Open APIs are quick access for many solutions but also bring up a lot of vulnerabilities. According to Neosec, almost half of the 300 senior decision-makers that they surveyed rated their API strategies were under development, and only 31% said that their API programs were fully executed across the entire organisation.

The survey that was conducted in November 2021 from decision-makers in the US, Germany, France and the UK resulted that 53% of companies use third-party APIs to develop products and services, and 46% create APIs as products by external developers.

Open APIs – solution for many

From government organisations to large companies, all are looking into integrating open-source APIs, not just because they are convenient and interoperable but also because they believe that fully open APIs are the future.

Last month, the National Health Authority (NHA) of India, under its scheme of Ayushman Bharat Digital Mission (ABDM), announced the completion of 27 integrations with organisations offering Health Management Information Systems (HMIS), health locker services, Laboratory Management Information Systems (LMIS), health tech services and other digital services to develop an integrated, interoperable and user-inclusive digital healthcare ecosystem for the country.

Dr R S Sharma, CEO, NHA, believes that the objective of ABDM is to deliver health services in an affordable manner. For the same, they are building an interoperable, open system based on open source with open APIs and open standards. “So that basically enables every public player, whosoever wants to integrate with the system to integrate with ABDM,” said Sharma. Out of 27 integrators, 17 are private sector integrators that provide solutions compatible with the overall architecture of ABDM.

According to McKinsey, as the functionality evolves, APIs will deliver more advanced services. It has become a matter of pride for companies to be a part of Open API initiatives. Recently, Reliance Jio achieved the Open API Platinum conformance certification from TM Forum, requiring the telecom giant to successfully implement over 20 Open APIs. According to Nik Willetts, CEO, TM Forum, Jio is actually future-proofing their cloud-native tech stack by building their IT infrastructure using TM Forum’s Open APIs. Additionally, the company is using Open Digital Architecture (ODA) as the blueprint for its enterprise architecture.

There are also initiatives been taken to promote Open APIs. Last week, The Linux Foundation and the GSMA announced a new, open-source project called “CAMARA – The Telco Global API Alliance”. The partnership is to address the challenges in porting and reproducing API services across cloud architectures and heterogeneous operators. The project is expected to support customer and developer ecosystems by developing global, open, and accessible API solutions.  CAMARA also offers opportunities for collaboration between network and cloud companies like telcos, device manufacturers, ISVs, etc., to look into the challenges of porting and reproducing API services. 

Legally speaking – Open APIs are great

Fully open APIs have open source software that has open-source operation procedures. This allows for the technology to be reproduced and even audited in any region. Additionally, it resolves a lot of geopolitical conflicts. For example, users of Azure, AWS, or even the Google Cloud Platform might not be able to expand in Russia or an EU country as they require data to be locally stored. Additionally, in the EU, using any US-based clouds violates their GDPR. It totally makes sense to use fully open APIs that are based on open-source software as they are the technology of the future.

With fully open APIs, too, developers get the same level of control and freedom in the cloud.

Wrapping up

To consider the limitations of open APIs, it is essential to also take into account the issues with API itself. According to Salt Edge’s survey of over 2,000 API initiations with banks from 31 European countries, 38% of bank APIs don’t meet EU or UK regulatory standards. It was also revealed that 43% of banks did not support automated registrations to access the relevant APIs, 22% had faulty documentation, and 28% had downtimes during the integration.

A closed API is not accessible openly and typically resides in highly secure settings. But with Open APIs, a recent report from Transparency Market Research showed that, in terms of security, uncertainty and vulnerability of the third-party apps is one of the major restraining factors that affect the market.

According to experts, a good open API requires basic considerations like the choice of selecting data format (JSON, XML, Text, VML, etc.), the protocol (HTTP, HTTPS), and the version of API. It is also important to consider security, be it API authentication or HTTPS. Considerations of performance, availability, error, and defects for better service and availability of documentation in PHP, Python, Java, etc., become quite essential. Developers also can look into advanced options like streaming, catching, etc. and even limiting the callouts per day to handle traffic on the open API.