Navigating through the cacophony of marketing hype to pinpoint what truly matters for developers can be challenging. Recently, at Ambassador, we curated a panel of industry experts spanning the realms of API development to explore the pivotal trends that have sculpted the API landscape in recent months. Now, let’s consider what’s actually worth paying attention to and what’s just background noise.
The Great Unbundling Is Not Universally Agreed Upon
Despite the buzz in the industry over the last six months from Gartner, Kong and other industry experts, the theory of the great unbundling of API management has remained a controversial topic. The idea of the “great unbundling” focuses on a shift from monolithic full-suite tools over to best-of-breed niche solutions. Some of our experts felt that this was a more reactionary posture, explaining that most enterprises they’d worked with didn’t want to invest time, resources and budget to integrate different API management tools into their delivery pipelines.
“A lot of my clients are really frustrated because there’s really not an easy way to pull all these tools together, so it’s not as easy as some are thinking,” shared James Higginbotham, industry panelist and API consultant at Launch Any.
However, another panelist, Keith Casey, viewed the unbundling as an acknowledgment of what has been happening for years behind the scenes — it’s just out in the open now. He noted that while many companies claimed to have standardized one set of tools, in reality, microgateways, for example, were being deployed across organizations. All agreed that better integration and packaging of tools would make things easier for developers regardless of which route they choose to go. In short: The strategy applied to your API development process matters a whole lot more than how many or how few tools you’re adding to your tech stack.
“Developers have two goals in life: build something useful and go home. And right now, so many things get in the way of us building something useful that we can’t go home, and it’s frustrating.”
– Keith Casey, senior product manager at Pangea
AI Is a Double-Edged Sword in API Security
As AI systems become more integrated into everyday applications and processes, the data exchanged via APIs becomes increasingly sensitive, potentially exposed, and valuable. Ensuring the security of these APIs is paramount to safeguarding against potential breaches, data leaks and unauthorized access. With the potential ramifications of security lapses becoming more severe in the age of AI, one clear takeaway from the panel was that we must prioritize implementing stringent security protocols to protect API infrastructure and the sensitive data it handles.
“We need to go back and rewind our assumptions every time we think about, ‘Oh, no one will ever do that with our API.’ We need to assume that someone is going to do it with our API, but realize that someone just might not be a human,” shared Casey.
Panelist Dan Barahona, founder of APIsec University, highlighted the ever-intertwined relationship between APIs and AI, and the implications that relationship will have on API security. There are major concerns about the potential for AI to be used as an attack vector. It’s increasingly easy to execute extremely sophisticated attacks. On the other hand, there is also a huge potential for AI to be used for defense and security.
“We need to be asking how we can leverage AI for defense and how we can be proactive in defending against AI security attacks. We need to be assessing both sides of the security coin. All API practitioners should be asking themselves, ‘How can we incorporate AI into our security tooling?,'” Barahona said.
Tech leaders should assume that their developers are already heavily using AI as an exploration and testing tool, and that usage will only increase as the technology improves. Get your AI policies and best practices in place now, and hire devs who have a strong understanding of how to maximize AI tools’ capabilities, while recognizing that no tool is quite yet a replacement for a strong developer.
Additionally, our panelists noted there seems to be a strong push for “shifting left” in security rather than the controversial take of “shield right.” “Shield right” focuses on reactive security measures to protect deployed systems from potential threats. On the other hand, “shift left” prioritizes proactive security integration early in the development process to prevent vulnerabilities, such as early integration of a tool like an API gateway. This early integration allows security features to be built into the development process, aligning with the “shift left” philosophy of addressing security concerns early on.
From a Center of Excellence to a Center for Enablement
While platform engineering has taken the world by storm, we need to pump the brakes and get the basics correct first. Sometimes, the myth of the platform team or Center of Excellence (COE) is that they’re making pronouncements from an ivory tower rather than being an instrumental part of the solution to your DevOps challenges. Panelists agreed that the focus needs to evolve from “How do I manage this platform?” to “How do I help people be productive?”
“Stepping back a little bit and saying, from the buzz of platform engineering, which is very internally focused and big right now, there’s a lot of automation enablement we need to do for our developers first before we even talk about a platform,” shared Higginbotham. “Let’s shift the conversation to focus on API enablement, with a look at Centers for Enablement or Center of Excellence.”
Casey echoed Higginbotham’s sentiments, stating that the shift to a Center for Enablement (C4E) was key to successful real-world platform engineering. He contrasted the mindset of serving and helping people become productive with the traditional approach of making high-level pronouncements that developers were expected to follow blindly.
“COEs are focused on the idea of enabling API designers, the providing teams and the consumers at the same time, and not being so focused on the implementation and delivering the code for the API,” shared Higginbotham.
For example, if you have one team building an API, there’s a potential for 150 different teams consuming it within an organization, meaning that without a streamlined platform team, you could be having the same exact conversation with those 150 stakeholders every time.
Investing in a solid platform team with a COE approach means that you’re investing in the proper documentation, support, code examples and other resources that reduce or eliminate those conversations completely. Plus, those resources can also better enable consumers to start using your APIs.
So the takeaway was: Yes, platform engineering is increasingly important in API development as long as we’re focusing on delivery enablement and developer enablement first and foremost. Your platform strategy and COE should work together for true API success.
In the End
These aren’t new concepts, but the approach and due diligence API development leaders apply to these trends will make a world of difference as to whether or not their developers will be able to respond positively. For more, check out the full tech talk from our API management panel on our YouTube channel.
The post API Trends: Platform Engineering, the Unbundling and AI’s Role appeared first on The New Stack.
A panel of industry experts explore the pivotal trends that have sculpted the API landscape in recent months.