The end of BlueVestment?

[wiseclerk_com]

@Fred93

possible

But at least upper management and marketing department of LC should be aware, as the tools
 - are not new
 - got some visibility as they were presented at events like Lendit and reviewed on some expert blogs
 - as I understand are used by some of the larger/institutional investors which should be in the focus
 - do fulfill a need of a segment of investors that LC site-tools seem to leave open (otherwise investors would not use these 3rd party tools)

But Nathan and Bryce should be able to gauge that better than I am.

[Fred93]

What you say sounds logical, but does not match the facts I've observed from my conversations with LC folk. 

I think this is an important point, because it directs how we should think about what to say to them.

[Simon]

This is a great discussion - and one that will continue to happen each year. I agree with Bryce that now is the time to make third-party voices heard and not shut out. Lending Club needs to know that they stand to benefit, not lose, from a vibrant p2p lending ecosystem, and a generous API agreement (that still maintains their security requirements, etc) is a part of how that ecosystem is catalyzed.

If you guys want this covered in an article on LendingMemo send me an email.

[thinkfastsuit]

I support you 100% and I don't think it's fair the LC is taking such a heavy handed approach.  I would probably do the exact same thing, especially since you've been providing your wonderful service for fee.

I plan to light up by account representative on this topic and I encourage others to do so too.

I was somewhat surprised as well when I received the new commercial agreement, but overall I believe this is a positive step for Lending Club in continuing to develop their API developer community. Over the past several months, I've had numerous conversations with a couple of the VP's at Lending Club and wholeheartedly believe they've decided to embrace this spin-off service line and foster the creativity, but in so doing have also done further risk assessment and are putting some necessary controls into place. Having lead IT departments through the past decade of conversion from paper to electronic medical records in the healthcare industry, I watched this industry progress through its adolescence, where everyone with a computer and some medical credentials were writing "best of breed" systems to fit every niche, into a market consolidation because may of these niche systems were focused solely on functionality and neglected things like patient privacy and security. This move ultimately led to large lawsuits and a shift in the regulatory tone, which caused the cost to operate in the healthcare IT space to increase significantly. Similarly, Lending Club, and peer lending platforms in general, I believe are in this adolescent stage where every 13 year old kid with a Mac Book could write an API wrapper and post it on the web, and this is beginning to cause significant risk to the reputable companies, and endanger the privacy and security of their clients. Many of the existing third party sites do use screen scraping technologies, which require users to provide their full Lending Club username and password to this third party. With these credentials, a third party site - or worse someone who hacks a third party site, could do whatever they want with your account including liquidate your holdings and transfer the cash from your Lending Club account to any bank account they pleased. The abstraction provided through the API, and the use of API specific credentials help to limit a Lending Club user's exposure by providing limited access to a third party site on the user's behalf. At present, if a third party site were to compromise your API credentials, the most malicious activity that could be performed would be investing all your free cash in undesirable loans or creating a bunch of portfolios in your account - but your money is still IN YOUR ACCOUNT. As recently as a month ago, Lending Club has communicated with the developer community and released beta API functionality to accomplish some of the things that are currently only accomplished via screen scraping - this is a very positive move in fostering development and creating a functional but more secure environment in which Lending Club's users can have confidence in the security of their accounts even though they are providing their API credentials to a third party site.

Ultimately, you must keep in mind that financial tech is an industry - and one  deep rooted in capitalism. This move may not be advantageous to all third party sites, but I think it is beneficial to Lending Club's clients who place their trust in the third party sites that will continue to innovate and adapt, and embrace these necessary changes.

[AnilG]

The early employees at LC are well aware of ecosystem. I have been using API at PeerCube for almost 2 years. Every time I had issues with them, they always have been quick to respond. But it helps to show respect as you would show to anyone else.

Their current challenge is that they are growing much faster, new people unaware of the culture, gaps in communications, and rapid developments to get ready for IPO.

Personally, I believe publicly complaining about API agreement before contacting LC staff is not the right way to go about doing business and building good rapport.

Also, LC is right to worry about security aspects of commercial services. I was surprised the API agreement didn't call for tougher security measures.

The folks at LC are largely ignorant of the ecosystem.  They don't understand or appreciate the 3rd party sites.  How can this be?  Well first off, they aren't users of them, as we are. 

So they don't see the benefits, but do discuss among themselves and their lawyers fantasy fears.

So I believe first we have to overcome the ignorance. 

One of the things I suggested to them is that they form a group of API users, with whom they discuss problems, concerns, website changes, policy changes, etc.  I suggested this could be done with a mailing list or forum.  This was just an idea for a way to get a dialog going.  Such a dialog could help to educate internal LC people about the ecosystem.

[Fred]

If I were to sign that agreement, ....

Have you made a final decision on this?

[rawraw]

I support you 100% and I don't think it's fair the LC is taking such a heavy handed approach.  I would probably do the exact same thing, especially since you've been providing your wonderful service for fee.

I plan to light up by account representative on this topic and I encourage others to do so too.

I was somewhat surprised as well when I received the new commercial agreement, but overall I believe this is a positive step for Lending Club in continuing to develop their API developer community. Over the past several months, I've had numerous conversations with a couple of the VP's at Lending Club and wholeheartedly believe they've decided to embrace this spin-off service line and foster the creativity, but in so doing have also done further risk assessment and are putting some necessary controls into place. Having lead IT departments through the past decade of conversion from paper to electronic medical records in the healthcare industry, I watched this industry progress through its adolescence, where everyone with a computer and some medical credentials were writing "best of breed" systems to fit every niche, into a market consolidation because may of these niche systems were focused solely on functionality and neglected things like patient privacy and security. This move ultimately led to large lawsuits and a shift in the regulatory tone, which caused the cost to operate in the healthcare IT space to increase significantly. Similarly, Lending Club, and peer lending platforms in general, I believe are in this adolescent stage where every 13 year old kid with a Mac Book could write an API wrapper and post it on the web, and this is beginning to cause significant risk to the reputable companies, and endanger the privacy and security of their clients. Many of the existing third party sites do use screen scraping technologies, which require users to provide their full Lending Club username and password to this third party. With these credentials, a third party site - or worse someone who hacks a third party site, could do whatever they want with your account including liquidate your holdings and transfer the cash from your Lending Club account to any bank account they pleased. The abstraction provided through the API, and the use of API specific credentials help to limit a Lending Club user's exposure by providing limited access to a third party site on the user's behalf. At present, if a third party site were to compromise your API credentials, the most malicious activity that could be performed would be investing all your free cash in undesirable loans or creating a bunch of portfolios in your account - but your money is still IN YOUR ACCOUNT. As recently as a month ago, Lending Club has communicated with the developer community and released beta API functionality to accomplish some of the things that are currently only accomplished via screen scraping - this is a very positive move in fostering development and creating a functional but more secure environment in which Lending Club's users can have confidence in the security of their accounts even though they are providing their API credentials to a third party site.

Ultimately, you must keep in mind that financial tech is an industry - and one  deep rooted in capitalism. This move may not be advantageous to all third party sites, but I think it is beneficial to Lending Club's clients who place their trust in the third party sites that will continue to innovate and adapt, and embrace these necessary changes.

Interesting!  And welcome to the forum.

[BlueVestment]

If I were to sign that agreement, ....

Have you made a final decision on this?

While there seems to be some contention on whether or not me voicing my concerns publicly was the appropriate way address this issue, it has raised the desired level of awareness and a dialogue has been opened with all parties. We are going to see if we can draft some language that would be more mutually beneficial and present it to LC for review.

[lascott]

I support you 100% and I don't think it's fair the LC is taking such a heavy handed approach.  I would probably do the exact same thing, especially since you've been providing your wonderful service for fee. I plan to light up by account representative on this topic and I encourage others to do so too.

<snip>
As recently as a month ago, Lending Club has communicated with the developer community and released beta API functionality to accomplish some of the things that are currently only accomplished via screen scraping
<snip>

Maybe my aging memory but I don't recall that?!? 

Fred93 documented several of these ( http://www.lendacademy.com/forum/index.php?topic=2376.msg20382#msg20382 ).  Seriously the API doesn't provide your cash balance... the most basic thing. We owe him a lot of gratitude for the effort he made and testing to providing timing data as well.

[BruiserB]

I support you 100% and I don't think it's fair the LC is taking such a heavy handed approach.  I would probably do the exact same thing, especially since you've been providing your wonderful service for fee.

I plan to light up by account representative on this topic and I encourage others to do so too.

I was somewhat surprised as well when I received the new commercial agreement, but overall I believe this is a positive step for Lending Club in continuing to develop their API developer community. Over the past several months, I've had numerous conversations with a couple of the VP's at Lending Club and wholeheartedly believe they've decided to embrace this spin-off service line and foster the creativity, but in so doing have also done further risk assessment and are putting some necessary controls into place. Having lead IT departments through the past decade of conversion from paper to electronic medical records in the healthcare industry, I watched this industry progress through its adolescence, where everyone with a computer and some medical credentials were writing "best of breed" systems to fit every niche, into a market consolidation because may of these niche systems were focused solely on functionality and neglected things like patient privacy and security. This move ultimately led to large lawsuits and a shift in the regulatory tone, which caused the cost to operate in the healthcare IT space to increase significantly. Similarly, Lending Club, and peer lending platforms in general, I believe are in this adolescent stage where every 13 year old kid with a Mac Book could write an API wrapper and post it on the web, and this is beginning to cause significant risk to the reputable companies, and endanger the privacy and security of their clients. Many of the existing third party sites do use screen scraping technologies, which require users to provide their full Lending Club username and password to this third party. With these credentials, a third party site - or worse someone who hacks a third party site, could do whatever they want with your account including liquidate your holdings and transfer the cash from your Lending Club account to any bank account they pleased. The abstraction provided through the API, and the use of API specific credentials help to limit a Lending Club user's exposure by providing limited access to a third party site on the user's behalf. At present, if a third party site were to compromise your API credentials, the most malicious activity that could be performed would be investing all your free cash in undesirable loans or creating a bunch of portfolios in your account - but your money is still IN YOUR ACCOUNT. As recently as a month ago, Lending Club has communicated with the developer community and released beta API functionality to accomplish some of the things that are currently only accomplished via screen scraping - this is a very positive move in fostering development and creating a functional but more secure environment in which Lending Club's users can have confidence in the security of their accounts even though they are providing their API credentials to a third party site.

Ultimately, you must keep in mind that financial tech is an industry - and one  deep rooted in capitalism. This move may not be advantageous to all third party sites, but I think it is beneficial to Lending Club's clients who place their trust in the third party sites that will continue to innovate and adapt, and embrace these necessary changes.

I hope that it is true that Lending Club will soon provide full details necessary to effect trades through the API so that I can purge my login details from third party sites.  I agree this is the biggest risk area....either a developer is malicious or someone malicious hacks a developer's site and steals credentials.  Since this is a risk created more, in my opinion, by Lending Club than by the third-party sites, I found it somewhat shocking that it seems Lending Club is asking the third-parties to bear all the risk and expense of any data breach caused by the current arrangement.  If the API is properly structured, it seems risk would be decreased significantly.  If there is no chance that user credentials could be compromised, then there is no need to ask the third-parties to bear responsibility for a compromise. 

I have no issue with Lending Club wanting to better define the relationship between themselves, the third-party execution sites, and the customers, but it should be done in a way that is fair and that each party takes responsibility for any risk that they themselves create.

[rawraw]

Yea, you 3rd party guys should pressure LC into having API specific passwords as part of this process.  Then it limits the liability of LC and the API guys in case of problems.

[thinkfastsuit]

Yea, you 3rd party guys should pressure LC into having API specific passwords as part of this process.  Then it limits the liability of LC and the API guys in case of problems.

As of the latest release of the API (version 1.4) - this is the case. There is an API specific credential for just this purpose.

[rawraw]

Yea, you 3rd party guys should pressure LC into having API specific passwords as part of this process.  Then it limits the liability of LC and the API guys in case of problems.

As of the latest release of the API (version 1.4) - this is the case. There is an API specific credential for just this purpose.

Yeah but without the cash balance in API it's not useful

[thinkfastsuit]

I support you 100% and I don't think it's fair the LC is taking such a heavy handed approach.  I would probably do the exact same thing, especially since you've been providing your wonderful service for fee.

I plan to light up by account representative on this topic and I encourage others to do so too.

I was somewhat surprised as well when I received the new commercial agreement, but overall I believe this is a positive step for Lending Club in continuing to develop their API developer community. Over the past several months, I've had numerous conversations with a couple of the VP's at Lending Club and wholeheartedly believe they've decided to embrace this spin-off service line and foster the creativity, but in so doing have also done further risk assessment and are putting some necessary controls into place. Having lead IT departments through the past decade of conversion from paper to electronic medical records in the healthcare industry, I watched this industry progress through its adolescence, where everyone with a computer and some medical credentials were writing "best of breed" systems to fit every niche, into a market consolidation because may of these niche systems were focused solely on functionality and neglected things like patient privacy and security. This move ultimately led to large lawsuits and a shift in the regulatory tone, which caused the cost to operate in the healthcare IT space to increase significantly. Similarly, Lending Club, and peer lending platforms in general, I believe are in this adolescent stage where every 13 year old kid with a Mac Book could write an API wrapper and post it on the web, and this is beginning to cause significant risk to the reputable companies, and endanger the privacy and security of their clients. Many of the existing third party sites do use screen scraping technologies, which require users to provide their full Lending Club username and password to this third party. With these credentials, a third party site - or worse someone who hacks a third party site, could do whatever they want with your account including liquidate your holdings and transfer the cash from your Lending Club account to any bank account they pleased. The abstraction provided through the API, and the use of API specific credentials help to limit a Lending Club user's exposure by providing limited access to a third party site on the user's behalf. At present, if a third party site were to compromise your API credentials, the most malicious activity that could be performed would be investing all your free cash in undesirable loans or creating a bunch of portfolios in your account - but your money is still IN YOUR ACCOUNT. As recently as a month ago, Lending Club has communicated with the developer community and released beta API functionality to accomplish some of the things that are currently only accomplished via screen scraping - this is a very positive move in fostering development and creating a functional but more secure environment in which Lending Club's users can have confidence in the security of their accounts even though they are providing their API credentials to a third party site.

Ultimately, you must keep in mind that financial tech is an industry - and one  deep rooted in capitalism. This move may not be advantageous to all third party sites, but I think it is beneficial to Lending Club's clients who place their trust in the third party sites that will continue to innovate and adapt, and embrace these necessary changes.

I hope that it is true that Lending Club will soon provide full details necessary to effect trades through the API so that I can purge my login details from third party sites.  I agree this is the biggest risk area....either a developer is malicious or someone malicious hacks a developer's site and steals credentials.  Since this is a risk created more, in my opinion, by Lending Club than by the third-party sites, I found it somewhat shocking that it seems Lending Club is asking the third-parties to bear all the risk and expense of any data breach caused by the current arrangement.  If the API is properly structured, it seems risk would be decreased significantly.  If there is no chance that user credentials could be compromised, then there is no need to ask the third-parties to bear responsibility for a compromise. 

I have no issue with Lending Club wanting to better define the relationship between themselves, the third-party execution sites, and the customers, but it should be done in a way that is fair and that each party takes responsibility for any risk that they themselves create.

About a month and a half ago lending club announced to developers they would be migrating toward REST API and asked for volunteers in the Beta program. If you requested to participate, you should've gotten more information a couple weeks ago regarding the Beta program and enhanced functionality including cash balance available through the API. This cannot be used in production as of yet, per the specific terms of the testing program - but it's coming.

[thinkfastsuit]

Yea, you 3rd party guys should pressure LC into having API specific passwords as part of this process.  Then it limits the liability of LC and the API guys in case of problems.

As of the latest release of the API (version 1.4) - this is the case. There is an API specific credential for just this purpose.

Yeah but without the cash balance in API it's not useful

First, see my comment above regarding this functionality coming soon. Second, you do not need to know the cash balance to submit an order through the API; if you submit an order and there is not sufficient funds - you get an INSUFFICIENT_CASH response. This is all in the API developer documentation from Lending Club...