API3 (API3)

From CryptoCurrency Wiki

Basics

"A project building a transparent methodology for marrying blockchains to the APIs of data providers, which really means providing an alternative to Chainlink, the decentralized oracle service with something of a monopoly in the world of data feeds and smart-contract blockchains."

History

"A large part of the founding members were previously working on the Honeycomb API Marketplace. Honeycomb was essentially an API-centric oracle marketplace, but the underlying oracle solution wasn’t built to enable first-party oracles, and was limiting us. Seeing that none of the solutions on the market satisfied our needs, we decided to build our own oracle solution to meet this need.

It was affirming that we were not alone in this view. The security and the data source-transparency that first-party oracles provided is seen as an obvious solution to a lot of the problems that existing projects suffer from. For example, Sasa and many other founding members reached similar conclusions independently, and got involved with the project simply because it complemented their personal vision."

Audits & Exploits

  • Bug bounty program can be found [insert here].
  • From their blog (2-2021):

"We’re on the final stretch with the authoritative DAO. The first audit is scheduled with Solidified for March 8–22. Following the revisions, a second audit is scheduled with Quantstamp for April 4–9."

  • From their blog (1-4-2021):

"The pre-alpha contracts have been audited by a third party, and this version is being used to prototype integrations."

  • From their blog (7-4-2021):

"In the first quarter of 2021, API3’s Airnode oracle solution went through an extensive audit by GDPR compliance specialist Tacita, and was found to be fully GDPR-compliant when operated as intended, i.e. by the API provider as a first-party oracle."

  • From their blog (1-7-2021):

"We’re happy to announce that all three audits from Solidified, Quantstamp and Team Omega are now finalized. This ended up being a usefully diverse combination, where Solidified gave an initial vote of confidence, Quantstamp provided a broad coverage, and Team Omega was much more DAO/governance-focused and went even beyond the scope of a regular security audit."

Bugs/Exploits

Governance

Admin Key

DAO

  • From their blog (18-11-2020):

"The legal entity governed by the API3 DAO is API3 Foundation Limited Company, a Cayman Islands foundation."

"API3 data feeds are governed by an open DAO of stakeholders, industry experts and project partners. This allows dAPIs to be operated with maximal transparency, minimal required trust in centralized operators, and no centralized attack surfaces. API token holders can take a direct part in governing the project by staking API3 tokens into the API3 insurance staking contract, which grants them shares in the API3 DAO."

“The data feeds don’t go “though” the DAO, but are merely controlled by it. In any case all the feeds here will be DAO governed from the get-go. An entity needs to collate all the API providers into aggregated feeds, and this has to be decentralized."

  • When asked how the DAO will be structured, the answer on Discord was (9-4-2021):

"There is the first iteration of the DAO that currently runs on Aragon v1, which the core team members have voting power over. It'll be on-chain. To provide some more granular detail: the tokens will be staked via an interface that's hosted on IPFS, where proposals can be voted upon immediately after being staked. The minimum quorum level will sit at 15%, the proposals will pass at 50% consensus or with more votes in favour of it after 7 days have passed, there will be delegation functions, and withdrawal from staking will take 7 days to happen. The Notion calendar which highlights what Curve Labs is working on goes into greater depth on this and the timeline around it."

  • From their blog (1-7-2021):

"The DAO dashboard is hosted on IPFS and interacts with the DAO contracts directly, without depending on any intermediary services (in contrast to dApps depending heavily on caching solutions for a more Web 2.0-like user experience). This makes it fully decentralized and operationally robust. The resulting DAO is a very suitable template for subDAOs, as it will be able to scale in numbers easily due to not having to be maintained in any way (perhaps other than making sure that the dashboard is kept pinned on IPFS, which can trivially done in a completely trustless way through a variety of services)."

Treasury

Token

Launch

  • From their blog (18-11-2020):

"The API3 public token distribution event will take place between November 30th and December 14th on the Mesa DEX."

Token allocation

  • From their blog (11-11-2020):

"We are moving away from a predetermined inflation schedule. Instead, the API3 DAO will set a target staked amount, and the inflationary rewards paid out to stakers will float to meet this target."

  • From their blog (18-11-2020):
  1. Founding team 30%
  2. Ecosystem Fund 25%
  3. Public sale 20%
  4. Partners & Contributors 10%
  5. Seed investors 10%
  6. Pre-seed investors 5%

Vesting is as followed:

  1. Founders: Vest over 3 years* with a 6-month cliff.
  2. Partners & Contributors: Vest over 3 years* with a 6-month cliff.
  3. Seed Investors: Vest over 2 years.
  4. Prior Investors: Vest over 2 years.
  5. Public: Unlocked.
  6. Ecosystem fund: Supply subject to distribution by the DAO.

Utility

"It gives its holders the right to take part in the governance of the API3 ecosystem through the API3 DAO. To generate shares in the API3 DAO, token holders have to stake the API3 tokens into the insurance pool, which also gives them access to weekly staking rewards."

  • From their blog (11-11-2020):

"The API3 DAO revenue will be burned. Paired with the floating inflation rate, this will correspond to the revenue being distributed to the stakers in a much smoother manner, resulting in stability in terms of aligning the governing parties’ incentives with of the DAO’s."

"The token has an inflationary and a deflationary mechanic. Staking at the DAO yields inflationary staking rewards. The DAO burns its revenue, causing deflation. This model is adapted from EIP-1559 and fixes significant incentive issues that revenue-generating DAOs face."

Token Details

  • From an AMA (13-1-2021):

"API3 is primarily the governance token of the API3 DAO, which resides on Ethereum mainnet. So the API3 token will stay as an ERC20 token, and does not need to be ported to other chains for us to serve there because it’s not a payment token."

Coin Distribution

  • 3 contracts hold most of the tokens (44, 27 and 6% respectively). Below that, addresses are 1.4% or less of the total supply. There are 16817 holders (9-4-2021).

Technology

Implementations

  • Built on: according to their website (5-3-2021):

"As a multi-layer, cross-platform data solution, dAPIs can be bridged to any blockchain, in order to provide smart contracts on various platforms with reliable access to premium real-world data. API3’s cross-platform approach enables any smart contract platform to leverage API3’s ecosystem of dAPIs and data-integration tools by simply creating a bridge between API3 and the network."

How it works

  • From their docs (17-3-2021):

"At its core, API3 brings the ability for API providers to easily run their own oracle nodes. This allows them to provide their data on-chain, without an intermediary, to any decentralized application (dApp) interested in their services.

At the heart of this mechanism sits Airnode, an open-source oracle node. It's designed to be easily deployed by any API provider with almost no maintenance. Because of Airnode, dApp developers can write smart contracts to interact with the on-chain data of API providers.

Airnode is designed with mechanisms to remove the on-chain or off-chain concerns of API providers. The set-and-forget framework of Airnode is all about ease of implementation."

  • From their docs (17-3-2021):

"First-party oracles are optimally secure and cost-efficient. Nevertheless, they cannot be considered as a full solution for all use cases. This is because a first-party oracle is operated by a single API provider and only serves their API. Then, using a single first-party oracle creates centralization at the API level, and requires the API provider to be trusted. This is not acceptable in some use cases, e.g., if the use case secures a large amount of funds.

In such cases, oracle networks provide the required decentralization. An oracle network makes the same request to multiple independent oracles and reduces their responses to a single answer through predetermined consensus rules implemented as a smart contract called the aggregator. Individual malicious oracles cannot manipulate the outcome of this process, which provides a degree of decentralization and trustlessness.

Here, an important thing to consider is how the oracle network is governed. If a central entity can switch the oracles or APIs used in the aggregator in and out, or even replace the aggregator itself making use of a proxy mechanism, they can effectively manipulate the oracle network output at will. This eliminates the decentralization and trustlessness qualities that using an oracle network provides. Therefore, it is not adequate to use an oracle network for decentralization, this oracle network must be governed decentrally as well."

Fee Mechanisms

Upgrades

  • From their blog (1-4-2021):

"To summarize last month’s development report, you currently can use the pre-alpha version of Airnode to integrate an API to a smart contract (see the related monorepo branch and docs)."

Staking

"By staking your API3 tokens into the insurance staking pool, you take part in providing API3 users with quantifiable security guarantees in the form of insurance. Insurance staking pool funds are used to cover potential financial losses from dAPI malfunctions that the dAPI consumer might incur. As you stake API3 to the insurance pool, you generate shares in the API3 DAO. By staking your API3 tokens into the insurance staking pool, you take part in providing API3 users with quantifiable security guarantees in the form of insurance. Insurance staking pool funds are used to cover potential financial losses from dAPI malfunctions that the dAPI consumer might incur. As you stake API3 to the insurance pool, you generate shares in the API3 DAO."

  • More on their view on staking can be read here (4-11-2020).
  • On the insurance set up, from an AMA (13-1-2021):

"Data feeds can be optionally insured, which means you have a lower bound on how much money you can trust the data feeds to secure. Insurance claims are settled in a decentralized manner via Kleros, a blockchain dispute resolution protocol. I should note insurance is a novel feature; I am not aware of any other blockchain data feeds that are insured."

Validator Stats

  • From their blog (1-9-2021):

"7 weeks after the DAO launch, the DAO has met the staking target of 50% of the total supply. Currently, the staking reward started decreasing slowly, while the staked amount still sits slightly above the target.

The fact that the staked amount is increasing slowly despite the reward decreasing slowly can be attributed to the estimated smart contract risk decreasing more significantly, and accordingly, more people finding staking API3 to be a good deal. In a similar vein, DAOv1 started migrating her funds to the authoritative DAO. At the moment, the primary treasury holds 10 million API3, while the secondary treasury holds more than 3 million USDC (a proposal requires 50% quorum to use the funds from the primary treasury, and 15% quorum to use the funds from the secondary treasury). In the absence of incidents, the gradual migration will continue."

Liquidity Mining

Scaling

Interoperability

"As a multi-layer, cross-platform data solution, dAPIs can be bridged to any blockchain, in order to provide smart contracts on various platforms with reliable access to premium real-world data. API3’s cross-platform approach enables any smart contract platform to leverage API3’s ecosystem of dAPIs and data-integration tools by simply creating a bridge between API3 and the network."

"The Airnode will work with any EVM-compatible chain, and it's intended that dAPIs will cater to as many blockchain networks as possible."

"There are two prerequisites for calling a data source decentralized: (1) The data is aggregated from multiple sources trustlessly. (2) The governance of the structure that achieves this is decentralized. So the main difficulty here is achieving decentralized governance across chains, but this is completely overlooked by other projects that are governed centrally even on Ethereum mainnet. Therefore, our cross-chain plans are beyond deploying nodes on other chains or porting the token."

Other Details

Airnode

"Existing oracle solutions employ third-party oracles because it is often not feasible for the API providers to operate their own oracle nodes. API3 data feeds will be composed of first-party oracles operated by the API providers. This will be made possible by Airnode, a fully-serverless oracle node that is designed to require no know-how, maintenance or upkeep from the API provider. Airnode is an open source project that will be maintained by API3 and will not require a specific payment token to be used."

Oracle Method

"API3 data feeds, dAPIs, aggregate data from first-party oracles, operated by some of the world’s premier API providers."

"Without third-party node operators, API3 data feeds are never exposed to data tampering and denial of service attacks by middlemen. This enables them to reach higher cost-efficiency, while having fewer attack surfaces. Source-level decentralization of dAPIs is enabled by Airnode, a fully serverless oracle node that can be deployed by any API provider for free, and requires minimal day-to-day management."

Privacy Method

Compliance

  • From their blog (7-4-2021):

"In the first quarter of 2021, API3’s Airnode oracle solution went through an extensive audit by GDPR compliance specialist Tacita, and was found to be fully GDPR-compliant when operated as intended, i.e. by the API provider as a first-party oracle. As the first oracle node specifically built to be API provider-operated, this establishes Airnode as the first fully GDPR-audited and compliant solution for bridging DLT-based applications with APIs.

GDPR (General Data Protection Regulation), is defined as the legal framework that sets guidelines for the collection and processing of personal data by companies, from individuals who live in the European Union (EU). Any company that does business in the EU involving EU citizens, or is an EU entity, must be GDPR compliant, which carries requirements concerning (among other things) data minimization, accuracy and storage limitations, as well as integrity and confidentiality of the processed data.

The penalties for non-compliance are significant. Organizations found to be in breach of GDPR can be fined up to 4% of their annual global turnover or 20 Million Euros (whichever is greater). Due to this, for a business to operate in the European market, their ability to demonstrate full and verifiable GDPR compliance is an essential requirement that extends to all operations of the company, including the technology stack it employs."

Their Projects

Decentralized safety net

"API3 provides dAPI users with the option of on-chain insurance, powered by the API3 token and Kleros’ decentralized courts. API3’s insurance feature gives dAPI users a quantifiable safety net in the event of a malfunction, holds the API3 DAO directly responsible for the security of the dAPIs and incentivizes a security-first governance approach for dAPIs and the API3 project as a whole."

Roadmap

"Staking page [and] the DAO [are] both scheduled to launch by the end of the month."

"Our priority at this stage is to launch the authoritative DAO, which will implement the staking functionality I have mentioned before. In the meantime, we’re simultaneously working on our oracle solution and integrations. We have always been an extremely agile team and don’t really believe in keeping your head down to build something for an entire year. Experimenting and using the gathered data to correct course is extremely important when working on bleeding edge tech. Specifically for our case, we are working on enabling use cases that don’t exist at the moment simply because the off-chain data is not there. This requires us to work with users that demand this unavailable kind of data in a very tightly-coupled kind of way, and be flexible to take opportunities."

Usage

Projects that use or built on it

  • The project announced 125 integrations and already integrated 62 of them within 1 month (6-9-2021):

"We currently have 62 integrations done, with 26 of them being deployed already. That leaves 36 integrations that are done and ready to be deployed once the provider can carve out 30 minutes of their developer’s time."

Competition

"According to Heikki Vänttinen, co-founder of API3, this intermediary function is handled by rent-seeking middlemen who run nodes on Chainlink, which in turn operates an opaque system of governance. A better solution is to allow API providers themselves to run their own nodes, said Vänttinen. That way, the process of governing the curation of data feeds can be done in a transparent and decentralized manner.

“We just saw some shortcomings in the way they [Chainlink] basically operate their data feeds on the oracle network as a whole,” said Vänttinen, who was one of the first Chainlink node operators. “The core team is this sort of centralized black box for the data feeds, deciding unilaterally which nodes get to serve which data feeds and also which APIs those nodes serve data from,” he said.

“Crypto’s largest oracle system by network value, Chainlink, is composed of data-reselling middlemen, where the source and quality of data are suspect,” he said in a statement. “While heavily marketed, Chainlink isn’t well enough designed or maintained to remain a long-term solution for crypto or DeFi’s information needs, and those that rely on Chainlink do so at their own users’ risk. Enter API3.”

However, a Chainlink Labs spokesman said a quick look at one of the widely used feeds like ETH/USD, shows multiple leading data providers, such as Kaiko, running their own nodes. “The Chainlink system possesses a key advantage,” the spokesman told CoinDesk via email. “It enables data providers to sell their data to multiple blockchains without the need to run any additional software. Chainlink not only enables data providers to run their own nodes, and many already do on production today, but also enables them to sell their existing APIs into the Chainlink Network with zero changes to their infrastructure.”

“API3 doesn’t have oracles that run their own Ethereum or other nodes, which means they are forced to rely on centralized third parties to broadcast their results,” the Chainlink Labs representative said. “This means that API3 is entirely dependent on services like Infura being live, which as we’ve seen recently, can fail for hours at a time, which in API3’s case, would lead to hours of downtime, out of sync market prices and therefore massive losses for users.”"

  • From their docs (17-3-2021):

"The vast majority of the external integrations that decentralized applications need are to commercial Web APIs that traditional businesses have built to monetize their data and services. Therefore, what is widely known as the oracle problem is in practice an API connectivity problem.

Existing oracle solutions fall short because they fail to make this distinction, resulting in inferior solutions that depend on third-party oracles and ecosystems that exclude API providers. By refining the definition of the problem, API3 aims to provide a much more optimal solution."

"The Coinbase oracle is an interesting experiment that provides similar security guarantees to first-party oracles, so it can be said that it resembles the API3 solution. However, the method used suffers from a lack of data source variety, which prevents it from providing security in practice…

In addition, I find the UMA oracle staking solution rather elegant, though it’s designed around third-party oracles. I’ll add that I find the NEST Protocol pretty neat and novel, although they only do price data."

Pros and Cons

Pros

  • Takes out the middleman between API providers and users with an airnode that does not require the token to be used (which Chainlink or Band protocol do).
  • Will decentralize its governance over the API feeds (9-4-2021).

Cons

  • Has no mainnet product out yet (9-4-2021).

Team, Funding, Partners

Team

  • Full team can be found [here].
  • Burak Benlingiray; co-founder
  • Heikki Vänttinen; co-founder
  • Saša Milić; co-founder
  • Curve Labs; "one of the API3 founding teams" (7-4-2021)

"The DAO has 20+ employees and multiple external teams working for it at the moment and we’re currently hiring."

Funding

"Has raised $3 million in a private funding round led by Placeholder and with participation from Pantera and Digital Currency Group."

  • From an AMA (13-1-2021):

"We closed our seed funding round at $3M USDC (for 10% of supply, vested over 2 years), and our public distribution with an additional $23M USDC (for 20% of supply, in circulation at the moment). The DAO will monetize access to the data it curates, and will also be providing security in the form of insurance that the users will be paying premiums for."

Partners

Fantom, Glitch, AllianceBlock, Kleros. Polygon, Streamr, Curvegrid, Curve Labs, Emurgo, SOSV, Pantera, dlab, ChainAPI, Placeholder, PrimeDAO, Accomplice, CoinFund, DCG, #HASHED, Equilibrium, Rarestone Capital, Block0, BlockGroup and Solidity Ventures.

"API3 has inked a deal to connect 400 banking APIs to blockchains. The 10-year partnership with Open Banking will enable developers to explore use cases for banking data in DeFi."

"Announcing API3's partnership with @cellframenet to enable the creation of quantum resistant, scalable decentralized applications using real world data"

  • Has a partnership with Sovryn that aims to bring decentralized data and information infrastructure to Rootstock (19-5-2021).
  • Has a partnership with UNION to have Airnode used by UNION and insurance products be available (15-7-2021).
  • From their Twitter (3-9-2021):

"API3 is happy to announce a partnership with Oasis Foundation, who are building the @OasisProtocol. API3 and the Oasis Foundation will also co-sponsor a grant to develop and audit a Rust version of Airnode."

Retrieved from "https://cryptocurrencywiki.org/index.php?title=API3_(API3)&oldid=29799"