Status of the API

Hello :wave:

Our current API is definitely a prototype for where we want to be in the future. There’s still a lot of work to be done and we hope that the product of this is an API v1, which is stable (our current beta API has no guarantees in terms of backwards compatibility) and provides much more functionality. For example, at the moment we do not have public APIs for making payments :money_with_wings:.

Before we can begin to implement these :mondo: APIs for developers we need to work on a few key areas:

  • Provide mechanisms for restricting the access of apps to specific resources. For example you may only want an app to be able to read your transactions, but not edit notes or make payments. :lock:
  • Give users visibility into which apps have access to their data. Additionally allow users to revoke previously delegated permissions. :mag: (Of course this doesn’t delete data which the app may have already retrieved through the API.)
  • Establish the identity of developers and review the permissions they have requested for their apps to ensure that they are appropriate. :passport_control:
  • Construct security mechanisms around dangerous actions initiated via the API. E.g. moving money. :pound:

At the moment I am working on a new authorisation framework around our current OAuth 2.0 implementation. This will allow users to delegate granular permissions to third party apps. This is the first of many steps towards API v1, and we’re hoping to write more about this process on the Blog. :books:

Nevertheless we hope that you can still build some cool things with the current API. (Check out some of the things which have already been built with :mondo:!) If you have any feedback about the current API we’re all ears :ear:. Please let us know on the Developers Slack or right here on the Community Forum.