API3 (API3)

From CryptoWiki

(Redirected from API3)

Basics

"A project building a transparent methodology for marrying blockchains to the APIs of data providers, which really means providing an alternative to Chainlink, the decentralized oracle service with something of a monopoly in the world of data feeds and smart-contract blockchains."

History

"A large part of the founding members were previously working on the Honeycomb API Marketplace. Honeycomb was essentially an API-centric oracle marketplace, but the underlying oracle solution wasn’t built to enable first-party oracles, and was limiting us. Seeing that none of the solutions on the market satisfied our needs, we decided to build our own oracle solution to meet this need.

It was affirming that we were not alone in this view. The security and the data source-transparency that first-party oracles provided is seen as an obvious solution to a lot of the problems that existing projects suffer from. For example, Sasa and many other founding members reached similar conclusions independently, and got involved with the project simply because it complemented their personal vision."

Audits & Exploits

  • Bug bounty program can be found [insert here].
  • From their blog (2-2021):

"We’re on the final stretch with the authoritative DAO. The first audit is scheduled with Solidified for March 8–22. Following the revisions, a second audit is scheduled with Quantstamp for April 4–9."

  • From their blog (1-4-2021):

"The pre-alpha contracts have been audited by a third party, and this version is being used to prototype integrations."

  • From their blog (7-4-2021):

"In the first quarter of 2021, API3’s Airnode oracle solution went through an extensive audit by GDPR compliance specialist Tacita, and was found to be fully GDPR-compliant when operated as intended, i.e. by the API provider as a first-party oracle."

  • From their blog (1-7-2021):

"We’re happy to announce that all three audits from Solidified, Quantstamp and Team Omega are now finalized. This ended up being a usefully diverse combination, where Solidified gave an initial vote of confidence, Quantstamp provided a broad coverage, and Team Omega was much more DAO/governance-focused and went even beyond the scope of a regular security audit."

Bugs/Exploits

Governance

Admin Key

  • From their blog (2-11-2022):

"The gas management overhead for sponsored dAPIs is handled by API3. For this purpose, native tokens on each chain that dAPIs are available on are required. As API3 is mainly going to deal with USDC, the recently laid out plans of multichain USDC by Circle will be making it easy for required funds to be bridged to the respective chain directly through them before converting them to the needed native currency. Overall, API3 will operate multi-sigs on each of these chains which will hold the native currencies that will be distributed to the required wallets for dAPIs."

  • From their blog (31-3-2022):

"A dAPI is essentially a name, mapped to a Beacon ID or a Beacon set ID. The user addresses the dAPI by its name, and the contract routes this to the respective Beacon or Beacon set. The API3 core technical team will have multisigs on all chains that API3 serves on, which will make the expert decisions to uphold the security guarantees given by the coverage policies. Once this process has matured, the dAPI management will be transferred to individual, chain-native DAOs as described in our fractal scaling plan. It’s not critically important to the user who does the dAPI management, as they will be insured against governance accidents, no matter who caused them. Therefore, any risks caused by the dAPI management scheme is considered to be a part of the insurance risk, and is the responsibility of the API3 DAO to manage."

DAO

  • From their blog (18-11-2020):

"The legal entity governed by the API3 DAO is API3 Foundation Limited Company, a Cayman Islands foundation."

"API3 data feeds are governed by an open DAO of stakeholders, industry experts and project partners. This allows dAPIs to be operated with maximal transparency, minimal required trust in centralized operators, and no centralized attack surfaces. API token holders can take a direct part in governing the project by staking API3 tokens into the API3 insurance staking contract, which grants them shares in the API3 DAO."

“The data feeds don’t go “though” the DAO, but are merely controlled by it. In any case all the feeds here will be DAO governed from the get-go. An entity needs to collate all the API providers into aggregated feeds, and this has to be decentralized."

  • When asked how the DAO will be structured, the answer on Discord was (9-4-2021):

"There is the first iteration of the DAO that currently runs on Aragon v1, which the core team members have voting power over. It'll be on-chain. To provide some more granular detail: the tokens will be staked via an interface that's hosted on IPFS, where proposals can be voted upon immediately after being staked. The minimum quorum level will sit at 15%, the proposals will pass at 50% consensus or with more votes in favour of it after 7 days have passed, there will be delegation functions, and withdrawal from staking will take 7 days to happen. The Notion calendar which highlights what Curve Labs is working on goes into greater depth on this and the timeline around it."

  • From their blog (1-7-2021):

"The DAO dashboard is hosted on IPFS and interacts with the DAO contracts directly, without depending on any intermediary services (in contrast to dApps depending heavily on caching solutions for a more Web 2.0-like user experience). This makes it fully decentralized and operationally robust. The resulting DAO is a very suitable template for subDAOs, as it will be able to scale in numbers easily due to not having to be maintained in any way (perhaps other than making sure that the dashboard is kept pinned on IPFS, which can trivially done in a completely trustless way through a variety of services)."

Treasury

Token

Launch

  • From their blog (18-11-2020):

"The API3 public token distribution event will take place between November 30th and December 14th on the Mesa DEX."

Token allocation

  • From their blog (11-11-2020):

"We are moving away from a predetermined inflation schedule. Instead, the API3 DAO will set a target staked amount, and the inflationary rewards paid out to stakers will float to meet this target."

  • From their blog (18-11-2020):
  1. Founding team 30%
  2. Ecosystem Fund 25%
  3. Public sale 20%
  4. Partners & Contributors 10%
  5. Seed investors 10%
  6. Pre-seed investors 5%

Vesting is as followed:

  1. Founders: Vest over 3 years* with a 6-month cliff.
  2. Partners & Contributors: Vest over 3 years* with a 6-month cliff.
  3. Seed Investors: Vest over 2 years.
  4. Prior Investors: Vest over 2 years.
  5. Public: Unlocked.
  6. Ecosystem fund: Supply subject to distribution by the DAO.

Utility

"It gives its holders the right to take part in the governance of the API3 ecosystem through the API3 DAO. To generate shares in the API3 DAO, token holders have to stake the API3 tokens into the insurance pool, which also gives them access to weekly staking rewards."

  • From their blog (11-11-2020):

"The API3 DAO revenue will be burned. Paired with the floating inflation rate, this will correspond to the revenue being distributed to the stakers in a much smoother manner, resulting in stability in terms of aligning the governing parties’ incentives with of the DAO’s."

"The token has an inflationary and a deflationary mechanic. Staking at the DAO yields inflationary staking rewards. The DAO burns its revenue, causing deflation. This model is adapted from EIP-1559 and fixes significant incentive issues that revenue-generating DAOs face."

Token Details

  • From an AMA (13-1-2021):

"API3 is primarily the governance token of the API3 DAO, which resides on Ethereum mainnet. So the API3 token will stay as an ERC20 token, and does not need to be ported to other chains for us to serve there because it’s not a payment token."

Coin Distribution

  • 3 contracts hold most of the tokens (44, 27 and 6% respectively). Below that, addresses are 1.4% or less of the total supply. There are 16817 holders (9-4-2021).

Technology

Implementations

  • Built on: according to their website (5-3-2021):

"As a multi-layer, cross-platform data solution, dAPIs can be bridged to any blockchain, in order to provide smart contracts on various platforms with reliable access to premium real-world data. API3’s cross-platform approach enables any smart contract platform to leverage API3’s ecosystem of dAPIs and data-integration tools by simply creating a bridge between API3 and the network."

"In July 2022, the first dAPIs were made available on the mainnets of Polygon, BNB Chain, Avalanche, and RSK, currently completely free to use as a trial. Last year, several versions of Airnode, with 0.9 being the latest, were rolled out with new features and improvements, such as better performance and configurability. It was deployed on the mainnets and testnets of Arbitrum, Avalanche, BSC, Ethereum (redeployed), Fantom, Gnosis, Metis, Milkomeda, Moonbeam, Moonriver, Optimism, Polygon, Telos, and RSK."

How it works

  • From their docs (17-3-2021):

"At its core, API3 brings the ability for API providers to easily run their own oracle nodes. This allows them to provide their data on-chain, without an intermediary, to any decentralized application (dApp) interested in their services.

At the heart of this mechanism sits Airnode, an open-source oracle node. It's designed to be easily deployed by any API provider with almost no maintenance. Because of Airnode, dApp developers can write smart contracts to interact with the on-chain data of API providers.

Airnode is designed with mechanisms to remove the on-chain or off-chain concerns of API providers. The set-and-forget framework of Airnode is all about ease of implementation."

  • From their docs (17-3-2021):

"First-party oracles are optimally secure and cost-efficient. Nevertheless, they cannot be considered as a full solution for all use cases. This is because a first-party oracle is operated by a single API provider and only serves their API. Then, using a single first-party oracle creates centralization at the API level, and requires the API provider to be trusted. This is not acceptable in some use cases, e.g., if the use case secures a large amount of funds.

In such cases, oracle networks provide the required decentralization. An oracle network makes the same request to multiple independent oracles and reduces their responses to a single answer through predetermined consensus rules implemented as a smart contract called the aggregator. Individual malicious oracles cannot manipulate the outcome of this process, which provides a degree of decentralization and trustlessness.

Here, an important thing to consider is how the oracle network is governed. If a central entity can switch the oracles or APIs used in the aggregator in and out, or even replace the aggregator itself making use of a proxy mechanism, they can effectively manipulate the oracle network output at will. This eliminates the decentralization and trustlessness qualities that using an oracle network provides. Therefore, it is not adequate to use an oracle network for decentralization, this oracle network must be governed decentrally as well."

Fee Mechanisms

Upgrades

  • From their blog (1-4-2021):

"To summarize last month’s development report, you currently can use the pre-alpha version of Airnode to integrate an API to a smart contract (see the related monorepo branch and docs)."

Staking

  • The staking rewards become withdrawable after 1 year (20-1-2023).
  • From their website (5-3-2021):

"By staking your API3 tokens into the insurance staking pool, you take part in providing API3 users with quantifiable security guarantees in the form of insurance. Insurance staking pool funds are used to cover potential financial losses from dAPI malfunctions that the dAPI consumer might incur. As you stake API3 to the insurance pool, you generate shares in the API3 DAO. By staking your API3 tokens into the insurance staking pool, you take part in providing API3 users with quantifiable security guarantees in the form of insurance. Insurance staking pool funds are used to cover potential financial losses from dAPI malfunctions that the dAPI consumer might incur. As you stake API3 to the insurance pool, you generate shares in the API3 DAO."

  • More on their view on staking can be read here (4-11-2020).
  • On the insurance set up, from an AMA (13-1-2021):

"Data feeds can be optionally insured, which means you have a lower bound on how much money you can trust the data feeds to secure. Insurance claims are settled in a decentralized manner via Kleros, a blockchain dispute resolution protocol. I should note insurance is a novel feature; I am not aware of any other blockchain data feeds that are insured."

Validator Stats

  • Still around the target (7-3-2022).
  • From their blog (1-9-2021):

"7 weeks after the DAO launch, the DAO has met the staking target of 50% of the total supply. Currently, the staking reward started decreasing slowly, while the staked amount still sits slightly above the target.

The fact that the staked amount is increasing slowly despite the reward decreasing slowly can be attributed to the estimated smart contract risk decreasing more significantly, and accordingly, more people finding staking API3 to be a good deal. In a similar vein, DAOv1 started migrating her funds to the authoritative DAO. At the moment, the primary treasury holds 10 million API3, while the secondary treasury holds more than 3 million USDC (a proposal requires 50% quorum to use the funds from the primary treasury, and 15% quorum to use the funds from the secondary treasury). In the absence of incidents, the gradual migration will continue."

Liquidity Mining

Scaling

Interoperability

"As a multi-layer, cross-platform data solution, dAPIs can be bridged to any blockchain, in order to provide smart contracts on various platforms with reliable access to premium real-world data. API3’s cross-platform approach enables any smart contract platform to leverage API3’s ecosystem of dAPIs and data-integration tools by simply creating a bridge between API3 and the network."

"The Airnode will work with any EVM-compatible chain, and it's intended that dAPIs will cater to as many blockchain networks as possible."

"There are two prerequisites for calling a data source decentralized: (1) The data is aggregated from multiple sources trustlessly. (2) The governance of the structure that achieves this is decentralized. So the main difficulty here is achieving decentralized governance across chains, but this is completely overlooked by other projects that are governed centrally even on Ethereum mainnet. Therefore, our cross-chain plans are beyond deploying nodes on other chains or porting the token."

Other Details

Airnode

"Existing oracle solutions employ third-party oracles because it is often not feasible for the API providers to operate their own oracle nodes. API3 data feeds will be composed of first-party oracles operated by the API providers. This will be made possible by Airnode, a fully-serverless oracle node that is designed to require no know-how, maintenance or upkeep from the API provider. Airnode is an open source project that will be maintained by API3 and will not require a specific payment token to be used."

Dispute Claims

  • From their blog (2-11-2022):

"Initially, incoming claims are handled by an API3 Mediator Team that can either accept the claim in full, reject the claim entirely or make a counter offer. If a claim or counter offer is accepted it will be paid out in API3 tokens respective of the incurred damage in USD value. If a sponsor is unsatisfied with the decision that was taken by the API3 Mediators, they can escalate the claim to Kleros. Kleros will have the ability to cause API3 tokens to be transferred directly from the API3 Staking pool to satisfy claims if they adjudicate accordingly, which means claimants will have a way to receive satisfaction of their claim in the event that API3 Mediators act maliciously and they’re able to convince Kleros jurors of the validity of their claim."

Oracle Method

"API3 data feeds, dAPIs, aggregate data from first-party oracles, operated by some of the world’s premier API providers."

"Without third-party node operators, API3 data feeds are never exposed to data tampering and denial of service attacks by middlemen. This enables them to reach higher cost-efficiency, while having fewer attack surfaces. Source-level decentralization of dAPIs is enabled by Airnode, a fully serverless oracle node that can be deployed by any API provider for free, and requires minimal day-to-day management."

Compliance

  • From their blog (7-4-2021):

"In the first quarter of 2021, API3’s Airnode oracle solution went through an extensive audit by GDPR compliance specialist Tacita, and was found to be fully GDPR-compliant when operated as intended, i.e. by the API provider as a first-party oracle. As the first oracle node specifically built to be API provider-operated, this establishes Airnode as the first fully GDPR-audited and compliant solution for bridging DLT-based applications with APIs.

GDPR (General Data Protection Regulation), is defined as the legal framework that sets guidelines for the collection and processing of personal data by companies, from individuals who live in the European Union (EU). Any company that does business in the EU involving EU citizens, or is an EU entity, must be GDPR compliant, which carries requirements concerning (among other things) data minimization, accuracy and storage limitations, as well as integrity and confidentiality of the processed data.

The penalties for non-compliance are significant. Organizations found to be in breach of GDPR can be fined up to 4% of their annual global turnover or 20 Million Euros (whichever is greater). Due to this, for a business to operate in the European market, their ability to demonstrate full and verifiable GDPR compliance is an essential requirement that extends to all operations of the company, including the technology stack it employs."

Their Projects

Decentralized safety net

"API3 provides dAPI users with the option of on-chain insurance, powered by the API3 token and Kleros’ decentralized courts. API3’s insurance feature gives dAPI users a quantifiable safety net in the event of a malfunction, holds the API3 DAO directly responsible for the security of the dAPIs and incentivizes a security-first governance approach for dAPIs and the API3 project as a whole."

Roadmap

"Staking page [and] the DAO [are] both scheduled to launch by the end of the month."

"Our priority at this stage is to launch the authoritative DAO, which will implement the staking functionality I have mentioned before. In the meantime, we’re simultaneously working on our oracle solution and integrations. We have always been an extremely agile team and don’t really believe in keeping your head down to build something for an entire year. Experimenting and using the gathered data to correct course is extremely important when working on bleeding edge tech. Specifically for our case, we are working on enabling use cases that don’t exist at the moment simply because the off-chain data is not there. This requires us to work with users that demand this unavailable kind of data in a very tightly-coupled kind of way, and be flexible to take opportunities."

Revenue

  • From their blog (2-11-2022):

"Payments will be received in USDC on Ethereum Mainnet both for dAPI services from sponsors as well as for OEV services from MEV searchers. API3 will enable these to be redirected to underlying API providers. Similarly, profits in USDC from sponsorships of dAPIs will be split between underlying API providers and the API3 DAO, with the latter portion redirected to the trustless and decentralised acquisition and burning of API3 tokens as described in the whitepaper.

Oracles are in a unique position to also extract value, as a subset of MEV is related to the way oracles are currently designed, and can hence be termed “Oracle Extractable Value” (OEV). For applications that rely on oracles, any update to a data feed, or the lack thereof, can create opportunities for OEV such as arbitrage or liquidations to occur (read the litepaper here).

API3 is going to enable third-parties (MEV searchers) to update dApp specific dAPIs in a tamper-proof way, which will allow them to directly benefit from the resulting state change (e.g. allowing for a liquidation). This process will be made possible through the OEV Relay, which will host auctions for the rights to such updates. The proceeds of these auctions will be paid directly to the opportunity creating entity, meaning the dApps. It is important to note that today, searchers are already able to extract all MEV for themselves, which is directly coming from users of dApps and is mostly toxic in nature. OEV auctions allow dApps with ‘leaky’ pockets to take ownership of their MEV opportunities and to redirect funds back to themselves. Fundamentally this means that dApps making use of API3 dAPIs will go from paying for oracle services to ‘getting paid’ for using them, creating another income stream for themselves in the process. What they do with these funds is up to their imagination.

After apportionment of API provider revenues and gas costs, API3 is left with its share of profits in USDC. In essence, the whitepaper already outlines what should be done with the funds — buy and burn API3 tokens. Currently, this approach is less than ideal, considering the liquidity conditions for the API3 token. The proposed solution to this issue is that, instead of profits being directly converted into API3 and burned, a middle step is introduced — providing liquidity for the protocol’s own usage. This would be achieved through a dedicated contract, which buys both ETH and API3 with USDC and provides liquidity on a decentralised exchange such as Uniswap."

A gov proposal seems to suggest that burning API3 tokens is still part of the end result (13-1-2023.

Usage

Projects that use or built on it

"Last year, Airnode was integrated by several reputable projects, including Ambee, Authenticating.com, CRD Network, dxFeed, ESG Enterprise, AccuWeather."

  • The project announced 125 integrations and already integrated 62 of them within 1 month (6-9-2021):

"We currently have 62 integrations done, with 26 of them being deployed already. That leaves 36 integrations that are done and ready to be deployed once the provider can carve out 30 minutes of their developer’s time."

Competition

  1. API3 has way cheaper chain integration than LINK ($34k vs $850k in one example)
  2. API3 has verifiable data sources (airNode operators proof their price feed address through a DNS record),
  3. Pull oracles (Pyth is all about pull) might be overrated. There’s an example of Aave not wanting to integrate with Pyth because they don’t need pull oracles and it would mean rebuilding their entire infra. Counter example here is that Pyth seems to be doubling down on this, going full pull in June and dapps apparently will just upgrade
  4. API3 is actively working towards a future where multi sig will be controlled by a DAO. LINK has not made any moves in this direction and after years of implementation still uses the team multisig.
  • From their docs (17-3-2021):

"The vast majority of the external integrations that decentralized applications need are to commercial Web APIs that traditional businesses have built to monetize their data and services. Therefore, what is widely known as the oracle problem is in practice an API connectivity problem.

Existing oracle solutions fall short because they fail to make this distinction, resulting in inferior solutions that depend on third-party oracles and ecosystems that exclude API providers. By refining the definition of the problem, API3 aims to provide a much more optimal solution."

"The Coinbase oracle is an interesting experiment that provides similar security guarantees to first-party oracles, so it can be said that it resembles the API3 solution. However, the method used suffers from a lack of data source variety, which prevents it from providing security in practice…

In addition, I find the UMA oracle staking solution rather elegant, though it’s designed around third-party oracles. I’ll add that I find the NEST Protocol pretty neat and novel, although they only do price data."

"According to Heikki Vänttinen, co-founder of API3, this intermediary function is handled by rent-seeking middlemen who run nodes on Chainlink, which in turn operates an opaque system of governance. A better solution is to allow API providers themselves to run their own nodes, said Vänttinen. That way, the process of governing the curation of data feeds can be done in a transparent and decentralized manner.

“We just saw some shortcomings in the way they [Chainlink] basically operate their data feeds on the oracle network as a whole,” said Vänttinen, who was one of the first Chainlink node operators. “The core team is this sort of centralized black box for the data feeds, deciding unilaterally which nodes get to serve which data feeds and also which APIs those nodes serve data from,” he said.

“Crypto’s largest oracle system by network value, Chainlink, is composed of data-reselling middlemen, where the source and quality of data are suspect,” he said in a statement. “While heavily marketed, Chainlink isn’t well enough designed or maintained to remain a long-term solution for crypto or DeFi’s information needs, and those that rely on Chainlink do so at their own users’ risk. Enter API3.”

However, a Chainlink Labs spokesman said a quick look at one of the widely used feeds like ETH/USD, shows multiple leading data providers, such as Kaiko, running their own nodes. “The Chainlink system possesses a key advantage,” the spokesman told CoinDesk via email. “It enables data providers to sell their data to multiple blockchains without the need to run any additional software. Chainlink not only enables data providers to run their own nodes, and many already do on production today, but also enables them to sell their existing APIs into the Chainlink Network with zero changes to their infrastructure.”

“API3 doesn’t have oracles that run their own Ethereum or other nodes, which means they are forced to rely on centralized third parties to broadcast their results,” the Chainlink Labs representative said. “This means that API3 is entirely dependent on services like Infura being live, which as we’ve seen recently, can fail for hours at a time, which in API3’s case, would lead to hours of downtime, out of sync market prices and therefore massive losses for users.”"

Pros and Cons

Pros

  • Takes out the middleman between API providers and users with an airnode that does not require the token to be used (which Chainlink or Band protocol do).
  • Will decentralize its governance over the API feeds (9-4-2021).

Cons

  • Has no mainnet product out yet (9-4-2021).

Team, Funding, Partners

Team

  • Full team can be found [here].
  • Burak Benlingiray; co-founder
  • Heikki Vänttinen; co-founder
  • Saša Milić; co-founder
  • From their Discord (7-3-2022):

"we have a team doing dAPIs, core still doing airnode + contracts, VC labs + core doing OEV."

"The DAO has 20+ employees and multiple external teams working for it at the moment and we’re currently hiring."

Funding

"Has raised $3 million in a private funding round led by Placeholder and with participation from Pantera and Digital Currency Group."

  • From an AMA (13-1-2021):

"We closed our seed funding round at $3M USDC (for 10% of supply, vested over 2 years), and our public distribution with an additional $23M USDC (for 20% of supply, in circulation at the moment). The DAO will monetize access to the data it curates, and will also be providing security in the form of insurance that the users will be paying premiums for."

Partners

Fantom, Glitch, AllianceBlock, Kleros. Polygon, Streamr, Curvegrid, Curve Labs, Emurgo, SOSV, Pantera, dlab, ChainAPI, Placeholder, PrimeDAO, Accomplice, CoinFund, DCG, #HASHED, Equilibrium, Rarestone Capital, Block0, BlockGroup and Solidity Ventures.

"API3 has inked a deal to connect 400 banking APIs to blockchains. The 10-year partnership with Open Banking will enable developers to explore use cases for banking data in DeFi."

"Announcing API3's partnership with @cellframenet to enable the creation of quantum resistant, scalable decentralized applications using real world data"

  • Has a partnership with Sovryn that aims to bring decentralized data and information infrastructure to Rootstock (19-5-2021).
  • Has a partnership with UNION to have Airnode used by UNION and insurance products be available (15-7-2021).
  • From their Twitter (3-9-2021):

"API3 is happy to announce a partnership with Oasis Foundation, who are building the @OasisProtocol. API3 and the Oasis Foundation will also co-sponsor a grant to develop and audit a Rust version of Airnode."

(:

Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!

Making these free wiki pages is fun but takes a lot of effort and time.

If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.

ETH tip address: 0x83460bE5F218b1520B69D702cE60A1DE37dD8E31