Why APIs should be your priority in a Gen AI-dominated era

In today’s rapidly evolving technological landscape, businesses are facing a new challenge: the rise of Gen AI. With its rise, there is an inevitable explosion in the number of AI-driven applications that are introduced. To stay competitive, organisations need to be able to quickly and easily integrate these into their operations. One of the key tools for achieving that is APIs or application programming interfaces.

In this article we will explore why APIs should be a top priority for businesses in a Gen AI-dominated era. We will then discuss the challenges that API growth introduces, and bring a perspective on how to combat these with the use of modern tech.

What is an API and why do we need them anyway?

An API (or Application Programming Interface) is a technology approach through which systems can talk to each other in a standardised and programmatic way. Applications externalise the services they provide and the language they understand so that it is easier for other entities (users, applications, and other businesses) to interact with them and consume their services.

When explaining what an API is, I like using the restaurant and waiter example. Imagine the customer goes into a restaurant the waiter presents them with a menu, the customer looks at the menu, places their order, and the waiter communicates the customer’s order back to the cook. In that scenario, the waiter is the API explaining clearly through the menu what the available services are and then the waiter (the API) places the order with the cook who is the backend service externalised by the waiter. The waiter does not necessarily know the details or the recipe of how the dish is made and they would not care about this. Same with the API, it does not care about the make up of the underlying service it has exposed.

Gone are the days when APIs are considered as pure technical components. Nowadays they have to be treated as products that bring business differentiation. APIs have many business benefits: providing faster product go-to-market, better customer engagement via personalised services, ecosystem activation, and partner enablement. APIs can ignite innovation at scale in the organisation by allowing developers (internal or external/third-party), innovators, and other stakeholders to build digital products on top of APIs.

And…What is Generative AI?

Gen AI is a class of artificial intelligence capable of generating various forms of content through deep learning techniques¹. It can create new content and generate output in different modalities like text, voice, images, video. It can be manifested in different ways. Examples include: chatbots generating textual content or used for creative writing, synthesising images and video, and composing music or mimicking voices.

Businesses are increasingly creating and adopting Generative AI technologies, with APIs providing that necessary “glue” to integrate these technologies into existing or new systems to create a continuous flow of data and information.

More Gen AI applications bring more APIs. Is this a correlation?

Yes, I believe this statement is true for several reasons. Let me explain.

As it becomes easier for enterprises to develop more generative AI applications, they will need to integrate these with their existing systems and data sources. Gartner estimates that “by 2026, more than 80% of enterprises will have used generative AI APIs or models, and/or deployed GenAI-enabled applications in production environments, up from less than 5% in 2023”². This will require creating new APIs or modifying existing ones to enable the necessary communication and data exchange between systems.

In fact, Gartner, in another recent publication, makes the case for “access democratisation to Gen AI models and applications”³ as a result of the modern infrastructure options that we are presented with (cloud computing, open source etc.) and goes on to state: “As a huge number of GenAI models, tools and applications are being made available as APIs in the public cloud, developers will only see their appetite to build applications using these APIs grow over time”³.

Furthermore, a lot of AI Services will not be reachable if not exposed by APIs. As generative AI applications become more sophisticated and complex, they will require more advanced APIs to support their functionality. This may involve the creation of APIs that can handle more complex data structures, orchestrate the outputs of AI systems, or that support real-time data processing.

Let’s relook at our earlier example of our API/waiter, but improve the interaction with GenAI technology. This time, our waiter doesn’t have a menu for our customer. Instead, the customer provides a series of requirements, otherwise referred to as prompts. The customer wants a unique three-course meal, they are allergic to seafood and love Thai and Mexican food and they would prefer a Michelin guide-recommended chef. It also needs to use ingredients within 20km radius of the restaurant.

These all translate to API requests. So, if there are no APIs (or not well-documented APIs) to interpret these, the AI services will not be reachable by these sorts of interactions. In other words, the development of more generative AI applications will inevitably lead to the creation of more APIs.

APIs are good… but what about the challenges surrounding their explosive growth in the Gen AI era?

My humble view is that this will present several challenges for businesses, including:

• API management: businesses will need to manage and maintain a larger number of APIs either on premise or in the cloud. This can be challenging, as each API may have different requirements, dependencies and compatibility concerns.
• Security: businesses will need to ensure that their APIs are secure and protected from potential threats. This includes implementing authentication and authorisation mechanisms or monitoring API activity to detect and respond to potential security anomalies. One example here is spotting and preventing DDoS attacks on your Gen AI APIs or identifying Large Language Models (LLM) content input and output policy violations. Regarding the latter, this is where enterprises need to ensure that prompt questions and answers abide by corporate policies or other cases where outputs can be candidates for misinformation (“prompt injection” is a developing adversarial technique), hallucination or bias and can lead to unintended or harmful outcomes⁴. My colleague Mohit Kapoor has written an article on “Unveiling the API Threat Landscape” where you can find additional information on the topic.
• Governance: businesses will need to establish governance processes around their APIs’ lifecycles to ensure they are developed and managed in a consistent and standardised manner. This includes establishing API design standards, documentation requirements, versioning policies, backwards compatibility, and support models once they are in production.

In a nutshell, the significant growth of the number of APIs is expected to bring in several challenges for businesses. This includes the ability to manage them efficiently, the possibility of incurring security breaches, but also the challenge to be able to take full control of their lifecycle so they are developed uniformly across the organisation. These challenges will have to be proactively addressed, so businesses can ensure that their APIs are secure, reliable, and scalable.

So how do we go about it?

How can tech help address these challenges? The role of API management

As we saw, the rise of APIs poses complex challenges. I believe that some sort of technological intervention is required to alleviate these pain points. API management technologies can help with the challenges presented by the substantial growth in APIs in several ways:

• API management to scale AI within the organisation: API management platforms provide businesses the ability to manage and maintain a large number of APIs, with tools for API design, development, testing, deployment, and monitoring, as well as analytics and reporting capabilities. This enables businesses to manage their APIs effectively and efficiently and ensure that they are secure, reliable, and scalable. That in turn empowers product owners and enables the scaled use of GenAI across the organisation” by scaling and deploying AI models.
• API management for secure and responsible AI: API management platforms also provide a range of security features to protect APIs from potential threats. This includes authentication and authorisation mechanisms, as well as rate limiting, IP filtering, and data encryption capabilities for when data is on the move using secure protocols like HTTPS (with TLS and certificate exchange to cryptographically verify identities). They also provide tools for monitoring and logging API activity, enabling businesses to detect and respond to a range of potential security breaches emerging from the use of Gen AI. This translates to a more secure and responsible AI which is a big push and priority for C-level executives nowadays. Deloitte has published a comprehensive framework on this front.
• API management for frictionless Integration: An API management platform, can make AI services easily available to developers so they can consume these natively. Maybe your developers don’t have cloud skills and want to consume the APIs with as little friction as possible. API management platforms make it easy to manage API dependencies, ensuring that APIs are compatible with each other, and manage changes to APIs over time, removing the barriers to efficient integration.
• API management for Agile Governance: Technologies in this space also provide intuitive tools for establishing API design standards, documentation requirements, and versioning policies. In addition, role-based access control and audit logging capabilities are there to help businesses establish governance processes and ensure that APIs exposing Gen AI services are developed and managed in a consistent and standardised manner.

To cut a long story short, API management can help businesses address challenges presented by the explosive increase in the number of APIs you have in your organisation. They can do that by providing a comprehensive API management platform that enables businesses to manage their APIs effectively and efficiently and ensure that they are secure, reliable, and scalable.

Bringing it all together… What does a reference architecture look like for Gen AI and APIs?

A typical Gen AI architecture will normally be comprised of the following layers:

A. Consumption/Presentation Layer.

• This is the Business Users or Developers or applications accessing a service or consuming these to build a product.
• There are two types of consumers:
• Individual — Gen AI available and accessible to everyone
• Enterprise — Are concerned as to how their users access the data via Gen AI Services, as well as programmatic access to APIs

B. Service Management Layer

• This layer accepts consumer interactions, performs security and validation, and forwards API requests to Gen AI services
• Functionality: Authorisation, Authentication, Auto Discovery, ACL, JSON structure. Validation, Service Routing

C. Gen AI Service/Application Layer

This layer encapsulates the functionalities of the Gen AI services/models that exposed via APIs and managed at the layer B. above.

Types:

• Pre-trained Gen AI data models: Large Language Models (LLMs) are a common demonstration of this type of Gen AI. “Speech to text” and “Text to image” type functionalities fall within this category. This type of Gen AI can be consumed directly “as-is” or by first enhancing the foundation models with data retrieved from additional document databases. This requires a retrieval/search step before using the generative models.
• Enterprise Gen AI applications: Gen AI capabilities built into enterprise applications that organisations introduce in their estate. An example would be using a commercial design application with image-generating capabilities (e.g. canva and miro).
• Customisable Gen AI as a service: Customisable Gen AI models via training. Foundation Gen AI models (e.g. LLMs) are customised for a use case or even built from scratch: the most complicated option. Public cloud providers (AWS, Google, Azure) provide such models, as do smaller startups such as prevision.io .

D. Data Sources

This includes the various sources that are used to train and feed data into the generative AI models. These include internal data sources like customer, transactional or operational data (e.g. logs), as well as external data sources such as social media, weather and news data.

The above is illustrated in the following diagram:

Conclusion

In conclusion, I would like to leave you with a few key takeaways and a question!

APIs are essential for businesses in a Gen AI-dominated era. They provide the necessary infrastructure to integrate AI technologies, create new products and services, enable collaboration and innovation, and provide more personalised experiences for customers.

Gen AI is here to stay and organisations will harness its value to increase productivity, remove inefficiencies and cut down costs.

On the other hand, the forecasted explosion of the number of APIs through the use of Gen AI will present several challenges for the modern business, including how to manage, secure and govern their APIs.

Corporate teams will inevitably incorporate Gen AI in their processes; and with APIs being the façade of Gen AI services and how these are consumed. They will have to act fast and intelligently to mitigate risks and threats arising by its usage.

By addressing these challenges proactively, businesses can ensure that their APIs are secure, reliable, and scalable, and that they can effectively leverage the power of Gen AI to support their business operations and remain competitive in an ever-changing technological landscape.

API management technologies can help you overcome expected obstacles, mitigate significant risks, and be a great fit within a modern Gen AI reference architecture.

What is your approach to deploying Gen AI in your organisation? What are the biggest challenges you are facing and how do you go about them?

Feel free to connect and send through your messages and questions. Happy to get the conversation going!

Disclaimer

Note: This article speaks only to my personal views/experiences is not published on behalf of Deloitte LLP and associated firms, and does not constitute professional or legal advice.

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.

References

1. Everest Group, (2023) Generative AI Solutions — Provider Compendium 2023. [Online] Available at: https://www2.everestgrp.com/reportaction/EGR-2023-71-R-6289/Toc?SearchTerms=Generative%20AI (Accessed: 31 Jan 2024)

2. Gartner, (2023) Hype Cycle for Generative AI. [Online] Available at: https://www.gartner.com/document/4726631?ref=solrAll&refval=389918090&toggle=1&viewType=Full (Accessed: 31 Jan 2024)

3. Gartner, (2023) Top Strategic Technology Trends for 2024: Democratized Generative AI. [Online] Available at: https://www.gartner.com/document/4836731?ref=solrAll&refval=389918618& (Accessed: 31 Jan 2024)

4. Gartner, (2023) 4 Ways Generative AI Will Impact CISOs and Their Teams. [Online] Available at: https://www.gartner.com/document/4490999?ref=hp-wylo (Accessed: 31 Jan 2024)