Top Expectations for API Products in 2021 Posted inStrategy Thomas Bush March 2, 2021 With more APIs hitting the web every day, API owners are always looking for new ways to maintain an edge. Thankfully, there’s no secret about what organizations and their developers expect these days. In this article, we’ll summarize 15 of the most crucial consumer expectations for API products in 2021 across five broad themes:DocumentationSecurity and ComplianceReliability and PerformanceToolingDesignDocumentationAccording to Smartbear’s State of API 2020 report, “accurate and detailed documentation” is the second most important characteristic in API for consumers, topped only by “ease of use”. The accurate part is pretty self-explanatory, but examples, errors, and authentication are some of the details the report describes.ExamplesExamples, including code samples, are an essential part of API documentation. Consumers have come to expect that they can see how an API works in the docs — not just read about it. For the best possible Developer Experience, include examples in the quickstart guide, authentication/authorization guide, and each endpoint.ErrorsErrors and error messages may be overlooked in the first iterations of your documentation, but Smartbear’s report reveals they’re a must for consumers. If you want to improve developer retention in scenarios where issues arise, outline what errors mean and why they are thrown in your docs.AuthenticationNew authentication standards significantly improve API security, but they can be confusing at times. As such, the status quo is now to explicitly document your authentication process — often on a dedicated page in your documentation. Yes, include errors and examples here too!Security and ComplianceSpeaking of security, this is also an area where consumer expectations are rising, as reports Postman. Consumers want token-based authentication, flawless internal security, as well as compliance with regulations and standards.Token-Based AuthenticationDevelopers are becoming more and more familiar with token-based authentication schemes like OAuth 2.0 and JSON Web Tokens. It’s safe to say they’re becoming a must when sensitive data is at play; key-based authentication just won’t cut it anymore.Internal SecurityAlthough it may not face them directly, airtight internal security is a must for consumers. It’s essential that API owners with even the best track records review their security policies, as security breaches will likely continue to grow in 2021. A good strategy is to think like a black hat, and review the OWASP top 10 API vulnerabilities to mitigate issues before they are exploited.ComplianceAlongside security, compliance is an increasingly relevant topic in the API industry. For example, consumers looking to offer their services in the European Union need confidence that API owners are adhering to GDPR when handling end-user data. Even in yet unregulated areas, compliance with industry standards like FHIR makes APIs more and more attractive. Facing data regulations like HIPPA, GDPR, and PSD2, Chief Information Security Officers need to confirm compliance before integration, influencing the buying process. This is an initiative API catalogs like API Discovery and others are starting to implement.Reliability and PerformanceAs evidenced by data from both Smartbear and Postman, reliability and performance is another area of great importance for consumers. In fact, API aggregators like API.expert and API Tracker are already incorporating reliability ratings. Consumers expect minimal downtime; when it does occur, notifications and immediate fixes are a must to enable business continuity and ease frustration.100% Uptime, 300ms LatencyNear 100% uptime is becoming an industry standard. A cursory glance through API.expert shows that many industry leaders successfully maintain five nines (99.999%) or higher; those who don’t are often close behind with 99.99%, 99.98%, or 99.97% uptime. In terms of performance, a median, worldwide latency of under 300ms appears speedy enough for most consumers.CommunicationWhen things do break, consumers have made one thing very clear: they want to be notified as early as possible. All this takes is a short email, and in turn, these consumers can notify end users of broken functionality and make changes where possible. Smartbear data also reveals that continued communication is a must as steps are taken to resolve the issue, as well as when it is ultimately fixed.Immediate FixesJust telling consumers about issues isn’t good enough. Nowadays, Smartbear reports that more than 50% of consumers expect immediate fixes or at least workarounds (such as backup APIs). There’s no surprise here: APIs are often used to power business-essential processes.ToolingDocumentation isn’t the only way you can make consumers’ lives easier. Providing plenty of tooling is a great strategy for improving developer experience, and most organizations are already doing it with SDKs, specifications, and sandboxes.SDKsSDKs are perhaps the most useful “tool” an API owner can offer. It’s not uncommon to see leading API providers boasting anywhere from three to ten SDKs, with mobile environments (namely iOS and Android) often included. API providers are now considering ways to improve SDK usability, and methods to auto-generate SDKs through the use of API specifications.SpecificationIt may not be a tool per se, but sharing an OpenAPI or GraphQL spec for your API opens the door for consumers to utilize a wide range of third-party tools like Postman. Bear in mind: the more you give consumers to play with, the less they need to experiment with your production endpoints!SandboxesSandboxes, also known as mock APIs, are also an increasingly frequent tooling expectation in the API space. They’re especially common for financial APIs (see PayPal or Square), enabling consumers to test their applications without putting real money on the line.DesignAPI design is also of utmost importance, especially for a quality developer experience. Consumers want to see the use of modern, appropriate design styles and architectures, as well as consistency within and across APIs.Modern StylesWhere applicable, consumers expect to see modern API design styles like REST and GraphQL. While REST is very much the industry standard (with Postman reporting its use among more than 90% of consumers), GraphQL’s popularity is steadily rising thanks to its efficient data fetching. GraphQL search popularity according to Google trendsAlternative ArchitecturesAlternative API architectures like streaming and event-driven architectures are also growing in popularity. In fact, Postman reports that webhooks are now the second most popular API design style, used by one in every three API consumers. That’s not to mention the whole host of other event-driven protocols!ConsistencyConsumers want to see consistency within and across APIs. Maintaining consistency within an API is just good practice, but maintaining consistency across an entire portfolio of APIs means implementing governance strategies such as style guides (see our recent article on API Improvement Proposals).The API Bar Rises in 2021Consumers have higher standards for APIs than ever before. Across five themes, we’ve collected 15 of the most important expectations for API products going into 2021, as evidenced by data from Smartbear, Postman, and Google. So, what changes will you be making to your API portfolio?