Business Processes

What is an API?

fabian-grohs-524350-unsplash.jpg

What Is an API?

If you have talked with a programmer you may have heard them comment about API calls and ‘talking’ to another application via its API. API stands for Application Programming Interface, which allows different applications to communicate, without learning each other’s ‘language’.

The purpose of APIs

APIs make it easier for developers to communicate with other applications, using certain pre-defined methodologies when building applications. An API allows one application to permit another application to use only specific objects or actions in a way that ensures compatibility and integrity between the two.

What can an API do?

A request to gather information from a third-party application may use an API call as the means to communicate, allowing the programmer to gather and use information in a way that is accessible. The API acts as a middleman for the programmer when requesting information from another application, while also letting the programmer know what he can ask for, how to ask the question and how to process the answer.

Take for example when an order is placed on a front-end system, an API can be used to send the order details (delivery address, customer details, etc..) into an internal system that it doesn't natively communicate with. Whether an accounting system, fulfillment software or even directly into a database, it’s possible to streamline the way data is transferred and interpreted when utilising an API.

api-protection-1.jpg

Why use an API

  •  API’s provide an enhanced layer of security; through never exposing your data fully to the server, and the server never fully needing to expose itself in return. Instead, each communicates with the API, only sharing that which is necessary.
  • An API allows for simplicity and reusability by implementing a standard programming method to interact with the server, allowing the same method to be used for each application.
  • APIs are typically developer-friendly, easily accessible, and how to interact with it and what calls to make are usually well documented.

This all allows for an integration to be developed in less time, with rules governing how and what access is provided.

Things to keep in mind

Just as easily as they give access, capabilities given through APIs can be taken away. If an API that you rely on reduces its capabilities, or even an API that you utilise is shut down suddenly, you may find yourself in a tough situation with severely reduced functionality.

It pays to research the APIs you utilise and keep up to date with news and developments. 

If you have queries about custom software and about how Advance can help streamline your processes, get in touch. 

{{cta('dd78255c-b081-4f2e-a8c9-5a78a80cbed1')}}

Are Your Business Processes a Target For Scammers?

andrew-neel-117763.jpg

Cyber criminals are tricking CEOs out of millions of dollars by exploiting their organisations poor business processes and fooling unsuspecting employees into transferring money. The growing trend, known as ‘CEO Whaling’, involves plain text e-mails being sent to employees’ responsible financial transactions, masquerading as their boss requesting them to urgently pay invoices. Those falling victim have no way to recover the money with insurance generally not covering international fraud.

These highly organised con artists are not just spamming companies at random, instead they’re using social media to research potential victims, taking advantage when they’re most vulnerable. For example they may identify through social media that the boss or the person responsible for financial transfers is on a holiday and that’s when they strike, sending an e-mail saying they’re about to get on a flight and need an invoice paid urgently. They use a fake e-mail address and include some personal details uncovered via social media to give the e-mail just enough validity to trick the employee into believing it needs to be done and that requesting confirmation will probably make their boss angry due to the delay caused by being on a flight and unable to respond.

facebook_20110509184953_640_480_20110929102731_640_480.jpg

Organisations with business processes that rely on an e-mail from the boss for financial approvals are at high risk of falling victim to this scam as the process doesn’t include any validation that the invoice hasn’t been modified or that the approval has come from the person with authority to approving it. Busy people find the use of e-mail in a process like this convenient as they can be sent at will from virtually anywhere, on any device, at any time, putting them at risk of being exploited. Processes that involve printing, stamping, signing and shuffling paper around for approval stall when the approver is not in the same location as the document. Allowing e-mails to be used in place of an actual signature on the document makes the process susceptible to scammers. This issue was recently reported on in The Advertiser, read that article here http://www.adelaidenow.com.au/technology/how-australian-bosses-are-being-tricked-out-of-millions-of-dollars-by-cyber-criminals/news-story/57318e06c02a8215b8d67d521a219aea.

The solution to avoid being tricked by the scammers is to implement a flexible solution like M-Files where the business process is migrated into the system with secure access provided via desktop, web and mobile app. M-Files stores a single electronic version of the invoice with security that restricts access to only the people involved. This avoids copies of the invoice being e-mailed, instead those involved all refer to the same version stored in M-Files. With the approval process managed via workflow, the approver is notified of an invoice to approve and is required to authenticate themselves to view and approve, which can be done quickly a simply via the mobile app using fingerprint authentication. The people responsible for payment are then notified and required to authenticate to access the approved invoice. M-Files keeps a detailed version history of every change the document goes through, so if the person responsible for payment wants validation that the boss approved the invoice for payment, they can review the documents history to confirm it was actually approved by the boss’s user account. The version history can be used to identify changes to the original document and can potentially identify fraud attempts where bank details for payment have been changed on an invoice. Aside from not falling victim to fraud, the benefits of keeping the records electronically rather than physically include incredibly fast retrieval of information and increased office space when you recycle the filing cabinets for scrap metal.

M-Files-Logo-Blue-High-Resolution.png

If you’re still using a manual process that involves printing, stamping, signing and shuffling paper around your organisation for approval that can be short circuited by e-mails, you are at risk of being scammed. If you think it won’t happen to you, think again as the Federal Government have been briefed on the severity of this trend because the losses are increasing into the millions. If you want to know more about how M-Files can help your business, please contact us.