KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
From what used to be a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. Today, APIs can be found everywhere — at home and in mobile devices, in corporate networks and in the cloud, even in industrial environments, to say nothing about the Internet of Things (IoT). The emerging era of Generative AI is also entirely dependent on APIs to implement integrations with existing business applications.
Having followed the market for almost a decade, we have long recognized APIs as one of the most important IT trends. Rapidly growing demand for exposing and consuming APIs, which enables organizations to create new business models and connect with partners and customers, has tipped the industry towards adopting lightweight approaches like representational state transfer (REST). APIs are now powering the logistics of delivering digital products to partners and customers. Almost every software product or cloud service now comes with a set of APIs for management, integration, monitoring, or a multitude of other purposes.
This evolution only continues to accelerate. As new digital transformation initiatives across various industries emerge, diverse business models are reshaping the technical requirements for API development and operations dramatically. New standards, technologies, and development methodologies introduced by the need to support numerous use cases have also introduced additional complexity to existing API management platforms.
REST APIs are still commonly used today, but they are increasingly augmented or displaced with a variety of alternative protocols and standards, such as GraphQL or gRPC. In fact, the industry is evolving so fast that API management solutions in their traditional sense, like API gateways, can already be considered IT legacy products. Modern, loosely coupled cloud-native application architectures demand API management solutions that can handle complicated traffic patterns and deal with ephemeral container-based infrastructures.
Figure 1: The API challenges organizations are facing
Unfortunately, many organizations still tend to underestimate the potential security challenges of exposing their APIs without a security strategy and infrastructure in place. Although organizations like OWASP are doing a lot to promote the awareness of critical API risks with projects like the recently updated API Security Top 10, this sometimes has an opposite effect – the public tends to forget about the long tail of other problems they have to deal with beyond this essential but definitely not exhaustive list.
Multiple studies have estimated that APIs are already the biggest attack vector for web applications. However, this claim does not even include numerous other potential attack vectors the unchecked proliferation of APIs can expose, including public clouds, distributed applications and microservices, mobile clients, and so on.
Figure 2: API complexity explosion
In a sense, API security has long become an industry of its own; with the scope of risks and challenges the industry confronts growing exponentially, API security solutions have to expand their coverage and grow in complexity themselves. Providing comprehensive protection against the broad range of API-specific threats and doing it consistently throughout the whole lifecycle of an API is complex. Understanding the business logic behind those APIs and adapting the protection accordingly is even more complicated.
Our approach is to emphasize the growing prevalence of API security solutions over traditional (some might say “old school”) API management products. This report covers the current state of the API security and management market.