APIs in 2017: review

APIs in 2017: review
APIs in 2017: review


Creating a technological platform where others can design and build remains a profitable and growing business. An open strategy while intensifying efforts toward third parties has become the winning formula as seen in 2017.

During the final months of 2017, Apigee, one of the leading platforms in API management that permits interconnecting distributed services in a simple way for companies, revealed a tendency to feedback among its customers: companies that implemented a greater number of APIs and allowed third-party developers open access to their ecosystems, with robust development programs, had a much higher adoption rate.  

State of APIsThe data shared by Apigee shows that, in the long run, an open strategy while intensifying efforts toward third parties is the winning formula.

Another interesting but intuitive result shown by Apigee focuses on the cyclical ecosystem of data in open APIs, using as an example the hotel industry’s use of Google Maps open APIs (Maps API, Geocoding API, Places API, etc.) and in which Google has seen a 300% increase in usage over the past two years.

Not only are more and more companies taking advantage of Google’s use of these technologies, but Google itself is also able to obtain new information from banks to feed back into its databases.

Google can later combine this symbiosis with other platforms. For example, on driver navigation apps such as Waze, when it comes to offering better services to businesses by having more data about them or knowing in greater depth what consumers expect.


In terms of API development, trends indicate new automated tools for generating documentation, managing API launches and creating evaluations more easily. 

Rob Zazueta, from TIBCO Software, specifically speaks about the Open API Initiative as the engine behind many of these new features. This makes it possible to reduce the burden of the most arduous tasks by making the implementation of new APIs a continuous process that maintains backward compatibility while allowing you to move forward with substantial improvements and evaluate performance.

Robert Schneider, from Smartbear, points out that the era of automated testing is currently a reality for API developers. QA engineers “must increase their skill levels.” Consequently, he predicts a short professional life for those who “spend their days running API tests by hand and evaluating the results one-by-one.” He encourages them to adopt the role of a test architect with more advanced methodologies and technologies.


In terms of technology, REST remains the queen. But “SOAP isn’t dead yet”, as indicated by the numbers published by JAXEnter in its 2017 API integration report: “Although REST dominates the scene, there is still a decent percentage of SOAP APIs out there that can’t be ignored.” This 15% indicates that there is a significant market available, but without specifying future trends.

API Integration Report

The report also separates the most demanded APIs by category. Cloud storage, CRMs and marketing continue to lead the industry, followed almost immediately by financial and e-commerce APIs. “As the demand for integration between cloud categories is growing, so does the need for accompanying APIs” that allow them to increase.


Ryan Barnett, member of the security team from Akamai, conducts in the company’s annual report a review of the security challenges faced by APIs. In 2017, the main challenge was distributed denial of service attacks. “These types of attacks can have a different impact on an API. Under specific circumstances, it is difficult to identify and stop these attacks with high bandwidth capacity.”

He specifically cites abuse of credentials as a priority factor to be considered by teams implementing and developing publicly exposed APIs. In internal tests conducted by Akamai and its clients, they found that 67% of authentication attempts on their APIs were fraudulent. Learning how to effectively block such techniques effectively is key to maintaining a functional API in 2017 and beyond.

Attackers prefer to go through APIs rather than the traditional web path, because, according to Barnett, some developers don’t implement a limit on access and, moreover, don’t have automated user-facing systems such as web captures.

If you want to know more about BBVA´s financial APIs, visit this website

It may interest you