State of API Integration 2018 Report

State of API Integration 2018 Report, updated 3/29/18, 4:22 PM

Integration. It’s that pesky part of making a product that no company actually wants to do. (And who can blame them? It’s not easy.) But it’s also the part that really has to be done well. Because if your product can’t be used by the people who need it, then why build it in the first place?

About Techcelerate Ventures

Tech Investment and Growth Advisory for Series A in the UK, operating in £150k to £5m investment market, working with #SaaS #FinTech #HealthTech #MarketPlaces and #PropTech companies.

Tag Cloud

2018 State of API Integration Report
1
2018 State of API Integration Report
2
Table of contents
A Word from our CEO ........................................................................................................... 03
Meet our Contributors .......................................................................................................... 04
Section 01: Introduction ................................................................................................... 05
Behind the Data .................................................................................................................... 11
The 2018 State of API Integration Survey Respondents ............................................................ 12
Section 02: Trends in API Integration ............................................................................. 13
Building a Platform Strategy .................................................................................................... 15
Drivers of Adoption ................................................................................................................ 19
Customized APIs ................................................................................................................... 20
Strategic Shift of Integration ................................................................................................... 23
Evolution of B2B Integration ................................................................................................... 25
Flexibilty ................................................................................................................................ 26
Longevity .............................................................................................................................. 27
Section 03: Developer API Integration .......................................................................... 29
Emerging API Styles ................................................................................................................ 35
API Security ............................................................................................................................ 39
Interactive Calculator ........................................................................................................ 44
Closing ....................................................................................................................................45

2018 State of API Integration Report
3
A word from our CEO
Our Mission is to Integrate App
Ecosystems by Unifying the World's APIs.
Integration. It's that pesky part of making a product that no
company actually wants to do. (And who can blame them? It's not
easy.) But it's also the part that really has to be done well. Because
if your product can't be used by the people who need it, then why
build it in the first place?
It goes far beyond a simple connection to an API. Cloud Elements
has re-imagined the world of application integration so you and
your customers can focus on the data they care about.
This report addresses the continued growth in API adoption, where
the market is headed with ease of integration, and new trends in
the coming year.
Happy Integrating.
Mark Geene
CEO - Cloud Elements
@mgeene
2018 State of API Integration Report
4
Meet our Contributors
Ross Garrett
at Cloud Elements
@gssor
Ross Garrett is the VP of Marketing at Cloud Elements - responsible for
market strategy, product positioning and evangelism. He is a well-known
speaker at developer events and other industry conferences.
Kin Lane
at API Evangelist
@kinlane
I am the API Evangelist. Not in the sense that I'm evangelizing a single
API to you--In the sense that APIs are important for everyone to be
aware of. I'm paying attention to not just the technical, but the business
and politics of the web API movement.
Isabelle Mauny
co-founder and CTO of 42Crunch
@isamauny
Isabelle Mauny, co-founder and CTO of 42Crunch spent most of her
career at IBM, across a variety of technical roles, at the European level.
She was part of the IBM WebSphere Strategy board and played a key role
in the deployment in Europe of flagship products such as the WebSphere
Application Server or DataPower appliances.
Mark Boyd
API industry analyst
@mgboydcom
Mark Boyd is a writer and API industry analyst, who writes regularly for
ProgrammableWeb, and The New Stack. He has chaired several API
conferences, and published a number of ebooks on the API lifecycle, best
practices for API adoption, and API uptake in industry verticals.
2018 State of API Integration Report
5
Introduction
S E C T I O N 1
2018 State of API Integration Report
6
The State of API Integrations
As we learned in last year's State of API Integration Report, the fast-paced world of SaaS Applications
and app development is nothing without advanced API integration. Not only have APIs become a
necessity for application customers to streamline operations across their business and product suite,
they have become an integral part of product development, business strategy, and scalability. As a
result, customers will continue to seek out applications and APIs that can be easily integrated.

It's no longer sufficient to offer a standalone, isolated productdevelopers must build flexible
platforms that not only offer highly functional APIs, but also integrate seamlessly to the ecosystem
of products and services used by their customers. APIs are the foundation for this network effect,
and must continue to evolve to meet the expectations of developers. The role APIs and API-based
integration need to play in creating a customer-centric platform is a key theme we discovered in
building this year's report.
The proliferation of applications and subsequent API-based integration demands that developers
now consume and build against a multitude of endpoints, languages and platforms. To develop a
top-down view of this rapidly growing network, we surveyed hundreds of application developers for
feedback on their own APIs and their experience with others they work with. We've distilled all of
that information into the most noteworthy stats, changes and trends in our comprehensive State of
API Integration 2018 Report.
Not only have APIs become a necessity for application
customers to streamline operations across their business
and product suite, they have become an integral part of
product development, business strategy, and scalability.
S E C T I O N 1
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
7
Important Findings:
Building Platforms Instead of Products
This report will cover key findings from the survey we distributed to collect insights into the state of
API integration. It will share our predictions on how these findings will change the industry in 2018
and beyond. We will explore prominent themes, including the expectation that APIs ease integration,
rather than stifle it, and that successful applications should be more like platforms than products.
For example, 36% of respondents stated that their primary motivation to become a platform provider
was sparked by their desire to maintain 'stickiness' with customers by integrating easily across the
ecosystem of applications.
While most companies "considered themselves a true platform provider," one-third of respondents
said they offered pre-built integrations for non-technical users. Without such an option, customers
with little-to-no development experience will struggle to build their own workable integration
limiting the network effect of that platform. This report helps define what truly constitutes a flexible
'platform,' and the implications that this definition has on the industry.
Our data also exposes the growing desire for innovation in event-driven integration:
Nearly 40% of those surveyed responded that their apps did not support
event-based framework, but it was the number one answer when we asked which
API technology area was most in need of innovation.
While this architectural pattern is enjoying something of a resurgence - as it reduces coupling
between services and provides a far more efficient way of synchronizing and updating data - work
still needs to be done amongst API providers to embrace event-driven capabilities. Find even more of
these key observations in the following sections!
While most companies "considered
themselves a true platform provider,"
one-third of respondents said they
offered pre-built integrations for non-
technical users.
Section 01 | Section 02 | Section 03
34.4%
2018 State of API Integration Report
8
Looking Ahead in the World of APIs
The report also gives us an opportunity to look forward to 2018 and beyond, and predict new trends
in the API space, including:
Connecting to an API, and truly integrating with an API are not
the same - developers and API providers alike must consider all
aspects of integration and find ways to standardize and simplify
this process.
Applications should focus on developing 'stickiness' and the ability
to easily integrate to other products and partners in order to stay
competitive in their markets and drive both new and renewed
subscriptions.
The continued growth of public APIs that are open to any
developer will be paired with pre-built integrations that non-
technical consumers can implement easily to streamline
processes.
Developments will be spurred in particular by verticals like FinTech,
Banking, Healthcare and Human Capital Management.
Further support for event-based integration, which is a feature
commonly requested by developers, but that has commonly been
unavailable for apps currently on the market.
This introduction serves only as a high-level overview of the results we collected
from our State of API Integration survey. Keep reading to get the full breakdown on
the current state of the API industry, a look at what's trending and why, and a look
ahead to where we believe API integration is headed.





Section 01 | Section 02 | Section 03
2018 State of API Integration Report
9
"
I've been watching the technology, business, and politics of APIs in
a full time capacity since 2010, and the biggest trend I am seeing
in 2018 is that it's no longer a conversation about whether or
not businesses should be doing APIs. In 2018, it is expected that
you need APIs to do business in this digital age. The companies,
organizations, institutions, and government agencies who are just
beginning to invest in their API infrastructure are quickly realizing
how far behind they are when it comes to the efficient delivery of
data and content to web and mobile applications, as well as the
ability to work with Internet-connected devices, and take advantage
of the benefits of machine learning and artificial intelligence.
However, the platforms who have been investing in their API
platforms for the last couple years are shifting their focus towards
increased investment in event-driven architecture, and an API
governance strategy to further optimize and maximize on their
earlier investments. To be able to operate their platforms at scale,
API providers have embraced a microservices-centered, robust
lifecycle approach to delivering their APIs, with an OpenAPI-driven
definition acting as a central contract. Providing a blueprint for
designing, deploying, managing, and properly integrating, and
extending each service to wherever it is needed, no matter where
that might be. Providing the machine readable gears that are needed
for the automation required as part of an ongoing organizational
digital transformation.
The API
Landscape of 2018
Contributed Content from Kin Lane, API Evangelist
2018 State of API Integration Report
10
In 2018, OpenAPI has become the contract for doing business
with APIs, and is key to API providers efficiently delivering and
managing their growing number of microservices. This contract is
being used to manage the platform, but also ensure that services
properly reach outwards to API consumers with up to date API
documentation, robust SDKs, IDE integration, and API discovery
solutions for developers. These contracts are also being used to
drive spreadsheet integrations, Salesforce connectors, and the
growing number of integration services that have emerged on the
landscape to help non-developers take better advantage of API-
driven resources. OpenAPI definitions are the technical, as well as
business contract for mature API platform providers, allowing them
to manage their APIs at scale, and reach a technical as well as
business audience.
With machine readable contracts in play, driving an increasingly
automated lifecycle, API platforms are looking to further refine
their API governance strategy, helping ensure the continued
delivery of highest quality APIs at scale. When this is combined
with a heightened investment in real time streams of information,
event-driven infrastructure, and the development of relevant
machine learning models, API industry leaders are looking to shift
their platforms into high gear.
This all makes the conversations around whether or not we should
be doing APIs a distant memory, turning hard fought lessons
around delivering, integrating, and aggregating APIs into the fuel
for the next round of investment in event-driven architecture,
machine learning and API governance that will help drive business
growth for the next decade.
2018 State of API Integration Report
11
Which industry are you in?
While the majority of repondents are technology companies, our metrics represent at
least 27 distinct industries
Behind the data
Technology - 137 Media 7Manufacturing 7Entertainment 7Retail 9Healthcare 9Government 9Transportation 10Education 12Other 43Banking 13Engineering 15Communications 20Consulting 23Finance 36Section 01 | Section 02 | Section 03
Last year, Cloud Elements released the first ever State of API Integration report, which analyzed data
from within the Cloud Elements API Integration platform, including over 1.6 billion API calls to 160+
endpoints.
We are taking the 2018 report to the next level.
This year's report expands upon the data from the Cloud Elements platform, featuring data collected
from 400 companies, in 27 distinct industries, with annual revenues ranging from less than $100,000
to over $25 billion. Collectively, these participating companies spent 200,000+ development days
building over 4,500 API integrations in 2017. Our inaugural State of API Integration survey was
distributed between September 2017 and March 2018 to representatives of these companies. Their
responses contributed to the identified trends surrounding the existing demand for API integrations
and the roadmap for leveraging integrations in the future.
The report also includes industry expert insights from Ross Garrett, VP of Marketing at Cloud
Elements, Kin Lane, The API Evangelist, Mark Boyd, writer for The New Stack and ProgrammableWeb,
and Isabelle Mauny, co-founder and CTO of 42Crunch.
2018 State of API Integration Report
12
The 2018 State of API Integration
Survey Respondents
Integrating the
World of APIs
The analysis in the 2018
State of API Integration
report represents data
collected from companies
across 44 countries and
6 continents
43%
CTO
5%
CIO
4%
Partner
3%
Product
2%
Sales
2%
Marketing
36%
Executive
7%
Developer
What is your position?
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
13
Trends in API
Integration
S E C T I O N 2
2018 State of API Integration Report
14
Trends in API Integration
As the number of public and private APIs grow month over month and year over year, it's no surprise
that at least 85% of organizations we surveyed consider Web APIs and API-based integration
fundamental to their business strategy and continued success. Of these, more than 60% have
invested in a public facing API and the surrounding infrastructure to manage access for developers
and partners.
Building a Platform Strategy:
How to drive new revenue opportunities
or deliver value through API integration.
Strategic Shift of Integration:
How API integration has matured to
enterprise applications like ERP.
Drivers of Adoption:
Changing how developers and end-users
consume APIs and integration services.
Evolution of B2B Integration:
Organizations are evolving the way they
share and synchronize data with partners.
1
3
4
2
Over 60% agree, API Integration is
critical to their business strategy.
S E C T I O N 2
2%
0
4%
1
9%
2
24%
3
61%
4
Not at all
Critical
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
15
Building a Platform Strategy
Today's most successful software companies have made the leap from selling products to selling a
platform. The appeal of such a move is understandable: software products generate only a single
revenue stream, while platforms, by connecting different groups of users and services, can generate
multiple revenue streams.
Our survey responses demonstrated that more than half of organizations today would consider
themselves to offer a platform or to be on the path to offering a platform. Of those that don't, it's
important to have a made a conscious decision in this regards - hope is not a strategy, and many
product organizations are being disintermediated for moving too slowly in this regard.
1. Single-sided business model limits your company's growth
and longevity. You're simply delivering a product in the way that
you always have, to the customers you always have, without really
thinking about the network around your organization.
2. Multi-Sided Business Models take that a step further. In
this model, a platform company enables other businesses to
interact with your technology in order to build new services and
applications.
3. Third party integration can create greater adhesion, stickiness
and relevance across your market.
Do you consider your organization
a platform provider?
Platforms enable a multi-sided business model that can be a
key driver of growth:
57%
Yes
43%
No
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
16
Model A
Basic Usage Metering

This is the most obvious method of generating revenue from your APIdirectly charging for it. This
strategy works best if your organization provides access to data or services that people want to pay for.
Model B
Upselling API Integration
SaaS providers use this model often, as customers have become increasingly demanding of
integration capabilities for any product they buy. Adding API integration to a subscription offers a
strong motivator to upgrade to a higher package, and creates a stickier relationship with customers
by allowing end users to customize their experience and workflow more easily.
E.g. Dun & Bradstreet is a data provider, and expose data as a service via API. In this
case, customers are willing to pay for programmatic access to D&B's services to
enable new business processes and products around the D&B platform.
E.g. Concur provides pre-built integration options with their product, so that
subscribers of the service can easily synchronize expense management data with
ecosystem of apps used in their back-office processessuch as accounting and ERP
systems.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
17
Model C
APIs as a Product
APIs that are themselves the product can be the most complex monetization models, but they also
often provide the highest valuecollecting some revenue share or service-based fee for the product
delivered via API.
E.g. Paysimplea leading payment gateway provideroffers API access to their
payment services. Customers of this service will then be charged a percentage of the
payment amount for each API transaction.
Model D
Distribute Value through Partners

Organizations can scale the reach of their product by integrating their API with strategic partners.
This has the potential to open your business to existing application ecosystems which you may not
be able to reach alone.
E.g. Sage works with various ISVs to distribute their products and services as part of
a broader offering. This network effect has enabled them to achieve the scale and
growth that would be difficult in a direct sales model.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
18
While these are only examples, each describes a path towards revenue growth and
ecosystem expansion with APIs. We expect that leading platform providers will
leverage more than one (if not all) of these models as they grow.
Ultimately, a move toward "best-of-breed" is on the rise - meaning that every product,
in every vertical, is better served by enabling integration to the ecosystem of apps
around them rather than remaining a hermetically sealed environment. Over the
coming year, we anticipate to see more of the world's successful software companies
continue to make the leap from selling products to selling a platform.
Model E
Improve Operational Efficiency
API integration can help you build end-to-end solutions more efficiently. They help you
innovate faster, engage customers and partners faster,and perhaps most importantly, they allow
you to iterate (and even fail) faster. The time taken to build or automate business processes can
easily improve from a couple months to a couple hours, solely because of the efficiency gained
from an API integration.
E.g. Microstrategya leading business intelligence platform provides pre-built
integration to several leading enterprise SaaS applications, so their customers can
quickly access and integrate the data they care about without needing to build
anything from scratch.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
19
Drivers of Adoption
This report paints a picture of hockey stick growth and untold opportunity, but the growth in
APIs hasn't come without challenges. Many application providers, businesses and even platform
companies reported concerns around API adoption.
Issues with API adoption can be related to developer experienceAPI style, documentation,
functionality, etc. But the real issue is far more systemic than DX. Adoption is limited by the
addressable market, i.e. the number of developers that are available to learn, build against, or even
care about your API!
Our 2018 survey points to evolving and increasing need in the world of API
integration, creating a possibility for non-technical users to build the workflows
they need. By offering "no-code" or "low-code" capabilities, we can massively
expand the total addressable market for APIs and instantly solve the common
adoption concern.
How Organizations are Driving API Adoption Today
(Respondents selected all that apply)
Public API, open
to any developer
56%
42%
60%
35%
Platform that
enables
developers to
build integrated
services
Pre-built
integrations that
non-technical
users can
leverage
SDKs to ensure
integration is
easy for
developers
Ease of Use
Easiest
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
20
Customized APIs
One Size Does Not Fit All
As API integration evolves and matures, it has become very clear that not all API consumers are
created equal. Data objects may need to be modified based on the device type; orchestration or
composition may be needed depending on the sophistication of the client; security might need to
be adapted to fit mobile, web, or IoT scenarios. The list goes on.
What is the highest demand from your
customers and partners for API integration?
Other
13%
2%
19%
19%
47%
Customized APIs that fit
a specific business need
Better
documentation
"No Code"
integration
templates
SDK wrappers
for APIs they
need and use
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
21
With each new innovation in connected devices, and each new user and application experience that
accompanies these devices, organizations must consider an application architecture and integration
strategy that embodies flexibility and agility. API mediation is becoming a more familiar concept as
many organizations begin to evolve beyond their first foray into the API Economy.
API mediation is a solution for enriching or personalizing interactions between distributed
application and service components. We like to call this API Experience Management. The key to
the API experience model is placing a new mediation or abstraction layer between API consumers
(apps, services, and "things") and API providers (services and applications). This layer wraps the
backend API (the inner API) and exposes a personalized and managed API (the outer API) to each
defined constituency of consumers, simplifying the developer experience while also ensuring loose
coupling.

The new outer API may also aim to offer more advanced features to your developers, providing a
facade on top of the inner API to enhance its functionality, or simply keep pace with changes across
API technologies and best practices.
A great example of this diversity comes from Netflix, where their API development
team learned quickly that a "one-size-fits-all" approach to API integration wasn't
going to work. The team found that different client applications (such as a desktop
browser, a mobile application or a smart television) required different functionality as
they accessed the Netflix API, thus forcing the API team to build an increasing number
of features to address the demands. Once continuously updating this single interface
became unmanageable, they introduced an API experience, or mediation, layer on top
of their existing API platform that allowed each UI team and even partners to optimize
the API experience for their specific app or device.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
22
The burgeoning Low-Code/No-Code space has become an extraordinarily disruptive force in the
domain of API integration - causing confusion amongst developers, users and even vendors. But
even the terminology itself can be misleading, as the distinction isn't about whether people need
to code or not - but rather about the types of people using technology and tools to build API
integration
Representing the "No-Code" domain are the "citizen integrators"an analyst term to mean business
users who can build functional, but perhaps simplistic workflows without having to write a line of
code.
In the "Low-Code" domain, we focus on developers instead, demanding platforms to help
streamline and simplify their workdelivering enterprise-grade API integration without having to
start from scratch.
Twenty years ago, application integration was implemented by hundreds of consultants and experts
at a multi-million dollar cost. Now, with no code/low code, the same integration use cases can be
implemented at a fraction of the price and in a fraction of the timeand users expect it.
API providers must start to deliver more tooling that expands their addressable market, makes it
easier to get started quickly and transfers the burden away from the application buyer.
Source: Gartner 2017
Inner APIs
Out
er APIs Out
er APIs Out
er APIs Out
er APIs Customers
Applications
Things
IT Systems
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
23
Strategic Shift of Integration
Integration is all about making different apps and systems work together. Allowing them to share
data, orchestrating business workflows, and coordinating how users work across growing number of
apps.
As the app ecosystem developed, it spawned a new world of API-based integration and a landscape
of integration platforms aimed at helping developers manage how their applications interact. Now,
as API integration matures, the requirements, technology and integration use cases have also
matured. Many organizations must now work to integrate both their new SaaS applications and
legacy systems in the same developer friendly environment.
Integration Needs Comparison
Internal Needs within an Organization vs.
External Application Needs by End Customers
Database
21%
internal
external
16%
ERP
16%
internal
external
13%
Finance
11%
internal
external
9%
Communication
11%
internal
external
11%
Marketing Automation
10%
internal
external
12%
CRM
18%
internal
external
23%
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
24
SaaS has dramatically changed how we purchase, consume and adopt softwaremaking business
apps easy to buy, use, and maintain. As a result, application integration has become a differentiating
factor of every business, not just a tool. Today, an average enterprise uses 1,181 cloud apps across
its entire organization (source: Netskope, Feb 2018). This is a stark contrast to the 1990s, where an
average enterprise used 5-10 enterprise apps.
API integration is centered around adopting best-of-breed apps and systems by enabling smart,
fast, adaptable integrations and automations across all of a company's apps, APIs, data, people and
devices to deliver innovative, personalized experiences.
For API integration that means the way businesses work has drastically changed from the days when
traditional integration tools were created. Business apps have become consumerized, self-service,
and low-cost, but the tools to integrate these apps often remain complex, technical, and sometimes
more expensive than the apps they are integrating.
Integration tools should be flexible, allowing integrations to be changed at any time. In the past,
integrations were 'built-to-last'. Once you have your Order-to-cash process going between your
SAP and Salesforce, you don't go back to change itthe requirements were more stable. This is
no longer the case. Business apps and the processes and workflows around them are constantly
changing as new apps are added and existing apps are changed. Constant change is the norm,
requiring organizations to think strategicallynot tacticallyabout API integration.
In short: traditional integration platforms may be powerful, but they are limited by the apps they
support, the number of use cases they support, and who can use these platforms. These limits are
the reflected on the entire organization, making it impossible to enable enterprise users to build
integrations that support their line of business, to offer embedded integration experiences their
customers need, or to build the products their organization needs to survive in the digital era.
SaaS has dramatically changed how we purchase,
consume and adapt softwaremaking business apps
easy to buy, use, and maintain.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
25
While traditional B2B integration via EDI and other similar interfaces is expected to remain a large
part of the partner collaboration market for the next few years, API integration technologies are
seeing growing adoption across many industries. By migrating to API-centric partner integration,
or adding this option to existing business processes, organizations can deliver the same quality of
service with much less overhead.
APIs offer an easy way for companies to establish these essential integrations with customers and
other businesses. There are 2 key areas B2B integration strategy should consider:
New Digital Products Being
Developed in 2018
Evolution of B2B Integration
Businesses are not islands. Connectivity, collaboration, and success with partners and customers
is the lifeblood or fuel that drives any organization. Providing a way for these partners to access
your products, and exchange information is fundamental. However, many organizations still rely on
outdated and outclassed B2B infrastructure to exchange this crucial information. Partner integration
in 2018 and beyond requires a different approach. Web APIs not only deliver more flexibility and
speed, they will also enable you to attract and connect many more partners and customers than
today. During 2018, more than 50% of all B2B collaboration will take place via API integration, and
prospective partners will expect that they can integrate with your business via a lightweight API-
based approach.
This trend is reflected in our survey results, showing that 65% of respondents are developing new
B2B products and B2B API integration solutions.
65%
B2B products
39%
Mobile
products
36%
B2C /
Consumer
Products
27%
Employee
productivity
23%
IoT
Applications
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
26
Flexibility
By allowing a multitude of companies to leverage your platform for a variety of use cases, your
company can open the door to a larger market segment. Think about how your customers or
product teams consume your API. What level of burden are you forcing upon your customers?
Would better documentation allow people to integrate with your business better?
One of the biggest mistakes you can make is assuming that your API offers all of the utility that every
persona might require. In fact, our survey shows that many developers take weeks to complete an
integrationand every day spent is lost business value.
Average Number of Days to Build
Net New API Integrations
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
27
Longevity
According to Constellation Research, 52% of the Fortune 500 have merged, been acquired, gone
bankrupt, or simply fallen off the list since 2000. In order to survive in the API economy, you have to
think about longevity.
To set yourself up for success, it's important that your organization can support a wide variety of
use cases in a dynamic market. The narrower your supported use case, the less likely your company
will last in an ever-changing environment. As use cases and needs change it's important that your
company has a wide enough lens to adapt in real-time. The best way to widen that lens is learning
from the ecosystems and the partners that you do business with. By quickly integrating into multiple
application ecosystems you diversify how similar use cases are used in different environments,
increasing your stickiness and preserving your longevity in the market.
Offering Integrations Leads to More Revenue
Majority (64%) agree that at least a quarter of their user base will upgrade or
renew, if they offer integrations
64%
> 21%
15%
11-20%
13%
6-10%
8%
> 5%
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
28
Summary
API integration is no longer just for
developers. Businesses can leverage
platforms to drive various competitive
advantages and achieve long-term success.
It is important to consider how your
organization interacts with all segments of
your customer base, delivers and consumes
value in the surrounding ecosystem, and
thinks strategically about integration.
S E C T I O N 2
2018 State of API Integration Report
29
Developer API
Integration
S E C T I O N 3
2018 State of API Integration Report
30
Event-Driven Integration
Based on our research, one sentiment is clearmany architects and developers
have high interest in and adoption of event-driven integration.
Most organizations aim to create their own "Composable Enterprise" and will rely on multiple cloud-
based services to deliver this vision. Yet, many of these SaaS applications are islands that haven't
been optimized for integration, and many developers depend on pollinglots and lots of pollingto
create the workflows and integrated scenarios they need. For many application providers, there is a
long way to go before they can offer the features and event-driven capabilities developers expect.
Real-time demands are driving event-driven requirements
The need forand increased interest inevent-driven architecture is arguably attached to the
demand for real-time application integration and data movement. The world of "real-time" is
perhaps misunderstood, used in the wrong context or at best an overloaded term where the
tolerances for delay or latency vary based on the use case.

There can be varying opinions on the definition but in this case, 'real-time' implies web technologies
that enable applications to react to relevant business events as they happenor at least within an
understood period of latency. (e.g. 4ms delay may render a financial trading platform uncompetitive,
while 400ms delay is easily tolerable for most application integration use cases.)
S E C T I O N 3
Developer API Integration
Today's software architecture draws together a complex web of internal and external services
to deliver new value to customers at a lightning pace. Any successful, forward-thinking business
today leverages the power of APIs to integrate a wide range of services, data, external providers
and internal business capabilities into new workflows, mobile applications, and customer-facing
products.
However, as application and end-user demands evolve, this architectural approach also comes with
challenges. In this section we'll discuss 3 key architectural concerns you should consider when
building, integrating or managing your APIs.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
31
Event-driven technology
The good news is there are a variety of technology options and architectural best practices available
to embrace real-time integration. The WebSockets standard is now well established as an efficient
mechanism to stream data in real-time, and Webhooks is gaining momentum as the protocol
and pattern of choice for event-driven APIs. The arrival of HTTP 2.0 and Server-Sent Events also
represent an ever evolving landscape of technologies that may be used in other event-driven use
cases.
WebSockets
WebSockets provide a richer protocol to perform bidirectional, full-
duplex communication. This two-way channel is more attractive
for things like games, messaging apps, interactive experiences, and
for cases where you need real-time updates in both directions. But
again, the solution isn't perfect as the integration pattern effectively
breaks the semantics of HTTP.
Server-Sent Events
First-off, the term Server-Sent Events (SSEs) may be unfamiliar for
many. For the past few years the specification has been in a state of
flux and overshadowed by the more fully featured communication
protocol - WebSockets. However, the idea behind SSEs should be
familiar: allowing a Web Application to "subscribe" to data updates
originated (sent) by a server, and subsequently be notified as these
data events occur. The problem with SSEs is that, while they remove
the polling technically, they also take much of the control from the
user and forces the user into a passive state.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
32
Over the past 18-24 months there has been increased chatter about the limitations of Web APIs,
and how architectural choices must be made on merit versus conceptual elegance. This has led to
the evolution of standardssuch as v3.0 of Open API Specification, which now includes a way to
document Webhooks as part of a RESTful API.
Webhooks
Webhooks work by automatically posting new event data to a user-
defined URL, which is monitored by the user's linked applications.
Each time a new event is posted to the URL, the linked applications
update to include the new data. Unlike polling, which delivers
usable data on less than two percent of requests, webhooks only
update when new information is available. Because of the increased
efficiency, over 82 percent of developers surveyed by Wufoo
indicated that they would rather receive new data via Webhooks
instead of with polling. Despite this preference, our research
revealed only 29 percent of APIs currently support webhooks.
Developers Prefer
Webhooks Over Polling
Over 82% of developers surveyed
by Wufoo indicated that they
would rather receive new data
via Webhooks instead of with
polling. Despite this preference, our
research revealed only 29% of APIs
currently support webhooks.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
33
Our Recommendation
There is no single design decision that perfectly answers every integration question, but the perils
of polling are clear: higher network overhead, increased cost and poor user experience. Our
recommendation is to consider alternatives like Webhooks when building your next Web API or
integration scenario.
One clear signal emitted by the strongest API providers across
landscape in 2018 is the importance of investing in event-driven
infrastructure, and the development of a real time perspective of
getting business done using their API-driven infrastructure. The
phrase event-driven will mean different things to different providers,
but generally it reflects the ability to respond to internal, partner and
consumer needs in real-time, as events around valuable resources
occur.
Event-driven infrastructure might involve the development of
Apache Kafka pipelines within the enterprise, the delivery of financial
market data to web and mobile devices using Server-Sent Events
(SSE), all the way to pushing data and content via webhooks as
resources are added, updated, or even removed via APIs. API
infrastructure has historically been centered around making the
resources they have available in the web, mobile, and device-based
applications. Event-driven API infrastructure is about making sure
An Event-Driven API
Landscape Driving What
Matters To Consumers
Contributed Content from Kin Lane, API Evangelist
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
34
the most meaningful, valuable, and relevant information is delivered
when and where they are needed--driven by API consumer's needs
and desires, moving the conversation beyond just what resources
API providers have available, and making it about what consumers
need.
When you watch what the most seasoned, and mature API providers
are investing in across the landscape in 2018, you hear stories about
Yelp or Pinterest's investment in Kafka infrastructure internally. You
also see Stripe, and Slack adding further to the list of webhook
events that their API consumers can subscribe to. Event-driven
signals are a sign of platform maturity, and that API providers are
moving beyond the early stages of their development, having seen
the traction and adoption that they were seeking. These providers
are now interested in cutting through the noise and distortion, and
ensuring that their API consumers are subscribing to and in tune
with the most relevant events that are occurring via the platform at
any moment.
Event-driven architecture isn't just about data firehoses and
pipelines, or real-time streams. It is about making sure your platform
is pushing beyond the basics of API operations, and is managing
and moving around data, while applying algorithms in the most
efficient and meaningful way possible. Realizing an event-driven
way of doing APIs isn't about the next trend in doing APIs, it means
you are mastering the regular aspects of platform operations, and
have begun investing in the next stage of its execution, speeding up
the delivery of resources, and optimizing their orchestration. Event-
driven APIs aren't just about being able to technically deliver in real
time, it is about being able to do business in real time, responding to
what matters, as it occurs.
2018 State of API Integration Report
35
Emerging API Styles
As the API integration landscape evolves, new API styles such as OData and GraphQL are emerging
and gaining ground amongst developers. Here we'll evaluate each of these with regards to achieving
interoperability across APIs for analytics, integration and data management.
What is OData?
Originally developed by Microsoft in 2007,
OData is an OASIS standard REST API well-
established among companies such as
Microsoft, SAP, IBM and Salesforce. It allows
the creation and consumption of queryable
and interoperable RESTful APIs in a simple
and standard way. OData gives you a rich set
of querying capabilities and is quickly gaining
ground for its open source approach, as well
as its exceptional scalability.
What is REST?
REST (representational state transfer) or RESTful web services are one way of providing
interoperability between computer systems on the internet. REST-compliant web services allow
requesting systems to access and manipulate textual representations of web resources using a
uniform and predefined set of stateless operations. RESTful implementations make use of standards
such as HTTP, URI, JSON and XML.
It's important to note that REST is an architectural style, not a standard.
What is GraphQL?
Developed internally at Facebook in 2012,
before public release in 2015, GraphQL
is a data query language deployed at
companies such as Facebook, Shopify and
Intuit. GraphQL provides a complete and
understandable description of the data in
your API, gives clients the power to ask for
exactly what they need, makes it easier to
evolve APIs over time and enables powerful
developer tools.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
36

The table above highlights common criteria for accessing data through open standard interfaces.
OData has the full range of support for all these query capabilities. You can do some of these
operations with GraphQL, but they're not standardized or documented in a way to achieve
interoperability.
GraphQL is much like REST in that it defines the way to interact with a web service, but it doesn't
tell you what the service does. So you can do filtering, ordering, and joins, etc, but the application
developer has to understand how those work semantically to be able to know what their behaviors
are.
API Versioning and Maintenance
One key area of maintenance is handling updates to applications when the API changes, while
maintaining older versions. The biggest problem leading to this dilemma with REST APIs is that all of
the fields are returned when you query an endpoint. API providers have no visibility into whether or
not clients are relying on information in specific fields. API consumers must process all of the fields
returned even if they do not need the information.
GraphQL has addressed the problem of API versioning and maintenance by forcing clients to specify
exactly which fields they require.
OData provides similar functionality by providing a select list to limit the number of fields returned
to those needed by an application. This reduces response size and processing in an application.
However, it does not provide a mechanism to indicate that fields are deprecated.
Section 01 | Section 02 | Section 03
Query Capabilities: OData vs GraphQL
Operations
OData
GraphQL
Filtering
Ordering
Aggregation
Joining
Paging
2018 State of API Integration Report
37
GraphQL has already seen rapid adoption since its public release in 2015.
Production use cases from enterprise, government and startups are already in
place and new tooling continues to evolve and diversify. As an API technology,
GraphQL is finding its place in the broader API market landscape and has potential
to strengthen adoption by leveraging two other API sectors: in Serverless and in
the Internet of Things.
While sectors like ecommerce and publishing are already seeing significant value
from moving to a GraphQL API architecture, this year is starting to see other
industries take notice, particularly online video services. Key early user segments
in marketing technology, software development tooling, and digital consultancies
will help spread adoption to other industries.
One of the key benefits of GraphQLthe ability to create a data abstraction layer
that can combine multiple sources through a single gateway and endpointwill
garner growing interest from industry sectors that have complex data supply
chains. Data science, healthcare, and city services will be drawn to GraphQL in
2018 in the same way that publishing, social media and ecommerce have been to
date.
GraphQL has quickly established itself as a valid option for businesses and
developers making choices around how to create and manage their API strategy.
Across the sector, the biggest gap is a matrix decision tool that allows API creators
to assess each type of API architecture option and weigh up the best cases each is
suited to implementing. Without this clarity, each individual business must do their
own research from REST, Hypermedia and HATEOAS, SOAP and GraphQL options.
For many use cases, GraphQL has the potential of leapfrogging the growing
interest in hypermedia APIs. In hypermedia APIs, responses describe what data and
links are available so that as queries are made, an application can discover what
other data and capabilities are available that are relevant to the application's need.
GraphQL: Changing the
Landscape of APIs
Contributed Content by Mark Boyd
2018 State of API Integration Report
38
In hypermedia, this requires good metadata and well structured endpoint linking,
but can return bloated responses that slow down an application's performance.
In GraphQL, the schema itself describes the full data model. The introspection
quality means that inside any GraphQL API is the ability to query its own data
model to better understand what data is available. And GraphQL's advantage of
allowing clients to only call the specific data that is needed avoids hypermedia's
bloat problem.
As an abstraction layer that is able to draw in multiple data sources and make them
available or referenced within a single schema/data model, GraphQL has huge
potential for use in sectors where data comes from disparate and disconnected
sources. GraphQL removes data access barriers and makes all dataregardless
of the original owner or place of publicationavailable through a single schema
where relevant, related data can be queried at the one time. This suggests that
the fields of data science, healthcare, city services and other sectors that manage
complex relational data models may see advantage in adopting GraphQL.
There is no doubt there are still some challenges GraphQL must solve. More
complicated operations such as writing data in bulk, managing real-time data
querying via a subscription rather than polling mechanism, and managing caching
and pagination are partly solved but require more testing against production use
case needs. Authorization stands out as one area of work that requires significant
additional tooling and a variety of options.
Ultimately in 2018, GraphQL's evolution is still in its infancy, but with the rapid
interest from developers and the quick iteration and availability of tooling, there
are strong signs that GraphQL is becoming a legitimate option for how APIs are
created and managed, offering significant performance and developer experience
benefits.
2018 State of API Integration Report
39
API Security
APIs are certified "cool" - they provide access to data and services otherwise locked behind
corporate firewall, they enable easy development of web & mobile products, and they allow
organizations to do business in new ways. But this strategic opportunity opens up vulnerabilities, and
APIs are becoming the primary attack vector for unscrupulous individuals, organizations and even
governments!
Security then, must be a leading concern. All API stakeholders (developers, architects, operations
and the business) must play a role in deploying a security model that both enables and protects. This
is a list of guiding principles that API projects should follow:
1.
Security features, like deciding how to deal with authentication and
access control is often relegated to the last design consideration.
But a robust security model must also consider your overall
application architecture and find all layers where threats and
vulnerabilities may exist. It's also important to think about reusability
in your security architecture, making it easy for developers to
leverage standardized mechanisms at each application tier.
2.
Basic access control is actually pretty
simple. Users and clients request to
access Objects like data, applications
and services. Access controls then
make a decision to grant or deny that
request. Today, user management is a
mature space and most organizations
have a central user directory. Object
management must reach this same
maturity, enabling better controls and
improved granularity across your APIs
and data model. Leverage existing
standards (E.g. OAuth 2.0) to grant
granular access to services.
3.
Many believe security architectures
are focused on keeping the bad guy
out, but in fact most often the inverse
is true. Access control infrastructure is
designed to provide a user experience
to authorized entities: employees,
customers, etc. It's important to
design for malice: assume that those
trying to gain unauthorized access are
in fact not "playing by the rules", and
instead finding ways to work around
the areas governed by policy.
Section 01 | Section 02 | Section 03
2018 State of API Integration Report
40
Section 01 | Section 02 | Section 03
4.
Users simply don't care about or
understand securitythey just want
easy access and peace of mind that
their data is secure. Unfortunately,
for a long time security measures
and technologies have delegated
far too much responsibility to the
end user, expecting them to make
educated and technical decisions.
How often have you been asked "Do
you trust this certificate?" in a web
browser? It's not practical to assume
users have the technical knowledge
to understand PKIso how is it
reasonable to push this responsibility
to them? API security should be
designed in such a way to balance
user experience and security.
5.
Developer experience is just as
important as user experience, and
knowledge around security can be
dangerously lacking here too. API
consumers can't be expected to
know security, meaning your APIs can
unwittingly create vulnerabilities by
not arming developers with sufficient
knowledge. For example, a developer
may hit an API too many times and
degrade performance. Or a developer
may not know why or how to protect
API and session keys. These can
result in Denial of Service, and other
security issues.
6.
Finally, API integration patterns are evolving, and while request/
response still makes up the lion's share of implementations today,
there are other models that need to be secured as well. With
an increasing preference for Webhooks, Server-Sent Events and
WebSockets, the client-server designation is becoming blurred.
Signatures and encryption (E.g. TLS) should be considered to help
protect these bi-directional integration patterns.
2018 State of API Integration Report
41
APIs are doorways that have enabled organizations to build new connections
into their monolithic software and data systems. Of course, doorways work in
both directions. So while an enterprise may expose its data assets and business
capabilities using APIs, they are also making extensive use of external services in
their own systems by relying on APIs from third parties.
This multiplication of endpoints has blurred the security perimeter of the
organization. The threat surface has increased and more security risks need to be
managed. A manual, ad-hoc approach to securing the numerous and evolving
endpoints simply does not work. Furthermore, when API security is tedious and
not agile, it is considered as a roadblock to quickly delivering apps and innovations
and therefore often left out of development and operational discussions.
To address both issues, security teams must deliver "security as code", that is,
translate security requirements into code that can run automatically at every
step of the API lifecycle. This can be done by taking a DevSecOps approach and
"pushing security left", considering security aspects already when doing the initial
design and defining requirements setting phases.
The DevSecOps mindset considers security issues as bug fixes. Security
vulnerabilities are essentially bugs that can lead to unwanted outcomes in an
application or a product. Like all bugs, you want to discover them as early as
possible. The overall cost of fixing a bug is up to 30 times higher if discovered at
production time rather than at development time.
DevSecOps Approach
to API Security
Contributed Content from Isabelle Mauny,
42Crunch
2018 State of API Integration Report
42
At design time, organizations must take these core actions
to protect the APIs:
Development, security and operations teams work together throughout the
API design cycle, discussing and building the API contract (preferably based on
open standards like OpenAPI), deciding where the API will be deployed, and
who will use it. Together, they build the API's threat model that will drive the
security policies to be applied to the API.

As APIs are designed, a set of pre-approved, pre-tested security policies are
put in place that match the security level required. APIs are tagged depending
on the risk evaluated as part the API threat modelling. The policies must
address the core security aspects:

Enforcing the proper TLS settings to protect the API channels

Validating the API contract and the flowing data
Configuring the OAuth protocol and OpenID Connect
authentication flows
Auditing
Non-repudiation

Encrypting and signing the API payload (optional)
To secure APIs during runtime, the following security
aspects must be automatically enforced throughout the
CI/CD pipeline:

Security policies are incorporated as early as possible into the continuous
delivery and testing processes, and an API security gateway is deployed to
enforce those policies.
Code analysis tools (static and dynamic) are deployed and hooked to the
CI/CD pipeline.
2018 State of API Integration Report
43

APIs are actively scanned APIs for vulnerabilities, in other words: you must
hack yourself! You can start with ZAP, an OWASP open source penetration
testing tool that you can plug to the CI/CD pipeline.
Deployments are tested for proper TLS configuration using tools such as
SSL Labs or securityheaders.io.

Software and libraries are constantly kept up to date, and tools are put in place
to actively monitor security vulnerabilities.

Systems are constantly monitored for security alerts in order to respond
promptly to attacks.
In addition, it is critical to educate personnel on security
risks: all concerned parties should at least know about the
top 10 OWASP risks list and how to address them.
Protecting and testing your APIs through a repeatable, well-defined, automated
process enables the enterprise to continue to innovate at the pace required to stay
competitive, without compromising on security.
2018 State of API Integration Report
44
Interactive Calculator
Score the Current State of YOUR API Integration
To wrap things up, we wanted to give our readers an interactive calculator
to gauge how your API currently stacks up against the current state of API
integration. Gauge how easy it is for API consumers to interact with your service,
and how easy it is for data to move between your service and other applications.
Where do you stack up against the rest of the API community? Share your score
and be sure to mention #StateofAPIIntegration.
CLICK HERE TO SCORE YOUR API
https://hubs.ly/H0bq4kv0
2018 State of API Integration Report
45
Closing
And there you have it. We hope you enjoyed seeing the data and hearing
from our contributors about the trends that are set to affect APIs and
application integration. Follow the conversation by using the hashtag
#StateofAPIIntegration.
Check out our resource center for other easy to follow information. If you have
questions, or would like to learn more about Cloud Elements, contact us today!
CONTACT CLOUD ELEMENTS