What the Post-API Economy Will Look Like

Written by

In the early 2010s, it was all anyone could talk about: the app economy, powered by Application Programming Interfaces (APIs). 

Companies had already been sharing web-based APIs for years, but the introduction of Apple’s new App Store in 2008 brought the technology careening into new and uncharted territory. Many businesses weren’t yet sure how they could best use apps and APIs to serve their customers, but they realized that it was important to find out. 

Sure enough, the technology took off quickly. In 2010, the American Dialect Society voted in “app” as it’s word of the year. In 2017, global consumers downloaded 178.1 billion mobile apps. Today, the average US adult spends nearly three hours each day using a smartphone, and 90% of that time is spent in apps.  

Now that the tech industry has had a few years to adapt to apps and API-driven business, some unexpected shortfalls are beginning to surface. APIs are beginning to struggle with capacity and security issues that have severe consequences in the real world. In the face of these new challenges, the technology industry is poised to do what it does best: evolve. 

The state of the API economy: struggling to keep up with data demands
APIs have made incredible contributions to our economy, driving everything from monetizable mobile apps to the platform economy. We can find everything from transportation to plane tickets to lunch from our phones or our computers. So why is it so critical for the API economy to evolve? 

The answer lies partially in the fact that the databases which APIs rely on to exchange information are designed around historical constraints of the pre-PC, pre-mobile era that no longer apply in today’s tech environment. These databases make up the building blocks of APIs, yet they were built for computing that was slow, expensive, and capacity-limited — not for today’s internet-driven economy, where businesses can affordably store zettabytes of data and use open-source products to perform massive computing tasks. 

As the volume and complexity of our data continues to grow on a daily basis, developers attempt to accommodate this enormous growth by extending and often overloading existing APIs, adding new functions and point solutions that force you to keep upgrading apps that aren’t backwards-compatible. Developers are locked in a continuous struggle to keep up with the ever-increasing complexity of the systems we use. 

The security consequences of API bloat 
The tendency to overload APIs with new functionalities in order to meet new demands is a very real phenomenon known as “API bloat.” 

Continuously adding new functions may allow APIs to operate effectively, but it comes at a cost: complicated header files that are hard to use, as well as countless data vulnerabilities that are at least partially out of enterprise IT’s control. 

The effects of these vulnerabilities are real, and many companies and customers alike have been left reeling with the consequences. In a recent Venmo breach, for example, 207 million transactions were leaked due to API mismanagement. In 2018, Salesforce warned its customers that an API issue may have resulted in data leaks. Even Amazon suffered from API-related issues, where customer email addresses were inadvertently exposed

The longer we depend on APIs to quietly power our everyday economic interactions, the more consumers are at risk and the system of trust breaks down. 

Reinventing data management to be accessible and secure — before it’s too late
As companies begin to observe the limits and risks of APIs, the next step is to abandon retrofitted systems and build from the ground up. A new data management system must incorporate today’s technological realities, including the notion that large amounts of data need to be both easily accessible and highly secure. 

To be accessible, databases should prioritize discoverability and use semantic queries. They should be able to look up queries between dozens of tables and instantaneously return results. They should also take a “data-first” approach, where data drives applications — not the other way around. 

To be secure, databases should utilize Blockchain technology to provide digital proof of ownership and protect against data manipulation or theft from hackers. The decentralized nature of Blockchain means that all transactions will be recorded on the public ledger, making it tamper-proof. Security will be cryptographically embedded into the data itself, residing in the data and not depending on the security of the API level. 

As hard as it is to believe, there will be a post-API economy — with the right tools, it will be an economy that will be safer and more effective for everyone.

What’s hot on Infosecurity Magazine?