The Evolving World of API Discovery
27 Aug 2020
The discovery of APIs has been the single most significant issue I’ve tracked on and contributed to over my career as the API Evangelist. It is also one of the stops along the API lifecycle I have been very frustrated with due to a lack of things moving forward over the last decade. While there has been many failed attempts at folks trying to bring new API solutions to the table, the conversation really hasn’t gone anywhere. That is, until the last couple of years, where we are seeing a new crop of interesting API service providers who are looking to address API discovery in new and interesting ways, bundling the discovery of APIs with other functions that help speak to the business bottom line, going well beyond just searching for APIs across the enterprise, or on the open web.
I am tuned into a handful of new API focused startups who are coming at API discovery from a variety of angles, but one of them I have been meeting with weekly to discuss the importance of API discovery, but also API governance, is with the folks from TeejLab, who provide a view of the API discovery landscape through the enterprise risk management lens. TeejLab’s API discovery solution isn’t some API catalog or search engine, they help you discovery APIs across your existing operations, then evaluate and better manage how they are put work moving forward. Helping enterprise organizations find the existing internal, partner, and public APIs they already depend on is the #1 challenge enterprise organizations face right, and it is a problem that is only going to exponentially get worse in coming years. This is what makes TeejLab’s so relevant, in that they don’t just help you discover your APIs so you can use them, they help you assess the security, privacy, licensing, and other risks that come with unmanaged, ungoverned API chaos that exists across most enterprise organizations today.
When it comes to API discovery, TeejLab will scour your repositories, log files, and other common network locations looking for signs of APIs in usage. This type of automated API discovery is a growing trend among startups. But where TeejLab goes further than others I am seeing is the start drilling down on the details of how that APIs being used, helping understand the good and bad of this API, and all of the risk associated with putting it to use as part of operations. Once it discovers APIs it willl scan for common OWASP and PCI vulnerabilities, and generate critical compliance reports to satisfy regulatory requirements like GDPR, HIPPA, and other laws in place to product end-users. I have never met an enterprise organization that knew where all of their APIs were, making TeejLab’s approach to API discovery pretty critical, but I think it is the added value of helping you analyze, manage, and then evolve your usage of these APIs in a way that helps you mitigate risk is where it takes API discovery to the next level, and something that will begin to shift the conversation. While finding APIs is important, I think it is the additional helping you make sense of the chaos that will shift things into a higher gear in the next decade.
The ability to discover APIs at the enterprise level is critical, but what really interested me with what TeejLab is doing is applying their platform to the public sphere, and making sense of different industries. I am doing a big push into Healthcare and Fintech for Postman right now, and I am meeting weekly with Baljeet Malhotra (@BaljeetMalhotra) to discuss these two industries, but also think about how we can improve the discovery that happens within additional business sectors. TeejLab has been turning their platform outwards to discover APIs that are available publicly, but then use their algorithms to help me examine, rate, and make sense of the quality of the API that exist within each industry. I am working with a variety of API service provider partners to develop a mix of industry API toolboxes, and I’ll be working with TeejLab to help push this work into many different verticals, while also define a mix of machine readable artifacts that can help us make sense of the quality of APIs being indexed as part of these toolboxes. If I’ve learned one thing over the last decade it is that more APIs aren’t always better, and I am eager to develop more ways to help us work our way through the lesser quality APIs, and quickly find the APIs that do what we want, but also ensure we aren’t inviting more risk into our operations. Which I am learning is the most important aspect of API discovery, and the parts that are going to incentivize enterprise organizations to step and put services like TeejLab to work.
I am a big proponent of enterprise organizations developing a formal strategy for delivering and operating APIs, as well as consuming 3rd party APIs, but I also recognize that most teams are moving forward so fast that we need the help of API service providers to help us make sense of the chaos in real-time. Helping us discover the APIs that are already in use, and were developed or integrated with as part of some tactical decision, then do the heavy lifting for us to connect rogue APIs into a more holistic strategy that helps us pay better attention to the privacy, security, licensing, and other issues that plague our operations. The enterprise monolith will keep rolling forward even as microservice and other efforts work to decouple and transform the beast. While much of this will happen behind the firewalls of enterprise organizations it will always leak out via Git repositories, mobile applications, and public or partner APIs, and we are all going to need as much help as we can in making sense of what is going on. I’ll keep sharing stories about what TeejLab is up to as I continue to meet with them and map out various industries being impacted by APIs, and sizing them up alongside other API service providers I am seeing define into the API discovery space. The world of APIs is too big for me to wrap my head around anymore, and I am depending on a cadre of API service providers to help me map out and make sense of what is going on. Hopefully some of these stories can also help you understand some of the best ways to tame the API chaos that has unfolded in your world, and if these stories don’t, I’d love to learn more about what you are facing, and see how I can help steer more API service providers or open source tooling makers to help make your world a little easier.