Top Expectations for API Products in 2021 Posted in Strategy Thomas Bush March 2, 2021 With more APIs hitting the web every day, API owners are always looking for new ways to maintain an edge. Thankfully, there’s no secret about what organizations and their developers expect these days. In this article, we’ll summarize 15 of the most crucial consumer expectations for API products in 2021 across five broad themes: Documentation Security and Compliance Reliability and Performance Tooling Design Documentation According to Smartbear’s State of API 2020 report, “accurate and detailed documentation” is the second most important characteristic in API for consumers, topped only by “ease of use”. The accurate part is pretty self-explanatory, but examples, errors, and authentication are some of the details the report describes. Examples Examples, including code samples, are an essential part of API documentation. Consumers have come to expect that they can see how an API works in the docs — not just read about it. For the best possible Developer Experience, include examples in the quickstart guide, authentication/authorization guide, and each endpoint. Errors Errors and error messages may be overlooked in the first iterations of your documentation, but Smartbear’s report reveals they’re a must for consumers. If you want to improve developer retention in scenarios where issues arise, outline what errors mean and why they are thrown in your docs. Authentication New authentication standards significantly improve API security, but they can be confusing at times. As such, the status quo is now to explicitly document your authentication process — often on a dedicated page in your documentation. Yes, include errors and examples here too! Security and Compliance Speaking of security, this is also an area where consumer expectations are rising, as reports Postman. Consumers want token-based authentication, flawless internal security, as well as compliance with regulations and standards. Token-Based Authentication Developers are becoming more and more familiar with token-based authentication schemes like OAuth 2.0 and JSON Web Tokens. It’s safe to say they’re becoming a must when sensitive data is at play; key-based authentication just won’t cut it anymore. Internal Security Although it may not face them directly, airtight internal security is a must for consumers. It’s essential that API owners with even the best track records review their security policies, as security breaches will likely continue to grow in 2021. A good strategy is to think like a black hat, and review the OWASP top 10 API vulnerabilities to mitigate issues before they are exploited. Compliance Alongside security, compliance is an increasingly relevant topic in the API industry. For example, consumers looking to offer their services in the European Union need confidence that API owners are adhering to GDPR when handling end-user data. Even in yet unregulated areas, compliance with industry standards like FHIR makes APIs more and more attractive. Facing data regulations like HIPPA, GDPR, and PSD2, Chief Information Security Officers need to confirm compliance before integration, influencing the buying process. This is an initiative API catalogs like API Discovery and others are starting to implement. Reliability and Performance As evidenced by data from both Smartbear and Postman, reliability and performance is another area of great importance for consumers. In fact, API aggregators like API.expert and API Tracker are already incorporating reliability ratings. Consumers expect minimal downtime; when it does occur, notifications and immediate fixes are a must to enable business continuity and ease frustration. 100% Uptime, 300ms Latency Near 100% uptime is becoming an industry standard. A cursory glance through API.expert shows that many industry leaders successfully maintain five nines (99.999%) or higher; those who don’t are often close behind with 99.99%, 99.98%, or 99.97% uptime. In terms of performance, a median, worldwide latency of under 300ms appears speedy enough for most consumers. Communication When things do break, consumers have made one thing very clear: they want to be notified as early as possible. All this takes is a short email, and in turn, these consumers can notify end users of broken functionality and make changes where possible. Smartbear data also reveals that continued communication is a must as steps are taken to resolve the issue, as well as when it is ultimately fixed. Immediate Fixes Just telling consumers about issues isn’t good enough. Nowadays, Smartbear reports that more than 50% of consumers expect immediate fixes or at least workarounds (such as backup APIs). There’s no surprise here: APIs are often used to power business-essential processes. Tooling Documentation isn’t the only way you can make consumers’ lives easier. Providing plenty of tooling is a great strategy for improving developer experience, and most organizations are already doing it with SDKs, specifications, and sandboxes. SDKs SDKs are perhaps the most useful “tool” an API owner can offer. It’s not uncommon to see leading API providers boasting anywhere from three to ten SDKs, with mobile environments (namely iOS and Android) often included. API providers are now considering ways to improve SDK usability, and methods to auto-generate SDKs through the use of API specifications. Specification It may not be a tool per se, but sharing an OpenAPI or GraphQL spec for your API opens the door for consumers to utilize a wide range of third-party tools like Postman. Bear in mind: the more you give consumers to play with, the less they need to experiment with your production endpoints! Sandboxes Sandboxes, also known as mock APIs, are also an increasingly frequent tooling expectation in the API space. They’re especially common for financial APIs (see PayPal or Square), enabling consumers to test their applications without putting real money on the line. Design API design is also of utmost importance, especially for a quality developer experience. Consumers want to see the use of modern, appropriate design styles and architectures, as well as consistency within and across APIs. Modern Styles Where applicable, consumers expect to see modern API design styles like REST and GraphQL. While REST is very much the industry standard (with Postman reporting its use among more than 90% of consumers), GraphQL’s popularity is steadily rising thanks to its efficient data fetching. GraphQL search popularity according to Google trends Alternative Architectures Alternative API architectures like streaming and event-driven architectures are also growing in popularity. In fact, Postman reports that webhooks are now the second most popular API design style, used by one in every three API consumers. That’s not to mention the whole host of other event-driven protocols! Consistency Consumers want to see consistency within and across APIs. Maintaining consistency within an API is just good practice, but maintaining consistency across an entire portfolio of APIs means implementing governance strategies such as style guides (see our recent article on API Improvement Proposals). The API Bar Rises in 2021 Consumers have higher standards for APIs than ever before. Across five themes, we’ve collected 15 of the most important expectations for API products going into 2021, as evidenced by data from Smartbear, Postman, and Google. So, what changes will you be making to your API portfolio? The latest API insights straight to your inbox