API Trends for 2023

It is a good time to consider what will be important for APIs in 2023. A helpful starting point for this is to review and reflect on research that is available, in this case Gartner’s Hyper Cycle for APIs, 2022.

The key themes that come through from Gartner’s research are:

1. Open, Public Productised APIs: in the same way that you need a mobile experience, you need a developer experience for others in your ecosystem to integrate with and build on.
2. Rise of REST Alternatives: other protocols, patterns and technologies like event-driven APIs, GraphQL and gRPC are gaining maturity and broader acceptance.
3. API Security: APIs pose a significant security threat particularly when paired with the rise of Open APIs.  

Let’s unpack each of these themes further. 

Open, Public, Productised APIs

The future is a place where the key ‘functions’ of an organisation will be exposed as APIs, through a strong developer and partner experience. This is an irreversible trend. 

It reminds me of the rise of mobile and the rise of human centred design. There was a time when a business could get by without having a mobile experience but overtime that experience became essential. There was a time when a business could just put a website or app out and expect users to figure it out, not any more. You need to invest in experience. It’s the same with APIs.

You can almost get by without Open, Productised APIs right now but within the next year or so failing to have a strong developer experience will be a significant competitive disadvantage.

I’ve seen partnerships with otherwise strong commercial terms delayed or abandoned because one of the partners could not provide a modern API. 

This theme comes through from multiple points in Gartner’s research:

• Partner Ecosystem Management Platforms and Business Ecosystem Modelling have emerged.
• The shift in Gartner’s tracking to industry specific trends around Open APIs across the board, from Finance to Insurance, to Health.
• API Standards, Marketplaces and Developer Portals all reaching parts of the cycle where they really start to deliver value.

Rise of REST Alternatives

REST, an approach to the architecture and design of APIs, has been the gold standard for APIs for years now. It’s now one of a handful of alternatives that are worth considering like gRPC, GraphQL and event-driven architectures.

• REST: treats your organisation’s data and capabilities as resources to be interacted with. Its simple design, widespread usage and clear interface definitions are what have made it the standard it is today. It’s easy for other parties to consume and agree on.
• GraphQL: GraphQL has been around for a while and, in some ways, is an iteration on REST that gives more power to the consumer of the API to control what they ask for and get back from an API. It’s gained meaningful adoption for teams building user interfaces on internal APIs.
• gRPC: Google’s Remote Procedure Call framework provides, in essence, an API framework for applications and services to interact with each other including allowing a client application to call and behave as a low level object on a remote service. 
• Event-driven architecture: this is the use of events as a central object for services and applications to interact with each other. AsyncAPI is an open source community worth checking out here.

API Security

APIs are an increasingly troublesome threat vector to secure. 

• It’s hard to keep track of APIs, not just what you build, but what your various systems expose. 
• You need to expose APIs and access external APIs, meaning you can no longer have a blanket block on traffic and that the information flowing through those APIs can be a problem.

When you pair this with the trend for more and more APIs to be opened up to the outside world and the drive for your software vendors to be doing the same, you only increase the surface area of security challenges.

Gartner’s Hype Cycle for APIs, 2022

Here is Gartner’s chart in full: