Hosting and software settings icon set
Application programming interfaces (APIs) make the modern digital world go round. They are what bring maps to your fitness-tracking app, login authentication to your banking app, and customer service communications to your favorite ecommerce app. APIs are the glue that holds most software together in 2021.
The benefits of APIs in modern software development are manifold, but at a top level they help power the shift from monolithic on-premises software to the cloud and microservices-based applications. Smaller, function-based components are easier to maintain, with individual developers or teams assuming responsibility for a specific part.
This also gives businesses greater agility in terms of maintaining, upgrading, and scaling their software, and it lets them tap domain-specific expertise — why would Uber develop its own resource-intensive infrastructure for real-time in-app messaging when it can use purpose-built APIs instead?
“APIs enable companies to more easily build products and services that would otherwise take too long to build,” Kong cofounder and CTO Marco Palladino told VentureBeat. “Developers can use these APIs to more easily access business-critical information and focus on other priorities instead.”
Founded in 2017, freshly minted unicorn Kong develops software and services that connect APIs and microservices between and within clouds, datacenters, and Kubernetes. Customers include Cisco, T-Mobile, Expedia, Samsung, and GSK.
“Teams can access a range of open source and paid APIs that accelerate their application development and remove most manual processes,” Palladino added. “The exchange of these APIs and the systems to manage them is, in a nutshell, the API economy.”
Above: Kong cofounder and CTO Marco Palladino (left) with CEO Augusto Marietti
The API economy
Some major API deals have happened in the past few years, including Okta’s recent $6.5 billion Auth0 acquisition, which consolidated an identity verification market that hinges on APIs.
The billion-dollar API management market has also been thriving, with Salesforce shelling out $6.5 billion for Mulesoft in 2018 and Google acquiring Apigee for $625 million before that. Kong, meanwhile, recently raised $100 million at a $1.4 billion valuation. None of these megadeals would be possible (or necessary) if it weren’t for the fact that developers need the right tooling in order to create, deploy, control, monitor, analyze, and secure dozens or hundreds of APIs a single application may need to plug into.
All of this has given rise to what is termed the API economy. In the broadest sense of the phrase, the API economy can be defined by how organizations use APIs to improve efficiency and profitability by optimizing resources and opening new revenue opportunities through the wider digital ecosystem.
Palladino drew parallels between modern applications and a Lego building.
“Each individual brick is a microservice, which combines with a multitude of other bricks (microservices) to create a building (application),” he said. “These bricks are combined using the four studs on each brick, which are the equivalent of an API. Without the studs, teams would have to constantly build and rebuild their connections between services. It’s incredibly inefficient, and the process could inadvertently expose sensitive company data. The API economy involves the creation of these Lego bricks, either open source or for proprietary use, and the way that teams use these bricks — which represent application features and important protections — to innovate on their services.”
Nylas builds APIs that enable developers to embed email, calendar, and contact functionality into their apps. Cofounder and CEO Gleb Polyakov considers APIs to be the “backbone” of today’s digital economy and the tech underlying companies’ digital transformation efforts. This is particularly pronounced as the pandemic has pushed many companies across the digital divide.
“APIs allow businesses to more efficiently unify and structure data from across multiple communication platforms and leverage that data to build more productive workflows, bring products and features to market faster, and create modern user experiences that drive adoption and retention,” Polyakov told VentureBeat. “APIs allow businesses to achieve all of this without having to commit large amounts of time and resources, allowing product and engineering teams to focus on other critical issues and business goals.”
However, Polyakov notes that many of the best APIs are those that handle and transfer lots of rich data, meaning “proper security protocols and compliance certifications” are vital.
“Without proper assessments or an understanding of good design for security, businesses can accidentally expose sensitive information or unintentionally open themselves up to malicious inputs, compliance violations, and more,” Polyakov said.
Jyoti Bansal is the serial entrepreneur behind a number of notable enterprise companies, including AppDynamics, which he sold to Cisco for $3.7 billion in 2017. He later launched a startup studio called Big Labs, which has already turned out a billion-dollar DevOps startup called Harness.
Above: Jyoti Bansal: serial entrepreneur behind AppDynamics, Harness, and now Traceable
According to Bansal, APIs have transitioned from being a technical requirement to a linchpin business priority.
“The API economy has empowered companies to be more successful — whether it’s through leveraging third-party APIs to improve business processes, attracting and retaining customers, or producing an API as a product,” Bansal told VentureBeat.
While APIs have played a sizable part in each of Bansal’s businesses to date, his most recent venture — Traceable — shines a light on one of the greatest threats to the burgeoning API economy.
Founded in 2019, Traceable is an AI-powered platform that protects cloud app APIs from cyberattacks. Indeed, a quick peek across the recent cyberattack landscape reveals that APIs are becoming increasingly prominent targets for hackers.
News emerged last month that credit check bureau Experian, which already had a less-than-exemplary record in protecting customer data, was potentially exposing the credit scores of millions of Americans via a porous API. And a few weeks back, fitness hardware and software giant Peloton hit the headlines after a security researcher found an easy conduit to private user data via an API.
This is nothing new, of course, but these incidents point to one of the unavoidable challenges that come with the proliferation of APIs.
“Before this explosion of APIs, traditional security practices focused on a network with a perimeter,” Bansal explained. “That has completely changed — now, this traditional perimeter does not exist, especially for organizations using cloud-native infrastructure. Moving data and operations to the cloud obliterates the traditional border, introducing new attack vectors, new opportunities for leaks, new challenges, and a new approach to security.”
One of the underlying issues is that it’s incredibly difficult to keep tabs on all the APIs a company is using internally, or which ones are being actively maintained and monitored for vulnerabilities. This is why a growing array of VC-backed startups — including Traceable — as well as established players like Apigee and Mulesoft, have emerged to bring API visibility to companies’ software and networks.
While the API economy is huge, the need to safeguard APIs is leading to a sub-category that could be termed the “API security economy.”
“Security teams need to have a holistic overview of their API ecosystem, which includes each API’s individualized DNA, such as which internal APIs are speaking to external APIs, what kind of data is flowing between them, and who is accessing them,” Bansal explained.
APIs are just like any other piece of software — they need to be developed, nurtured, and retired when the time is right.
“APIs should be treated the same [as other software], but often that doesn’t happen,” Palladino added. “We need a process in place for designing new APIs, for releasing them, for versioning them and decommissioning them. It’s really important for companies to create a holistic and standard process for managing APIs through their full lifecycle.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access: Become a member