APIs are eating the world (Part 2)
Perspective, by Paul Lehair
APIs are eating the world (Part 2): the rise of API tools 2.0
Although APIs have been around for a while, their omnipresence continues to rise and they are now truly eating the world. Part 1 described the rise of API-first, how APIs are both fuelling and eating software, and the opportunities in API-first. This Part 2 focuses on the tools and the infrastructure that are enabling the continued growth of APIs.
The rise of next-generation API tools
Many organisations and developers are now spending the majority of their development efforts on APIs. The surge in the API economy continues and, according to RapidAPI’s latest State of APIs report, 70% of developers surveyed expect to increase API usage in 2023.
In parallel to the explosion of APIs and API-first companies, we are witnessing the rise of a new generation of API tools and enablers of the API economy. Interestingly, as this ecosystem is becoming more complex, there seems to be unbundling opportunities for potential new tools and platforms. Let’s unpack further where we see areas for innovation.
API management solutions have been around for a while as the first ones were created 15 years ago. With the exponential increase in API usage, this market continues to grow very strongly (30% annually) and some estimates the API management market size will surpass $40bn by 2030 (from $5bn in 2022). Indeed, this market is going through a gigantic wave as the penetration of API management solutions in enterprises is expected to grow from 10–20% to 80% in the next 5 years. However, incumbent solutions are typically based on legacy technologies, hard to use with poor developer experience and not adapted to modern architectures. Traditional providers are for instance only able to process data via a request-response synchronous model, but are inadequate for the age of real-time data streaming and its asynchronous nature.
We believe this creates opportunities for disruptors and next-generation API management solutions. This led us to invest in Gravitee, the event-native API platform, which enables teams to manage both synchronous and modern asynchronous APIs and protocols.
According to Postman’s latest State of API Report, lack of documentation is the number-one hindrance to consuming APIs. Only 3% of respondents rated APIs they work with as “very well documented” (10/10) and 60% scored this API documentation between 0 and 5 (out of 10). In terms of what could improve documentation, the top suggestions from respondents were providing up-to-date documentation (57%), code samples (55%) and better examples (53%). It may seem trivial, but API documentation is a key area to unlock further growth in API usage. This could create opportunities for new specific tools to emerge or for differentiation for existing API platforms.
The large API platforms typically provide basic API monitoring and analytics functionalities. Our constant use of real-time data requires live API monitoring and much more granular analytics. Teams no longer simply need monitoring alerts of potential issues but require solutions that help them detect and solve the root cause of issues, which is what true API observability should provide. Treblle is an API observability platform aiming to provide a wider scope of insight into their clients’ API health compared to what traditional API monitoring tools do.
A lot of APIs are meant to remain free and open, but, as we discussed in Part 1, many API-first companies are now huge businesses generating billions in total revenue thanks to their usage-based pricing models. As APIs have evolved from being seen as simple pipes to proper products, planning and implementing a successful monetisation strategy has become critical.
“API monetization is on the rise: Whether it’s data, services, functionality or otherwise, APIs will be a go-to for monetization and creating new revenue streams.” RapidAPI’s Top 10 API Predictions for 2023
This is an area that requires coordination from people across functions (engineering, product, business) and so there is an opportunity for specific solutions owning the monetisation layer or focusing on it. Blobr is an example of a company enabling product and business people to monetise their APIs.
API security is such a key topic that it has gone from being a feature to unbundling as full platforms: the ‘API security economy’ is now a category of its own. Indeed, a consequence of decentralised microservices-based architectures and the explosion of APIs is increased risk and insecurity as there is no central control view anymore. Organisations typically have many more APIs than they are aware of and sometimes expose sensitive data via APIs while having low defences.
As a result, Gartner had predicted that by 2022 API abuses would “move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.” Yet, the vast majority of organisations still have no API security strategy. In this context, the API security market is forecast to grow from $1bn in 2022 to $10bn in 2032. There has been a flurry of new entrants in this space (with disruptors differentiating through a focus on shift-left security and ease of deployment), which we expect to continue to boom.
API privacy and compliance
There is an increasing intersection between security and privacy as breaches typically present significant data privacy risks. In parallel, new regulations around data protection and privacy continue to emerge, leading to a growing focus on compliance.
“This [booming compliance market] will require API tooling to assist customers to check that Personally Identifiable Information (PII) is being used in compliance with regulations at the API level.” API Landscape State of the Market (2022)
Following what is happening to API security with the adoption of the DevSecOps approach (application of security into DevOps processes), new DevRegOps (regulation into DevOps) or DevPrivOps (privacy into DevOps) tools are expected to emerge. Skyflow is an example of a company building the data privacy and compliance layer.
API integration and low code
There is an interesting link between APIs and the low/no-code trend. As low/no-code technologies continue to improve, we should reach a time when non-developers (aka citizen developers) should be able to leverage and work with APIs autonomously, which should further boost usage of APIs. On the other end, the explosion of APIs and fragmentation of SaaS applications has led to increased needs to integrate these various software tools using their APIs. As a result, low/no-code tools (eg. Zapier, Retool) have been created to enable citizen developers to make these SaaS integrations themselves and more API integration platforms are expected to emerge.
We are excited by the rise of next-generation tools and platforms in API management, documentation, observability, monetisation, security, privacy and integration with low/no-code. Please do get in touch with Paul (email@example.com) with any feedback and, if you are building an API tool or infrastructure startup, we would love to have a chat.