APIs come in all different shapes and sizes. I focus on a specific type of APIs that leverage web technology for making data, content, and algorithms available over the Internet. While these APIs are available on the open Internet, who has the ability to discover, and put them to use will vary significantly. APIs have gained in popularity because of successful publicly available APIs like Twitter and Twilio, something that has contributed to these types of APIs being the dominant narrative of what APIs are.
A lack of awareness of what modern approaches to API management can do for securing web APIs as well as the dominance of this narrative that APIs need to be open like Twitter and Twilio tends to set the bar to unrealistic levels for API providers. Who has access to a web API is just one dimension of what APIs are, and sharing content, data, and algorithms securely via the web should be the focus. It's not whether or not we should do public or private APIs--it is about how you will be sharing your resources in a digital economy.
While I encourage ALL companies, institutions, and government agencies to be as transparent as they possibly can regarding the presence of their APIs, its documentation, and other resources--who actually can access them is entirely up to the discretion of each provider. You should treat ALL your APIs like they use public infrastructure (aka the web), secure them appropriately, and get to work making sure all your digital resources are accessible in this way, not being bogged down by useless legacy discussions.
Which is why I support putting the concept of the public API to rest as a dominant narrative around what is an API--you shouldn't hear me talking about public vs private anymore. If you do slap me.
