tg3

I’m Trey, the founder of Xkit (https://xkit.co). Xkit helps developers build and maintain native integrations by turning OAuth for 25 of the most popular SaaS apps into a single API call that always returns fresh access tokens.

I went through YC two years ago in S18 (and some of you may have seen our launch) with Sparkswap, a trust-minimized bitcoin exchange. After a year and half of building that product and building up a small but loyal following, I made the hard decision to shut it down. The audience for a trust-minimized service like Sparkswap was too niche and the regulatory costs were too high. It felt like the only way to stay in that business would be to compromise on some of our core principles (e.g. go after gambling behavior, play regulatory games), so I decided to stop working in crypto and move to FinTech more broadly.

While doing customer discovery for a more traditional FinTech service, I encountered a pretty common request: integrations to the SaaS products my prospective customers were already using. As I was implementing OAuth with a slight variation for the 5th time, I realized I was re-writing code that thousands of other developers (probably including a bunch of people here) have already written (and debugged, and maintained).

So I stopped working on that FinTech service (for those keeping score at home, yes that's two pivots) and started building a tool to let you outsource the pain of authorizing 3rd party apps with a particular focus on OAuth. From my perspective, for an integration to really be native, it will probably be faster and easier to just write some code instead of fighting against a GUI. But my goal was to make sure that nearly every line of code you write is actually for your integration, not authorization boilerplate.

Two years and two pivots after I went through YC, I'm excited to share Xkit: the tool I wanted when I was building native integrations.

Xkit is really two things: 1) An end-user experience for viewing and connecting 3rd party apps, and 2) An API for retrieving always-fresh access tokens.

To make the first work, we establish a session with your user by piggy-backing on your existing authentication method (e.g. you send us their current JWT, and we validate it). From there, we can handle the OAuth dance: CSRF/state tokens, scope handling, callbacks, etc. For the end-user UI, we have a pre-built integration catalog to give your users an interface to browse your integrations, connect new ones, and repair broken ones. In fact, our integrations page (https://xkit.co/integrations) is just our pre-built catalog rendered directly on our Webflow site. If you want more control over the experience you can do that too: our xkit.js library has all the tools for you to quickly build your own catalog without having to dig into OAuth.

For the API, just call it with the ID of the user and the name of the service, and we return a non-expired access token. You can call it from any backend process: a cloud function/lambda, a microservice, or a monolithic server. This makes your integration code a lot simpler: one API call using one API key rather than storing, encrypting, and refreshing tokens. You can even get access tokens on the front-end if you have a valid user session, so if you're building a front-end only app you no longer have to even think about whether a specific provider implements PKCE (looking at you, Atlassian).

We already work with over 25 of the most popular SaaS apps (Intercom and Zendesk added just last week!) and setting each one up typically just involves plugging in your OAuth credentials.

Imagine you had a team at your company that were experts in all the weird (sometimes undocumented) ways that various providers extend the OAuth spec, and they built an internal service that does all that stuff The Right Way™, lets you move it out of your core applications, and still gives PM and Design flexibility on the integration experience. That's Xkit.

You can get a free dev account (up to 10 users) to try it out here: https://app.xkit.co/sign-up, and if you send me an email (trey@) telling me that you came from this post, I'll give you 50% off your first year of the Startup or Pro plans. Thanks for making it through the wall of text. Would love to hear what you think!

Trey

I’m Trey, the founder of Sparkswap (https://sparkswap.com). We've built a new desktop app to purchase Bitcoin with USD directly into your wallet using the Lightning Network, instantly. This is not Bitcoin held in your name by an institution - it’s your wallet, and your private keys.

Today, the vast majority of the billions of dollars worth of Bitcoin^1 traded on a daily basis is done on custodial exchanges, meaning users deposit their currencies with the exchange, trade within the system, and then withdraw their new currency balance at a later time. This runs counter to the original goal of Bitcoin, which was to give users full control of their money through a system without central authorities or middlemen. Unfortunately, users historically haven’t had much of a choice, as using custodial exchanges has been the only way to get reliable pricing, use a bank account, and achieve reasonable settlement times for transactions.

Then came the Lightning Network (LN), first introduced in 2016 in this white paper: https://lightning.network/lightning-network-paper.pdf. One of the original goals of the LN was to solve Bitcoin’s scalability problem. It works by creating a second local consensus layer between two parties on top of the main Bitcoin blockchain, only going back to layer 1 for final settlement or dispute resolution, thereby decongesting the main blockchain and enabling faster transaction speeds. At Sparkswap, we’re taking advantage of Lightning’s fast transaction speeds to build an alternative to existing custodial exchanges: for the first time, you can have fast, convenient trading without custodial trust.

I started working on Bitcoin after two years in wealth management technology at BlackRock, where I got to see how the financial system operates at a mechanical level. As an engineer, looking at the antiquated way that money actually moves around the system (you’d be surprised how many FTP uploads and CSVs are involved) and how reliant it is on a small group of institutions that have to trust each other, it was immediately clear to me that we can do much better. Bitcoin offers a way to re-architect our financial system in an internet-native way that removes reliance on those central parties, opening opportunities for more people to access it, and for new service providers to thrive like they have on the internet. But there is still a lot of work to be done to solve fundamental problems like custody - and that's why I started working on Sparkswap.

After almost two years of hard work, we’ve just launched Sparkswap Desktop, our Lightning-powered app for buying Bitcoin. With the app, because every purchase is executed on the LN, it’s both instantaneous and you never have to give up control of your Bitcoin private keys. As the saying goes, not your keys, not your coins^2.

Here's how it works. When you deposit USD via ACH in the open source Sparkswap app (https://github.com/sparkswap/sparkswap-desktop), it is sent to a US-domiciled bank account that Sparkswap (the company) doesn't own or control. Then later when you buy Bitcoin in the app, the Bitcoin payment to you is put in escrow (called a Hash/Time-lock Contract, or HTLC) locked by a cryptographic hash on the Lightning Network. This means that if you can produce the preimage of the hash, you get the Bitcoin, but at this point only Sparkswap knows the preimage. Then the app creates an escrow payment to Sparkswap for the USD price of the Bitcoin locked by the same hash using our payment partner. Since Sparkswap has the preimage, we can then immediately claim the escrowed dollars by sending the preimage to our payment partner. This gives you access to the preimage through our payment partner’s API, which the app then uses to claim the BTC on your behalf. The escrows also have timeouts so that they can be canceled if they aren't executed after a certain time. This whole process results in USD being swapped for BTC with a level of security that popular services don't provide, and in most cases swaps complete in just a few seconds.

In addition, every Bitcoin you buy with Sparkswap is instantly available in a channel on the Lightning Network. That means that you can easily spend that Bitcoin on the dozens of games, apps, and merchants building Lightning-powered services. And since Sparkswap opens Lightning channels to you, after initial setup you can transfer funds from your bank, buy Bitcoin, and spend it on the Lightning Network all in a matter of seconds, making it one of the easiest ways to get started on Lightning.

The first version of the app is designed for users that run LND (a popular Lightning node, https://github.com/lightningnetwork/lnd) already. If you don’t, we recommend Zap (https://github.com/LN-Zap/zap-desktop/releases), a desktop Lightning Wallet that lets you run a light client so you don’t have to sync the full blockchain. The current release of Sparkswap Desktop also only supports purchasing Bitcoin with USD. However, we have plans to support selling Bitcoin, as well as other Lightning implementations and clients (and mobile!), so stay tuned for updates.

We know cryptocurrency certainly has its issues, and we’re working to try to fix one of them. In just the first half of 2019, almost $500M^3 was stolen from custodial exchanges. We believe it’s critical to the value and future success of Bitcoin to establish trustless, non-custodial trading. We don’t have a token, and we’re not selling vaporware - we’ve shipped a real product that solves a real problem and enhances the biggest proven use case in the cryptocurrency industry: buying Bitcoin.

We'd love feedback on the product from all — Lightning Network enthusiasts, critics, and those that don’t know much about it. If you have any trouble getting started, please ask us for help! (support at sparkswap.com)

Thanks!

Trey

[1] https://www.coindesk.com/bitcoin-trading-volume-tops-11-bill...

[2] https://www.coindesk.com/2018-a-record-breaking-year-for-cry...

[3] https://www.coindesk.com/exit-scams-swindled-3-1-billion-fro...