Businesses thrive in the API economy. Yet, for both providers and dependents, risks and rewards go hand in hand. Providers could be risking exposure to security and regulatory non-compliance from third-party businesses they open access.

For dependents, while the rewards are high to build a business on borrowed technology, the risks are equally zero-sum. They could wake up to being cut off from access to technology that spins money for them—like PrivPay.

The situation between PrivPay, a Kenyan fintech startup and M-PESA, perfectly demonstrates this nuance. PrivPay built its business on M-PESA’s application programming interfaces (APIs) to allow users to hide their personal information when they send money. It was selling the privacy dream to Kenyans who perform 99% of their mobile money transactions on M-PESA.

But the problem with this business model is that it goes against regulations in the financial services industry that make personal data collection a big part of its play—and for good reasons. Bad actors were going to have a field day when their transactions could not be tracked, and no one knew how they moved money in or out.

This was bound to raise serious concerns from Safaricom, the landlord of the M-PESA APIs that PrivPay built on. And right on the money, it made a decision that shut down the business for PrivPay—ending its one-year run for 30,000 users who hopped on the privacy dream it was selling.

In a discussion about how API startups are problematic businesses to run, I once argued that “Building a business on borrowed technology is risky because [these businesses] will remain subservient.” While this rings true, it goes a bit further than that. Technology providers equally face bigger risks themselves. And for PrivPay, it was going to be hard to run anything sustainable on that model.

It’s a story of what could have been; it was a good run until it no longer wasn’t.

