Exploring the API Landscape in 2022 with Mehdi Medjaoui

Mehdi Medjaoui

Hi Kevin, thank you for having me a second time! Thank you very much.

Kevin Montalbo

Right, before we begin, we’d like to remind our viewers and listeners that you can dive deep into today’s episode by visiting our page, torocloud.com/podcast, where we’ll have a full transcript of this podcast episode, show notes, as well as links to resources to be mentioned in the show. 

You can also download our iPaaS, Martini, FOR FREE! Martini is Toro Cloud’s integration platform without limits. Take charge of your business using a single solution to manage all of your data across applications, databases, and business processes. Try it out and discover why it’s the highest rated iPaaS on G2. Visit torocloud.com/martini to learn more. 

Alright, so the last time you were here, we talked about enabling GDPR compliance. But today, we're going to talk about APIs. Now before we dive into your findings and the trends that you observed from your report this year, can you give us an overview of what the API Industry Landscape report is and how you started creating this categorization of API tools, providers and companies?

Mehdi Medjaoui

Yeah, thank you. So, the API Industry Landscape is a map. You know, many investors love to build, to publish these maps like “the cloud landscape” or “the AI landscape.” And these maps try to give an overview about how the industry is organising [and] structuring. Like, what are the different value chains and who are different providers along with the value chain? 

So, we wanted to do one. But we said, “Okay, let's not do one which is really static. Let's go with one that is highly interactive, where you can search, you can choose, you can click, you can explore, you can consult a lot more data.” So yeah, this is why with Mark Boyd, who is an API journalist and data analyst at Platformable, we decided to make the API Industry Landscape to explain to decision makers how the API market is structured, where's the value, what's the value chain and who are the vendors who are populating the value but also make it in an interactive way where people can find a company, click to know more, to have more data and not do it like a classic VC landscape, which is really static, just photos. Because they invest in tech, but they don't use that, right?

Kevin Montalbo

Yeah. Our listeners would be interested in that and they can find the link of your API Industry Landscape report in this podcast. Speaking of listeners, most of them are software architects and they would be interested in the findings in the trends that you found in your report. So, we're going to dive deep into those today. So, first and foremost in your report, you found that there has been an explosion of regulations governing the API industry. So how do you see this impacting the way API tool providers work?

Mehdi Medjaoui

Yes, it's true. So, just to sum up, we've gathered 1,100 API tools in the landscape, right? We took the major ones or the ones we consider major. Some are even completely open source, but we consider them major to be part of the landscape. It represents a total of $180 billion in investment. So, it's quite big. 

And it's true that… Let's say regulations have highly impacted the API industry landscape, especially the one that started in 2013, right? In 2013, we had two types of regulations happening at the same time. We have some open data regulations. Like, I remember Barack Obama in the US [said] that every public agency must have an API by the end of the year, you know, because of this open data movement, public sectors wanted to publish data openly to third parties. And when they understood that Excel files or CSV files were not the best for building applications, they decided, “Okay we need to do it with API.” So, it was a regulation for the public sector and at the same time –  this one started mainly in Europe – we had Open Banking Regulations PSD2 payment service directive that  pushed and obliged banks to open APIs for account information or payment initiation and they had five years to do so. 

When we've seen the regulation, let's say many investors and entrepreneurs said, “My God, banks will open APIs. So the data from banks will be open. We need to invest there.” And so all the fintech movement has been highly accelerated by this obligation to open APIs, so many, many, many tools are enabled because of regulation pushing for APIs as a way to answer a regulation. We've also seen in Brazil recently an insurance regulation about APIs. We've seen sometimes in Europe like logistics and supply chain APIs and also health care. 

There is a famous standard called “FHIR,” right? And FHIR APIs are now an obligation to share data between hospitals for medtech applications or whatever via this standard API. So, yeah all these regulation-driven markets are pushing APIs as an obligation to use them. And many, many vendors actually have specific products about it or are dedicated to these industries. You can take an example like Yapily. It's an open banking API management platform. They just do open banking, right? It enabled this new generation of tools. So, yes, the landscape is quite affected by these regulations.

Kevin Montalbo

Yeah, and it's interesting to note that despite the fact that when we say regulations, it usually is like a roadblock but in this case, it's opening up more companies to even embrace the APIs, the use of API tooling and become part of the API ecosystem. Is that right?

Mehdi Medjaoui

Yeah, regulations are often like roadblocks. But these [API] regulations are here to open and share values. Just take the example of open banking. The goal was to say, “Look banks, your business model is to capture customers for 20 years or 30 years in the mortgage.” And so you don't have to innovate. Right? So the customers, the citizens, the customers behind the citizens, they’re not benefitting from all the money banks are making and from the innovation. So it will oblige banks to open, to let the party innovate instead of banks. Banks, you should have innovated in the last 30 years. 

So, this is the type of regulations that were to redistribute value on the market, like to reshuffle the cards. And yes, so this type of regulation is opening new stuff right? But again, you can have a regulation that obliges you to build tools. It doesn't mean it's a good regulation. You know for example, if a regulation obliges you to respect certain processes or scenarios and many startups will build companies just out of that, it doesn't mean it's a good regulation that generates value if it's a blocker. 

But this one, it was not the blocker. It was an enabler because actually the fintech market has exploded and now, fintech banking is a lot bigger than banking alone 10 years ago. So it was really value generating for everyone, this type of regulation.

Kevin Montalbo

Yeah, sounds great. Now I want to jump into your second finding. API security obviously is part of API management, but your report in the second trend, it states that API security has become a standalone product with privacy next in line. So, let's focus first on the API security aspect. Why do you think this happened? Why has API security become a standalone product?

Mehdi Medjaoui

So, there are two reasons why API security is a standalone product. The first one is like the commoditization of API management. So, we take it as a trend zero in our report. Let's say API management has been there for 15 years, many acquisitions. We showed the number of acquisitions in the report. So, there is a lot of consolidation into big players. So, every cloud vendor has their own API management solution. So, let's say the innovation has stopped that a little bit. 

And also there is a lot of commoditization. So, we've also seen players investing in open source API management like Kong, Gravitee, Tyk, Solo, WSO2 there for a long time, but they were also open source. So, now we have a good open source stack. Open source liberates the value. I won’t say it kills the value, but it liberates the value on the core. So now, classic API management tools are free of charge if you know how to manage them with open source. 

So, the market needed also to reinvest into making capturing again more value. Then we have the regulations. So, we've seen many specialisations into regulation like we said just earlier, so many solutions dedicated to banking, healthcare, logistics, operation, insurance. But now there's another aspect which is specialising into the tech part of API management and API security is definitely one for different reasons. First, COVID has obliged many companies to go remote and open endpoints that were sometimes not managed or stuff like that. So the attack surface has increased a lot in urgency. 

So, let's say a lot of companies are not aware and because it was not managed, they want a solution that helps them make a shield. Right? And also the complexity of attacks. You know, now cybersecurity, cyberthreat, ransom threats are kind of new. Well, not so new, but there's a new trend because of these weak endpoints . And so now, companies need to raise the bar into security. 

So, this is what we have seen pure API players over the last years and we've seen really an armed race last year if you take a company like traceable no name security. Web security. Um 42 Crunch salt security like these five startups raised $200 million just last last year. Just on pure api security. It's interesting to notice that most of these companies are from Israel which is a country really known for security for from entrepreneurs were doing security companies sold their companies and now attacking the pr security landscape. Um Yes, it's yeah the FBI security is really is really key for these reasons but also because the api management market has highly criticized and so the market needs to find products, we generate more value.

Kevin Montalbo

Alright. I'd like to go off on a bit of a tangent here, Mehdi and talk about a P. I. As a product because we're talking about, you know, api security, you know, branching off to this standalone thing. Do you have any findings about a P. I. As a product in your in your trend this year?

Mehdi Medjaoui

Yeah. Actually it's the train number four. When we say a P. I must be a PR now are part of the infrastructure which means that yeah. Now there is an A P. I to do most most of the things you want to do. There is people who already built software and expose it and ndp for that. But it's true that the ep I product mindset, the product idea. Um And practice has pushed many people to invest into. P. I. S. Right? And to manage them because it was actually the money maker, it was actually the product of the company. So we you want to secure the value so security is key, you want to manage the values, the management is key. And and and also um let's say many managers are having this product mindset so that and they understand that. PSR way to build next generation of products. So this is why the landscape as mattering because now they want to control the full what we call api lifecycle management, you know from the design documentation, test, security, versioning, promotion, exposition versioning at the end. You know they pull off something needs to be mastered because it's it's the product, it's the thing that brings money in the company is not just a technical tool that the I. T. Teams use for saving some some time or whatever. Now it's the core business. So you need an industry to supply the core business. And this is why the P. I. As a product has really helped the api industry landscape to structure. But in all cases actually in all the cases,

Kevin Montalbo

Have we come to the point where a. P. I. S. Are or the term A. P. I. Has slowly you know reached the trend where we're talking about it as if regular people are already talking about it. Like for example regular people um non developers are already talking about the cloud. You know they already know what the cloud is. Have we come to the point where we were at that level with the A. P. I. S.

Mehdi Medjaoui

Companies have understood that their end-user is not always a developer.

 It's starting it's starting again at the press conferences we run, we've seen that over the last 5-6 years. Many business people talking about mps even if they don't know how to use one or how to build one or they understand the concept and the power behind it but still it's not there yet. I'm still doing um sometimes, you know, evangelization sessions to executive committees about PPS is not just a technical term, you shouldn't need to think in terms of business whatever. So let's say it's growing but it's it's definitely not done yet. More and more business business people are adopting the word. P. I. S. And and the mindset behind it but definitely the top management is not there yet. And and it's not spread across across all departments, even in the I. T. Department, not every technician has the P. I. Mindset to understand Y. P. Is important for the business api is a product they still believe in the p. I. Is just an interface to connect to applications, which it is but it's not in an open api economy. This is not only that it has also business implications. So so this is definitely not there yet but I would say even the cloud when you ask about the cloud if you really ask people what is the cloud and what, there is less people that understand it, that than we think.

Kevin Montalbo

Yeah, and I think that your answer leads perfectly to my next question and which is the, which is one of the trends that you actually found and this is about the emergence of local development platforms and the birth of citizen developers, you said that it was triggered by the rise of these api s so what do you think is next in this space?

Mehdi Medjaoui

Because of APIs and the proliferation of APIs, now there's an API for everything.

Yeah, it's true. The local and no good aspect is really booming, I often take this example like now we have no good bootcamps Like you know we 10 years ago we had code would caps like three months to learn how to code approximately and then to start as a, as a, as a programmer and then you will learn along the way. Now we have no code bootcamp right? So three months to learn how to no code or how to code with, I don't know how to say it, but like your no code or whatever. yes, citizen developer but the thing is yes, with a platform like bubble notion or is that here or you know, who are able to um enable like really the identification of of the of the of the business, there is a, there is a widget, there is an app in integration Snippet for for everything that you connect this impact together and you are able to build to build quite, quite interesting implications. Just just said, the no code low code aspect has been there for 30 years.

We tried to help people to do no code, but it was never really able to to achieve a certain point. Now, it seems to achieve a point where companies make millions of dollars with no cartoons, right? You know, they are able to bootstrap their first million of revenue without even a line of code from their teams and without the developer in the team. And we even see developers adopting no code tools because when it's ready, why, why are we invest in code where and, it's, I can do it with no code so I can invest code time and bandwidth on something else. So, so the trend is really there and also we see many, we lack of developers. So we see a lot of people who try to make moving there in the carriers and with no code you have learning curve that is higher of course at the end you there's things you cannot do with no code, but the, the learning curve to do something valuable is really, really fast with as a coder, you make maybe six months, one year to have a level of doing something variable with no code, it's a few weeks to do something really, really valuable That the code, it would take two or 3 years to write. So that's that's that's that's really the first the idea behind what's happening.

The second thing is that yes, because of APIs and the proliferation of APIs. Now there's an aPI for everything. As you said, there are really a layer of infrastructure for for the whole digital world. And so now companies have understood that their end user is not always a developer, the end user is probably business people, business manager, business product or whatever. So let's say no code is just another way to expose european. You know, you can expose Europeans as rest or graphical, you know, like really raw for developers. You can have sdK s, you know, to help developers to integrate it better. Right? But you can have embed code, right? You know, so snippet of code that you can embed and everybody can embed you have and so you can so you can have widgets, right? So it's another way to expose you're a P. I. S. To make it more consumable. And so I consider not good as a more abstract way than widget, but a more abstract way to to expose your API is to be able to share it with others, to mix it with other A. P. I. S. And to include it into let's say business environment.

So I would consider as a part of the developer experience but it's a developer experience that is so abstract and so simple that it can even be a customer experience. Not only a developer experience but also a customer experience. So this is the trend. And we've seen companies like um zap here, we've seen a retool, we've seen app sheet acquired by apogee for $2 billion. you know like all these companies in the in the know cold environment are really booming and they're highly evaluated because they understand that I think we have 0.03% of the planet with the developer and we need like 20 times 30 times more than that. So we will need more people to to onboard. And this is the the piece they have is that yeah we there were like 25 30 million developers. so we definitely need to have tools for these people and the next developers, maybe not developers, there will be business people who understand how to mix things, you know, air table some some stuff like that.

Kevin Montalbo

Yeah I think I hope the next api days would you know sponsor these no code camps in the future anyway.

Mehdi Medjaoui

And you know what the next paris in the summer we have no code day like the track about no code in a full day.

Kevin Montalbo

Excellent. Excellent. Now in your report you analyzed each category of the api landscape. So in your report which category showed the biggest innovation or growth that you have observed this year.

Mehdi Medjaoui

If there's an API for something, it's because there is an entrepreneur who had an API-as-a-product mindset and built an API to do that.

So the biggest innovation and growth is definitely the what we call the. P. I. As a product or business process as a service. You know, this is the trend number four. This is really where like we see most of innovation because it's quite decentralized innovation. Many entrepreneurs, they see a business process that is manual, are still owned by Excel or that is relying on all technologies. It's okay, we should build an API for that. The example of some company like I recently see like impala, they try to do a full aggregator for hotels, you know like hotels have issues to publish their data and the web. They only they only go to what we call the hospitality management system which are owned by all players which are expensive and not innovating. So they try to liberate hotels to be able to share their data anywhere. You know, like in in Fintech and interns in healthcare in supply chain. Again many, many start ups are evolving, evolving into into into aPI models, right?

And in all types of industries or you know like every business process can be there in Ep and this is where we see a lot of innovation. I've seen a background check ups, you know to know if you need to hire someone, you can have a PS to make forms like you know, type forms and others, you know, there's an api for everything. So the innovation and the growth mostly come from this business process as a service and that actually makes the really api economy digital infrastructure, when you think there's an aPI for that, it's because there is an entrepreneur who had a CPM mindset and build build an API to do that. So this is where we see the most most of innovation.

Kevin Montalbo

Yeah, and it's the most approachable to to I think like for for someone who is not a developer for them to discover a P I. S, that's going to be like their first jump off, pointed to the world. Dark landscape, so to speak.

Mehdi Medjaoui

Yeah, but this this part, the ap when you have more number of more mps, actually you have more aPI tools, you need to manage them. So that's that's that drives the landscape on one part, that also drives the way you need to integrate them. So like to craft the all the I pass, you know, like the I pass also see some innovation, some new ipads are coming because nu ep is more a p i is more protocols, more, more, more designs and everything you need to understand, like the fragmentation, you need to orchestrate this now, 10 15, 102 100 FPs. You integrate in your system. So you need new ways to integrate and orchestrate what you integrate in your system with security with, with cutting really fast.

All these different P. S who are different data formats and export formats and everything. So Yeah, so it's also drive innovation into the integration platform as a service and last but not least the aggregation P I s, you know, the one people who say one ups for all banks for one ups for all hotels or gps for all hospitals also is driven by this this this new this new api because it said the A P I is a product because at someone the more you have some people when you want simplification, so they really want to be the single, the one stop shop for for all mps from sector. So yeah, specification drives, collaboration but in a few years we have we may have too much agglomeration and so we want to have specification again and this is the history of software.

Kevin Montalbo

Yeah. So, I'd like to wrap this this conversation by asking you, I'm not sure if you really have a direct answer to this because you've been working with A P I. S for years, but which finding or trend this year most surprised you and your team? What was the most surprising thing about or trend about the A. B. I landscape this year?

Mehdi Medjaoui

Of course, I have an answer to the question I always have. And the thing is now for me, again, maybe by us, but the main, the most surprising things I've seen is like the appearance of privacy concerns into api management. Right? I thought I thought people will will not care really about privacy in the next five years and it will be only really later they will care about privacy but we've seen the emergence of pure privacy data ways company like company who are who who on top of TPM management, they don't do just security. They do also privacy the check regulations.

We've seen also companies we check data retentions, you know, if the P. I you have access to something to check the data actually is not obsolete because of our privacy regulation. And last but not least, you know, in in Ep I security you have what we call access management or access control management. And we've seen also some companies who help to do what we call purpose based access management. So now it's not about like the technicality of does someone has an access to A P. I. This is a pie, this does this app I. D. Has these scopes to access the data they request but no. Now is that does this app has the right the legal right access this data because the content has been shared with the user or to to do just an example. You give your data for marketing proposes just market communication purposes, right? You know newsletter. But yes, someone in the crm for sales. So okay, like I will pull this data from the database through P. I, you know to have to be able to have to have it in the crm to have sales, but the concept has been done just for marketing, for communication, not for sales. So now we see gateways that analyze the purpose. Look yeah, the crm is not it's not identified as let's say on the same purpose than the consent of the user. No, sorry, I give you an error. So we see new type of errors in. P. I. S. Like, you know the errors like 401 unauthorized or 434 billion.

Now we see this type of errors because of regulation or privacy concerns that we're not we're not seeing that so much before. So it's actually surprising we see that earlier, right? And some companies like exit for example are doing some pure. P. I. A. P. I. Privacy gateways and stuff like that and and so many others. So it's a trend that actually I was surprised to see early, I thought it was in a few years, but now we see that coming in in in in the in the space. Yes with this and no code actually are the two surprise of the year. like privacy is of more regulation, more privacy check at the P level because it's really the the the at the interface where everything happens and, you know, people don't want to see that the database, they don't want to touch code in the app, they just want to see the flow if the flow is going right and and and and also the knock wood aspect. Yes.

And I will just share the last example you're familiar with the T. L. You know, extract transfer load, you know, technologies to to move data. There's a company is actually really surprising called terabyte. They do an open source T L. That huge community raised $180 million in less than one year. They're really booming. But the thing is, yes, I talked to there is here recently. He told me, yeah. Actually when we have one issue where then when we move data from one application to another is checking if the regulation works right. and so they look for people to do open source components on that. So yeah, definitely privacy for me is the, is the surprise of the year, but no code is not a surprise but it's it's really interesting to see how how big it comes. It's surprising in a way that how how how big it comes.

Kevin Montalbo

Yeah. Right. So interesting findings there, Mehdi before we wrap up, can you tell us where our listeners can fully read and appreciate your report? I think they'll find some more stuff in there. We just scratched the surface over here at coding over cocktails and of course can you share with them where you can, where they can follow your activities and updates on a P. I days and all that good stuff happening.

Mehdi Medjaoui

Yeah. So if you're interested about every P I. News and and api conferences so you can go into websites. So api is dot global for everything about conferences. I I do I do a sum up of the a quarterly update of the landscape every conference, so you can, you will be able to see like some updates of the landscape at every conference and you can attend to these, we're back in person this year so that's that would be a lot of fun. you can go on a p I seen that I also P I S C N dot Io it's our media platform where we actually, we host the ap landscape report that you will be able to download in full for free. Right. And and yes, if you're interested interested about data privacy, you can follow what I do on alias the deV A L I S dot dev for different P I for privacy.

Kevin Montalbo

Alright, appreciate the time, Mehdi, thank you very much for joining us for another round of coating over cocktails.

Mehdi Medjaoui

Thank you very much, Kevin.