It is a common tactic in the VC playbook of the startups I’ve worked with over the years: limit the interoperability of the platforms they invest in. You can import OpenAPI, but you can’t export Op...
When I tell people I “profiled” an API provider, they picture me grabbing an OpenAPI file and calling it a day. That is not what profiling means anymore, and Stripe is a good place to show why. A m...
I have been walking through the governance tools I am building under API Commons one a day, and today’s is the one that answers a question the others eventually raise. If governance is just Spectra...
I keep running into the same slow-motion mess. Somebody hands me an OpenAPI definition that is supposed to be the single source of truth, and when I open it up half the operations are wearing three...
I keep coming back to the same wall. Every company on earth is telling me they are all in on AI, that agents are the future, that software will soon be writing software and calling APIs on its own....
I am still working my way through the governance tools I have been building under API Commons, a different one each day, and today I want to talk about the one that goes after the hardest problem i...
I am still working my way through the governance tools I have been building under API Commons, one a day, and today’s is the one that finally makes a Spectral run legible to somebody who did not wr...
An OpenAPI tells a developer what your API can do. An agent needs more than that. It needs to know which operations are worth turning into tools, what each of those tools is honestly allowed to do,...
I have been working my way through the governance and discovery tools I keep building under API Commons, writing one up a day, and today’s is the one that answers a question almost every organizati...
I keep coming back to the same wall, and this week it has Postman’s name on it. I have spent years saying that onboarding is the part of an API that breaks first under load, and now we have agents ...
This is the next stop in my daily walk through the API Commons tools, and it is one I have wanted for a long time: a way to hand somebody a single APIs.json and have it turn into real, readable doc...
Translation is where a lot of teams quietly fork their API contract, and they don’t even notice they’re doing it. Someone in the German office needs the docs in German, so they copy the OpenAPI fil...
Stedi has taken one of the oldest, crustiest corners of healthcare—X12 EDI—and wrapped it in a modern API. That is genuinely useful work, because the X12 transaction sets that govern eligibility, c...
I keep coming back to the same wall. Every time I want to get a piece of software talking to an API, I find out that the part everyone treats as a formality, getting credentials, is the part that d...
For two years I have been saying in print that “just turn on Spectral” is a seduction and a trap — that flipping on a linter’s default ruleset in your pipeline and waiting to wake up governed is no...
Yesterday I kicked off this run through the API Commons tools with a validator you keep open in a tab, and today I want to keep the daily thread going with the tool I reach for one step earlier — b...
I made the case last week that you should govern in the IDE, where the work happens — get the ruleset in front of the engineer while they’re still typing, instead of waiting for a red CI build to t...
For all the attention FHIR gets, an enormous share of healthcare’s actual money and paperwork still moves over X12 EDI. Eligibility checks, claim status, prior authorization—these are the administr...
I keep telling teams that governance should be something you can reach for in the moment, not a service you file a ticket against. So I am spending this stretch walking through the governance tools...
Provider directories are the unglamorous backbone of healthcare. Finding a doctor who has the right specialty, in the right location, who actually accepts a given insurance plan is a deceptively ha...
Here is the problem that eventually finds every team that runs an API for more than one kind of consumer. You have a single OpenAPI definition, but you do not actually have a single audience. The p...
I’ve spent this whole series arguing that governance shouldn’t be a single gate you slam into at the end, but something that shows up at every stage of the lifecycle — in the editor while you’re au...
A couple of weeks ago I wrote about consumer API governance in an agentic world, and I keep making the argument from stage — APIDays New York, Amsterdam, and Munich next month. Arguments only go so...
I keep coming back to the same wall. Every company tells me they are all in on AI, that agents are the future, that software will provision and consume software without a human in the loop. And the...
DrChrono is a full EHR with a sprawling REST API—over three hundred operations covering everything from scheduling to billing. An API that large is exactly where workflows earn their keep, because ...
Everything I’ve written about in this series up to now — landscape mapping, OpenAPI, JSON Schema, policies, Spectral rules, design-first, Git, the IDE, the pipeline, shifting left, reviews and prov...
I have spent this whole series making the case for governance the way we have practiced it for a decade: lint the OpenAPI, enforce a style guide, shift it left, put it in the IDE, and put it where ...
Medplum treats FHIR R4 as a developer backend, exposing the RESTful API as a generic create, read, update, search, and history surface parameterized by resource type. That generality is powerful, b...
A lot of the standards that quietly run our world were written before the API era. They are thorough, hard-won, and often decades deep, but they live as PDFs, XML schemas, and prose test scripts. T...
I keep coming back to the same wall. Every company tells me they are all in on AI, that agents are the future, that machines will soon be doing the integration work humans used to do by hand. And t...
Here is the reframe that finally made governance work for me, after years of getting it wrong. For a long time I thought the job was to make people comply. Get the teams to follow the rules, hit th...
If you publish an MCP server today, the last mile to your users is a mess. You write out install instructions for Claude Desktop, then a different set for Cursor, then a deep link for VS Code, then...
I have been stewing on Daniel Kocot’s newsletter on capabilities for a week or more now. It reflects the journey I have been on since leaving Bloomberg, and honestly it is why I left Postman to go ...
If you pull back and look at the last several fundamentals in this series — design-first versus code-first, Git as your source of truth, the IDE, the CI/CD pipeline — there’s a single principle org...
You know the spec I am talking about. It was generated from code by a framework annotation scanner, and it is technically correct in every dimension and useful to nobody. The GET /products operatio...
Metriport is an open-source take on health data interoperability, and like most of the record-retrieval platforms its API is fundamentally asynchronous. You do not ask for a patient’s documents and...
In almost every enterprise I walk into, the same capability has been built three, four, five times — customer lookup, payment processing, document storage, notification sending — by teams who were ...
A couple of months ago I wrote that we standardized the API but we didn’t standardize the application. Then SoundCloud showed me what the fix looks like from a provider’s side: one file, no depende...
I spend a lot of time telling you to run Spectral, so I owe you the other half of the story. On June 30th a pull request landed in the Spectral repository with the entirely unremarkable title chore...
Lab ordering is one of those healthcare workflows that looks simple from the outside and is anything but. You do not just call an endpoint and get a result back; you place an order, it routes to a ...
The pipeline is where governance becomes non-optional, and more importantly, where it becomes consistent. The same Spectral ruleset that lives in your developers’ editors runs in CI on every pull r...
I keep coming back to the same wall. Every company I talk to is “all in on AI,” wiring up agents that are supposed to go discover an API, register themselves, and get to work. And then I go look at...
I am giving a talk at APIDays Munich about the layer of API governance our industry keeps pretending does not exist. We have spent a decade obsessing over two of the three layers. There is design-t...
If you have done the work of API governance, you have a Spectral ruleset. It lints your OpenAPI, it catches the naming drift, it blocks the request body on a GET, it flags the operation nobody both...
I have spent a lot of years watching companies build the same integration over and over again. Someone at HubSpot builds the Salesforce connector. Someone at Salesforce builds the HubSpot connector...
The earliest place you can govern an API is the editor, and it is also the place with the best return on the effort, because it’s where the engineer is actually working and most open to help. Spect...
The Cerner Millennium platform, now Oracle Health, is one of the EHRs that a huge slice of the country’s clinical data actually lives behind, so its FHIR R4 API is worth understanding as a sequence...
I spent some time this week walking the entire Linux Foundation umbrella to inventory the API specifications it stewards, and the projects underneath it that actually have APIs. I expected a long, ...
I keep coming back to the same wall. Every company tells me they are all in on AI, that agents are the future, that the API economy is about to be run by software talking to software. And then I go...
Here is a hill I will happily die on: treat your governance artifacts as code, and put all of them in Git. Your OpenAPI specs, your JSON Schemas, your policies, your Spectral rules — every one of t...
When an EHR exposes a clean FHIR R4 API, it is tempting to think the integration problem is solved. Canvas Medical has one of the better developer-first FHIR surfaces I have looked at—a write-capab...
A common mistake I see technologists make is that we don’t always take the time to understand the way things are before we plow forward with something new. I regularly suffer from this condition, b...
Most of the healthcare APIs I profile describe themselves one endpoint at a time, but nobody actually integrates one endpoint at a time. The real work is a sequence: authenticate, register a patien...
Every governance program eventually hits this fork in the road, and you have to be honest with yourself about which side of it you’re on, because it determines when governance is even possible. Des...
Now we get to the part everyone thinks is the whole thing. Spectral is the open-source linter that runs rules against your OpenAPI, AsyncAPI, JSON Schema, or honestly any JSON or YAML artifact you ...
Five years ago I wrote a post about evaluating APIs.json property types alongside OpenAPI extensions, and back then I was working with a sample of about fifty extensions from fourteen providers. It...
This is the fundamental that most governance programs skip, and skipping it is exactly why most of them fail. Here is the pattern I have watched play out over and over: a team builds a Spectral rul...
A few days ago I wrote about consumer API governance in an agentic world, and as I keep giving versions of that talk — Munich is next — the most common response I get in the hallway afterward is so...
Extending the OpenAPI specification is a widely used, but seldom talked about superpower of the specification. People who aren’t in the know hit the wall with what the specification can’t do, and t...
After rounding up the open-source and commercial tooling support for OpenAPI Overlays, the next question I keep getting is simpler and more important: what are people actually using overlays for? A...
Underneath your API contract is the data, and the data has a shape, and that shape is described by JSON Schema. This is the layer where the real fights happen. OpenAPI’s schema object is JSON Schem...
The OpenAPI Overlay Specification reached a stable 1.0.0 release, and the tooling has been steadily catching up ever since. Overlays give you a clean, repeatable way to apply a list of actions to a...
If landscape mapping is where governance starts, OpenAPI is where it lives. It is the center of gravity for everything I do when I govern REST APIs, and the reason is simple and worth saying out lo...
I know that many in the tech world believe there is always a universal approach to doing software, and that all business processes scale. For some processes this may hold true, but when it comes to...
When I walked into the most serious governance job I’ve ever held, the first thing I did was not write a single rule. I went and reviewed every published OpenAPI across the entire portfolio. Before...
Yesterday I wrote about localizing the Products API with OpenAPI overlays, treating the whole API description as one document to be translated four ways. Today I want to go down a level, because th...
I am preparing to give the third iteration of my talk on consumer API governance, this time in Munich next month. I’ve given versions of it at APIDays NYC and Amsterdam, and I keep iterating on the...
I’ve been doing API governance work for quite some time now, and I spent a a year on the ground standing a governance program up from scratch. So when people ask me what API governance actually is,...
I keep a small, deliberately boring API around for teaching: a Products API. It does exactly what you’d expect — list products, create a product, fetch one, update it, delete it, cancel it — and no...
When API design first emerged in 2012, and grew in popularity over the next decade, some folks embraced, while others revolted, and the rest just sat with the usual blank stare they have for work e...
I’ve been studying the way API providers publish their public MCP servers, beginning with the big three: Amazon, Microsoft, and Google. Each of these providers have their own approach to delivering...
Google moved the Gemini Interactions API to general availability, and I want to pay attention to it not because it is another model endpoint, but because of what it says about where API design is h...
I keep coming back to the problem of scaling the onboarding, the setting up of applications, and the obtaining of API keys across many different APIs. The differences in how every API provider hand...
I spend a lot of my time on the consuming end of API keys—banging my head against the wall of how every API provider handles the issuing, verifying, and managing of credentials differently. So when...
I am working through research on “MCP governance”—meaning, what others out there are calling MCP governance. As with APIs, there is a wide mix of smoke, mirrors, and concrete practices around what ...
When I started API Evangelist in September 2010, I was writing stories from a one-bedroom apartment in Eugene, Oregon, trying to make sense of what Twitter, Twilio, and Stripe were doing to softwar...
I have been writing about this since March 2017, kept expanding it through 2018 with a diagram that I brought to talks and workshops, and reinforced it again in 2020. Coming back from APIDays Amste...
One story I’ve told many times, but couldn’t find in my own historical archives of API Evangelist, is the origin story of API Evangelist itself. I am learning that the stories I’ve told over the ye...
I have been writing about API monetization since 2011. Not consistently, but in recurring waves — whenever the business reality of APIs forces itself back to the surface. Early on I was fascinated ...
I like GitHub’s recent blog post on transparency around their status page. Status pages are human and machine-readable properties I’ve tracked on for API providers as part of my APIs.json work for ...
I am learning from the AI Insights updates on Cloudflare Radar. I have long been a champion of how we’ll be automating the onboarding of clients, bots, agents, and other non-human users of the web....
There is something that haunts me every time I am doing the market research I need for Naftiko. Every integration provider always has thousands of icons for the integrations they support on their w...
I was publishing the Naftiko Capabilities I had generated from the 36 Palo Alto Networks OpenAPIs. Before I generated these capabilities I generated a standardized set of Spectral rules based upon ...
It is difficult to think like an API consumer when you are an API producer. When I talk to anyone about what I am building at Naftiko, which is extremely API consumer centric, almost everyone I kno...
Questioning how I see the technology, business, and politics of APIs is the foundation of API Evangelist. I’ve changed my opinions on a lot of things over the years, as my awareness expands on diff...
Many engineers I’ve worked with over the years see OpenAPI and AsyncAPI as a configuration for whatever tooling outcome they desire. I see OpenAPI, AsyncAPI, and JSON Schema that defines them as a ...
For years I’ve been writing on API Evangelist about the idea of a personal API footprint — the idea that every individual should have a single, coherent surface representing themselves across the d...
I did not write a single post on API Evangelist in March. I have gone months before without writing a story, but this month is primarily due to artificial intelligence. I am all in on using Claude ...
Starting a new specification is exciting. You have a vision. You flesh out the vision. You distill it down into some documentation, schema, blog post, and a social media post. You don’t have the ba...
I recently purchased the Radiohead record, OK Computer. I’m in a phase where I am investing in my vinyl record collection, and doing the work to get out of my comfort zone. This means challenging a...
I had a fascinating conversation Anna Daugherty on Wednesday, which will be published as a podcast shortly. If you don’t know Anna, she is a super smart and down to earth product marketer who works...
I saw Speakeasy publish their agent skills. It caught my attention, not because I care about agents, but because I care deeply about the knowledge expressed in these agent skills. Honestly, I don’t...
As I work to define Naftiko, and specifically what a capability is, I wanted to explore how a capability comes to life. But let’s start with my current definition of what a capability is.
A capabi...
Bruno has been slow rolling their release of their new OpenCollection format to augment the Bruno Collection, and continue grabbing mindshare from Postman Collections, while simultaneously embracin...
I am genuinely trying to understand the essence of the agentic wave of artificial intelligence. I am always frustrated when I don’t understand something. Unfortunately, much of popular life and cap...
I am an expert in programmatic interfaces as they are used in a variety of applications. I don’t build desktop, web, mobile, device, network, or AI applications — I enable them. I have to keep sayi...
I have been gathering signals about what enterprises are invested in as part of my Naftiko Signals work. As I do, I am working out in the open to make sense of the services I am profiling as part o...
The Microcks team is proposing adding an MCP server for the mocking and testing platform, arguing that every tool needs one. I definitely support every API service and tool having an API, so this l...
I had a really energizing webinar with Nordic APIs last week, hosted by Bill Doerrfeld, and with Lorna Jane Mitchell, Kevin Swiber, and myself in attendance. The questions were good, the conversati...
I am creating a series of 3rd-party Notion API sandbox for my team to develop against, and provide safe spaces for Naftiko customers to develop agents against. The foundation of my Notion API sandb...
I love people waking up to the importance of APIs. I have to work hard not diminish people’s excitement for each wave of “application” of the value in which APIs deliver. People get very attached t...
I am always fascinated by how the same people who are TypeScript believers often become advocates against using a schema-driven approach anywhere beyond “the code”. I am a big fan of having a schem...
API governance using Spectral or Vacuum rules changes when you go from governing APIs you are producing to governing 3rd-party APIs you are consuming. It is a simple, but pretty radical shift in ho...
My Naftiko team asked me for more information on what schema tools are available. Well, more specifically they asked schema explorers there were, but I thought it was an opportunity to take a fresh...
I am deep diving into the properties of interface and application specifications to understand the overlaps across the standards in use within both of these domains. I pulled the JSON Schema for fi...
I’ve been down each of these rabbit holes before. I’ve paid really smart people to go down these rabbit holes. But honestly, what I am talking about is actually a “rabbit warren”. I know we all lik...
I enjoy reviewing APIs. I’m good at it. Over 15 years, I’ve developed a rich and proven API discovery and profiling process. Recently, folks at Avalara reached out to me about my API Evangelist Pos...
I’d like to introduce you to my new startup, called Naftiko. You’ve probably heard me talking about it, but as of 2026, we are a real company with funding and a team. It’s real. Naftiko is focused ...
I have to manually roll the blog for my website over each year. The primary link for my blog goes to whatever the most recent year is, which is a static page. I like it this way. It forces me to ma...