Weekly API Evangelist Governance (Guidance)
I wanted to reflect this week on my 35 year journey regarding the negotiation and market-driven access to the information that has shaped the last 50 years of business, and how all of this is shaping what is being sold as business intelligence in this new era being sold in this moment. There is an interesting accumulation of things I am seeing across 35 years, but there is also a loss of some key things along the way that I want to better understand this week.
Files
The business world is made up of an assortment of business files. Spreadsheets, PDFs, images, and other digital files that we create on our local machines and then make available via networks, email, and other ways of sharing. Files are where most of the valuable information resides as part of our business workflows, something that has remained constant through today.
Databases
The center of any business since the 1950s, and throughout the information age, has been the database. Databases exist as a central repository of valuable data for a business, but also exists across lines of businesses and domains. Databases still remain the center of power across many businesses, but this power has been challenged throughout this century of change.
HTTP
By the turn of the 21st century, the HTTP protocol was full baked and was powering the rapidly growing World Wide Web. HTTP made files accessible privately and publicly via the Internet in new and useful ways. HTTP also made data available via databases in new and useful ways. Files and databases combined with the web have introduced new ways of doing business on and offline.
REST
As we were figuring out how to make information available online, Roy Fielding introduced us to a useful and practical way to look at our information using “resource”. For the next 25 years we would be looking at our information through the lens of stateless resources that can accessed via the web, and on our mobile devices, via any application or system connected to the web.
Hypermedia
As REST picked up momentum in the early part of this century, hypermedia became a popular way of expressing relationships and interactions between files made available via the web. Hypermedia connected information across the web, and introduced automation across the web in ways that emulated how humans were finding the information they need online each day.
RPC
Alongside the resource centric adoption of REST, RPC, or Remote Procedure Call was also steadily evolving to support the development of web and mobile application, as well as system to system integrations. RPC has evolved, using XML, JSON, as well as Protocol Buffers delivering gRPC, providing a buffet of ways to express the actions you need to take as part of business in a highly performant way.
OpenAPI
As the velocity around REST grew, the need to consistently generate document, software development kits (SDKs), tests, and other essential elements needed to onboard and put APIs to work increased. OpenAPI, formerly Swagger known as Swagger emerged to defined the surface area of the many different APIs we were needing to power web, mobile, and other types of applications.
Collections
The success of REST, spawned a new API client called Postman. As the popularity of the “browser for APIs” Postman grew, they produced their own format for describing the surface area of called Collections, which had everything OpenAPI had, except for the schema to describe payloads, but also introduced scripts for test automation. Competing for mindshare with OpenAPI across the space.
GraphQL
As all of this was happening, and with the growth in dominance of mobile applications, another player emerged on the scene to challenge the dominance of not just OpenAPI, but also REST. GraphQL was looking to build on the evolution of REST making databases queryable, but it also shifting the power into the hands of API consumers in similar ways that Postman was trying to do.
Arazzo
With the number of REST APIs growing, the need to better organize them into meaningful workflows was also increasing. The OpenAPI Initiative, the Linux Foundation organization behind the OpenAPI specification saw a need to launch the Arazzo specification to provide a machine-readable way to weave together many different API requests into a workflows that can be used in tooling.
Model Control Protocol (MCP)
In the frenzy of the investment being thrown at artificial intelligence, Anthropic, the maker of Claude, launched the Model Control Protocol (MCP) to standardize the way artificial intelligence (AI) systems like large language models (LLMs) integrate and share data with external tools, systems, and data sources. Adding another layer to the API integration conversation.
Agent2Agent (A2A)
Google couldn’t be left out of the action, and quickly launched their own Agent2Agent (A2A) protocol which complements Anthropic's Model Context Protocol (MCP), but was looking to address the challenges we identified in deploying large-scale, multi-agent systems. A2A is going for the same digital bits on the table as MCP, which OpenAPI, Postman, GraphQL, and others have been competing for over the years.
Authentication
Throughout this journey authentication has evolved as well. We began with simple user and password, moved to simple tokens and keys, and then got more sophisticated with OAuth and JWT. You can see this journey in the complexity of the OAuth 2.0 specification, and the emergence of the FAPI specification that is working to harden the relationship in how we authenticate.
Access Control
As our valuable digital resources continue to be exposed online the need to secure access via authentication increased, but the ability to get granular with access control is also increasing. OAuth scopes, AuthZ, AuthN, and the need for defining who has access to what is becoming a regular part of the conversation across all of these approaches to accessing digital resources.
Sovereignty
When I look across this journey I see the struggle for businesses to make their digital assets available where they need them, while also maintaining control over their data. You can see this struggle present in the number of SaaS services that businesses use, but it is something that has reached new levels of concern surrounding how you stay ahead or don’t get left behind in today’s market.
I am continuing to look across these protocols, patterns, and specifications this week, and I am doing a diff across them when it comes to the technical bits, but also the business bits. There is a lot of things in motion across all of the protocols, patterns, and specifications listed, some of which haven’t been considered or are being left behind as part of this moment—I want to understand more about what is needed to stay afloat and get ahead.
Markets are constantly in a state of uncertainty and flux and money is made by discounting the obvious and betting on the unexpected. - George Soros