Why we should care about API restrictions

1 Jun 2023

Image: © sulit.photos/Stock.adobe.com

APIs allow computer programs to communicate with each other, with many uses including enabling researchers to gather data from social media apps and government agencies to issue automatic disaster alerts.

The recent wave of social media sites restricting their application programming interfaces (APIs) is causing concerns for various groups.

These interfaces are essentially ways for two computer programmes to communicate with each other. This allows organisations to share data both internally and to other developers.

There are various benefits surrounding the use of APIs. In the case of social media sites like Twitter and Reddit, APIs allow third parties to obtain publicly available data from these platforms, which can be used to create external apps that connect back to the site.

But there are also issues associated with APIs, such as the threat of cyberattacks. A report last year claimed that roughly 3,200 apps were leaking Twitter API keys and claimed these keys could be used to take over accounts.

As a result of these fears, some companies have been taking steps to restrict their API access in recent years. In 2018, Facebook rolled out a batch of API changes, following a discovery that a Facebook app had been leaking data on 120m users.

Attempts to monetise APIs

In recent months, certain sites have also taken steps to monitise access to their APIs. Reddit is the latest platform to do so and has been criticised by an app developer as a result.

The developer of the Apollo app – a popular iOS app for browsing Reddit – claims he could face costs of up to $20m a year as a result of Reddit’s new paid API model.

Developer Christian Selig claimed the new pricing model would charge the app for each ‘request’ made – which are essentially interactions by users.

“Even if I only kept subscription users, the average Apollo user uses 344 requests per day, which would cost $2.50 per month, which is over double what the subscription currently costs, so I’d be in the red every month,” Selig said.

Twitter also removed its free API in recent months and moved to a paid model system, which was one of many steps Elon Musk has taken to monetise the site as much as possible. The site also banned a batch of third-party apps in January, before quietly updating its developer agreement rules.

The importance of APIs

Twitter in particular has faced criticism in recent months for the new price of its API, which is reported to be roughly $42,000 per month.

But APIs are used for more than just entertainment apps or alternative ways to browse a platform. Researchers are able to collect website data through APIs, providing a useful means to acquire statistics for various projects.

In February, Dr Jon-Patrick Allem of the University of Southern California said the removal of a free API would delay the gathering of potential knowledge and “ultimately reduce the number of participants working to understand the world around us”.

Groups like The Coalition for Independent Technology Research echoed these concerns and called on Twitter to maintain free access to its API for researchers.

Twitter’s API is also used by many government and public service accounts, which provide information such as weather alerts, transport updates and emergency notifications. These accounts raised issues with the new paid API model, which caused Twitter to grant free API access to accounts that send out these types of critical notifications.

APIs are also being used as a way to share new technology among organisations, with a notable example being AI.

In March, ChatGPT creator OpenAI revealed its own API to help businesses integrate the advanced AI chatbot directly into their websites, apps and services.

Many companies appear to have jumped on this API offering, boosting the reach of the popular ChatGPT in recent months. But there is evidence that this API will also cause security concerns.

In February, a report by cybersecurity company Check Point claimed hacker forums shared ways to use OpenAI’s API to bypass ChatGPT barriers and spread malware.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com