Venmo API Research
Dan Salmon
Spring 2019
What is Venmo?
2018 total payment volume: $19 billion
" Venmo is the simple, fun money app for sending cash quickly between friends and shopping at your favorite online stores. Share your new buys, split purchases with Venmo friends to avoid awkward IOUs, and catch up on what your friends are doing on the feed. "
Venmo
To enable social interaction, all transactions are public by default
"90%-plus of all Venmo transactions are open to somebody's friend, network, and 90%-plus have a some sort of emoji or written commentary on that transaction. So if I want to see what you're doing, who you're dating, what you did, I can just go into your Venmo feed and see it. And there is like -- and everybody shares. So it is not a payment transaction but an experience for people...."
- PayPal CEO Dan Schulman
{
"payment_id": 1896938162,
"permalink": "/story/5cc1e9e47addfb4bc7044621",
"via": "",
"action_links": {},
"story_id": "5cc1e9e47addfb4bc7044621",
"comments": [],
"updated_time": "2019-04-25T17:09:56Z",
"audience": "public",
"actor": {
"username": "Diana-Carter-8",
"picture": "https://venmopics.appspot.com/u/v1/m/ce5ae400-d291-4cc4-a13d-d0ee0461cc9c",
"is_business": false,
"name": "Diana Carter",
"firstname": "Diana",
"lastname": "Carter",
"cancelled": false,
"date_created": "2017-08-25T15:06:48",
"external_id": "2289298166513664827",
"id": "25132475"
},
"transactions": [],
"created_time": "2019-04-25T17:09:56Z",
"mentions": [],
"message": "Letβs ride!",
"type": "payment",
"likes": {
"count": 0,
"data": []
}
},
...Public API Data
GET https://api.venmo.com/v1/storiesΒ - yields last 20 public transactions
Rate-Limit: 1 request per 30 seconds per IP
=
57,600 transactions / day / IP
Public API
Data Warehousing
API
JSON files
jq
JSON Processor
Analysis
168,895 Total transactions
163,407 Total distinct users
Emoji frequency in transaction notes
Transactions by App
Transactions by day of week
What information could we find about a target from this?
{
"_id": "5c658beb7aa4193525486710",
"date_updated": "2019-02-03T20:24:33Z",
"transfer": null,
"app": {
"description": "Venmo for iPhone",
"site_url": "null",
"id": 1,
"name": "Venmo for iPhone"
},
...Mobile Platform
{
"_id": "5c5078a7c626d5f137d2c997",
"date_updated": "2019-01-05T18:32:12Z",
"transfer": null,
"app": {
"description": "Venmo for Android",
"site_url": null,
"id": 4,
"name": "Venmo for Android"
},
...Associates
Can be secondary targets to get to primary
[
{
"_id": "5bb7c1761bed297da90c3b0f",
"payment": {
"target": {
"username": "eturton"
},
"actor": {
"username": "Laurie-Crane-Turton"
}
}
},
{
"_id": "5bbe2bd84f3b13b02948fd9a",
"payment": {
"target": {
"username": "Julia-Karg"
},
"actor": {
"username": "eturton"
}
}
},
{
"_id": "5c507b44c626d5f137d79ae1",
"payment": {
"target": {
"username": "eturton"
},
"actor": {
"username": "Lindsey-Gallagher-3"
}
}
}
]Query: "Show me all transactions involving user 'eturton'"
{
"note": "Northern lights indica",
"type": "payment",
"audience": "public",
"action": "pay",
"date_created": "2018-08-22T03:55:24",
...
}Illicit Sales
{
"note": "Dabs, hash, Afghan kush. Thanks!",
"type": "payment",
"audience": "public",
"action": "pay",
"date_updated": "2018-08-04T04:25:04Z",
...
}{
"note": "Mariruth cbd oil",
"type": "payment",
"audience": "public",
"action": "pay",
"date_created": "2019-01-05T18:58:18Z",
...
}Spending patterns for spearphishing
[
{ "payment" : { "id" : "2538576616297071552" }, "note" : "our very bad dominos idea" },
{ "payment" : { "id" : "2554896746987652093" }, "note" : "Late night dominos π·" },
{ "payment" : { "id" : "2587204036641948570" }, "note" : "The dominos motion passes" },
{ "payment" : { "id" : "2589292491517723213" }, "note" : "For the dominos emails Iβll get the rest of my life" },
{ "payment" : { "id" : "2588294076407218659" }, "note" : "Get u some dominos πππ" },
]
Privacy Settings
venmo
By Dan
