State-of-API report: The API becomes a product – Security is secondary
The use of interfaces is increasing and more and more companies are marketing them. However, many API customers disregard security rules.
(Image: New Africa/Shutterstock.com)
- Robert Lippert
Postman's State of the API Report 2024 states that companies are increasingly treating APIs as a product and are developing, marketing and monetizing them in a targeted manner. Security aspects often fall by the wayside for users who integrate interfaces.
The API platform Postman, which itself offers API marketing services, surveyed over 5,600 software developers for the report, 62% of whom work on paid interfaces. In fact, 21% of the companies surveyed generate more than three quarters of their total annual revenue with their public APIs. Even large telecommunications providers are getting a taste for it.
(Image:Â Postman, State oft he API Report 2024)
In addition to marketing, there are other drivers for the increasing use of APIs, such as the strong interest in artificial intelligence. OpenAI alone is responsible for 79% of API traffic on the Postman platform. There are also interfaces from Gemini, Mistral and Perplexity. On the other hand, developers are increasingly integrating software-as-a-service offerings such as those from Salesforce, WhatsApp and PayPal into their applications.
(Image:Â Postman, State oft he API Report 2024)
The report also observes a certain pragmatism among API users. Only 44 percent of developers still dig through the source code, and more than half work with product managers, QA and designers who cannot always interpret the code.
Thus, when choosing a public API, good documentation is considered more important than performance or security. This in turn makes APIs increasingly interesting for attackers, who also benefit from the fact that 27% of the companies surveyed do not use API key vault security tools. Those that do use them rely on AWS Key Management (28 percent) and the Azure Key Vault (24 percent).
Videos by heise
The fact that almost a third of API providers use multiple gateways to provide interfaces makes control even more difficult. The report notes that 46% of respondents rely on Jira/Confluence and 44% on email to keep up to date with updates. The document clearly recommends that companies should pay attention to observability and governance to counter cyberattacks.
The new State of the API Report 2024 is available online free of charge and provides further insight into technological and economic trends. Postman provides a platform for API development, management and marketing with over 35 million users worldwide.
(vbr)
