Author: Adam Back 2015-11-06 14:08:10
Published on: 2015-11-06T14:08:10+00:00
The use of APIs in Bitcoin has been discussed by Eric Voskuil and Adam Back on the Bitcoin-dev mailing list. While it is better to have more APIs than fewer, it depends on the type of API being used. Some APIs add a second signature via multisig, but if the user is not also checking their own full-node or checking SPV to make the first signature, then it can still be a mixed story for security. Power users and businesses using APIs instead of running a full-node, or instead of doing SPV checks, should be clear about the API and what security they are delegating to a third party. The bigger point is that widespread use of APIs as a sole means of interfacing with the blockchain reduces network security for everyone because it erodes the consensus rule validation security described under "Validators" in the OP. Weakening is not just occurring because of the proliferation of non-validating wallet software and centralized (web) wallets, but also centralized Bitcoin APIs. Developers tend to settle on a couple of API providers for a given problem, leading to all applications and users of them depending on an API service, reducing to a single validator. The presence of dozens of blockexplorer APIs makes them interchangeable, contributing to decentralization.
Updated on: 2023-06-11T00:53:52.755671+00:00