APIs are growing faster than developers can handle
As a developer, you’ve probably worked with or heard of APIs at some point. APIs are becoming an increasing part of our professional lives; for better and for worse. This year, The State of the API Report was released by Postman and it shows some exciting growth within the world of APIs, but some challenges have also come to light as a result. About 37,000 people took the survey, and the insight gained from the respondents is pretty eye-opening.
When looking at the results of the survey, it’s not surprising that API development is increasing every year. Of the 37,000 respondents, about 51% said that “more than half of their organisation’s development effort is spent on APIs”. Postman points out that that is a 2% increase from 2021 and an 11% increase from 2020! On top of that, the companies that consider themselves “API-First” reported the fact that they utilise public APIs more than ones built within their own company (I know what you’re thinking — “Security risk!” — and we’ll get to that later). As for the companies that do not consider themselves API first, they still use public APIs, but they use their own more often.
Obviously APIs are a huge part of modern companies, and this is what makes the issues we are finding more important… and scary!
First and foremost, the report noted the “lack of API design skills”, meaning companies are having difficulties finding people who are experienced with APIs and this can lead to some serious problems. Postman mentions “an overproliferation of microservices”, which is natural. The benefits of microservices are so large when it comes to application development and maintenance, that it is no wonder almost all software is being re-architected. But too much of a good thing creates problems elsewhere, and here what we find is that microservices create a lot of surface area where data needs to be transferred.
I’m even more concerned about how all these new APIs are being protected. After all, if developers are generally less experienced with APIs than companies expect, what holes or gaps are they leaving??
Unfortunately, there are quite a few instances where those gaps are very large; it’s difficult to defend something that a lot of us are still figuring out how to build.
Perhaps the most alarming point of the report is that about 20% of respondents stated that at least 1 API security breach occurs at their organisation every month! Companies face cyber attacks on every front, and for the most part have risen to meet that challenge, but they must now deal with a new kind of continuous threat.
So, it seems like developers are in a Catch-22, doesn’t it? We have to protect our APIs as they become more and more integrated into everything we do; but at the same time we generally do not have the experience needed in order to keep up! And to make matters worse, many Computer Science degree programs do not teach much about APIs.
Thankfully, developers don’t have to do everything themselves. There are free courses out there to help us learn more about APIs, and there are programs that can help developers with their responsibilities by automating certain processes such as security and data analysis (like Darkspark!). So even though many developers may be new to APIs (I know I still am!), we can help each other out in learning and protecting this new space.
Originally published at https://www.bycontxt.com on October 19, 2022.
