APIs and Low Code: A Match Made in Heaven Posted inPlatforms Darshan Shivashankar February 22, 2022 More than ever before, we are witnessing a meteoric rise of apps and software solutions built to respond to the complex realities of our hyperconnected world. There are over 200 million application programming interfaces (APIs) leading this growth — but challenges remain.The number of API-related security breaches keeps multiplying — and a single incident can jeopardize a company’s credibility for years to come. Think of Peloton’s API for user data allowing unauthenticated requests or the latest Experian credit score API breach that impacted millions of users. Gartner predicts that API security risks will only worsen in 2022. Is there anything API practitioners can do?The problem is that API development has been notoriously unpredictable due to a lack of standardization. Patchwork procedures have bred an environment full of weak spots where threats are ripe. A more systemic approach is needed to ensure we won’t be hearing about another API exposing consumer data tomorrow. The solution? Simple: It’s high time for low code. width="560" height="315" frameborder="0" allowfullscreen="allowfullscreen">Resolving The Biggest API ChallengesSecurity vulnerabilities are by no means native to API design; they emerge as urgent symptoms of the complexities present in the development process. Undoubtedly, there’s a subtle science to building good APIs in-house. Most developers will blatantly admit that “writing integration code sucks,” mostly as it takes their time away from making the actual product.Negative developer experiences and inadequate governance structures that provide no usable and transparent documentation manifest in low-quality and inconsistent code. The APIs are designed poorly, but the code also can’t often be externalized, meaning it has no real reusability. And with bureaucratic backlogs, the release times are much slower, enforcing a culture of low business agility and hindered collaboration.However, today’s organizations simply can’t afford this inefficiency and timeframes that easily span a year. Low-code platforms can tackle many notorious issues, reducing engineering time and resources while still producing high-quality APIs that work towards the desired business goals. When directed towards building consistent and reusable APIs, low code can become a long-term asset to organizations and their developers, who suddenly become empowered to achieve more in their roles.Ultimately, the goal of low-code tools is to build a highly customizable software environment that offers ease of use and high flexibility — so that organizations can plug their code into low-code structures. And with the inherent consistency of APIs delivered by low code, there are no further barriers to scaling. This way, organizations can drive innovation since execution becomes faster and easier than traditional API development. Low code doesn’t overshadow APIs; it becomes a key enabler, a true champion of organizational agility.The Much Welcomed Versatility of Low CodeInterestingly, today’s market trends have fundamentally impacted API development. In the era of the Great Resignation, companies may struggle to attract top developer talent. According to Ayalla Goldschmidt, the Head of Platform Product Marketing at Service Now, “companies realize that software has become critical to their agility and sustained growth, but not every company can attract and retain the engineering talent we have here in Silicon Valley.” With low code, the talent of software engineers can be put to its best use without the pressure of adopting a whole niche skillset.Low-code API management platforms can advance a healthy API economy, transforming all the aspects of the design journey, from API documentation through mocking, all the way to continuous testing. When honoring essential security standards, such as best programming practices or supporting multiple authentication providers, low code promotes the security of an organizational API platform, reducing the likelihood of cyber threats.The low-code approach also invites executives to immerse themselves in the technical aspects of API lifecycles, giving them much more control and visibility into the development process. Without the need to write code, they can advance data-driven decision-making. Through a simplified and potent process, managers (and businesses as a whole) can transform their monetization strategies and identify new revenue streams.And while the conversation has chiefly prioritized small businesses, big corporate players can benefit from low code as well. For example, Doordash outsourced building internal tools to a partner and found itself saving countless hours of operator and engineering time. Spotify has collaborated with a no-code provider to create voice and chat assistants. This happened without getting the in-house engineers involved, saving them from laboriously building those tools into the company’s production code.My team recently conducted a deep-dive analysis of the benefits of low-code platforms in real-world application development within the fintech and health care domain verticals. We used a dataset of 100 projects throughout 2019 and 2020 that shared a similar profile. Of these, about 10% used low-code technologies. The data set also included the shift to remote work driven by the COVID-19 pandemic.We found a 15% to 20% productivity increase for the low-code group versus those that used standard development technologies. Even considering the typical caveats for a study of this type (small data set, diverse project types, etc.), these results align with what frontline developers say about the benefits of low-code. Interweaving best practices via self-service can deliver a better customer experience across cross-functional teams. Above all, a key advantage is leveraging decoupled control planes that aren’t dependent on a gateway or service mesh provider to cut costs, complexity, and delays.Choosing the Best Platform to Adopt Low CodeToday’s low-code market already boasts diverse providers, offering different layers of flexibility, interoperability, and available plug-ins. So, how can organizations find their best fit? It all boils down to the balance between the levels of change they are willing to implement.It depends on how much businesses want to be hands-on and hands-off if they wish to bring in new talent or reskill existing developers and how important the platform integrates with existing systems and structures. For example, a low-code API platform can have hundreds of valuable features. Still, it’s not a viable option if it can’t connect old and new infrastructures across different environments, be it cloud, on-premise, or hybrid.It can also happen that a platform doesn’t allow an organization to build something that hasn’t been conceptualized yet. Or it may not offer easy A/B testing for evaluating a product. These considerations are critical. Companies should consider their long-term needs and select the right platform to scale to decide best.A few years ago, the CEO of GitHub, Chris Wanstrath, famously declared: “The future of coding is no coding.” For organizations looking to take the step now, it’s essential to secure a buy-in from all stakeholders involved. IT managers should make the headway, showing developers how they can benefit without their jobs being threatened. And managers should promote low-code platforms as a tool allowing an organization to reach its full potential. If a solution makes APIs more powerful and easier to build, why not use it?