ShiftLeft released a new version of NextGen Static Analysis (NG SAST), including new workflows, purpose-built for developers that significantly improve security, while enhancing productivity.
The ProgrammableWeb application programming interface (API) directory had just over 1,600 APIs at the end of 2009. Heading into 2020, more than 22,000 APIs are now searchable, with 2019 seeing a faster growth rate than previous years. As we enter a new decade, API trends point to a booming ecosystem that is extending beyond the technology industry and those who code.
More non-developers are working with APIs, and there is greater diversity in where they work, according to the 2019 Postman State of the API Report based on a survey of more than 10,000 API developers, users, testers, and executives. The new report also shows that even though more time continues to be spent working with internal APIs, there is a shift from using public to partner APIs, compared to prior years.
So, who works with APIs, what APIs are they working on, how well are those APIs working, and where are APIs heading in the decade to come? Let's see what the survey says.
Who Works with APIs?
As APIs become more ubiquitous, they are no longer limited to programmers. While the largest group working with APIs is still the developer community, that number is trending down. Last year, 58.6% of respondents identified as either a front-end or back-end developer, compared to only 46.6% this year. A wider range of positions report working directly with APIs, including technical writers and executives.
And though about half of respondents (52.3%) are employed in technology, 41.2% are in business or IT services, with banking and finance coming in third, followed by healthcare, retail and manufacturing. The bottom three industries include government/defense, advertising/agencies and non-profits.
In addition, the majority of respondents are relatively new to APIs. Only 12.2% have 10 or more years of experience, compared to 78.2% with five or fewer years of experience. In such a young, fast-growing space, fresh recruits must come up to speed quickly. Most respondents (71%) say they gain API knowledge from on-the-job experience and colleagues, followed by published documentation (58%). However, most feel that the API documentation being produced is not sufficient. More on that later.
What Do They Work On?
While many organizations employ substantial numbers of developers, they are broken into smaller teams to align with organizational needs. More than half of respondents reveal that their organization employs more than 25 developers, but nearly three-quarters are assigned to teams of 10 or less — suggesting that teams are structured to be more responsive and agile. Most work with only a handful of APIs, while about 13% of those taking the survey report that they handle more than 50 APIs. As the number of APIs increased, so did the average number of people on the team.
The time spent on API tasks breaks down as expected. More time (26.1%) is spent on development than any other task, followed by debugging and manual testing (22.2%), automated testing (11.4%) and designing and mocking APIs (11.2%). Other tasks make up less than 10% of time spent each, including managing others (9.1%), API documentation (7.3%), API monitoring (5.7%), publishing APIs (3.6%), and writing about APIs (3.3%).
Comparing where respondents want to spend most of their time and where it is actually concentrated, the good news is that API development tops both lists. However, there is one disconnect: 70% of respondents devote more time to manual testing and debugging than they think they should. Instead of testing or troubleshooting, they want to shift efforts to designing and automating testing.
How Well Do APIs Work?
Fortunately, when it comes to performance, close to half of the respondents rate APIs high, claiming they do not break, stop working or materially change specification often enough to matter. The other half of respondents acknowledge that breakages and changes occurred on a monthly (28.4%), weekly (15.7%) or daily (3.2%) basis. Just 3.5% of respondents admit that breakages and changes occur too frequently.
While API security is a popular concern — driven by frequent news of API security breaches and misuse — the survey indicates differently. Nearly three-quarters of respondents feel that their APIs are "very secure" or have "above average security." And only 2.4% state that their APIs were “not at all secure."
Perhaps a drop in public API use contributes to increased security. While internal APIs remain steady, there has been a move from public to partner APIs over the last year. In 2019, 28.4% of APIs were shared only among integration partners, compared to 25.7% in 2018. Meanwhile, the percentage of time spent on public APIs openly available on the web dipped from 21.8% to 18.8%.
Where Are APIs Heading?
As we mentioned earlier, documentation needs improvement — more than half of respondents reveal that API documentation is below average or that APIs are not well documented, compared to 28.2% who assert the opposite. With the burgeoning API workforce relying on documentation to do their jobs well, there's a compelling reason for teams to invest more time here. Suggestions on how to improve include clear examples (63.5%), followed by standardization (59.4%) and sample code (57.8%). API consumers also find real-world use cases, better workflow processes, additional tools, and a software development kit (SDK) useful.
Beyond enhanced documentation, what will shape the future APIs? Microservices, containers and serverless architecture are among the most exciting technologies for developers in the next year, cited by 53.9%, 45.5% and 44.0% of respondents respectively. Also on the radar: OpenAPI 3.0, GraphQL, HTTP 2.0, and WebSockets.
As the expanding API ecosystem establishes new connections for more compelling digital experiences, this next decade will no doubt usher in the next chapter in API development.