Application programming interfaces (APIs) are the mechanisms that connect data, services, and apps to create modern digital experiences. If a consumer browses through some products on a retailer’s app, API calls are what seamlessly pull together the details. If a homeowner pays a utility bill online—another few API calls go to work behind the scenes to complete the transaction. If that homeowner then charts directions using a mapping service or orders a car through a ridesharing service, still more API calls are involved.
A large portion of API traffic can currently be attributed to some kind of human action and follows a request-response model.
What this means is that a person does something that triggers an API call in the first place. API traffic driven by machines instead of humans, in contrast, follows different, programmatic patterns and, to date, has often involved malicious activities, such as bots or attempts to breach security.
On Google Cloud’s Apigee team, however, we’ve observed that the API world is experiencing a shift, with benign programmatic API calls generated by algorithms or machine intelligence taking on more prominent roles in digital ecosystems and experiences. This shift is driven by several trends that open new dimensions for how enterprises leverage APIs and expand existing ones.
The rise of voice applications.
Though adoption estimates for voice technologies vary, it’s clear that tens of millions of people in the U.S. alone regularly use smart speakers and voice-controlled digital assistants. It’s also clear that today’s users are adopting voice much faster than past users adopted disruptive technologies such as television or the Internet.
With applications expanding rapidly into new areas such as healthcare and new use cases emerging in the enterprise, voice technologies are poised to grow far beyond their origins on smartphones and smart speakers. There are now even applications that let users raise a toilet seat using only their voice!
Voice technologies are complicated and potentially expensive to develop, which is one reason that so many companies have made their natural language processing technologies available to others via APIs. If a voice assistant hears a user say, “Pay my utility bill,” the assistant needs to understand the unstated nuances of the instruction: “Pay my utility bill from PG&E for the current month using my stored credit card.”
This sort of task relies heavily on machine learning, with the user’s simple request into the voice system resulting in potentially hundreds of API calls across the backend, all driven by machine intelligence figuring things out. As more use cases integrate voice, the underlying machine learning technologies—and the APIs that make those technologies leverageable—will continue to grow in prominence.
The expansion of IoT and home automation.
At the recent CES conference, enthusiasm for the Internet of Things (IoT) continued to grow, with connected, communicating devices filling booth after booth and keynote after keynote across Las Vegas. Many analysts estimate there are already more connected devices in use than people on the planet—and the deluge of sensing, communicating, intelligent devices is not stopping.
IoT devices integrate with each other and with voice assistants through APIs — and through recipes from organizations such as IFTTT. With hundreds of thousands of different types of devices, bespoke integrations just do not work. Though APIs cannot solve all challenges associated with more profound business logic, they can simplify the mixing and matching, making it easier for all the devices and services to interact with one another.
APIs take artificial intelligence mainstream.
Artificial intelligence (AI) is arguably most useful when it can be leveraged into applications. However, as alluded in the above point about developing voice technologies, not every team or enterprise has the capability to do AI from scratch.
Consequently, we expect to see API-driven AI in which one team, or one business builds an excellent model in some domain, and other firms or teams leverage that work through APIs. These teams or businesses may then develop their own AI models, which, in turn, another team might leverage. We already see examples of this, such as Google’s AutoML for image and text analysis.
Bot attacks continue to rise
Though most of the previous trends involve machine-triggered APIs being used for beneficial or neutral purposes, bot attacks and similar malign uses cases are still growing too. Attackers continue to use botnets to take down sites and apps with distributed denial of service campaigns. Crypto-miners have begun leveraging API vulnerabilities to take over container orchestration platforms and steal enterprises’ compute power. Other bad actors are using bots to steal credentials.
We anticipate APIs will continue to bear much of the burden of nefarious machine-driven traffic. The traffic could potentially saturate backends unless the right security is built into the APIs. Indeed, in the December 2017 report “How to Build an Effective API Security Strategy,” Gartner analysts Mark O’Neill, Dionisio Zumerle, and Jeremy D’Hoinne predict that “[b]y 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.”
The rise of machine-driven API traffic among bad actors is precipitating a rise in machine-driven API traffic from enterprises working to ward off attackers. Organizations need robust security protections at the API level that include not only standards such as authentication and encryption but also smart algorithms and machine learning that can recognize bad actors and take steps to stop them.
Embrace the machines.
We should acknowledge and embrace the fact that “robots” are our new partners in the API world. Machine-driven API calls will likely help us to interact with devices and services in new ways, inject dumb devices with new use cases and intelligence.
These actions by humans, calling to and from API’s will make AI accessible to more organizations and developers, and spot crooks that would have otherwise evaded human detection. The path forward will include pitfalls and obstacles, but with smarter machines and smarter humans working together, the future is bright.