Businesses across the globe, especially in the field of technology and digital services, are more connected than ever and rely on each other’s services to realize value from their business model. Companies can provide a wide gamut of services while minimizing the development time and cost by using third-party integrations. For example, Uber, the world’s most prominent ride-hailing service, relies entirely on the application programming interfaces (APIs) of Google Maps, AWS, Twilio and other businesses to bring its ride-hailing service to customers. Companies such as Salesforce and Expedia derive more than half of their revenues from their APIs. With integrations becoming a key to revenue models, APIs are the de-facto representatives of businesses to their downstream stakeholders and occupy a key role in a company’s go-to-market strategy.
In such a connected business environment, APIs have ceased to become just another mode of data-sharing and are now regarded as an organization’s most crucial revenue generator and its external representation to the market. Companies are investing in managing APIs, not as a tool but as a standalone product with developer experience and lifecycle management as key components in API management. The widespread proliferation of APIs is a key driver of rapid digital transformation in post-COVID times, where businesses have been successful in realigning their business models to the shifting dynamics of the market. In the same way that APIs have enabled retailers to connect with banks to offer in-app payment options, IT applications have been able to share data with each other to offer seamless and feature-rich experiences to end users. With modern APIs designed with ease of use for developers in mind, developers can build applications modularly and combine multiple functionalities to enable new use cases.
Notably, companies across the world are experiencing higher competition in the digital world as the barriers to new entrants drop. This has resulted in shorter development cycles with an emphasis on launching new products and functionalities quickly. APIs are key enablers in the acceleration of software development cycles and have allowed developers to deploy functionalities from third-party vendors without additional coding. The replacement of lengthy coding with API integrations has also helped development teams deal with talent shortages by managing complex, multi-module products with limited resources.
It has also been observed that APIs have played a major role in helping companies modernize and digitize their business practices at a limited cost and without disruptions. Companies have managed to connect their legacy applications to new tools and cloud systems using APIs without a lengthy systems integration process. Many companies built connected enterprise applications internally by connecting disparate systems across departments and business divisions.
However, APIs are not being leveraged to their full potential, as research from Google indicated; most organizations worldwide believe that their organization’s API usage maturity is low or medium, with only 38% of organizations believing that their API practices are highly mature. A key observation is that 50% of companies use APIs for internal stakeholders only, which include an organization’s staff developers and contractors, but do not serve developers outside the organization. This severely hinders an organization’s capability to collaborate with the wider connected ecosystem and restricts the variety of use cases that digitally mature organizations can offer their customers. One of the crucial steps toward improving API maturity is the adoption of cloud or hybrid deployments of API, which a significant number of API owners are pursuing today to make their APIs and related services more agile and flexible.
APIs are undoubtedly the most efficient method for companies to connect with third parties and vice versa. However, considering the revenues that APIs bring to companies and their role in the overall digital economy, APIs have become prime targets for cybercriminals. According to industry estimates, malicious API traffic has increased 681% in the past year, and many companies have rolled back or slowed down the deployment of new applications or functionalities due to security concerns. Notably, Google has observed that the usage of security analytics, bot protection and anomaly detection features has increased by 230% among its API customers. While there is a clear trend toward enhancing security capabilities from API owners as well as users, security incidents continue to be a concern and more investments toward improving the security posture of APIs are needed. In a modern digital world where API calls will originate from corporate networks, user devices, desktops, smartphones and IoT devices, a company’s firewall or perimeter securing strategies are bound to become outdated. Companies need to maintain visibility and control over how their API is accessed by various stakeholders across endpoints. Role-based access control strategies are one of the most efficient methods of maintaining such control in addition to machine learning-based suspicious activity monitoring.
APIs in 2022 are the backbone of the digital economy. Their role in revenue strategies is expected to grow as businesses evolve with more connectivity as a core tenant of their business model. Establishing strong API practices with APIs that cater to a wide range of use cases and applications is crucial to the success of digital businesses however, security and API data governance need to gain precedence among API developers and users to further the API economy while minimizing the risk. In the next few years, API-first strategies will flourish as APIs become the primary product offering for many companies; for others, APIs will become key business enablers.
Blog received by Hiten Shah, Senior Consultant