An application programming interface, or API, is software that opens up an application’s data and functionally to external third-party developers, business partners, or internal departments within an organization.
APIs allow different applications to communicate with each other and leverage each other’s data and functionality through a documented interface. In other words, an API allows two different applications to talk to each other, access data, and acts as a go between that takes requests, translates, and returns responses.
The first are Open APIs, also known as public or external APIs, and they are available to use by any developer. This leads to open APIs having relatively low authentication and authorization measures but the assets they share are often restricted.
Partner APIs are shared externally, but only with those who have a business relation with the company that is providing the API. Access is limited to only those that have been authorized or have official licenses. These limitations make partner APIs more secure than public APIs.
Internal APIs, also called private APIs, are not intended to be used by third parties. They are used internally within companies for the transfer of data between teams and systems.
Composite APIs are a combination of multiple APIs, this allows developers to group different elements of the APIs for a unified response from different servers. These APIs work as an automatic chain of calls and responses that do not require intervention.
Without knowing it, you are likely using API’s every single day! One prime example is Google maps, which is used virtually by any website that wants to provide convenient directions to their location.
1. Client application initiates an API call to retrieve information—also known as a request. This request is processed from an application to the web server via the API’s Uniform Resource Identifier (URI) and includes a request verb, headers, and sometimes, a request body.
2. After receiving a valid request, the API makes a call to the external program or web server.
3. The server sends a response to the API with the requested information.
4. The API transfers the data to the initial requesting application.
Benefits of APIs
In today’s workplace, workflows, processes, and transaction management are constantly changing. APIs help to ensure that the connectivity and collaboration continue to remain strong even as workflows and processes change.
Innovation: APIs provide flexibility, this allows for seamless connections with new business opportunities, new service options to existing consumers, and for the opportunity to enter into new markets that support digital transformation.
ZorroSign’s understands the importance of APIs and that is why our seamless API integration process allows your users to remain on your existing platform’s user interface, while integrating our multi-chain blockchain platform for your transactions!
With ZorroSign, developers and product managers can tap the power of our six technologies features, as your organization benefits from our support with flexible pricing.
You may have heard about Web 3.0 (or web3) recently and wondered, what is Web 3.0 and how is it different from Web 1.0 and Web 2.0?
A broad definition of Web 1.0 is simply the initial iteration of the World Wide Web in the late 1980’s and early 1990’s. “Web 1.0 is the term used for the earliest version of the Internet as it emerged from its origins with Defense Advanced Research Projects Agency (DARPA),” writes Kuntal Chakraborty for Techopedia. “Experts refer to it as the ‘read-only’ web—a web that was not interactive in any significant sense.”
From those early static web pages, a platform model of computing soon evolved that would become Web 2.0 or the ‘social web.’ Here, interaction with growing web applications and platforms drove e-commerce and the expansion of the Internet, allowing large providers to aggregate and control much of the shared data. This is the Internet we know today.
“Web 2.0’s business model relies on user participation to create fresh content and profile data to be sold to third parties for marketing purposes,” writes Charles Silver in a recent Forbes article. “Indeed, the internet has become a massive app store, dominated by centralized apps from Google, Facebook and Amazon, where everyone is trying to build an audience, collect data and monetize that data through targeted advertising. In my opinion, the centralization and exploitation of data, and the use of it without users’ meaningful consent, is built into Web 2.0’s business model.”
The dream of Web 3.0, however, is to break the centralization of information and democratize the Internet more to the vision of its earliest founders. “Web3, ” claims Chris Dixon from Andreesen Horowitz in a recent article in The Economist, “combines the decentralized, community-governed ethos of web1 with the advanced, modern functionality of web2.”
The Web 3.0 “will be based on the convergence of emerging technologies like blockchain, artificial intelligence (AI), machine learning and augmented reality,” note Neeti Aggarwal and Dandreb Salangsang in The Asian Banker. “It will be characterized by decentralized data, a more transparent and secure environment, machine cognitive intelligence and three-dimensional design.”
“The rise of technologies such as distributed ledgers and storage on blockchain will allow for data decentralization and create a transparent and secure environment, overtaking Web 2.0’s centralization, surveillance and exploitative advertising,” continues Silver. “Indeed, one of the most significant implications of decentralization and blockchain technology is in the area of data ownership and compensation… Web 3.0 will bring us a fairer internet by enabling the individual to be a sovereign.”
Web 3.0 isn’t just championed by iconoclasts and trustbusters—Alphabet CEO, Sundar Pichai, recently shared on a quarterly earnings call, “On Web3, we are definitely looking at blockchain, and such an interesting and powerful technology with broad applications so much broader again than any one application. So as a company, we are looking at how we might contribute to the ecosystem and add value.”
As such, even the biggest players in Web 2.0 are looking to adopt Web 3.0 technologies and strategies as they continue their evolution.
Financial Services on Web 3.0
“Think about all the financial instruments we use today—currency, loans, insurance, bonds, credit cards, stocks, futures, options, interest bearing accounts—being converted to a new model,” asks Thomson Reuters. “One that doesn’t require a traditional banking institution.”
For financial service organizations, adopting emerging technologies has historically been a slow, prove-it-before-you-move-it endeavor. With the boom in fintech the past ten years, however, financial service organizations from accounting firms, to banks, credit unions, and credit-card companies, to finance companies and managers, insurance companies, investment funds, notaries, payment providers, stock brokerages, and conglomerates have all moved faster to adopt new technologies and gain a competitive advantage in serving customers.
“Fintech refers to the latest software developments in the financial services sector,” explains a recent Finextra article. “Using technologies such as artificial intelligence, biometrics, payments, crypto and others, banks are increasingly able to offer their customers more convenient, streamlined services.”
Already, “a few banks are using blockchain to power real-time transactions,” writes Emily McCormick for Bank Director. Meanwhile, “Fintechs competing with banks are also taking advantage of the disintermediation trends promised by a Web3 economy.”
Today, cryptocurrencies and decentralized finance (DeFi) platforms challenge traditional banking for services and control of consumer monetary systems. But while cryptocurrencies provide an exciting alternative to the constraints of fractional-reserve banking, financial services providers need not abandon central bank currencies to adopt Web 3.0 strategies. The distributed ledger technology of blockchains can also support financial service applications above-and-beyond cryptocurrencies.
Future Technologies for Financial Services
As most financial service providers engage Web 2.0 technologies, the opportunity for early adopters to leap ahead to Web 3.0 becomes clear.
“Over the next decade, we believe blockchain will become the dominant operating infrastructure of the financial system and look forward to helping our network of regulated banks, brokers and fintechs develop the competency and dexterity to be early adopters of this transformational technology,” said Ryan Zacharia, general partner at JAM Special Opportunity Ventures (JSOV), an affiliate of Jacobs Asset Management (JAM) and FINTOP Capital.
“Unlike the cryptocurrency market, for example—which is built on a digitally native system—Vikram Pandit, CEO of The Orogen Group and former Citigroup Inc. CEO, said that innovations in the traditional banking sector are based on applying new technology to improve old architecture, citing the use of distributed ledger technology in cross-border payments as an example,” notes a recent S&P Global Market Intelligence report.
Payments are another area ready for Web 3.0 transformation. “In the past, when you transferred money to someone online, you needed a trusted service like PayPal or a bank to make the transfer,” cites an Algorand post. “With blockchain networks, you can now transfer money directly to anyone with an Internet connection on a peer-to-peer basis.”
Further, securing digital transactions and the digital chain-of-custody are critical for financial organizations. Even as some financial assets move to the metaverse—NFTs are an early example—a technology that immutably tracks and reports the provenance of assets is necessary to ensure ownership and enforce agreements across transactions and holdings.
“Issues of trust, transparency, privacy, and user control lie at the heart of Web 3.0,” writes MakerDAO, and “on the back of the blockchain promises to shift the balance of power back in favor of the user.”
Blockchain, built for zero-trust environments, is the ideal architecture for tracking and storing digital transactions and documentation, and another way Web 3.0 technologies support evolving financial services.
ZorroSign and Web 3.0
And here is where ZorroSign shines! We have built our digital platform from the ground up using blockchain technology. Launched with Hyperledger Fabric, our multi-chain platform now supports the public Provenance Blockchain as well, giving our users an entirely new world of decentralized digital transactions.
At ZorroSign, we deliver digital signature solutions built on blockchain for greater privacy and security.
Our Web 3.0 technology platform also provides identity-as-a-service (IDaaS) capabilities through a patented Z-Forensics token plus fraud prevention, user authentication, and document verification. Web 3.0 features such as artificial intelligence (AI) and machine learning (ML) allow us to automate form completion for digital documents, and can improve regulatory compliance across global standards for legally enforceable digital signatures.
Paired with Provenance Blockchain—which reduces the need for third-party intermediation, drastically reducing costs and freeing up capital in financial transactions—ZorroSign’s platform promotes greater transparency and liquidity for financial service organizations, and allows for new kinds of financial engineering and business opportunities.
To learn more about Web 3.0 and how ZorroSign can help your financial service organization meet the future needs of your customers, contact us today!
What is blockchain?
If Bitcoin is a blockchain, is every blockchain a bitcoin?
What are apps and dApps?
What businesses and organizations use blockchain apps today?
We are excited to answer such questions and encourage you to contact us to learn more about blockchain, dApps, and how ZorroSign delivers superior privacy and security with blockchain technology! Read on . . .
Blockchain is a distributed ledger technology (DLT) leveraging cryptography—user authentication, data encryption and verification—to secure information records (blocks) distributed across peer-to-peer (P2P) networks. DLTs replicate, share, and synchronize digital data geographically spread across multiple sites (nodes), with no central data storage or administrator.
They can be run publicly (open) or privately (permissioned):
Public blockchains, or open blockchains, allow anyone to run an endpoint node on the public network. Users can participate by mining a block or making transactions on the blockchain. Famous cryptocurrencies such as Bitcoin, Dogecoin, Ethereum, and Litecoin are public blockchains.
Private blockchains restrict the endpoints or peers that can store data, requiring permission to participate on the private network. As such, permissioned blockchains are not used as cryptocurrencies, but instead make excellent business applications for storing, securing, and sharing data. Hyperledger Fabric is a ready example of a consortium private blockchain, allowing organizations to grant limited permissions to those endpoints participating on the blockchain.
Cryptocurrency and Blockchain Apps
Cryptocurrencies on public blockchains essentially produce a coin which serves as digital money. Cryptocurrency coins have the same characteristics as fiat money: They are acceptable, divisible, durable, fungible, portable, and have limited supply. For example, Ether is the coin of Ethereum and Lumen is the coin of Stellar. Cryptocurrency coins are held in digital walletsthat store private/public keys and interact with various public blockchains to enable users to send and receive digital currencies and tokens.
“Bitcoin was arguably the first dApp,” writes Computerworld. “Enabling anyone in the world to download a bit of open-source code to join a blockchain network and verify transactions using a ‘mining’ algorithm, thereby generating digital currency (cryptocurrency) as a reward.”
DApps, or decentralized applications, are computer programs running on distributed ledger technologies (DLTs). With private blockchain dApps, an organization controls access to the blockchain—limiting its distribution but also elevating its security. So while cryptocurrencies are often in the news for major purchases, market fluctuations, and hacks, blockchain business apps make the news by showcasing how blockchain can advance business, government, healthcare, and many other industries.
IBM Blockchain – one of the best blockchain apps that helps logistics companies and businesses with long supply chains to track the status and condition of every product on each stage of the supply process: from the start of production to the distribution stage. Blockchain provides full transparency of records, and offers real-time tracking of all parts in terms of their location and condition.
MedRec – a healthcare example of blockchain app that provides secure access to medical records across different providers and actors, like doctors, patients, hospitals, pharmacies and insurance companies.
Spotify – uses blockchain database for decentralized connection between Spotify tracks, artists and licensing agreements.
DApps on Hyperledger Fabric
Hyperledger Fabric is a private blockchain that emerged from an open-source collaborative effort hosted by the Linux Foundation. Built to advance cross-industry blockchain technologies and improve trust, transparency and accountability, Hyperledger Fabric’s “modular architecture maximizes the confidentiality, resilience, and flexibility of blockchain solutions,” explains IBM.
Hyperledger was built for data protection and confidential transactions, and “was introduced to accelerate industry-wide collaboration for developing high-performance and reliable blockchain,” says the Blockchain Council.
Some prominent Hyperledger Fabric deployments include:
Chainyard, designed to improve supplier validation, onboarding and life cycle information management
Walmart to create a food traceability system—decentralizing its food supply ecosystem to quickly find the source when an outbreak of a food-borne disease happens
ZorroSign digital signature, document management, IDaaS, and transaction management platform
“Hyperledger Fabric is intended as a foundation for developing applications or solutions with a modular architecture,” notes Hyperledger.org “Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play. Its modular and versatile design satisfies a broad range of industry use cases. It offers a unique approach to consensus that enables performance at scale while preserving privacy.”
Focused on B2B collaboration where transactions taking place on the network are only visible to the authorized members, Hyperledger Fabric allows dApps to choose between no consensus needed and an agreement protocol—greatly speeding transaction times while minimizing energy requirements to update the blockchain.
For example, “transactions in the ledgers of Fabric nodes are always in the same order—they don’t get out of sync,” says BlocWatch. “So any application reading from a Fabric ledger doesn’t have to wait for blocks to age; they can be trusted immediately.”
Further, private enterprise blockchain use significantly less energy than public cryptocurrency blockchains, explains Michael Barnard in a CleanTechnica report.
“Think of it as an operating system for marketplaces, micro-currencies, data-sharing networks and decentralized digital communities,” says GamesdApp.
ZorroSign on Hyperledger Fabric
The ZorroSign platform was built from the ground up on Hyperledger Fabric and delivers digital signatures, identity-as-a-service (IDaaS) features, digital document management, user verification and document authentication, and much more. Our dApp is available on iOS or Android, and can be readily accessed from any device—PC or mobile—anywhere in the world.
“We are proud to deliver a mature blockchain solution for digital signatures that is cost-effective and more secure than any encrypted e-signature technology that relies upon public-key infrastructure for security credentials,” says ZorroSign co-founder and CEO, Shamsh Hadi. “ZorroSign’s platform efficiently leverages blockchain to protect online identities and documents such as business agreements, government files, healthcare records, and other legal evidence stored in digital formats.”
For businesses, institutions, and individuals that desire to securely digitize paper-based workflows, ZorroSign’s digital signature and document management platform can decrease costs, reduce clerical errors, and increase productivity. Plus as a private blockchain, ZorroSign’s architecture has even tighter privacy and security measures than other blockchains.
“Phishing is an attempt by an individual or group to solicit personal information from unsuspecting users by employing social engineering techniques,” explains CISA. “Phishing emails are crafted to appear as if they have been sent from a legitimate organization or known individual. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, that can further expose them to future compromises. Additionally, these fraudulent websites may contain malicious code.”
Thus phishing attacks seek to steal data or inject malware—adware, bots, keyloggers, ransomware, spyware, trojans, worms, etc.—that cause damage at a later time.
In phishing attacks, “scammers use email or text messages to trick you into giving them your personal information. They may try to steal your passwords, account numbers, or Social Security numbers. If they get that information, they could gain access to your email, bank, or other accounts,” warns the Federal Trade Commission (FTC). “Scammers launch thousands of phishing attacks like these every day—and they’re often successful. The FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes in one year.”
“What really distinguishes phishing is the form the message takes,” notes a recent CSO online article. “The attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the victim might do business with.”
This credibility is paired with a sense of urgency to inspire victims to respond quickly to the message: Clicking a link or downloading a file that starts the attack. For example, Crowdstrike, a cybersecurity company, found that Amazon and Apple were the two most impersonated organizations for phishing scams in 2020. As the COVID-19 pandemic moves more people to work-from-home and out of traditional workplace settings, phishing scams increase to take advantage of anxiety and remote communications.
“Criminals rely on deception and creating a sense of urgency to achieve success with their phishing campaigns,” adds the CSO online article. “During a crisis, people are on edge. They want information and are looking for direction from their employers, the government, and other relevant authorities. An email that appears to be from one of these entities and promises new information or instructs recipients to complete a task quickly will likely receive less scrutiny than prior to the crisis. An impulsive click later, and the victim’s device is infected or account is compromised.”
“Phishing and social engineering attacks are now experienced by 85 percent of organizations,” reports Accenture. And the number of phishing attacks has been increasing in the United States, “with a growth of 65% in the last year,” addsCrowdstrike.
Blockchain Cybersecurity Against Phishing
“Traditionally, businesses sought to prevent phishing attacks through employee training,” writes Cloudphish, a blockchain cybersecurity company. “While this method did provide some success, it was overly reliant on human judgment.” As an alternative to such an approach of relying upon employees and staff to determine what emails or attachments they can safely open, blockchain offers a chance to secure the system access attackers ultimately seek.
Blockchain’s architecture, originally built for zero-trust environments and further secured in private, permissioned blockchain configurations, gives organizations a compelling alternative to centralized databases and a strong protection against phishing attacks.
In phishing attacks that seek to steal data, blockchain presents a data architecture where no single endpoint node controls the data set. Even if an individual endpoint is hacked through phishing or other social engineering, the data set is distributed across many nodes. This decentralization of data and access means even successful phishing attacks that penetrate a blockchain endpoint only gain a small piece of system access.
Whereas centralized databases can be stolen by one endpoint breach—such as the infamous attacks on Yahoo in 2013 and 2014, the United States Office of Personnel Management (OPM) in 2015, Equifax in 2017, Marriott/Starwood Hotels in 2019, and countless others—the distributed ledgers of blockchains minimize the potential damage of any phishing attack on individual endpoints. At ZorroSign, for example, we use a private permissioned blockchain, Hyperledger Fabric. Hence, even during a successful phishing attack, the adversary would not gain access to the blockchain data because the adversary would not have access to the blockchain certificates. With Hyperledger Fabric, blockchain certificates are maintained in a secured certificate authority.
In phishing attacks that seek to inject malware such as ransomware, the distributed nature of blockchain defeats those seeking to breach a system then holistically ransom the data files stored therein. Again, a single endpoint node might be breached, but the larger data set cannot be controlled by any one endpoint (or central authority) and so phishing attackers cannot capture the full data set for encryption, ransom, and shutting down the network.
Further, with private, permissioned blockchains, each endpoint node (or user) has a unique encryption key to access and write to the distributed ledger. If any one of those endpoints is successfully hacked (compromising their access key), the private blockchain can simply remove distributed ledger access for that compromised key, issue the endpoint a new key, and allow that endpoint to quickly regain distributed ledger access (effectively as a new endpoint). This quick recovery process effectively maroons any ransomware on the endpoint it attacked—ending its access and threat—while allowing the endpoint to re-engage the larger data set with a new key and without needing to pay any ransom to the attackers for restored access.