Draft of 3rd party api spec

docs/draft/3rd-party-api.md

@@ -0,0 +1,88 @@
+# (DRAFT) 3rd party APIs used for core functionality that impacts things like availability/censorship and privacy
+
+Authors:	Volodymyr Kozieiev
+
+Status:	Draft
+
+Version:	0.1.0
+
+## Table of Contents
+
+1. [Abstract](Abstract)
+2. [Definitions](#definitions)
+3. [Why 3rd party API can be a problem?]()
+
+
+## Abstract
+In this specification listed 3rd party APIs that Status functionality rely on.
+
+## Definitions
+
+| Term        | Description |
+| ------------- |-------------|
+| Fiat money    | Currency which established as money, often by government regulation, but that has no intrinsic value
+| Full node    | Any computer, connected to the Ethereum network, which fully enforces all the consensus rules of Ethereum.
+| Crypto-collectible | A cryptographically unique, non-fungible digital asset . Unlike cryptocurrencies, which require all tokens to be identical, each crypto-collectible token is unique or limited in quantity.
+
+
+## Why 3rd party API can be a problem?
+Relying on 3rd party APIs interferes with `censorship resistance` Status principle. Since we aim to avoid suppression of information it is important to reduce amount of 3rd parties crucial for app functionality.
+
+## 3rd party APIs used by Status
+
+### Infura
+
+##### What is it?
+Infura hosts a collection of own full nodes on the Ethereum network and provides an API access to the Ethereum and IPFS networks without having to run a full node.
+
+##### How Status use it?
+Status works on mobile devices and therefore can't rely on local node. So all communication to Ethereum network happens via Infura.
+
+##### Concerns
+Making http request means that user metadata leaks. Also if service hacked it can be used in various attacks, e.g. by faking returning data.
+Infura hosts on Amazon. It can fail or Amazon can cut off service or their servers crash. In this case all Status features related to Ethereum network calls will fail.
+
+
+### Etherscan
+##### What is it?
+Etherscan is a service that allows user to explore and search the Ethereum blockchain for transactions, addresses, tokens, prices and other activities taking place on Ethereum network.
+
+##### How Status use it?
+Status Wallet has buttons that allow user to view details of address or transactions on Etherscan site.
+
+##### Concerns
+If Etherscan fails user won't be able to view address or transaction details with it. But inside the app this info will still be available.
+
+### CryptoCompare
+
+##### What is it?
+CryptoCompare is a service that shows live streaming prices, charts and analysis from top crypto exchanges.
+
+##### How Status use it?
+Status regularly fetches crypto prices from CryptoCompare. Using that info Status calculates fiat value for transaction or wallet assets.
+
+##### Concerns
+Making http request means that user metadata leaks. Also if service hacked it can be used in various attacks, e.g. by faking returning data.
+If CryptoCompare fails Status won't be able to show fiat equivalent of crypto in wallet.
+
+### Collectibles
+
+There is a set of services that used for getting information about collectibles:
+- https://api.pixura.io/graphql
+- https://www.etheremon.com/api
+- https://us-central1-cryptostrikers-prod.cloudfunctions.net/cards/
+- https://api.cryptokitties.co/
+
+
+##### Concerns
+Making http request means that user metadata leaks. Also if service hacked they can be used in various attacks, e.g. by faking returning data.
+
+### Iubenda
+##### What is it?
+Service that helps in creating documents that make websites and apps compliant with the law across multiple countries and legislations.
+
+##### How Status use it?
+Privacy policy of Status hosted on Iubenda.
+
+##### Concerns
+If Iubenda fails Status users won't be able to navigate to app's privacy policy.