May 14, 2019
Authored by: Bryan Cave and John Bush
Application programming interfaces, or “APIs,” have become a critical part of ecommerce, and retailers are increasingly finding new and creative ways to use APIs to enhance their offerings and their business. For example, Kroger deploys an API with information about its groceries, locations, coupons, and loyalty programs. BestBuy similarly offers APIs to third parties, including one for recommended purchases. LensCrafters, Williams-Sonoma, and other retailers have further deployed APIs to expand consumer access to their information. Still, many other retailers are connecting to PayPal and other fintech companies to provide multiple secure checkout options.
This post is the first in a two-part series concerning emerging uses and considerations involving APIs.
The provision of public APIs has exploded in recent years amid ecommerce. More than 60 percent of eBay listings are added via API. At least 50 percent of Salesforce transactions are via APIs. Ecommerce service companies Shopify ($25B) and Twilio ($15B) have exploded to multibillion dollar market valuations, in part, through providing APIs to retailers.
Using APIs carries its own risk—almost inherently. Flaws in APIs can expose customer data and/or transaction histories, raising potential risk of claims under consumer privacy laws. According to HIMSS, healthcare APIs risk exploitation through denial of service, cookie tampering, and man-in-the-middle attacks. Disputes over API rights have also led to billion-dollar claims between corporate giants.
API usage is here to stay and will almost certainly increase in the future. Retailers should therefore consider how to manage this tool, while at the same time protecting customers’ personal information and reducing liability risks. Our next post will further address some of these risks and mitigation strategies.