The past few years have been huge for APIs, from the emergence of API-first architecture to the wider adoption of tools like API gateways. And in 2024, things show no signs of slowing down — the space is evolving even more quickly than it has been.

Looking at the lineup for our Austin API Summit, taking place in March of 2024, we couldn’t help but notice several related topics appearing time and time again. The alignment of these new trends suggests that many of us in the API space have similar issues on our minds. From tweaks to best practices around standards and monetization to seismic shifts in how we develop and document APIs, many of our Austin speakers are currently gearing up to present on some of the most significant changes emerging in our industry right now.

It’s no understatement to say that developers and API-first companies will need to embrace, or at least consider, these trends if they want to stay relevant. In this piece, we’ll look at four major shifts in how we might come to think about APIs in 2024 and what they mean for API-first businesses.

1. A New Generation of API Description Languages?

Microsoft’s Gareth Jones asks us the following rhetorical question: “Didn’t the API description wars end in 2017 when we all agreed that OpenAPI Specification (OAS) was the way forward? Yes,” he continues, “and yet how satisfied with your API descriptions are you?”

The answer is, for many API developers, “not entirely.” In the 2023 State of the API Report, Postman listed all of the following types of specifications that are actively being used in what they term the API Platform Landscape:

• OpenAPI
• AsyncAPI
• WSDL
• Thrift
• Protobuf
• gRPC
• GraphQL
• RAML
• Avro
• API Blueprint
• JSON Schema

The sheer length of that list suggests an undercurrent of dissatisfaction when it comes to documentation, with some still crying out for alternative solutions despite the dominance and maturity of the OpenAPI Specification (and AsyncAPI for event-driven scenarios). We won’t be as bold (read: clickbait-y) as to suggest that 2024 will see the death of the OpenAPI Spec by any means. That said, a new generation of domain-specific languages (DSLs), like Amazon’s Smithy and Microsoft’s (open-source) TypeSec, could shake things up.

Gareth will be joining us in Austin to make a case that these more abstract languages, in his words, “move us back to a more intentional approach to design and give us the opportunity to highlight the business characteristics that matter most at design time.” Microsoft’s Mandy Whaley will also be in Austin, talking about how Microsoft uses TypeSec to deliver APIs at a massive scale while interoperating with the OpenAPI ecosystem. We’re excited to see the arguments for TypeSec and other DSLs that they posit.

2. Security, Standards, and Decentralization

We’ve already written plenty about how open banking standards worldwide are changing the FinTech space. However, we’ve also recently written about how decentralized identity will transform banking as we know it.

On the face of it, these trends may appear to be anachronistic — decentralization is all about flexibility and empowering users, while standards relate to fitting things into neat boxes. In practice, however, decentralization needs standards before major financial institutions will seriously consider embracing the decentralized finance (DeFi) movement.

As the process of API development becomes more formalized, we’re seeing the emergence of various standards. And, on their flipside —security and standards aren’t quite brothers, but cousins perhaps — we’re seeing an increasing need for high-grade security best practices.

Chris Wood, an open banking expert, says that “although standards like FAPI are rock solid and have evolved with the market, they can be complex to implement.” In what may be a preview of his Austin presentation on standards, he considers them a mixed blessing. “We have the excellent parts, like the adoption of open standards like OpenAPI to define APIs to be implemented by the market,” he says, “and the not-so-excellent, like standards bodies still relying on voluminous bodies of work, often in PDF, to set the requirements for participants.”

In that area, speakers at our Summit will be covering various topics relating to standards and API security: managing API authorization using an identity server and gateway, going beyond OAuth with fine-grained authorization frameworks, and identifying (and combatting) the biggest API security threats identified by OWASP are all on the agenda.

Wood concludes that “with the next wave of standards-setting, likely to start soon in the European Union with PSD3, we are on the cusp of finding out if API standards can become a true enabler and create a homogeneous, open ecosystem.”

On the other side of that coin, we may also be on the cusp of discovering what happens when API providers fail to take the security measures required to conform to the growing number of data protection laws and directives that govern what they can legally do with user data…

3. APIs, AI, and Automation

Unsurprisingly, AI looks set to be a big (and no doubt contentious) talking point in 2024, and that’s reflected in our Austin summit lineup. Gartner’s Paul Dumas, for example, will lead a keynote speech on the logistics of using GenAI to generate APIs. He states that:

“Humans cannot compete with the compute power of APIs. How do we marshal this power, govern what it produces, and leverage its output? [In 2024 and beyond,] we will become more dependent on the capabilities we have as humans that elude machines.”

In other words, how can we continue to build APIs that retain the human touch? It’s an uphill battle that tools focused on automation will face, whether or not they’re powered by AI.

Microsoft’s Kristen Womack has spoken about how hand-crafting SDKs is expensive, labor-intensive, and requires multi-language development by default. Automating tasks like SDK generation feels like a slam dunk, saving time and money without compromising on being human-friendly.

While Microsoft aims to solve this problem by funding Kiota, an open-source command line tool for generating an API client to call any OpenAPI-described API, other companies think AI could be the answer to enriching documentation and developer experience.

Consider, for example, how AI is being deployed in conjunction with the work of technical writers to improve developer portals by Plaid’s Todd Kerpelman. Kerpelman has built an AI-powered chatbot called Bill to help developers navigate Plaid’s documentation site:

Elsewhere, Sipios’s Ruben Sitbon argues that any product can be improved with Generative AI. At our Austin summit, he’ll be talking about deploying GenAI in-house APIs to boost product features, improving answers using a trainer API, and building security and compliance into APIs.

Even considering the advances we’ve already seen, there remains a ton of untapped potential to leverage AI in many aspects of API development — something Ram Bansal will be presenting on in Austin — especially those that are time-consuming, fiddly, or repetitive.

4. Monetizing APIs

In the past couple of years, we’ve seen the perception of APIs shift from fun side projects and internal tools for techies into legitimate business offerings. That shift is not done… shifting yet. And there are those who believe that the denouement of “API-first” is “API-only.”

The API management market, already valued at more than $4.5 billion, is predicted to grow to over $25 billion by 2030. According to The New Stack, this growth is “driven by a single idea: APIs entirely control the digital world.”

We’ve already seen this model from the likes of Netflix, who use hundreds of microservices to serve video content to different devices. They once, in a 2013 blog post, called APIs the “slender neck” in the metaphorical hourglass of their technology stack.

All of this considerably ups the ante when it comes to thinking about different monetization models, with many tools now dedicated to the process of growing and monetizing API products. For instance, Moesif’s CEO Derric Gilling will join us in Austin to discuss how to decide what APIs to monetize, different monetization models, and the operational mechanics that go into monetizing APIs.

And, although security and compliance have always been important for APIs, productization amps up how crucial it is even higher. To pull things back to standardization, bridging the gap between documentation being human-readable and machine-readable (and therefore machine-checkable) is something that may help to reduce errors on that front.

APIs Are Changing…and Remaining the Same

For everything that’s shifting or evolving in the API space, there’s something else that will stay the same. As exciting as developments like AI, decentralization, and new API description languages might be, they don’t mean we should throw the baby out with the bath water.

Ultimately, much of the above comes down to refinement rather than replacement. It’s a consensus that Toro Cloud CEO David Brown and API Evangelist Kin Lane recently reached on a podcast episode of Coding Over Cocktails on API description languages:

“This mindset of ‘GraphQL is better than OpenAPI’ or vice versa [may not be helpful]. You’re like, ‘Hey, guys, it’s not about which one is gonna win the war here. Let’s work out the advantages and the use case for each and how they can work together and complement each other.'”

Amen to that.

Much of what we currently consider to be best practices in our industry — using the OpenAPI Specification, using API gateways for access control and rate limiting, or creating developer portals packed with useful resources, code samples — will continue to be just that…at least for now.

However, one thing is certain: we can’t wait to hear what some of the brightest minds in API development make of all this stuff when we touch Austin. If you’re unable to make the Summit, look out for videos, transcription pieces, and much more in the coming months!