API scenario in banking
A focused interview with Mark O’Neill, Analyst, Gartner:
Manoj Agrawal: How many magic quadrants does Gartner publish regarding APIs? Which was the last one added? Which is next in the pipeline?
Mark O’Neill: The main one is a full lifecycle API management. Another one that is relevant is iPaaS. This is about using APIs for integration, particularly cloud integration. Another is Web Application & API Protection which looks at security capabilities. Initially, we focused on SOA. The first on API was in 2016 - on API management.
Does AI play a role in developing or enhancing APIs?
It does in a number of ways. One is security. There is a need to understand good and bad uses of APIs. Bots try to use APIs for stealing data through APIs, eg account data. ML helps in understanding the normal and abnormal use of API, particularly around security.
Does API testing require different techniques?
It is different. You are thinking about response time. Web testing is simulating human experience. With API, there is more automation such as SLAs and response time. Testing can also involve usability testing from developers’ point of view. If a bank has a portfolio of APIs, they will want to standardize.
Can you name some of the leading API companies and what kind of revenue they are making?
Twilo and Stripe. Twilio, worth over $3
billion, competes with traditional telecom companies. Its revenue is $82 million in a quarter. Stripe is a private company valued at $9 billion.
Are API players adopting bitcoin and cryptocurrencies? Is there a dark web of APIs? If not, is it likely in the near future?
Even dark web companies have APIs. We have seen services like access to private data.
If a services is down for maintenance, how will various APIs interacting with it respond?
The ‘I’ in API is interface. So, the design has to ensure that there is no single point of view.
Which countries that have most API startups?
Europe & UK.
What are some of the main security developments related to APIs?
There are security standards for API – OpenID Connect OAUTH - but they are complex. Security levels are going up as API usage is going up. There have been some well publicized API breaches. It will get worse before it gets better. EY, KPMG, etc do some security testing for APIs. It is important to realize that 2 similar functional APIs would have different security vulnerabilities.