How the API economy is powering digital transformation

Mobile

Join Transform 2021 this July 12-16. Register for the AI event of the year.


Application programming interfaces (APIs) make the modern digital world go round. They are what bring maps to your fitness-tracking app, login authentication to your banking app, and customer service communications to your favorite ecommerce app. APIs are the glue that holds most software together in 2021.

The benefits of APIs in modern software development are manifold, but at a top level they help power the shift from monolithic on-premises software to the cloud and microservices-based applications. Smaller, function-based components are easier to maintain, with individual developers or teams assuming responsibility for a specific part.

This also gives businesses greater agility in terms of maintaining, upgrading, and scaling their software, and it lets them tap domain-specific expertise — why would Uber develop its own resource-intensive infrastructure for real-time in-app messaging when it can use purpose-built APIs instead?

“APIs enable companies to more easily build products and services that would otherwise take too long to build,” Kong cofounder and CTO Marco Palladino told VentureBeat. “Developers can use these APIs to more easily access business-critical information and focus on other priorities instead.”

Founded in 2017, freshly minted unicorn Kong develops software and services that connect APIs and microservices between and within clouds, datacenters, and Kubernetes. Customers include Cisco, T-Mobile, Expedia, Samsung, and GSK.

“Teams can access a range of open source and paid APIs that accelerate their application development and remove most manual processes,” Palladino added. “The exchange of these APIs and the systems to manage them is, in a nutshell, the API economy.”

Kong cofounder and CTO Marco Palladino

Above: Kong cofounder and CTO Marco Palladino (left) with CEO Augusto Marietti

Image Credit: Kong

The API economy

Some major API deals have gone down in the past few years, including Okta’s recent $6.5 billion Auth0 acquisition, which consolidated an identity verification market that hinges on APIs.

The billion-dollar API management market has also thrived, with Salesforce shelling out $6.5 billion for Mulesoft back in 2018 and Google acquiring Apigee for $625 million before that. Kong, meanwhile, recently raised $100 million at a $1.4 billion valuation. None of these megadeals would be possible (or necessary) if it weren’t for the fact that developers need the correct tooling to enable them to create, deploy, control, monitor, analyze, and secure the dozens or hundreds of APIs a single application may need to plug into.

All this has given rise to the API economy. In the broadest sense of the phrase, the API economy can be defined by how organizations use APIs to improve efficiency and profitability through optimizing resources and opening new revenue opportunities through the wider digital ecosystem.

Palladino drew parallels between modern applications and a Lego building.

“Each individual brick is a microservice, which combines with a multitude of other bricks (microservices) to create a building (application),” he said. “These bricks are combined using the four studs on each brick, which are the equivalent of an API. Without the studs, teams would have to constantly build and rebuild their connections between services. It’s incredibly inefficient, and the process could inadvertently expose sensitive company data. The API economy involves the creation of these Lego bricks, either open source or for proprietary use, and the way that teams use these bricks — which represent application features and important protections — to innovate on their services.”

Nylas builds APIs that enable developers to embed email, calendar, and contacts functionality into their apps. Cofounder and CEO Gleb Polyakov considers APIs to be the “backbone” of today’s digital economy, serving as the DNA of companies’ digital transformation efforts. This is particularly pronounced as the pandemic has pushed many companies across the digital divide.

“APIs allow businesses to more efficiently unify and structure data from across multiple communication platforms, and leverage that data to build more productive workflows, bring products and features to market faster, and create modern user experiences that drive adoption and retention,” Polyakov told VentureBeat. “APIs allow businesses to achieve all of this without having to commit large amounts of time and resources, allowing product and engineering teams to focus on other critical issues and business goals.”

However, Polyakov notes that many of the best APIs are the ones that handle and transfer lots of rich data, meaning that “proper security protocols and compliance certifications” are vital.

“Without proper assessments, or an understanding of good design for security, businesses can accidentally expose sensitive information or unintentionally open themselves up to malicious inputs, compliance violations, and more,” Polyakov said.

Lifecycle

Jyoti Bansal is the serial entrepreneur behind a number of notable enterprise companies, including AppDynamics which he sold to Cisco for $3.7 billion in 2017. He later launched a startup studio called Big Labs, which has already churned out a billion-dollar DevOps startup called Harness.

Above: Jyoti Bansal: Serial entrepreneur behind AppDynamics, Harness, and now Traceable

Image Credit: AppDynamics

According to Bansal, APIs have transitioned from being a technical requirement to a linchpin business priority.

“The API economy has empowered companies to be more successful — whether it’s through leveraging third-party APIs to improve business processes, attracting and retaining customers, or producing an API as a product,” Bansal told VentureBeat.

While APIs have played a sizable part in each of Bansal’s businesses to date, his most recent venture — Traceable — helps to shine a light on one of the greatest threats to the burgeoning API economy.

Founded in 2019, Traceable is an AI-powered platform that protects cloud app APIs from cyberattacks. A quick peek across the recent cyberattack landscape reveals that APIs are playing an increasingly big part in hackers’ repertoire of targets.

News emerged last month that credit-check bureau Experian, which already had a less-than-exemplary record in protecting customer data, was potentially exposing the credit scores of millions of Americans via a porous API. And a few weeks back, fitness hardware and software giant Peloton hit the headlines after a security researcher found an easy conduit to private user data via an API.

This is nothing new, of course, but they serve to highlight one of the unavoidable challenges that comes with the proliferation of APIs as businesses transition from traditional on-premises infrastructure.

“Before this explosion of APIs, traditional security practices focused on a network with a perimeter,” Bansal explained. “That has completely changed — now, this traditional perimeter does not exist, especially for organizations using cloud-native infrastructure. Moving data and operations to the cloud obliterates the traditional border, introducing new attack vectors, new opportunities for leaks, new challenges, and a new approach to security.”

One of the core underlying issues is that it’s incredibly difficult to keep tabs on all the APIs that a company is using internally, or which ones are being actively maintained and monitored for vulnerabilities. This is why a growing array of VC-backed startups such as Traceable, as well as established players such as Apigee and Mulesoft, have emerged on the scene — they help bring API visibility to companies’ software and networks.

Indeed, the API economy might be huge, but the importance of safeguarding APIs is leading to a sort of sub-category that could be construed as the “API security economy.”

“Security teams need to have a holistic overview of their API ecosystem which includes each API’s individualized DNA, such as which internal APIs are speaking to external APIs, what kind of data is flowing between them, and who is accessing them,” Bansal explained.

APIs are just like any other piece of software — they need to developed, nurtured, and retired when the time is right. Ultimately, they need a lifecycle.

“APIs should be treated the same [as other software], but often that doesn’t happen,” Palladino added. “We need a process in place for designing new APIs, for releasing them, for versioning them and decommissioning them. It’s really important for companies to create a holistic and standard process for managing APIs through their full lifecycle.”

VentureBeat

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.

Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:

  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more

Become a member

Products You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *