specs/docs/draft/13-3rd-party.md

4.4 KiB

permalink parent title
/spec/13 Draft specs 13/3RD-PARTY-USAGE

13/3RD-PARTY

Version: 0.1

Status: Draft

Authors: Volodymyr Kozieiev volodymyr@status.im

Third party APIs used for core functionality

Table of Contents

  1. Abstract
  2. Definitions
  3. Why 3rd party API can be a problem?
  4. 3rd party APIs used by Status
  1. Changelog
  2. Copyright

Abstract

This specification discusses 3rd party APIs that Status relies on. These APIs provide various capabilities such as:

  • communicate with the Ethereum network
  • allow users to see address and transaction details on external website
  • get fiat/crypto exchange rates
  • get information about collectibles
  • hosts privacy policy

Definitions

Term Description
Fiat money Currency which established as money, often by government regulation, but that has no intrinsic value
Full node Any computer, connected to the Ethereum network, which fully enforces all the consensus rules of Ethereum.
Crypto-collectible A cryptographically unique, non-fungible digital asset . Unlike cryptocurrencies, which require all tokens to be identical, each crypto-collectible token is unique or limited in quantity.

Why 3rd party API can be a problem?

Relying on 3rd party APIs interferes with censorship resistance Status principle. Since Status aims to avoid suppression of information it is important to reduce amount of 3rd parties crucial for app functionality.

3rd party APIs used by current Status app

Infura

What is it?

Infura hosts a collection of full nodes for the Ethereum network and provides an API to access both the Ethereum and IPFS networks without having to run a full node.

How Status use it?

Status works on mobile devices and therefore can't rely on local node. So all communication to Ethereum network happens via Infura.

Concerns

Making a HTTP request means that a user leaks metadata, which can be used in various attacks if an attacker hacks the service. Infura hosts on centralized providers. If these fail or the provider cuts off service, then Status features requiring Ethereum calls will.

Etherscan

What is it?

Etherscan is a service that allows user to explore and search the Ethereum blockchain for transactions, addresses, tokens, prices and other activities taking place on Ethereum.

How Status use it?

Status Wallet allows users to view details of addresses and transactions on Etherscan.

Concerns

If Etherscan fails user won't be able to view address or transaction details with it. But inside the app this info will still be available.

CryptoCompare

What is it?

CryptoCompare is a service that shows live streaming prices, charts and analysis from top crypto exchanges.

How Status use it?

Status regularly fetches crypto prices from CryptoCompare. Using that info Status calculates fiat value for transaction or wallet assets.

Concerns

Making a HTTP request means that a user leaks metadata, which can be used in various attacks if an attacker hacks the service. If CryptoCompare fails Status won't be able to show fiat equivalent of crypto in wallet.

Collectibles

There is a set of services that used for getting information about collectibles:

Concerns

Making a HTTP request means that a user leaks metadata, which can be used in various attacks if an attacker hacks the service.

Iubenda

What is it?

Service that helps in creating documents that make websites and apps compliant with the law across multiple countries and legislations.

How Status use it?

Privacy policy of Status hosted on Iubenda.

Concerns

If Iubenda fails Status users won't be able to navigate to app's privacy policy.

Changelog

Version Comment
0.1.0 Initial Release

Copyright and related rights waived via CC0.