How Gen AI Is Evolving API Management

How Gen AI Is Evolving API Management

Posted in

Most industries are discovering the transformative effect of generative AI, and the API space is no exception. Granted, we are still in the early days of the AI revolution, but API management is already shifting in its wake. Accelerated by the recent advances in large language models (LLMs), how we design, document, test, and secure APIs is destined to change. As is the way developers integrate with APIs, through AI assistants and advanced auto-complete functionality.

Experts agree that generative AI will evolve how we manage APIs. “GenAI copilots and assistants are elevating the human experience in API management, leading to higher-quality, well-documented, and governed APIs,” says Frank Kilcommins, Principal API Technical Evangelist at SmartBear. Others foresee this technology being utilized for areas like runtime analysis security, standards-based contract testing, and more.

AI-first API management will automate away many routine tasks and operations, freeing up API builders for more high-level strategic thinking and easing the integration experience for application developers. Below, we’ll explore how generative AI is reshaping API management, considering general use cases and looking at a few examples of how solution providers are already integrating AI into their API management technologies.

Automating API Documentation

The most apparent impact of generative AI on API management involves API descriptions. Brandon Boyd, Product Manager at Tekion, firstly sees AI being used to create and modify API documentation and specifications. Secondly is the ability to more quickly iterate on in-progress APIs and provide more readable error codes for users.

“Generative AI is transforming API management by automating routine tasks like documentation, testing, and API creation, which significantly enhances efficiency and accuracy,” says Peter Schroeder, Founder of The API Economy. He views AI-driven automation, like generating real-time documentation, as helping developers focus less on maintenance and more on innovative and creative strategies.

A 2023 EMA research report found nearly 70% of organizations have 30% or more of their APIs undocumented. Given the lack of comprehensive documentation, methods to automate documentation look attractive to ensure better awareness and usability for a burgeoning tech portfolio.

As we’ve covered, compatibility with the AI ecosystem is a goal for v4 of the industry standard API description format, OpenAPI Specification, named Moonwalk. “AI, alongside innovations in specifications, represents a tremendous opportunity to address industry challenges,” says Kilcommins. He highlights how the new Workflows Specification will provide a vendor-neutral framework for describing complex API flows.

Streamlining Developer Experience

Next, generative AI could enhance the API developer experience in countless ways. For instance, LLMs can quickly help discover appropriate APIs, construct requests in the relevant programming language, and create tests, says Paul Dumas, Senior Director Analyst at Gartner. He adds that these AI-enabled developer experiences will hinge on ensuring APIs and developer resources are well-defined for LLM consumption.

“Generative AI will advance API management initially by automating routine tasks, like API documentation, and streamlining the integration process, allowing developers to easily use the best AI models,” adds Marco Palladino, CTO and Co-Founder of Kong. He also foresees API gateways as playing a critical role in integrating with various LLMs, helping to select the optimal one for the user needs, which could help developer productivity for AI-based projects.

AI-pair programming is altering the software development landscape and changing how we interact with APIs. “As these bots get better, we can imagine that more complex use cases will emerge,” writes Abhinav Asthana, CEO of Postman. “Generative AI-driven interactions will make us rethink the ways in which we will build software for the future.” He predicts that going forward, all software interfaces will have creative companions that fetch information and execute actions on our behalf.

Several AI-driven bots are already available for APIs. For instance, Postman’s Postbot is an AI assistant that can help generate API tests given natural language input. Alfred can ingest API documentation and offer integration and testing advice. Individual API providers are also utilizing generative AI — take Bill, an experimental GPT-powed AI assistant embedded into the Plaid documentation.

Improving Testing and Security

AI could be used to predict issues through advanced testing and dynamically manage APIs to improve reliability and optimize performance, says Schroeder. Another capability is to generate contracts that consider the organization’s standards, says Dumas. Contract testing analyzes the interactions between different parts of a system and its baseline standards — a type of analysis that LLMs accel at.

AI-augmented testing is already being integrated into some leading API management tools. As Kilcommins describes, SmartBear is advancing AI across testing, API, and observability, as represented in their recent acquisition of Reflect, a gen AI-powered no-code web application testing platform. “Our commitment to AI advancements aims to keep teams in control, pushing the boundaries of software development efficiency and collaboration,” he says.

AI can also assist with runtime security analysis. As API security researcher Katie Paxton-Fear describes, Traceable has already begun utilizing generative AI to address challenges in API discovery, security testing, and runtime protection. “We use machine learning models more generally within our data analysis, examining API traffic from the gateway to identify vulnerabilities, attacks like DDoS or credential stuffing, and fraud,” she says.

Building More Flexible Interfaces

Today’s APIs typically have specific endpoints for predefined applications and user experiences. However, generative AI changes things at a deep level, says Matt DeBergalis, CTO and co-founder of Apollo GraphQL. “Many users will undoubtedly prefer more flexible and free-form interfaces, and ultimately agents, which must be backed by more flexible, semantic APIs.” He’s specifically excited to see how LLMs dovetail with GraphQL federation, an emerging architecture for combining APIs.

An API strategy can also grant more flexibility in how users leverage AI features. For instance, an API gateway could assist with prompts that are part of public LLM requests, says Dumas. API gateways could also act as an AI abstraction layer, allowing users to automatically use the best LLM for the job at hand. As Palladino explains, this is a capability Kong recently introduced in its multi-LLM gateway to simplify AI traffic management and handle governance across models. “It streamlines prompt security, validation, and template creation, enabling centralized management without updating client applications,” says Palladino.

Similarly, Paxton-Fear sees a security benefit in placing AI decisions at the API gateway, as it could allow teams to leverage AI without fear of third parties having immature security and privacy programs. “As LLM security maturity develops and it becomes clear what the next generation of attack will be,” she says, “the risk to APIs becomes concentrated at the API gateway rather than flooding the entire attack surface.”

AI-First API Management

In nearly all walks of business, there is a pervasive excitement about the quick adoption of AI. As Paxton-Fear aptly puts it, “generative AI has gone from a niche technology to a household name.” If we turn to software development, LLMs enable more than just code generation — they can help ease operations and meet industry standards. “The advances being made promise to redefine API management, encouraging a more structured accessible ecosystem,” says Kilcommins.

Advances in gen AI are also enabling new developer experiences and will likely be pivotal within greenfield development to meet new end-user expectations. “Gen AI is poised to evolve API management by necessitating flexibility and responsiveness of its ever-changing users’ needs,” says DeBergalis.

However, the productivity gains from these human-AI interfaces must be tempered with caution. Organizations will require a new governance framework to address the bias and privacy concerns of generative AI, notes Palladino. “As generative AI matures, it’s crucial to develop new best practices and technologies for secure AI governance and usage,” he says.