said the company had taken steps to address the issues.

    “We have since removed their access. Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time. We know at least 11 partners accessed group members’ information in the last 60 days. Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.”

    The post also made a point of promising that the company would continue to improve moving forward.

    “We aim to maintain a high standard of security on our platform and to treat our developers fairly. As we’ve said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products. As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform.”

    Given the current political climate, with politicians on both sides of the aisle increasingly looking at Facebook as a threat to privacy—and some even calling for its breakup—the company will need to do better to convince authorities and users alike that it can be trusted.

  • Truecaller Flaw Puts 150 Million Users at Risk

    Truecaller Flaw Puts 150 Million Users at Risk

    Zak Doffman at Forbes is reporting on a newly discovered vulnerability in the Truecaller app that puts 150 million iOS and Android users at risk.

    Truecaller is one of the premier caller ID apps, identifying unknown calls from mobile, landline and prepaid phones. It also provides the ability to block numbers and auto-block robocalls and telemarketers. The app also offers VoIP calling, call recording, SMS and group chat, as well banking and payments.

    Truecaller just recently passed the 500 million download mark, with 150 million daily users. Of those, 100 million are in India, where the app has surpassed Facebook in popularity. According to the company’s blog, “every tenth active user in India has linked their bank account to Truecaller Pay.” The app’s popularity, not to mention the breadth of services offered, makes the vulnerability even more concerning since it is a flaw in the Truecaller API.

    According to Mr. Doffman, “India-based researcher Ehraz Ahmed discovered the flaw, disclosing it to local media and the company and waiting for a fix before going public. He explained to me that ‘the flaw allows an attacker to inject his malicious link as the profile URL. The user viewing the attacker’s profile by search or through a popup gets exploited.’ Ahmed has said the flaw could be used to mount serious attacks on target machines, although this was not the scope of the proof of concept and has been played down by the company.

    “What Ahmed did manage through his POC was ‘to fetch a user’s information like IP address, User-Agent, and time. The user visiting the profile would not notice this as it all happens in the background, and for the user, it would look like any other profile.’ With the now-patched flaw impacting Truecaller’s API, it is a potential threat to all apps and platforms.”

    Mr. Ahmed worked with Truecaller to identify the bug and a patch was immediately released. Because the issue was with the app’s API, the company was able to patch the flaw on their end, although all users should update to the latest version to be on the safe side.

    As more and more apps offer services that cross a range of industries, such as communication and banking, flaws like this will represent a much greater threat to users.

  • Twitter Adds Features Making Embedding Easy

    Twitter Adds Features Making Embedding Easy

    Twitter has made it easier to add rich, responsive Tweet displays directly to your website or CMS. There are now 3 options:

    1. Factory Functions – Allows you to easily generate timelines for any web app.
    2. oEmbed API – Integrate profile, list, like, or collection timelines directly into your CMS.
    3. publish.twitter.com – A website that lets you customize the feed and get the code you need to copy and paste into your site.

    List template example:

    Grid template example:

    Timeline types – User timeline:

    Find more examples of what you can do at publish.twitter.com here.

    Per the Twitter blog:

    As part of these improvements, we’ve also removed the need to create and save widgets to your account. Of course, if you already have timeline widgets, you can always access them in your Twitter settings. But, going forward, you won’t need to log in to create or configure embedded timelines, and you’ll never need another widget ID again. All you need is a public profile, list, like, or collection URL to get started.

  • Uber Launches API, Affiliate Program for Developers

    Uber Launches API, Affiliate Program for Developers

    Uber thinks that “any app with a map is a potential Uber API partner” – so with that in mind, the on-demand car company is opening the Uber API to all developers.

    Uber is launching the API with eleven flagship partners who have already begun to use it –  Expensify, Hinge, Hyatt Hotels & Resorts, Momento, OpenTable, Starbucks, Tempo Smart Calendar, Time Out, TripAdvisor, TripCase, and United Airlines.

    The API currently allows third-party apps to “pass a destination address to the Uber app, display pickup times, provide fare estimates, access trip history and more,” according to Uber. The company is being a bit more cautious with their main functionality – requesting rides. Since that action would actually send an Uber driver to pick someone up, Uber is releasing that part of the API “in a more controlled fashion.”

    “At Uber, our mission is to bring transportation as reliable as running water to everyone, everywhere: just tap a button and your car arrives in minutes. While simple on the surface, the seamlessness of the Uber experience belies the enormous complexity that powers it. But now that we have this fundamental capability in place—a capability we like to think of as converting bits to atoms—in over 40 countries around the world, there are so many things we would love to see built on top of it,” says the company.

    To sweeten the pot for developers, Uber has also opened up the API Affiliate Program, which promises Uber credits and other rewards for integrating Uber into their services. Those “other rewards” will include cash at some point in the future.

    Image via Uber

  • Google Details Google Drive Android API

    Google Details Google Drive Android API

    Earlier this month, Google upgraded Google Play Services to version 4.1. One of the big features in this latest upgrade was the inclusion of a Google Drive Android API. Now Google has offered more details on what it says provides developers “a faster, seamless experience that enables your apps to integrate with the Drive backend within minutes.”

    To start us off, Google says the Drive API will sync app data stored locally with Google Drive storage in the cloud. This happens automatically so a users locally stored data will always be backed up on Google Drive. If the user happens to be offline when creating new local data, the Google Drive API will sync that data with the cloud the next time they get online.

    With this being Android, the Google Drive Android API has been designed to work on pretty much every device. There are three specific features you should be aware of though:

  • There’s minimal impact on the weight of your apps. As the client library is a stub to Google Play Services, incorporating the API has minimal impact on the size of your .apk binaries, resulting in faster downloads, fewer updates, and smaller execution footprint.
  • User files are automatically synced between different devices (provided the app has the same namespace and is signed with the same key).
  • Any device running the Gingerbread or later releases of Android and Google Play Services will automatically have support for the Google Drive Android API.

    • If you don’t want to build your own UI for the new Drive functionality, Google says this initial release comes with both file picker and creator user interface components.

    Specific to Android 4.4, Google notes that the Storage Access Framework is a generic client API that allows apps to communicate with multiple storage providers. They encourage developers to use the the Google Drive Android API as it provides “specialized functionality for interacting with files stored on Google Drive.”

    To learn more about the Google Drive Android API, check out the documentation and Google’s GitHub page. You can also watch a quick video introduction to the API below:

    Image via Google Developers Blog

  • Google Chromecast Gets Its First Game

    When Google originally announced Chromecast, the stated intention was to make streaming video and audio content to the living room much easier. That has been the case for a while now, but now it looks like some intrepid developers have succeeded in bringing a simple game to Chromecast as well.

    Swishly Inc have released a new game for iOS and Android called TicTacToe for Chromecast. As the name implies, it’s a simple TicTacToe game that mirrors your phone’s display on the TV via Chromecast. In essence, you’ll be able to play one of the most infuriating games of your youth on the TV.

    As the Google Operating System blog points out, Swishly’s app is based on a sample app found within Google’s own Google Cast API entry on GitHub. While it does make Swishly seem a little less creative, it does confirm that the Chromecast can be used for more than just audio and video. It just now remains to be seen how well it will handle games.

    In the best case scenario, Chromecast will offer games similar functionality to Apple’s AirPlay feature on Apple TV. In short, players will be able to mirror their Android games on a TV using Chromecast. It’s somewhat of a niche audience, but there are people out there who would love to play their mobile games on the big screen from time to time.

    If Chromecast does start to mirror games, that opens up questions regarding Google’s rumored Android games console. While the Ouya and other systems have yet to prove that a dedicated Android games console is something that people want, a major player like Google or Amazon could possibly muscle their way into making the market profitable. There’s not much room for a dedicated Android gaming console, however, if Google enables Chromecast to mirror games being played on a mobile device.

    If you want to try out TicTacToe for Chromecast, you can grab it today on both Android and iOS.

    [Image: Google Play]

  • Amazon’s Mobile Associates API Brings Retail Shopping To Your Mobile App

    Amazon’s Mobile Associates API Brings Retail Shopping To Your Mobile App

    Amazon is the world’s largest online retailer and it sells just about everything. It’s also host to one of the world’s largest mobile platforms with its Kindle Fire devices and Amazon Appstore for Android. Now the retailer is combining the two.

    Amazon announced today the launch of the Mobile Associates API. It’s a new tool that allows developers to integrate Amazon’s retail store into their mobile apps. In other words, a developer could sell physical items via in-app purchases, and the sale of those physical items would be handled by Amazon’s retail operation.

    “Developers now have the ability to create an even deeper connection between their app and the products customers value and purchase through Amazon.com,” said Mike George, Vice President of Amazon Appstore, Games and Cloud Drive. “Imagine a developer of a nutrition and fitness app can now offer their customers the ability to purchase vitamins, supplements and fitness gear within the app, directly from Amazon.com. It offers the customer a more relevant experience and provides the developer with a new source of revenue.”

    It’s noted that the API can do more than just sell physical items in apps. It can also be used to bundle digital and physical purchases. Amazon uses the example of a person buying a board game and receiving the digital version of the same board game for free.

    The API is also being used by mobile games that are tied into popular brands, like Marvel. Animoca, developer of Thor: Lord of Storms, integrated the API so that users could purchase Thor toys from within the app and earn in-app currency for doing so. This also nets the developer a sales commission from Amazon.

    In short, the Mobile Associates API is a pretty big deal. Amazon is the only mobile platform holder that could do this, and I’m surprised it took the company this long to integrate its retail operation into its mobile operation.

    If you’re a developer and find yourself interested in the Mobile Associates API, you can learn more about it here. The API isn’t exclusive to the Amazon Appstore either as any Google Play app can integrate it as well.

    [Image: AmazonAppDistro/YouTube]

  • Microsoft Adds Native 3D Printer API To Windows 8.1

    Windows 8.1 is fixing a lot of the problems people had with Microsoft’s newest operating system last November, but it’s also adding a lot of really cool features. Case in point – a native 3D printing API.

    So, how big is this? In short, it’s pretty big.

    At its annual BUILD developer conference, Microsoft announced that it’s building 3D printing right into Windows 8.1 through a native API. The change benefits pretty much everybody involved in the 3D printing space. Here’s what Steve Clayton over at the Next At Microsoft blog had to say about it:

    For app builders, it offers an application programming interface (API) for app developers to send their 3D models to, just like apps have been able to with 2D printing for a long time. For hardware developers, they can provide drivers that are automatically downloaded and configured when the user plugs in their new 3D printer. Windows 8.1 provides the helpful job spooling, print queue management, and UI support that it always has. And what’s great about this is that app builders can send their content to lots of 3D printers with no special work for each device – including those that haven’t even been designed when the app is shipped. For 3D printer devices, one of the challenges has been getting lots of interesting content to print. Now, these 3D printers can get content from any app that supports 3D printing in Windows 8.1, with no special work for each app, and even work automatically with apps that ship in the future.

    The reason behind this development is that Microsoft believes that 3D printing is about to go mainstream. It want Windows to be the premier destination for 3D printing once it does. It’s even going to start selling 3D printers at Microsoft Stores across the country.

    In even more exciting news, MakerBot is coming right out of the gate with a new 3D printer driver for Windows 8.1 that offers “plug-n-play and seamless end-to-end printing from a wide variety of applications directly to the MakerBot.” Speaking of which, MakerBot’s Replicator 2 3D printer is one of the first 3D printers you’ll be able to buy from the Microsoft Store.

    Check out this video tutorial if you want to start developing 3D printing apps for Windows 8.1:

  • Video Sharing Can Help Developers Build A Community

    Back in March, YouTube announced that it was developing a live streaming API for game developers. The API, when integrated into games, would allow players to live stream their game straight to YouTube from game consoles. The API has already been incredibly successful in its first run on Call of Duty: Black Ops II and now more developers have come forward with success stories.

    Free Range Games and Kamcord Discuss building your community with video sharing. We will demo Free Range Games’ YouTube API integration in APO Snow

    Check out Google’s documentation for more on the YouTube API.

  • Facebook Enhances Open Graph On Mobile, Updates iOS SDK

    At the Facebook Home unveiling, Mark Zuckerberg said that people are increasingly consuming content on mobile. It’s true for Facebook as is it true for just about everything else. That’s why Facebook needs to step up its mobile game, and it did just that today.

    At its Mobile Developer Conference in New York City, Facebook announced that Open Graph is coming to mobile in a big way. The first step is making sure everybody can integrate Open Graph into their mobile apps without having to deal with the complexity of the Graph API. The answer is the Object API – tools that let developers “directly create Open Graph objects” while no longer needing “to host webpages with Open Graph tags.” The new API is available to both mobile and Web apps so that nobody is left out.

    To make things even easier, Facebook is also introducing the Object Browser. It’s a “simple visual interface that helps you easily interact with the object data you publish.” For more on the Object API and the Object Browser, check out Facebook’s documentation.

    One of the core tenets of Facebook is sharing, and the social network is making it even easier on mobile with the Native Share Dialog. This particular tool allows people to share in-app actions without having to open or log into the Facebook app. It’s also incredibly easy to implement as it only requires a single line of code. The Native Share Dialog is available starting today in a limited beta on iOS with Android support coming soon. Check out Facebook’s documentation for more info.

    Users can look forward to an even friendlier Facebook mobile login experience as well as the social network is rolling out a number of enhancements to make things faster and more secure. The first is that Facebook has rebuilt its Login Dialog on mobile and Web to make it 20 percent faster. All Login Dialogs on mobile and non-game Web apps will be automatically upgraded to the new dialog today, but mobile apps can get even faster dialogs in the latest iOS and Android SDKs. If you want more info on Login Dialogs, check out Facebook’s documentation.

    As for security, Facebook has split Facebook permissions in mobile apps into two separate dialogs. The first is a mandatory dialog that asks users to share their Facebook data with the app. The second asks users if the app can post content to their Facebook wall on their behalf. In the second dialog, users can either agree, skip the step or customize which people the app can share stories with.

    On a final note, Facebook also released the latest version of its SDK for iOS. Version 3.5 of the iOS SDK includes support for all the above enhancements. The latest SDK only supports iOS 5 and above. You can download it here.

  • Don’t Write Your Own File Picker In Your Google Drive App

    You’re building a Google Drive app, and now you want to implement a file picker. You can either build your own or use an existing service. Google argues against the former in its latest Google Drive SDK hangout:

    Writing your own file picker with the Drive API is easy, right? Not so fast! Watch to find out about the hidden complexity that can turn an otherwise easy task into a pain for users. We’ll show you ways to do it right when you have no choice as well as some alternative approaches that are quick and easy to implement.

    Check out more Google Drive news and tutorials here.

  • Google Glass Mirror API Now Available

    Google Glass Mirror API Now Available

    It was revealed yesterday that the first round of Google Glass devices are finished. Google will start shipping to those who pre-ordered the device at Google I/O last year first, and those developers will presumably start building apps for the hardware immediately.

    Google Developers was updated today with the Google Mirror API page. The page contains all the information you need to start building apps for Google Glass. The page also includes a number of videos to walk you through specific actions of the API:

    Timeline Cards

    Menu Items

    Subscriptions

    Contacts

    If you need help getting started on Glass development, Google has released two starter projects in Java and Python that can be loaded into App Engine. From there, developers can use the starter project as a foundation for their own projects. If you need the API in other libraries, you can grab it in Java, Python, Go, PHP, .NET, Ruby and Dart from here.

    Once developers have the tools they need, they will also need to follow the rules. In the Terms of Service, Google says quite plainly that Glass developers can not serve ads in their Glass apps, nor can they charge for them. Google also says that all Glass apps must be hosted on Google’s own distribution channel “unless otherwise approved in writing by Google.”

    It seems that Google isn’t quite ready to monetize Glass, but it will probably allow developers to start selling apps later this year once the device goes into mass production. It would make little sense for the company not to. Either way, we’ve reached out to Google for comment and clarification and will update if we hear back.

    EDIT: A Google spokesperson gave us the following comment:

    “Developers are crucial to the future of Glass. The focus during the Explorer Program is on innovation and experimentation, but it’s too early to speculate how this will evolve.”

    [h/t: Engadget]

  • Facebook Retires The REST API For New Apps

    In late 2011, Facebook said that it would retiring the REST API to focus all of its efforts on the Graph API. Developers had over a year to make the jump, and now Facebook is finally pulling the plug.

    Facebook announced today that the REST API no longer available for new apps. Going forward, all new apps on Facebook must use the Graph API. Apps created after April 10 will receive an error code 3 upon trying to call the REST endpoints.

    So what does this mean for all the currently existing apps using the REST API? Facebook says those apps won’t be affected, and can continue to use the API. Of course, Facebook would really like it if developers made the jump to the Graph API. If enough developers make the jump, Facebook may even be able to fully retire the REST API so that all apps are on the same page.

    If you have yet to make the switch to the Graph API, you might want to check out the stellar improvements and features Facebook has been introducing to it lately. In fact, Facebook just launched a few more Open Graph tools to help make users’ timelines more interesting.

    As per tradition, Facebook also released its latest bug report. Since last week, 70 bugs were fixed, and 72 were accepted for further review. You can check out the full bug fix list at the blog post.

  • White House Announces Second ‘We The People’ Hackathon

    The White House has just announced its second National Day of Civic Hacking, to take place at the White House. It will take place on June 1st.

    “For the National Day of Civic Hacking, participants will focus on producing full, production ready apps and visualization tools that will be featured on the We the People website and made available under an open source license.”

    The first hack day took place in February, and out of it came various uses of the We The People API including “Where the People,” a visualization of zip codes where petitions are being signed, weighted for signatures by percentage of population, and “Widget the People,” which gives petition creators an embeddable gauge of how many signatures the petition needs before it reaches the response threshold.

    “This API is part of an effort, not only to broaden the conversation taking place via We the People, but to make the medium of that conversation as flexible, open, and transparent as possible. By building and releasing applications that leverage the API, and by making it possible for other platforms to connect with We the People, you’ll be making it easier for others to take part in that conversation,” says Peter Welsch on the White House blog.

    The White House launched the We The People online petition site back in 2011. Since then, the site has seen nearly 10 million signatures on close to 150,000 thousand individual petitions. It hasn’t been without its criticisms, and its share of ridiculous petitions – but recently, since upping the signature threshold, the White House has responded on a couple of important tech issues like CISPA and cellphone unlocking.

    If you’re interested, you can apply here. The deadline for applications is 5:00 pm on Friday, April 19th.

  • Mozilla Is Now Working On A Web Payment Standard

    Mozilla is all about Web standards. The non-profit has made it clear that it wants to move the Web away from plug-ins and third party services to Web APIs that will work across any browser. It’s latest venture tackles a service that many probably never thought needed fixing – Web payments.

    So, what’s wrong with our current Web payment services? Sure, services like PayPal can sometimes be a pain, but it’s not like the entire system needs to be uprooted, right? Mozilla objects to that line of thinking and offers three reasons why the current Web payment system is broken:

  • Users cannot choose how to pay; they have to select from one of the pre-defined options.
  • In most cases, the user has to type in an actual credit card number on each site. This is like giving someone the keys to your expensive car, letting them drive it around the block in a potentially dangerous neighborhood (the web) and saying please don’t get carjacked!
  • Merchants typically have to manage all this on their own: payment processor setup, costly processing fees, and possibly even PCI compliance.

    • To help solve these problems, Mozilla has introduced navigator.mozPay() in Firefox OS. Mozilla says the JavaScript API was inspired by Google’s Wallet API, but contains a few modifications that support multiple payment providers and carrier billing.

    Here’s how navigator.mozPay() works in its current incarnation on Firefox OS:

    When a web app invokes navigator.mozPay() in Firefox OS, the device shows a secure window with a concise UI. After authenticating, the user can easily charge the payment to her mobile carrier bill or credit card. When completed, the app delivers the product. Repeat purchases are quick and easy.

    If that sounds interesting to you, you can start testing it out right now on test builds of Firefox OS. The API can’t accept payments just yet, but Mozilla encourages developers to start working on implementing the API into their Firefox OS apps now.

    Interested developers can check out the Web payment API documentation here. If you want the code libraries, Mozilla currently has them available in Node.JS and Python. Other libraries for more languages are on the way.

  • Facebook Introduces New APIs For Comment Replies

    In late March, Facebook launched a new commenting system for Pages that allows users to reply to comments. The new system is on an opt-in basis for now, and Facebook has a few API tips to keep in mind if you decide to take your Page into this new territory.

    Facebook announced that its comments API now supports “different “views” of the comments on posts through our updated comments API and FQL comment table.”

    The first view organizes what Facebook calls “top level comments,” or comments that are not replies. These comments can be ranked based “on the post and the number of top level comments on the post so far.”

    The second view is simply called “replies.” Facebook says developers can access replies by “querying for the comments on a comment id.”

    The third, and final view, is the comment “stream.” This is what you’re most likely going to see the most of as it combines top level comments and replies into a single stream of data. The “stream” is also organized in chronological order so the newest comments are shown first.

    If you’ve already been using the comments API, Facebook says that you should keep the following changes in mind:

  • comments’ field from ‘stream’ FQL table is deprecated. Please use the’comment_info’ column to fetch the ‘can_comment’ and ‘comment_count’ fields.
  • We are removing the fields on the FQL ‘comment’ table that were used exclusively for legacy Comments Plugins — ‘xid’, ‘reply_xid’, ‘username’ and ‘comments’.
  • We are removing the undocumented ‘count’ field on the ‘comments’ connection in the Graph API. Please request ‘{id}/comments?summary=true’ explicitly if you would like the summary field which contains the count (now called ‘total_count’)

    • If you need more information, check out the comments API documentation. If you want to start using the new API, you can opt in through the July 2013 Breaking Changes under the Advanced Tab of the app dashboard. On July 10, the new comments API will go into effect for everyone. Might as well get used to it now while it’s still voluntary.