in

Looking ahead to the API economy

As someone who builds integration products, I spend a lot of time researching industry and technology trends while speaking with analysts, engineers, architects, target customers, and my product peers. This work inevitably drifts my point of view into some version of “what’s happening now, what is likely to happen over the course of the next few years, and what is my role in guiding the industry to the best possible future?” This article intends to provide a synthesis of the most impactful ideas over the past year and their influence on my go-forward thinking as a connectivity Product Manager. I hope you enjoy the reading and look forward to your thoughts in the comments.

APIs become a part of internet fabric 

To some students of modern technological history, the “connectivity” part of the internet looked very different just a few decades ago. By “connectivity,” I mean APIs, protocols such as HTTP, and agreed-upon architectural patterns that unlock data. As a result, technology professionals speak about “legacy modernization” projects to expose old technology silos that would otherwise remain hidden from the digital lifeblood of the business. These so-called digital transformation projects often relied on XML-RPCs to enable integrations with mainframes while the new digital era brought standards such as REST, GraphQL and Web of Things.


Free for commercial use. No attribution required.

While established companies invest in new APIs to support digital transformation projects, early startups build on top of the latest technology stacks. This trend is turning the Internet into a growing fabric of interconnected technologies the likes of which we’ve never seen. As the number of new technologies peaks, the underlying fabric — otherwise known as the API economy — fuels the market to undergo technology consolidations with the historic-high number of acquisitions.

There are two interesting consequences of this trend. The first is that all of this drives the need for better, faster, and easier-to-understand APIs. Many Integration-Platform-as-a-Service (iPaaS ) vendors understand this quite well. Established iPaaS solutions, such as those from Microsoft, MuleSoft, and Oracle, are continually improved with new tools while new entrants, like Zapier and Workato, continue to emerge. All invest in simplifying the integration experience on top of APIs, essentially speeding the time-to-integration (a level of growing importance when it comes to business agility). Some call these experiences “connectors” while others call them “templates.” But in the end, the leading integration minds are actively invested in this area. 

The second consequence is well-defined, protocol-based connectivity. Looking at the world of REST ー a well-accepted architectural style defined in Roy Fielding’s dissertation ー we see that REST APIs dominate the scene with well-established specification standards such as the OpenAPI Specification (previously known as Swagger). Not only do these protocols enable industry-leading iPaaS solutions to agree on what the next world of connectivity will look like, they also set the foundation for new experiences — often referred to as innovation — to evolve. More technologies just keep emerging, offering visualization and transformation products that understand these standards while bringing more users into the world of connectivity. 

I am excited about the potential of this space and its ability to define the fundamental building blocks of the future internet with APIs as the centerpiece of its fabric. 

Also: APIs, microservices succeed as long as the organization doesn’t get in the way

Breaking silos with indexed search and browser-like API discovery

Moving from specialized tools and standards to a simple API discovery layer means that any employee who can write queries and logic flows will also be able to build full-fledged applications and customer-facing experiences. Many leading analysts are now seeing this dynamic as more APIs are consumed by less-technical departments like marketing, finance, sales, and HR.

I see this trend further evolving in two major forms. The first of these is universal API search and discovery. Many of us are using Google to search for information, and “Googling” endpoints (the addressable location of an API) and data shouldn’t be any different. This means more tools will evolve, but the approach we take will be fundamentally different; instead of manually documenting new endpoints with references and API portals, we can start indexing new APIs dynamically based on their machine readable descriptions. Using techniques similar to Google crawler tactics that discover publicly available web pages, more users will have access to all publicly available endpoints and the data. 

The second form involves how we explore those APIs and the data they contain. Today, many developers start by searching for an API portal, finding a relevant SDK, and sampling an API’s capability with API-consumption tools like Postman. Less-technical users, however, turn to low-code/no-code solutions that bridge the technical gap by demystifying API access (a skill typically reserved for software developers). It’s interesting to think about what will change as we evolve the underlying foundation of those protocols and standards. I believe that we’re soon to see more browser-like discovery tools, where webpages are replaced by endpoints and information is replaced by data. In this world, users can search, query, play, and plug the data instead of worrying about API technicalities like URIs, endpoints syntax, query parameters, etc.

Looking ahead, what I find most exciting about this development is that we will see the creation of new digital capabilities that are closer to the end user and are much faster to build. These innovations also trigger a need for enterprise professionals to see the bigger picture of how it all connects, while product leaders and CIOs must pay closer attention to inconsistencies in the customer experience or potential compliance, privacy, and security issues.

Also: Turns out low-code and no-code is valuable to professional developers, too

Productizing connectivity: protocols vs. connectivity as a service

More than ever before, users demand access to data. Yet many existing solutions are too complex, too expensive, or too heavy. This creates a technology vacuum that will be filled in the following ways. On one hand, integration professionals like me will continue to advance connectivity standards. Optimization for ease-of-consumption, particularly by non-developers, will lead to a new API consumption layer, so that less-technical experiences can evolve on top of it. 

On the other hand, new business cases will be made for creating agile API-facade-as-a-service solutions. As more users demand faster time-to-market while taking scalability, availability, and security for granted, more startups will emerge to address the need. We’re already seeing new entrants involving productivity infrastructure as a service by Nylas and a unified API from Kloudless that connects over 150 SaaS solutions through a single canonical model. All of this makes it easier than ever before to build and maintain connections with external systems. 

As we’re advancing on each front, I suspect that the industry will first need to agree on common architectural patterns as we build new solutions around them. 

Data is the new endpoint in security

Data breaches are trending up, with a record of 1,767 publicly reported breaches in the first six months of 2021. Our most common attempts at securing data focus on protecting the infrastructure that provides access to it: endpoints. Although this approach makes sense for some organizations, as we shift more infrastructure to the cloud where the infrastructure is far less within their control, securing that infrastructure becomes more problematic. We add more users into the mix who can now search, query, and share data with their favorite apps, and we have a recipe for disaster. 

To stay ahead of these trends, we first need to change our mindset. Instead of protecting endpoints in the new digital world, we must protect the data. This space is full of interesting innovations with new encryption and tokenization standards that further propagate the zero-trust model. This trend is also recognized by new startups that are building businesses around the idea of protecting data with encrypted data vaults and use-cases ranging from securing PII to offering HIPAA-compliant encrypted data stores.

Regardless of how we evolve our new API layers, at the core of the “secure” approach will be our ability to discover and work with sensitive data.

Also: API security becomes a ‘top’ priority for enterprise players

The bottom line

We are still “rounding first base” in terms of defining the next generation connectivity layer and understanding what kinds of businesses can be built on top of it. As APIs are already in the center of many digital transformations, we’re clearly seeing a trend of simplifying API consumption with low-code/no-code solutions that bring more users to create pluggable enterprises. It’s fulfilling to think of a world where everyone can contribute to improving the business.


 Anton Kravchenko is  Director of Product at MuleSoft, a Salesforce Company. If you are thinking about or building products or protocols that touch on any of these ideas, he would love to hear from you.


Source: Information Technologies - zdnet.com

A company spotted a security breach. Then investigators found this new mysterious malware

Apache HTTP Server Project patches exploited zero-day vulnerability