Net API Notes for 2021/06/03 - Issue 164 - Near Term API Trends

Net API Notes is a regular, hand-curated digest of impactful news and analysis for busy API practitioners. Are you reading this on the web and not subscribed yet? Sign up today and be the first to get ad-free, actionable info delivered weekly to your inbox.

You did it! You made it halfway through 2021!

This year has been an odd one, and not just because the first six months have disappeared into the same void as the occasional missing sock. The worldwide impact of Covid-19 and the subsequent uneven recovery have businesses reeling.

At my day job, I recently presented how this year's trends impact API decision-makers. Given that also happens to be newsletter readers of the utmost distinction, like yourself, I thought I'd share an abridged version in this special edition.

Before I get started, a caveat: what I am going to share is forward-looking. I'm going to talk about recovery, growth, and other business-related hoopla. That is, in no way, meant to minimize current unfolding tragedies. Some places are emerging from some dark, challenging times. We should celebrate that! At the same time, we shouldn't overlook the struggles that still exist. Stay safe, get vaccinated, and take whatever time you need. It's OK. The world will still be here whenever you're ready.

As I alluded to, 2020 was a year for the record books. How will the fallout from it affect APIs going forward?


The pandemic had an unprecedented impact on employee mobility. Attrition rates fell to their lowest levels in nearly a decade. I often joke about the churn among developer populations and its adverse effects on knowledge retention and experience design consistency. However, having many employees "frozen" in place due to uncertainty and fear about the future is also not a recipe for healthy morale.

Now, at least in the US, positive future outlooks have nearly half of all employees looking for a new job this year. Concerns about flight risks are at an all-time high.

Even if employees stay, there's a good chance they'll be on vacation. After being stuck inside with limited options for discretionary spending and connecting with remote family, this summer looks like one for the record books, with people maxing out their PTO ASAP.

The Takeaway: A company's list of APIs and their function must be documented and discoverable in a self-service fashion, even for internal services. Otherwise, companies put themselves at significant risk for disruption when that tribal knowledge is unavailable.


According to the IMF, all the world's major economies saw negative economic growth last year. Experiencing nearly double-digit positive swings in 2021/22 will give entire accounting departments whiplash (but in a good way). Despite shortages in almost everything due to flawed implementations of Just-In-Time manufacturing, 73% of business leaders feel good about the global economy recovery (sentiment is highest in North America and Greater China).

When business leaders feel good, they invest in the future. And their businesses will have cash coming in. They'll spend it on furthering digital capabilities that proved resilient across 2020's many shocks.

"While the concept of digital transformation has been floating around strategic planning meetings and yearly reviews for nearly two decades, the acute need for technology investment has never come into focus quite as clearly as it has over the past 10 months.

"For the enterprise, investing in new digital tools, workflows, and processes is no longer a competitive advantage. It’s a matter of survival in a world of seismic change and instant instability." - eWeek

HCL is an enterprise technology consulting company. As their recent whitepaper posits, it isn't just traditional software-centric organizations looking at leveling up their digital capabilities (capabilities that are nearly always delivered by API).

"There has been remarkable levelling between industries' attitudes toward digital since COVID. This is a truly telling data point in the shift to digital acceleration: no longer will we see entire industries where digital is not on the board's agenda."

The Takeaway: Yes, I know "digital" is a piñata stuffed with hyperbole and smacked recklessly across enterprise software advertisements. However, the term remains a useful, albeit crude, catch-all for the tools, techniques, and technology that not only kept companies going but enabled experimentation at a critical time (please, let's keep the curbside pickup going). As Postman's latest state of integration report says, "the pandemic has thrust API integration to the fore in terms of high priority projects and increased budget allocation." Businesses will have money, and they'll be funding projects to either create or integrate with APIs.


Of course, it isn't all Skittles and Mountain Dew, as they say (and by 'they', I mean 'me'). Popular attitudes about technology changed significantly after the Cambridge-Analytica scandal. Regulatory bodies are increasingly aware of the power wielded by technology companies. While they started with modest data privacy steps, they will increasingly seek to limit harm in other areas (example 1, example 2, example 3). Managing the increasing fragmentation will be a challenge. Companies will face more significant restrictions on what is shared when, and with whom.

Simultaneously, APIs will become the primary attack surface for malicious actors, according to Gartner's Mark O'Neill. It isn't surprising why. Alissa Knight, a security researcher, found "77% of health care applications had hard-coded API keys, tokens, or credentials". Given the importance of telemedicine in the past year, the poor security practices are depressing. However, recent API breaches at Experian and Peloton show they're not alone.

The Takeaway: We're entering a time of significant API activity, but it must coincide with a step-change in applied security practices. Application of TLS between client and server is the bare-minimum starting point, not the final destination. Regulatory bodies are now actively investigating how data is being exchanged. If companies don't get a handle on improving their ingress/egress practices, someone will set the bar for them. If that happens, companies may not like the result.


I have more to say; a year as historical as the one we just lived through has more ramifications than what I can summarize in a single newsletter. However, I hope these links serve as a starting point for your research and planning. And if you find something in that work different and worth mentioning, let me know. I'd love to discuss it and do more of these industry-at-a-glance assessments.


There is still time to submit a talk for the 2021 ASC event. Submissions close June 11th. If you've got a specification story, consider sharing your insight! That conference, along with numerous other API events, can be found at

To end, thank you to my Patreons. These upstanding folks keep the newsletter free of advertising, information selling, or paywalls. Because of their generosity, the rest of the community can keep getting these notes for free.

Till next time, Matthew

@libel_vox and

While I work at Postman, a place where a color like orange can be loved like family, the opinions presented above are mine.

Subscribe to Net API Notes

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.