I am pushing forward my security research, and profiling what threat information APIs and platforms are up to. I rarely ever dive into any API without actually signing up for an API, getting some keys, and actually get to work making API calls. I have come across a number of APIs that are just fronts so that they can get in ProgrammableWeb directory, or just issue a press release that they have an API, so I usually prefer to fire things up and validate an API does what is being advertised.
There is no better way to truly get to know an API than to actually make API calls against it and get to work doing some integration. While profiling the Facebook ThreatExchange API I did what I normally do--requested some keys. The platform doesn't allow for self-service access, so I had to wait for a response, which came as an email a couple days later:
Hello Kin,
Thank you for applying to ThreatExchange! Currently, we are in beta and focused on solving the challenges of companies with dedicated abuse detection or incident response teams seeking to share threat intelligence.
At this moment, we don't feel the product is ready for your use-case, but we hope it will be in the near future and will reach back out once it is. We appreciate your patience and understanding.
Please reach out to us if you feel this message is in error or if you have ideas on how we can best support your interest(s).
Best,
Facebook ThreatExchange Team
I do not fault companies for not giving away instant self-service access to their API resources. There are plenty of badly behaved 3rd party developers out there. I do encourage them to try and consider other uses cases beyond just their partner implementations, and 3rd party developer integrations. Journalists, researchers, regulators, and analysts like me all need access and can bring a variety of benefits to the platform beyond integrations.
When it comes to the Facebook ThreatExchange API I am looking to drum up more attention and interest in what they are up to. I really think that if we are going to do this correctly, it will need a lot of attention, a lot of companies at the table, especially leaders like Facebook who have a significant portion of the threat data. I guess I will take what I've learned and educate myself about other threat information exchange platforms, and focus on those efforts (which seems silly), but without access, it is about all I can do.
