The Evolution of APIs: Current Vulnerabilities and Future Trends
The podcast was sponsored by Okta.
This episode of The New Stack Makers series with Okta, on all topics related to development and security at scale, features guest Anant Jhingran, CEO of StepZen, a GraphQL API provider. Jhingran’s deep well of experience, including long stints at IBM, Apigee and Google, prior to becoming CEO of StepZen, certainly qualifies him as a leading expert on APIs and their role in today’s DevOps environments. Co-hosted by Alex Williams, founder and publisher of The New Stack, and Randall Degges, head of developer advocacy at API security firm Okta, Jhingran offers his take on how APIs have evolved, their potential for the developer community and how their success accounts, in part, for their exposure to vulnerabilities.
During the past couple of decades, APIs have played an integral role in how developers, as well as operations team members, have been able to build and manage applications at scale. The fundamental driver for APIs has been “really about disaggregating your business, and ensuring that you can actually have innovation that is not just driven by the four walls of your enterprise,” Jhingran said.
Jhingran described a typical scenario in which a startup might no longer be “constrained by the innovation that our employees or our partners can do.”
“Why can’t third parties actually innovate on the stuff that we are really good at? Which means: can we disaggregate our business?” said Jhingran. “Can we have components that other people can build on so that when they bring their innovation to our capabilities, together, it’s kind of a win-win situation? So that concept has remained a constant.”
However, the concept of how APIs have facilitated disaggregation for DevOps teams has changed and evolved. “[Previously], you were working with partners who were very closely held where you could form a kind of long-standing relationship, and therefore, you could expose complex interfaces — but they would invest in it, in order for them to be able to do something with it. Then came the world when we said ‘no,’ that by itself is all well and good and important, but to really drive this massive engine, you really want to open it up and have people who are able to self-service, and sign up and leverage your capabilities,” said Jhingran. “That is where, for example, REST, REST APIs and everything else that came with it kind of really took off. And today, if you go and look at ProgrammableWeb, and others, there’ll be like, hundreds of thousands of APIs that exist, that are REST-based APIs.”
When it comes to security, APIs, in many ways, are victims of their popularity, often serving as the principal attack vectors when vulnerabilities are exploited in application code. Taking a step back, Jhingran noted how APIs, as described above, have also served as a fundamental driver in innovation. “So, the key question really is — and what I have seen almost always — is that finding that balance between doing well for the business, as well as kind of protecting it is not something that people get right off the bat,” said Jhingran. “And a lot of things that you see that happen, happen because the dial has been turned incorrectly.”
StepZen is a sponsor of The New Stack.