Industry executives and experts share their predictions for 2023.  Read them in this 15th annual VMblog.com series exclusive.

API-first companies will prevail, and others to follow

By Kin Lane, Chief Evangelist at Postman

Stepping into the new year, the need for interoperable technologies will only continue to skyrocket. In Postman's 2022 State of the API report, 89% of respondents said investments in APIs (application programming interfaces) will increase or stay the same over the next 12 months, despite economic headwinds. Here are four reasons why:

APIs are the essential backbone of most, if not all, the services we now rely on, including Twitter, Facebook, Toast, and so on. APIs are the key ingredient to a fast, interoperable, and standardized partnership. To meet the demands of business in the digital world, companies must partner with one another to move the needle quickly. Public APIs make it simple to collaborate and provide set processes that allow companies to publish APIs within minutes, as opposed to days or months.

The leading industries pioneering API-first partnerships to date are finance, healthcare, retail, and commerce - each an essential asset to our economy and society. Still, they all face the hurdle of expedited digital transformation. In 2023, across every industry, we'll see another resurgence of enterprise partnerships to stay competitive in cut-throat markets, renewing organizations' commitments to public APIs via tightly controlled workspaces that allow them to.

API breaches such as the FBI, Twitter, Optus, and so many more have taught us that API vulnerabilities are not slowing down anytime soon. If API security is not at the top of a developer's to-do list, then you can guarantee it will be at the top of a malicious actor's list. The persistent attacks on APIs will force security and IT groups to change tactics when engaging with engineering teams, getting them more involved earlier in the API lifecycle.

API-first organizations typically have fewer run-ins with API vulnerabilities, as APIs are visible throughout the development lifecycle. Additionally, these organizations are configured within regulation of the OWASP Top Ten from the beginning and can properly support the API once it's live and thereafter. If the FBI can unintentionally publish an unsecured API, it's a mistake we all are capable of. That's why in 2023, I implore developers, IT teams, entrepreneurs - anyone working with APIs - to always, always check off their OWASP list before publicly or privately launching an API.

API security and governance flaws directly reflect the fast pace of tech and how that can result in incorrectly securing things along the way; it's not rocket science. For example, the 2020 CMS digital health record access/interoperability rule expedited mandated APIs within the healthcare sector without governance or cybersecurity regulation.

That said, this is a part of the industry/government push-and-pull. The industry wants fewer regulations, yet, after working for the Obama administration and the European Commission on streamlining partner relations via APIs for the Department of Veterans Affairs, I quickly learned regulations will be what drives action ongoing. It also helps get all organizations on the same page around proper standards and creates a shared resource.

Through likely increased governance in 2023, engineering leaders will (or should) realize they must possess that common vocabulary and definition for describing and collaborating across the API lifecycle. This will force them to become more opinionated on how APIs are produced, while better defining how they are consumed.

As businesses struggle with the sprawling API landscape that exists across their operations, which is needed to properly govern their businesses, more centers of API excellence (CoE) will emerge from enterprises' CIO and CTO offices over the next year. These resources and expertise are specifically designed to create and support APIs and all of their universal needs. Allowing developers to focus more on what they care about and less on the nitty gritty.

It is undisputed that APIs are the building blocks of modern software and a requirement to gain a digital edge. While it can be challenging to wade through the rising digital waters, and the constant changes can make people feel like they're drowning, APIs are a way to turn some knobs and levers to get more control over their business or project. Because of this, we're seeing more people of all experience levels getting their hands on APIs - not just developers. Whether it be for security, payroll, marketing campaigns/automation - anything at all - there's an API facilitating its automation. The more business folks and non-developers understand APIs, the more they will gain control over their life.

Because of this, in 2023, it will become even more clear: APIs aren't just a technical consideration. They are a business imperative.

##

ABOUT THE AUTHOR

Kin Lane is Chief Evangelist at Postman, a leading API platform used by more than 20 million developers and 500,000 organizations for building and using APIs.