fingers pressing "API" key on keyboard Alamy

Postman State of the API Report Reveals Challenges

API adoption continues to grow, but lack of design skills and security issues remain challenges.

API management platform vendor Postman released its 2022 State of the API Report on Aug. 18, revealing a series of enduring trends.

One of the key findings is that organizations are spending more time than ever on APIs, with 51% of organizations noting that they spend more than half their time with API technology, up from 40% in 2020 at the beginning of the COVID-19 pandemic.

The report also found that security is a real issue, with 20% of organizations admitting to having some form of API security incident at least once a month and 51% having issues at least once a year.

For Kin Lane, chief evangelist at Postman, a big surprise in the report this year was that respondents identified a lack of API design skills as a top problem. In the rapidly expanding and ad hoc API landscape that has been unfolding across your average enterprise, API design is often the first thing left on the API workbench, he said.

"I know many teams who are trying to push API design forward at scale across operations but [are] often getting pushback when they work to change API development teams from existing code-led practices," Lane told ITPro Today.

Postman API Report Identifies API Security Challenges

The prevalence of API-related security issues was another key finding in the report.

"A security incident in this report was defined as one resulting in loss of data, loss of service, abuse, or inappropriate access," Joshua Scott, head of information security and IT at Postman, told ITPro Today. "While we didn't ask respondents why their organizations have API security incidents, we can hypothesize based on our many conversations with customers."

Scott's hypothesis is that companies experiencing more frequent API security incidents likely have shadow or unpublished APIs that don't have the same protections as other websites. They also likely have more legacy elements in their environment and may not truly understand the scope of their entire API landscape.

The increasing use of mobile has definitely contributed to the security risk, according to Scott, since many mobile apps have a number of back-end APIs used to support them and they are often overlooked.

"Attackers have been abusing these back-end mobile APIs for quite some time because they are often not secured and can provide much more valuable content," Scott said. "You can't protect what you don't know about."

REST APIs Continue to Dominate

Looking at the specific technologies used for APIs, far and away REST APIs are the most common approach developers use today, according to the report.

"REST APIs will continue to dominate due to their use of low-cost and ubiquitous API infrastructure and simplicity when it comes to delivering APIs," Lane said.

That said, while REST dominates, GraphQL, gRPC, and event-driven approaches are seeing massive adoption, he said. But even with this increase in adoption of those approaches, Lane expects REST will continue to be the API technology of choice.

"REST provides a very simple way to deliver the LEGO building blocks we need to drive the API-first transformation that is occurring across enterprise organizations, but GraphQL, gRPC, and event-driven approaches will continue to augment REST APIs to deliver the experiences end users demand," he said.

About the author

 Sean Michael Kerner headshotSean Michael Kerner is an IT consultant, technology enthusiast and tinkerer. He consults to industry and media organizations on technology issues.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish