API sprawl was a running concern at this year’s Platform Summit, which isn’t a great shock considering the rapid ascent of APIs in recent years. API adoption is through the roof. API expertise is still catching up, however, which can put both users and API producers at risk. API sprawl poses some specific risks for business owners, though, which can have serious repercussions for anyone looking to generate income with a service that uses APIs.

Below, we’re going to take an in-depth look at how API sprawl can negatively affect businesses. We’ll start with a brief recap about API sprawl in general and then delve into some of the specific challenges API sprawl poses to businesses.

What Is API Sprawl?

Organizations are creating more APIs than ever before. According to Imperva’s State of API Security in 2024 report, the average organization currently has 613 endpoints in production. Developers who aren’t versed in the latest best practices for API production are simply wrapping APIs over existing databases and microservices and calling it a day. Businesses are deploying a record number of internal APIs, as well. According to Rapid’s 2022 State of API Report, organizations with 10,000 or more employees have an average of over 250 internal APIs. To make matters worse, only 10% of organizations fully document their APIs. This is a recipe for API sprawl.

API sprawl occurs when an organization doesn’t have a clear vision for how to implement APIs of their APIs, leading to confusion about who’s responsible for different APIs or even what APIs exist in the first place. This can cause everything from broken or underperforming services to wasting time on unnecessary work to all manner of security risks, all of which can negatively impact end users.

API Sprawl Causes Data Breaches

API sprawl causes APIs to spiral out of control quickly, creating new endpoints faster than they can be tracked. This is not only inefficient, but it can be dangerous. You can’t secure an API if you don’t know it exists. Without knowledge of what APIs exist, this can easily lead to risky conditions like shadow APIs or zombie APIs. And without proper awareness, these unknown endpoints are typically easier to exploit. Without knowledge of what APIs exist, this can easily lead to risky conditions like shadow APIs or zombie APIs. And without proper awareness, these unknown endpoints are typically easier to exploit.

Data breaches have been exploding over the last 10 years. The number of annual data breaches in the United States increased from 447 to 3,023 between 2014 and 2023. This is bad for business by every metric. Data breaches are expensive, for one thing.

IBM research found that the global average cost of a data breach is USD 4.88 million. A staggering 66% of consumers won’t trust a company once they’ve experienced a data breach. Once a customer’s data has been exposed by your business, you may never get them back.

In certain circumstances, a data breach can even lead to service outages. If there’s a security incident, an API might have to be taken offline to be investigated. According to recent research, the average length to detect and contain a data breach is 277 days.

API Sprawl Causes Redundancy

If you can’t find an API, you might not know it exists. If you don’t know an API exists, you might end up building it again. In certain circumstances, API sprawl can result in you paying at least double what an API should cost.

Duplicate data costs American businesses an average of $600 billion every year. That’s to say nothing of the cost of missed opportunities, stale leads, and the potential damage to your company’s reputation. To make matters even worse, not only do you have to pay to build a redundant API, but you’ve also got to pay to maintain it.

API Sprawl Is Bad For Morale

No one likes doing work they don’t have to do. That’s time that could be spent doing something more rewarding, more challenging, or more creative. Having to develop an API you’ve already built is time that could be better spent doing virtually anything else.

According to a recent Gallup Survey, disengaged employees cost the United States an average of $450 to $550 million each year. In some circumstances, it can even result in losing an employee, which can also be bad for morale, not to mention expensive. It can cost up to 50% of an employee’s salary to replace them. It can ultimately cost a business between 90% and 200% of an employee’s salary to find their replacement and get them up to speed in the long run.

API Sprawl Increases Time To Market

In today’s hyper-competitive marketplace, a business needs to be as streamlined and efficient as possible. API sprawl increases the time it takes to get a product to market — sometimes drastically. This can end up costing your company revenue for years to come. According to recent research from McKinsey & Co., a product that’s six months late to market can earn 33% less profits over five years.

API Sprawl Negatively Affects Customers

Accidentally exposing sensitive data is just one way API sprawl can negatively impact a customer’s experience. There are countless more. API sprawl can result in an uneven user experience, for example, if an incorrect API works its way into an API catalog. If they’re able to see the backend of a product, they may end up encountering an API without any documentation, which could end up leaving an unfavorable impression of your business. Once they have a negative impression of your business, there may not be any winning them back. Considering that it costs 5x as much to acquire a new customer than to keep an existing one, you’ve got every incentive to eliminate API sprawl any way you can.

Final Thoughts on API Sprawl

Today’s business world is competitive. If an app or digital product doesn’t work easily and flawlessly right “out of the box,” there are likely ten alternatives a user can audition in less than a minute. You need to make your products as sleek, streamlined, and efficient as possible, by any means necessary.

The good news is that API sprawl has become such a prevalent concern there’s a wide range of excellent wisdom and best practices you can follow to keep it at bay. Employing an API catalog is one way, as it puts all of your APIs in one central location. This makes it much less likely for an API to get lost in the shuffle.

Following an API-first design is another, as your API will be planned before it’s built. This all but eliminates the possibility of unknown endpoints that could be an API security risk. Considering all the ways API sprawl negatively affects business, you’ve got every reason to put these principles into practice.