Po.et is building the better web: the decentralized protocol suite for content attribution, discovery, monetization and reputation.
We're excited to announce that today we are open sourcing the Po.et API. The Po.et API was the last component of the Po.et Stack that remained closed source.
You can now find the repository at https://github.com/poetapp/frost-api.
Po.et is now officially 100% open source.
What is Po.et API?
The Po.et API, originally called Frost API, came to life originally as a proof of concept to allow users a simple, well-known interface to the Po.et network which required no key management.
When we released the first version of the Po.et Node, we saw that people wanted to build integrations for it but were really confused by the process, which required integrators to manage keys, build claims in a specific manner, and cryptographically sign them.
This experience leads to us wanting to offer a simplified experience. Knowing that REST APIs have been completely standard in the industry for years and practically every software developer or company has worked with at least one, we decided to build one that would allow users to create and upload claims to the Po.et Network with a familiar username/password experience and abstracting away the most complex aspects of it.
This strategy proved successful: all of our integrations built by the community and the core Po.et team to date have leveraged the Po.et API.
Contributing to Po.et API
Opening our GitHub repository means the tasks (called issues in GitHub) are also now publicly available. Everyone can now see what issues we have already spotted, what tasks we are considering, what we may be deprioritizing at the moment, and what we are currently working on. If you have suggestions, please come collaborate in Github with us!
In addition to open sourcing Po.et API, we've also released an updated Responsible Disclosure Policy and Bug Bounty Program which reinforces our desire to have contributions come from outside of the Po.et core team. We consider Po.et API to be one of the more security sensitive components. The practice of hiding and obfuscating source code with the intention of making it harder to spot security vulnerabilities is known as security by obscurity and is generally regarded as a bad practice. Experience has shown obscurity does very little to prevent bad actors from performing damaging attacks while hindering the workflow of good intended contributors and researchers. For more information on our responsible disclosures policy and bug bounty program, visit https://www.po.et/security.
Several members of the Po.et community have already made contributions to the different applications of the stack, for example:
- Wording suggestions for Explorer Web
- Logging library suggestions
- Multiple improvements to the Wordpress Plugin
- Community reported issues that lead to fixes
- Other developers working on Proof of Existence-type solutions weighing in on a naming convention discussion
Personally, it's hard to express how happy it makes me whenever I see someone contributing back to the project. Everyone at Po.et is trying to build a better web, open to everyone, and that is no easy feat. Knowing that we're pushing forward as a community is incredibly motivating, and inspires us to give our very best.
We hope that you're excited about our approach to collaborative security and look forward to any vulnerabilities that you may find!
Originally published on Medium.