APIs are seen as the cornerstone of modern software applications, as they allow developers to efficiently stitch together multiple services and build better apps faster. With the continued rise of microservices architectures and cloud computing infrastructure, APIs are the main way in which software interacts with software, both within and between organizations. Today, developers are spending more than half of their time on APIs, underscoring how important APIs are to modern software development.

Microservices architectures decompose applications into smaller services that can be independently managed and updated. With services now organized around business lines or functions, microservices offer increased flexibility and modularity, making applications easier to develop, test, deploy, scale, and maintain. As companies increasingly leverage microservices and engage with third-party and open APIs to create applications, the volume and complexity of enterprise API footprints are exploding. In web development, serverless architectures are abstracting away backend infrastructure behind APIs, which is leading to a decoupling of the backend from the frontend. These trends underlie an unbundling of the software stack and a move towards API-led SaaS, where software is consumed in smaller component parts. 

There has also been a recent emergence of new web API protocols/frameworks like GraphQL and gRPC which enable a step-function improvement in performance, leading to the creation of new types of applications. As a result of these shifts, an entirely new infrastructure software layer around API development, management, networking, monitoring, and security has emerged (see below landscape).

GraphQL has been widely adopted by large enterprises like Facebook, Yelp, and GitHub, who have reported significant improvements in application performance and developer productivity. With GraphQL, developers can specify exactly what data they need wrapped in a single request, reducing unnecessary, repetitive data fetching and improving overall application performance at scale. This attribute is especially advantageous for large-scale applications with numerous front-end clients that require high-performing data retrieval.

GRPC is another modern API protocol that is gaining popularity amongst developers. It is a high-performance, open-source framework for building remote procedure call (RPC) applications. With GRPC, developers can write efficient, fast, and scalable distributed applications, enabling microservices to communicate with each other. GRPC also supports a range of programming languages, making it a versatile option for application development.

As APIs have come to the forefront of application development, tooling around building, authenticating and testing APIs and writing their documentation have arisen in the form of collaborative software platforms. These companies emphasize the collective power of the engineering community towards faster and more robust API development, improved governance, and tighter security downstream. The growing overall trend towards sharing data externally, spurred by API-first businesses, has contributed to the growth of API marketplaces that provide a place for developers to upload, distribute and monetize their APIs as well as provide a space for consumers to discover and implement APIs for their own products.

In microservice architectures, apps are broken down into a network of back-end services that perform specific business functions. Both open source and commercial product offerings have developed around the concept of service mesh – the management of inter-service communication that will only grow in complexity as additional microservice applications are built. New innovations have also arisen around the API Gateway in terms of routing efficiency, security, real-time tracking and scalability.

The rapid proliferation in both closed and open API development has led to a corresponding rise in security concerns. APIs are now commonly used as a primary target for attackers, as they are directly used to access underlying sensitive software functions and data sources. Existing cybersecurity solutions like Web Application Firewalls (WAFs) and older models of API gateways do not offer comprehensive coverage, and per Gartner research issued in 2022, APIs have been noted as the #1 attack vector today. 

Security leaders note identifying, inventorying, and securing APIs as a critical pain point within their organizations, and see implementing API security solutions as a top priority over the near term horizon. 

As more organizations recognize APIs as the building blocks of modern software, we believe tooling and services around API design, testing, security, and networking will continue to advance and capture developer mindshare. 

***

This thought piece was originally shared with TCV’s TCXO community. TCXO brings together executives across functional domains to share best practices, unpack challenges, and foster networking opportunities. Members will have access to exclusive TCV content, events, and programming. Sign up to here to join the network.