API: A Problematic Interface?

The API economy in Mexico is booming, as digital markets follow steady growth catalyzed by the pandemic. In the last five years, Mexican fintech has accelerated financial inclusion and has set the example for innovation in other emerging regions of Latin America. We have witnessed a similar situation with Mexican e-commerce, which has transformed consumer behavior and scaled its market cap by driving steady, double-digit growth over the past five years. We can proudly say that Mexico is a leader in online markets, but is your organization ready to profit from this momentum?

Board executives need to understand the basics behind an API strategy, be aware of its impact on the business, and address the top risks in a timely manner. Does your organization relate to this statement? If not, this a good opportunity to level up your API game by answering some of the most important questions you should be asking, to the benefit of your business.

What is an API?

Application programming interfaces shape the digital world by enabling organizations to evolve, scale and optimize operations. They are the backbone of modern businesses, and they connect different software components together to provide access to service functionalities and data. Think of them as the necessary glue for things like mobile applications, cloud services and online transactions.

Fun fact: Did you know that there are over 5.45 billion internet users today, and that more than 80% of internet traffic is API generated? This means that APIs serve most of the world’s population on a daily basis.

The Benefits of API to Modern Organizations

1. APIs generate revenue and growth through new products and omnichannel services. They help you scale your market, increase customer loyalty and develop new business models (think of disruptive companies like Nubank, Nuvocargo or Jüsto).

The API Economy and how it impacts businesses and their operations (Wallarm, 2024).

2. Efficiency, by improving productivity through automation. APIs can automate processes that are less prone to human error and are less expensive to run, optimizing costs to the organization and saving time for employees. 

3. Improved user experience through integrated ecosystems that seamlessly connect clients, partners, providers and employees. APIs empower communication and data sharing, allowing systems to work cohesively in the benefit of internal and external users.

4. Enriched data analytics and reporting, by collecting data from multiple sources and streamlining workflows to provide deeper insights into your business (did anyone say artificial intelligence?).

5. Business agility, by being able to respond faster to market demands. APIs allow your teams to reuse standard components and focus on innovation, speeding up time to market and creating unique value propositions for customers. 

If APIs are so important, why haven’t I heard of them before? 

Their seamless interoperability makes them ideal for a frictionless experience (for example, APIs are expected to be invisible to end users). But, like gravity, not being able to see it doesn’t mean it’s not actually there. 

Why should business leaders care about APIs?

The average organization uses over 200 APIs, so chances are that they already affect your revenue growth.  

In the digital era, there is no option: caring about your business requires you to be conscious about APIs. Unfortunately, many leaders believe that APIs belong to the IT agenda and only realize its importance when there is a big impact on the business.

API risks you need to know about:

• APIs increase the attack surface (entry points used by cyberthreats to get into your network). Therefore, API adoption introduces new opportunities for hackers, who are always exploring how to penetrate systems. 

• Visibility is also of great concern, since many APIs are not properly documented nor monitored. APIs may be left abandoned after achieving their main goal, and without proper maintenance and supervision this may lead to potential vulnerabilities. Studies show that organizations report visibility as one of the main challenges faced today.

• By 2025 (yes, that is next year), more than 50% of data theft will be due to unsecure APIs (Gartner Research, 2021). APIs can multiply the impact of a data breach on your organization.

• Legal and regulatory compliance is mandatory for most organizations and digital services may be subject to standards, such as PCI DSS 4.0, GDPR or the Mexican Fintech Law. Regulatory compliance and enforcement are of critical importance for any organization trying to avoid fines, criminal proceedings, and damaged reputation.

• Due to the seamless connectivity with third parties (partners and customers), APIs can become your weakest link and make you susceptible to supply chain attacks. The corporate perimeter has become highly dynamic and is now determined by external entities that are difficult to control.

API Security Recommendations.

Without getting technical, here are some basic recommendations:

1. Awareness. An effective API strategy requires that every team in the organization understands what APIs are, their importance and possible impact, both positive and negative, to the business. 

2. Governance. Aligning APIs to the business strategy and defining a common set of policies and processes will promote quality, consistency, security and compliance. Leaders need to advocate for the organization’s commitment to supporting governance policies for the entire API life cycle. From design, to development, to production, a unified API vision will increase productivity, reduce security risk and maximize API value.

3. Visibility. Policies cannot be set if there is not a proper API inventory. Teams must continuously work together to discover APIs in use and evaluate potential vulnerabilities. Due to the dynamic nature of APIs, automation is ideal to achieve auto-discovery capabilities that will keep APIs properly documented and policies enforced throughout the full life cycle.

4. Collaboration and Accountability. APIs spark friction between development and security teams, since they pursue contradicting goals. Leadership needs to step in, early in the process, and make sure both teams can collaborate with each other and be accountable for a unified set of KPIs. 

• Performance evaluation for developers should include security indicators like incident prevention ratio or asset inventory, as it would help reduce cyber risk.

• Cybersecurity performance should consider development metrics like cycle time, as it would streamline workflows and reduce time to market. 

5. Monitoring and incident response. An API security strategy must be developed to understand and mitigate the unique vulnerabilities and compliance challenges. API sprawl makes it hard for organizations to keep track of exposed assets and suspicious activity. Therefore, automated security platforms are an ideal option for discovering rogue APIs, auto-learning the application business logic, identifying non-compliance and providing real-time incident response.  

Cybersecurity vendor Radware provides an automated security platform with comprehensive API protection for modern organizations. 

Leaders, if you want to power up your business and unlock the full potential of the digital economy, APIs are the highways that will take you there faster. You may find bumps along the way, you may need to comply with traffic control and although highways are meant to go fast, you must never forget that safety isn’t expensive, it’s priceless. So, drive your organization’s success by embracing an API strategy that helps you get there on time and safely.