Whether you are checking the weather on your phone or booking a ticket, watching your stock ticker, or speaking with a chatbot, chances are you’re interacting with an API, or Application Programming Interface. In fact, the total number of public and private APIs in use is almost a whopping 200 million!
This huge number of APIs and the physical spread of the distributed infrastructure locations has created a challenge known as an “API sprawl”.
American technology company F5 recently released a study that looks at the challenges and opportunities that an API-driven economy presents. The authors say, “If data is the new oil, then APIs could, unfortunately, become the new plastic, with by-products wreaking havoc on the ecosystem. To stay healthy and thrive in the API-driven economy, it’s time for organizations to get serious about creating, using, and managing APIs responsibly.”
Why does API sprawl exist?
API sprawl is as continuous as the application lifecycle process itself. There are many kinds of APIs, from public productized APIs (like Google Maps) to private or partner APIs (used by internal teams of companies).
APIs can be web-based, browser-based, or device-based as well as built to serve a single purpose or intended to aggregate multiple different data providers. Given the enormous number of APIs on the market, managing growth poses a challenge, especially if organizations do not follow best practices.
Operational and security challenges
As the number of APIs grows, it becomes hard to keep track of where they are located. This can result in documentation issues, which impacts end-to-end connectivity. API documentation needs to be strong to effectively use, integrate, maintain, and update APIs, as well as to improve the experience for developers using the API, reduce time spent onboarding new users, and identify and resolve bugs faster.
Versioning can be missed
Since APIs are updated frequently, issues related to versioning – the practice of transparently managing changes to the API, so users know what to expect – may arise. If ignored by developers, APIs can become unsupported and hard to maintain. Sprawled APIs can thus lead to a reduction in service reliability.
Potential security lapses
APIs are also prone to fraud and malicious behavior, which is why external APIs must be validated for trust. A 2021 report issued by Salt Labs revealed a surge in API attacks over the past six months. Malicious traffic grew by 348%, underscoring the prevalence of cloud-native vulnerabilities. In fact, nearly half of all surveyed developers cite security concerns as a top worry as it delays application rollouts, tarnishes brand reputation, and may lead to revenue loss.
Another report, which polled more than 300 IT decision-makers across the US, says that organizations struggle to detect, understand and control the APIs in their cloud-native apps, and that 40% of all organizations have no solution in production today for discovering and securing APIs. Over 70% of respondents said that security problems are exacerbated by the growing number of APIs and that cloud-native apps and Kubernetes deployments are particularly difficult to protect.
How do you reduce the challenges posed by the API sprawl?
Existing app security solutions and strategies may not properly protect modern apps at the API level, as traditional point products were primarily created for app-to-web communication. Cloud-native environments on the other hand are defined by app-to-app and API-to-API communication.
- Treat the API as a product rather than a project codebase. This gives a better developer experience as well as helps realize the potential value of APIs as business accelerators.
- Use spec-driven development as this will keep design, development, documentation, and testing, in sync, resulting in clearer requirements. Also, create and regularly update a company service directory to make services easily discoverable and reduce duplication.
- Set clear guidelines for versioning as a rigorous approach toward API versioning leads to better API integration. When APIs are documented, they are versioned such that users can have expectations of maintenance and lifecycle.
In today’s API-driven environment, API integration needs to be a critical part of an organization’s security strategy. CloudNow offers API implementation design and delivery models that can help you gain a competitive edge in your market by integrating your legacy system with an API-based strategy. Contact us today for more information.