Post

API Trends Netherlands 2023

API aanvallers

Of course, the API trends in the Netherlands do not differ much from global trends, but in our opinion, there are enough differences to warrant a separate discussion!

The Netherlands is a distribution country, and collaboration is in our DNA. Supply chains are a good example of this. These supply chains range from traditional chains of semi-finished products that are combined into a final product to simply “adding value” by combining data from different sources. The common denominator is that in all cases, APIs (Application Programming Interfaces) are increasingly being used. The fact that APIs are becoming an increasingly important part of IT architecture is reflected in the trends for 2023.

1. Secure API’s

More and more APIs are being developed according to the “zero-trust” philosophy. Everything is suspicious unless proven otherwise (through proper verification and authentication). In addition, APIs are increasingly designed to only return data that the executing user is allowed to see on a “need to know” basis.

We see that the number of cyber attacks on API infrastructure is increasing rapidly, and the consequences can be disastrous. In addition to the measures mentioned above, all security-related activities are logged and inspected using AI technology to immediately take action in case of abnormal patterns. The Salt platform (https://salt.security/) is a good example of this.

2. One size doesn’t fit all

One WBEM, SOAP, and even the REST API standard are not the best solution for all purposes. GraphQL, gRPC, as well as asynchronous APIs will find a place in the toolbox of API developers. Precisely because legacy systems are disappearing slowly and new standards are being adopted quickly, it is important to pay close attention to the management of these different standards. If it is not clear which flavors are being used, tasks such as version control, impact analysis, security, and monitoring can be time-consuming and costly, which will hinder any form of digital transformation. API mediation will also play an increasingly important role here (see also point 4).

3. API Ecosystem

“Tools need to be cool” is a common argument to attract young IT professionals to a company. Unfortunately, the looming danger of “sneakerware,” where developers and administrators are left to their own devices with self-chosen tools, is now a harsh reality. The almost unrestrained growth of APIs in recent years, with a mindset of “we’ll manage them later, we’re busy with digital transformation now,” has already led to technical debt in many organizations. There is now an urgent need for an API ecosystem with components such as:

  • An API directory: to easily find the right API with up-to-date documentation and promote reuse.
  • Version control: for proper impact analysis (what will be affected if we modify this API, which APIs need to be adjusted if this application changes).
  • API security: security by design, data-sensitive APIs, access control, and other granular security measures to secure APIs.

Because APIs have become an essential and critical part of IT architecture, the tools we use for securing, managing, and monitoring them must be powerful and “open.” Strong API management is therefore crucial.

In addition, these tools must also have all the capabilities to support new standards and enable commercialization of APIs in a simple way, for example.

4. API Mediation

Under this term, not only the tools mentioned in the API Ecosystem are included, but also things that enable the use of APIs in a Kubernetes/containerized or Service Mesh environment, for example. This includes a mediation layer that allows API monitoring, management, security, and services such as throttling across multiple systems. But also technological advancements such as using multiple proxies or brokers to intercept API traffic and add new policies or functionality on-the-fly, so that existing APIs can be modernized without complex interventions while minimizing the impact on existing systems. A good example of this is Istio, a service mesh solution primarily focused on distributed microservices architectures (https://istio.io/latest/about/service-mesh/).

Unfortunately, the use of API mediation solutions also causes some unrest. There are multiple technologies available, and while some solutions offer extensive facilities for management, others are more focused on developers. A lot of energy can be wasted in the battle over the right tool, with the danger of different technologies being used side by side.

5. Outsourcing of Integrations

In the past year, selective outsourcing of integrations has gained tremendous momentum. The shortage of IT specialists, long lead times, and high demands on the pace of digitalization have led many organizations to adopt one or more IT disciplines as services from specialized partners.

APIs are becoming increasingly complex due to high security requirements, complex IT architectures (legacy vs Cloud, Kubernetes), and of course because APIs play a crucial role in many supply chain architectures. Especially in the case of the latter, the failure of one API from one supply chain partner can cause the entire chain to collapse. It is not surprising that organizations choose a partner where teams of specialists monitor the well-being of APIs 24×7.

Expectations are that in 2023, the number of RestAPIs and other forms of integrations will explode. Only with the right tools, sufficient staff, and knowledge, organizations will be able to do this securely, cost-effectively, and efficiently. If you are already busy with other high-priority IT projects, you can also choose to have your APIs built, executed, and managed by professionals. The choice is yours.