APIs (Application Programming Interfaces) are built into many software and cloud applications, where they set the specifications that outside programs can use to interact with the application. For example, a supporter-data-management/CRM system could have an API that allows a mobile app to upload information to the database directly from a phone; this is a popular grassroots canvassing tool in the U.S: APIs simply allow one program to access or alter data in another, as long as it follows the API’s specifications and has the necessary login information or other credentials.
The API question is important for any data management system. Voter data systems frequently use APIs to allow other programs to input or export information in the form of spreadsheets and databases, and APIs are built into most Constituent Relations Management (CRM) tools currently on the market. Although they can extend a particular system’s capabilities and allow disparate systems to collaborate, they raise obvious security questions because they can allow access to vital and often confidential data. If a party is considering a system that employs APIs – particularly in a negative security environment – it should pay close attention to how those connections are secured and how an opponent could use them to steal or sabotage information. Asking the software vendor about security and APIs is a good first step.