Product reviews, deals and the latest tech news

ensuring APIs and enterprise integration have a dynamic future

The future of corporate integration will be shaped by APIs, which are the bedrock of digital business. APIs assist businesses to innovate through digital means by facilitating communication across disparate systems and programmes. 98% of businesses, up from 88% in2019, use or intend to utilise internal APIs, according to Gartner. Rapid expansion of APIs has outpaced the capabilities of API management solutions, so that by 2025, less than half of corporate APIs will be managed.

Technology stacks are changing as a result of the quick rate of innovation in API technology, products, platforms, and security. The ease with which an API may be integrated with preexisting applications and infrastructure is the most important consideration for chief information officers and heads of development and operations when weighing the decision to use or create the API. This emphasis on integration demonstrates how vital APIs are becoming to corporate IT systems. Using these tools, CIOs are launching digital-first initiatives that are helping their companies reach and service a whole new set of consumers.

All API integrations need to prioritise security.

The most important thing APIs have done for corporate integration so far, and will do in the future, is make sure data is secure. Protecting consumer data requires proper API security on the platform level, as demonstrated by the Twitter data leak.

API sprawl is a problem for businesses as well. If there aren’t adequate measures in place to find, track, and manage APIs, then hackers can use them to compromise apps and code, and even networks. New product releases are being pushed back because of the frequency and severity of API breaches. Almost all devops managers(95%) have had an API security problem during the past year.

When it comes to safeguarding online APIs against attacks like exploitation, misuse, and unauthorised access, the latest advancements in API protection and security are invaluable. These tools are used to secure publicly accessible APIs that were built in-house and are linked to business software. They function by inspecting API content and parameters, controlling traffic, and at the very least assessing traffic for anomalies.

Gartner’s PaaS security reference architecture shows the central role of API discovery and protection, along with API security tooling, in securing the PaaS and IaaS levels of an enterprise’s tech stacks. Source: SALT Security, API Security Tipping Point – Gartner just “Created the Category” blog post, August 31, 2021

“API security, like application security overall, must be addressed at every stage of the SDLC [software development life cycle],” Sandy Carielli, principal analyst at Forrester. “As organizations develop and deploy APIs, they must define and build APIs securely, put proper authentication and authorization controls in place (this is a common issue in API-related breaches), and analyze API traffic [so as] to only allow calls in line with the API definitions.”

Carielli stated, “Inventory is a frequent problem for businesses.” Many security teams lack complete visibility into what APIs may be permitting external calls into their environment due to the large number of APIs in existence and the inclination to instal rogue APIs (or deploy and forget). For this reason, API discovery has become a standard feature of many API protection solutions.

To combat sprawl, CIOs should engage with CISOs to implement a least privileged access strategy that fits within their zero-trust framework. This method shouldn’t be addressed independently from devops and CI/CD procedures, but rather incorporated into them. Carielli advises that before deciding on an API strategy, the development team be consulted. Put in place API discovery. Determine whether or whether your current app security technologies can handle API use scenarios. There are probably going to be some gaps and overlaps. You should take stock of the resources at your disposal before rushing out to get more.

The rules for protecting APIs need to be adaptable and flexible enough to shift as the API evolves. Static rate limitations or IP allow/block lists are examples of one-size-fits-all techniques that fail in production scenarios or when the API is being utilised at scale. It’s crucial to have a system that can learn the API’s usage patterns and take appropriate precautions.

Enterprise integration in the future will be mostly governed by graph APIs

A graph application programming interface (API) allows a programmer to access and modify data stored in a graph structure, which might comprise both objects and the relationships between them. While REST APIs treat data as individual resources with no connections between them, graph APIs take a different approach.

One possible definition of a graph API is GraphQL. By tracking and filtering item relationships, devops teams and developers may access and modify data with ease. The Facebook Graph API is an example of a graph API that serves as a single point of entry to several other APIs and data sources. The percentage of developers using GraphQL rose from 6% in 2016 to 47% in 2020, as reported by the State of GraphQL 2022 study.

There has been an increase in the adoption of graph APIs because they facilitate the creation of cutting-edge front-end enterprise applications. The use of GraphQL federation is also growing in popularity. DevOps teams and platform providers are used by companies like Airbnb and Netflix to merge several, separate subgraphs into a single graph schema.

The useful metadata that is attached to the connections between data elements may be modelled, exposed, and used by businesses thanks to graph APIs.

Graph APIs have gained popularity because they provide developers with a simple way to access data without any outside intervention.

Unlike REST APIs, which adhere to a more strict format, graph APIs allow API users to specify the precise data they wish to be provided in the API response.

In addition, several businesses provide graph APIs that facilitate data access in numerous software programmes. The SAP Graph API, for instance, gives access to a wide range of SAP programmes like SuccessFactors and S4/HANA, whereas the Microsoft Graph API grants access to a wide range of Microsoft apps like Azure AD and Exchange Online. An increasing number of API management tools are adding GraphQL support.

An API life cycle management system is a given

DevOps teams in large organisations need API life cycle management tools to effectively manage and oversee the growing number of APIs required to support multi-experience apps and digital transformation. With the help of API life cycle management, businesses may rely more heavily on API services to create fresh income opportunities.

When it comes to protecting your organisation from the dangers connected with API breaches, you can rest assured knowing that all API life cycle management solutions include security features. Between 2021 and 2026, the application programming interface (API) management market is expected to expand by $6.7 billion, representing a CAGR of 20.6%. (CAGR).

API use in companies is booming, expanding by over 200% as CIOs implement them to link systems, apps, devices, and other businesses, which contributes to the fundamental role that API life cycle management plays in determining the future of corporate integration. Another reason is that APIs are becoming increasingly popular in devops and other areas of software engineering as businesses move toward widespread use of cloud-native architectures, especially in the areas of microservices, service mesh, and serverless computing. APIs play a crucial role in these methods since they allow for easier collaboration between various parts and services.

In 2023, there will be two noteworthy API updates

As 2019 progresses, event-driven APIs will be an important development to follow. These are proven to be useful in allowing for quicker reaction to streaming analytics, which is used by many businesses to develop new business models and digital transformation projects. Push notifications, which are made possible by event-driven APIs, are faster and less resource-intensive than polling.

With the release of version 3 of the OpenAPI Specification (OAS) in 2017, a new standard was established for the distribution of APIs. Specifically, it has callbacks for expressing event-driven APIs. In February 2021, OAS version 3.1 was published, and with it came support for webhooks, a common technique for developing event-driven APIs that can be accessed over the internet. While webhooks may be used to construct event-driven APIs, it’s crucial to remember that they only enable a one-to-one communication pattern, rather than the many-to-many pattern that is feasible with event-driven architecture (EDA).

This year, you should also keep an eye on API security testing, an emerging technology for discovering API flaws. General application flaws like injection attacks and API-specific problems like improper object-level permission must also be investigated. Technology built on top of APIs is used to “find” previously undiscovered APIs that are available to the public.