 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
At the recent Apidays conference in New York, analysts described an evolving API landscape and vendors highlighted innovative responses to the market shift toward more strategic API use.
Market research indicates a dramatic increase in API usage during the past year, said Gartner VP Analyst and Chief of Research for Software Engineering Mark O’Neill during his keynote.
Adoption of third-party APIs has been a particular area of growth, he added. And the generative AI trend adds significant fuel to the fire. Traditional monolithic “all in one” API gateways are evolving like dinosaurs into lighter-weight, specialized products. A composable approach to API management is required.
“Customers are depending more and more on APIs for critical business functions,” O’Neill told The New Stack. “They notice when one of those APIs goes down or is unavailable, and it impacts their ability to do business. They may not be able to get a contract signed or process a payment because an external API is down or unresponsive.”
He added that API software vendors are responding to the adoption and strategic usage trends by specializing and reworking API gateway designs that are now decades old. It may be challenging for some of the vendors to adjust, he said, especially those who are not used to integrating into a best-of-breed stack.
Irakli Nadareishvili, Managing Director, Global Banking Platform, JPMorgan Chase, spoke about his view of an API as part of a comprehensive platform of related APIs that perform a complete business function, such as all of the operations required to open and manage a bank account.
Such API platforms require comprehensive design, governance, management, analytics, and testing, he added. API capabilities are also very relevant in the current internal developer platform trend.
Tech companies are responding to the explosion in API use and shift in strategic value to better meet underserved capabilities, such as GraphQL, WebSockets, egress control, LLM security, and improve upon existing capabilities.
“API management is not simply technical plumbing anymore, it needs to be something that supports developers more directly and provides the right level of information and confidence to businesses that they are getting the right return on their investments,” O’Neill explained.
Yet, Lunar.dev’s innovation, for example, reverses the classic API gateway role. Instead of controlling traffic coming into an organization, Lunar controls traffic going out of an organization to access third-party APIs such as SaaS APIs or generative AI APIs.
“You might have multiple departments all hitting the same external API at the same time, and without the proper controls in place you may not get the performance you expect, and you may exceed your rate limit or budget without realizing it,” Lunar CTO and co-founder Roy Gabbay told The New Stack.
Another indication of the trend toward API product specialization is the emergence of vendors who focus on a single API protocol. Most traditional API gateway vendors look to support all protocols.
Gartner research shows that while REST remains the top API protocol by a wide margin, GraphQL’s adoption is increasing, with a lot of room to grow. Gartner research also indicates that asynchronous or event-driven APIs are increasing in popularity.
Specialist GraphQL company Apollo GraphQL is responding by supporting a complex series of API calls using a single GraphQL server, making it easier for frontend developers and LLMs to retrieve the data they need.
“We’re also working to standardize GraphQL,” Apollo CEO and co-founder Geoff Schmidt told The New Stack. “We think GraphQL has as much potential as SQL did when relational databases were invented to make life easier for API developers working.”
Meanwhile, API startup vendor Svix focuses exclusively on providing Webhook APIs as a service, simplifying their adoption and use. “People kept on asking us for webhooks at a previous company, and we kept on saying no because of the upfront cost and ongoing maintenance required to offer them,” CEO Tom Hacohen told The New Stack. “A few months later I realized it could be a business and started Svix; it just kept on growing from there,” he added.
On the other hand, Zuplo is busy rethinking the API gateway itself. Zuplo CEO Josh Twist told The New Stack that “It needs to be fast, flexible, extensible, and developer friendly.”
Zuplo is a programmable, extensible API gateway that deploys at the cloud edge, he noted. Although Zuplo aims to provide most capabilities customers need, developers can easily integrate other products for analytics, testing, and security, he said.
Zuplo is designed for fast deployment in a secure, multicloud environment, and is “easier to use than Kong or Apigee,” Twist said. Zuplo is designed to support the shorter feedback loop needed for modern cloud-based microservices deployment, he added. It supports any number of deployment environments and creates environments dynamically.
O’Neill noted that Gartner received a significant increase in inquiries about AI and APIs for AI. Many organizations are still trying to figure out their strategy, get a handle on costs, and understand the benefits.
Kong is among the traditional API gateway vendors offering new AI protections built into the API gateway. They also include a special vector caching layer to improve the performance of GenAI prompts and responses.
Increased use of LLMs and generative AI APIs introduces new risks and vulnerabilities on many API security vendor agendas as well, employing various defense mechanisms. In fact there’s a new OWASP Top 10 Gen AI API vulnerabilities list, as mentioned by Akto in their talk.
Some API vendors are trying to bridge the traditional gap between business requirements and API development.
For example, Ostia delivers a toolset for the API product manager. This is a role by the way that Mark O’Neill calls out as often something organizations miss assigning. The Ostia toolset “Makes sure the API is consistent with what the business does,” CEO John Power told The New Stack.
Ostia accomplishes this by offering a no-code development environment for APIs that “prevents drift and eliminates inconsistent data formats,” Power added.
In another example, WireMock recently added a prototyping feature to its API mocking toolset. Prototyping helps “ensure that the API meets the expectations of the users before the Open API specification is generated,” WireMock CEO Uri Maoz told The New Stack.
