I try to go on a long walk every day. It clears my head, helps me see the bigger picture, and unlocks new writing topics. Regular walking has also been proven to have many health benefits, including improved cardiovascular health, lower risk of depression, better metabolism, and improved joint health. One study even correlated regular walking with higher brain volume later in life.

Walking is often used as a tool to shape our consciousness and enhance our perception and understanding of the world. I like the idea of strollology, coined by Swiss sociologist Lucius Burckhardt, which is essentially about the science of walking around. Ancient Greek philosophers would walk around the Athenian agora, too, to inspire their intellectual curiosities. In short, walking does something to the brain.

What am I doing talking about walking on an API blog? Well, in my opening keynote at Platform Summit 2024, I took a stroll through some of the top API economy trends in 2024. I contemplated a handful of trends in the API community, picking apart the role of APIs in AI, governance, security breaches, new standards, developer experience, and beyond. I also literally paced back and forth on stage quite a bit.

So, let’s walk through some of these trends as they were in 2024. Feel free to watch the presentation or read my text summary below for specific details and more background. I see this as a review of common themes the API community was discussing and an indication of where things are heading.

API Ubiquity

Nowadays, APIs are at the core of most software development.

First is the simple fact that APIs are ubiquitous. APIs power many user experiences, partner ecosystems, and internal architectures. They enable composable architecture and are foundational to many, if not all, software development practices. Just shy of 90% of developers use APIs, according to SlashData’s 19th Developer Economics survey.

In 2023, I took to the stage to describe how APIs power many of the functionalities we take for granted in our everyday lives. But APIs are also proliferating across internal use cases, such as MACH-based architectures, database wrappers, asynchronous data integration, security, and user authentication. They’re foundational to many DevOps workflows and partner ecosystems.

Emerging technology trends across industries remain pretty reliant upon APIs in the background. But even with this proliferation, their awareness within IT at large is minimal. As Marco Palladino, CTO at Kong, shared for a feature I wrote for InfoWorld on API governance: “Despite their significance, few are aware of the importance of APIs in IT or the global economy, as this has largely been a silent revolution.”

AI and APIs

I see the relationship between AI and APIs as symbiotic.

Another unmissable trend in our stroll through the API ecosystem is the rise of AI. AI quickly hit consumer mass, with ChatGPT reaching one million users in just five days. Now, a couple of years into LLM mania, the AI ecosystem is flourishing with new models and AI agents on the brink of autonomous capabilities. On the developer side, 92% of programmers now use AI tools, reports GitHub.

I see the two fields as symbiotic — AI development is spurring more growth and reliance upon APIs since developers often integrate AI product features via APIs. AI agents themselves will use APIs to fetch data, retrain models, interact with third-party SaaS, and inevitably perform mutations.

AI can also be used on the other side to inform API design, API testing, and API security. AI could benefit API management by generating documentation with more samples and enhancing the on-page developer portal experience. In other words, “it’s going to produce APIs for you, and it’s going to produce the code that consumes the APIs,” said API strategist and former Gartner analyst Paul Dumas at the 2024 Austin API Summit.

That said, AI is still maturing. Large language models (LLMs) are still prone to inaccuracies, hallucinations, biases, and potential privacy and intellectual property concerns. So, with this trend — walk, don’t run.

API Description Languages

API definitions languages have continued to evolve. OpenAPI specification (formerly Swagger) is still the dominant force in API standards, and iteration is ongoing, with v4 codenamed Moonwalk under development. But we’ve also seen new API description formats enter the fold.

Arazzo, Italian for “tapestry,” is one interesting incumbent specification. From the OpenAPI Initiative, this add-on to OpenAPI is intended as a standard way to describe workflows or a series of interlinked API calls. As we’ve covered, possible use cases for Arazzo include reusable sequences of calls for AI, tying together security, human resource management (HRM) systems, to healthcare systems,

TypeSpec, for instance, is a description language open-sourced by Microsoft. Its form and function are very similar to TypeScript, and it’s intended to lower the barrier to design-first API development. (The good news is that it can generate OpenAPI, so it’s still compatible with the ecosystem).

API Drift

The jury is out on how to fix the API spec drift issue.

In general, I see many benefits of using a specification-driven approach for API design. Most people in the API space agree it can act as a source of truth for collaboration and creating more consistent APIs with quality developer experiences. Yet, true documentation-first cultures are still nascent — according to an EMA study, 70% of organizations have 30% or more of their APIs undocumented.

What’s worse is that APIs tend to drift from their specifications in production. An industry report from APIContext in 2024 found that 75% of APIs have nonconformant endpoints. This is not so great, because an API that drifts from its expected behavior can cause confusion, break service-level agreements, and even lead to breaking changes on the client side. Why is drift so commonplace? There is a handful of root causes behind API drift, such as an absence of continuous testing and repeatable workflows and a general lack of awareness and discipline regarding design-first development standards.

API Governance

Governance has risen to avoid sprawl and direct internal API standards.

This brings us to a corporate-sounding word that has surprisingly risen in popularity lately — governance. Following our theme, governance is like the signposts along the path, helping walkers stay on the designated trail. API governance has risen in response not only to the lack of standardization described above but to the sheer rise in APIs across the board.

Large organizations often have a smattering of API formats in use simultaneously, from REST to SOAP, event-driven architectures, GraphQL, gRPC, and others. While using the right tool for the job isn’t necessarily a bad thing, complexity is compounded when you have various design styles in use, as well as multiple gateways and API management solutions in play. This is a recipe for sprawl issues.

API governance has many meanings and isn’t solved by a single sweeping product. But generally, it refers to centralizing design standards and security patterns (including areas like identity and access control). Inventorizing or cataloging APIs, overseeing proper change management procedures, and consolidating disparate tools and gateways.

Many companies are adopting API governance initiatives as we speak. For instance, Atlassian’s internal governance program is developing extensibility standards to perform automated checks to enforce rules and systematize the API change management process. This results in enhanced stability for their partners with fewer broken integrations.

Developer Experience

Developer experience now requires continuous attention.

The best trails, in my opinion, are cyclical. If you keep going, you get back to where you began. There’s no getting lost! A great developer experience (DX) is more than just having a quick and easy starting point (or trailhead). The APIs with quality developer experience ensure developers don’t get lost throughout the entire journey, from discovery through onboarding to testing, integrating, maintenance, and versioning.

Interestingly, 88% of companies surveyed by Lunar.dev say issues related to third-party APIs require weekly attention. Therefore, more efforts on ongoing maintenance will be necessary to support API integrations beyond the ‘Hello World’ moment. AI initiatives that interface programmatically with partners, for example, hinge on quality API developer portals and dashboards that are easy-to-understand and navigate.

So, what makes a great API developer experience these days? Well, many of the basic tenants still ring true: great documentation, stable changes, human-readable error messages, public OpenAPI specs, self-service capabilities, code samples, and consistent designs and naming conventions. One interesting example of an API provider pioneering new developer experiences is Plaid, which has a conversational agent named Bill (no relation!) integrated into its developer portal.

But beyond API-based experiences, from SDKs to platform engineering, the role of developer experience continues to gather steam. I’d argue DX has now grown from being a competitive advantage to an expectation, and most agree that investments into DX reduce costs in the long run.

Attacks on APIs

It comes as no surprise that, as reliance on APIs increases, so has the number of attacks. Part of the problem is that simple broken access control issues are pervasive. A 2024 report from Akamai found that web attacks against applications and APIs surged by 49% between Q1 2023 and Q1 2024. They also shared that 108 billion API attacks were recorded from Jan 2023 to June 2024. Inefficient API authentication authorization is at the heart of many of these top breaches.

In 2024, we also saw an increase in chatter about shadow APIs and zombie APIs. The State of API Security Report, conducted by Salt Labs, found outdated zombie APIs to be a top concern among the technology professionals surveyed. Other vulnerabilities have emerged in the updated OWASP top ten for APIs, including risks related to business logic gaps, a lack of inventory management, and others.

Beyond runtime security monitoring, many believe that the identity and access management side of the equation can solve many of the issues related to API security, sprawl, and governance. Especially within large organizations, customer identity control can make things more consistent with standard security flows and respond to sprawl concerns by unifying access management with internal role-based policies.

API-First Business

API-first business models continue to surge, with 62% of those surveyed saying their company uses APIs to generate revenue, found Postman’s 2024 State of the API report. From a development perspective, API-first can produce tangible benefits too. “When you’re API-first, problems like sprawl and drift can go away,” Noah Schwartz, Head of Postman API Network, told me. Yet, he admits API-first looks a bit different in actual practice, and not everyone is as far along as you might think, he adds, citing some holes in terms of tooling and specification-driven development.

Another interesting trend lately has been the unbundling of API management, which has to do with a migration away from full-lifecycle API management platforms toward more lightweight, fit-for-purpose tools. The idea is that using best-of-breed API gateways could save costs and reduce feature bloating associated with those larger platforms.

Happy Trails

This is a cross-section of interesting themes the API community was discussing in 2024. So, what will 2025 look like?

Overall, I anticipate more interest in the interplay between APIs and AI. I think we’ll see more interest in APIs as a foundation for agentic AI, how to position APIs for AI consumption, and how to optimize backend integrations and calls for performance and cost-saving benefits. More open APIs are required to connect the fabric behind the scenes. Otherwise, developers will find alternative means for data access — a dilemma Z expertly identifies here.

Another limitation is the data itself. AI agents are stunted based on insufficient or improperly categorized data or lack of access to such data. I believe that APIs, in addition to standard database retrieval mechanisms, will play a role in connecting systems to empower agents with more context and capabilities going forward.

I enjoy film photography in my free time. Some of the outdoorsy photos used in this presentation were taken with my vintage Nikkormat 35mm camera.

There are a lot more exciting developments along the path as we head into a new year. Stay tuned for more specific insights as we look into 2025 trend predictions soon.