Weekly API Evangelist Governance (Guidance)
One thing that is evident when you look out across the API space is a lack of alignment between business and engineering when it comes what standardization means. I have spent a lot of time investing in the technical specifications that are driving the API space, and with my work on Naftiko I am dedicated to expanding this work to the business side of the API space—I feel strongly this work will speak to what is happening right now with AI, and what is next for both AI and API.
Technical Standards
When it comes to the technical specifications I am doubling down on OpenAPI, OpenAPI Overlays, Arazzo, AsyncAPI, and JSON Schema. I am also aware of the role that GraphQL, Protocol Buffers, and MCP are playing in the space. Work across this spectrum is important and needs to continue. We need work on these standards, but we also need to be doing the work across these standards. One of the deficient aspects of technical standards right now is that there isn’t enough alignment between these standards, despite the overlap of their usage within business operations.
Operational Standards
Over the last decade we have seen the standardization of API operations slowly begin to shift more towards the business side of things. I have been investing in APIs.json and the api-catalog (RFC 9727) has been evolving as well. Semantic versioning has become commonplace, and event-driven approaches to operating has found new momentum, with Standard Webhooks pushing for standardization in this area along with AsyncAPI. Then we are seeing governance of our operations evolve with Spectral, Cedar, and Open Policy Agent. While there is a lot of work ahead of us to harmonize these areas, and we need more connecting of the dots between technical and operational standards being applied.
Organizational Standards
Where I see most of the work on standardization being needed is when it comes to alignment with the wider organization. I am optimistic with the momentum in event-driven and governance, but we need more organization, domain, and team alignment as well. Domain-driven design is a good place to start, but Team Topologies, Wardley Maps, APIOps Cycles, and Jobs to be Done all provide us with the building blocks we need to balance things out. I feel this represents the work we have ahead of us. You can see this imbalance reflected in the current agentic and other automation conversations making noise right now, and without more alignment across the organizations, domains, teams, and with partners, agentic and other approaches will continue stumbling.
Industry Standards
I am still working to understand what the future of API standards are in a Trumpian and AI powered market landscape. Industry standards like PSD2 for payments and FHIR for healthcare are still building momentum and spreading in adoption around the globe. API standards like the 1033 rule in the United States are seeing back pedaling due to the Trump administration, and overall regulatory effectiveness is being undermined. The standardization of APIs will continue to create and increase the velocity within markets despite the populist rhetoric to the contrary, and I am confident that industry level standardization will continue, and the technical, operational, and organizational standards will continue to shape and fuel these market forces.
Internet Standards
One thing that gives me hope in all of the artificial intelligence noise right now is visiting the sites of the IETF and W3C. These standards bodies are investing in HTTP, OAuth, IANA media types, JSON-LD, and other standards our world is build on do not seem all consumed by talk of AI, like other aspects of the technology sector are in this moment. It is actually a breath of fresh air to stroll through these sites on a regular basis and tune into what is happening across the working groups and standards being evolved. There is a slow, steady, and thoughtful pace of work occurring here which does a good job in counteracting the high velocity and scale at all costs mindset that tends to dominate the technology conversation these days.
A Venn Diagram
When you look across these standards you see a lot of overlap, but you also see a lot of gaps. I think there are very few people who look out across all of this landscape and think deeply about wha tis happening. I know from experience that you get pretty attached to the technologies you know and it can be really motivating to create something new without being fully informed regarding what already exists. I’d like to be able to pull of a list of any of the technical, operational, organization, industry, or Internet standards listed above and be able to understand where the overlap exists, and where it doesn’t exist—helping me see how standards are working together or not working together.
More Visualization
I think producing simple, shareable, and embeddable visualizations that are dynamically generated across these standards has a significant role to play in moving us into the next phase of the web. I think we have to careful and make sure we are aware of current dashboard and infographic fatigue, but I think there are ways we can get better at visualizing more of what is happening from a standardization or non-standardization perspective. I literally want to see a Venn Diagram for the overlap between these standards. Relationship diagrams should be the default. Visualization using mermaid, D3.js, and other standards should be a default characteristics of how we use these standards across our business.
Declarative Configuration
An important aspect of the power that these standards possess is that they are machine-readable and able to be used as configuration for tooling. Meaning, governance on your API using OpenAPI is only as strong as whether or not you are using the OpenAPI to configure your gateway, documentation, and generate SDKs—if you don’t…it don’t mean much. Being able to declarative configure near 100% of the surface area covered by these standards is everything. End users of these standards should be able to declaratively configure their services and tooling using these standards—this is how you shape, guide, and standardize our business operations.
Plain & Common Language
Another thing that stands out for me as I do this work, is the need for plain and common language to describe both the technical and the business bits. It is the primary reason we have an imbalance between the business and engineering areas of our operations. We need more YAML configuration across the Venn Diagram of standards listed above. We need simple language and data formats. Even the technical details should be something that your average business person can read and make sense of. This is one reason the conversation AI chat interfaces have captured such a huge part of the conversation, because of the perceived potential in reducing all this technical complexity down into something that makes sense—which should be happening with or without AI.
Updates & Awareness
The greatest challenge with these standards is being able to stay up to date and aware of what matters across them. There is a lot happening across these standards, from specification releases to tooling highlights and conferences that are occurring. Even someone like me who dedicates time to what is happening across these standards will struggle to understand everything that is happening. There are RSS, email subscriptions, APIs, and other mechanisms for keeping up to date, but there needs to be more standardization across how we (humans) pay attention to these standards. There is a huge appetite for standardization out there, but sadly it rarely lives up to what is expected because we are all very business in our hectic and high velocity days.
Naftiko Library
I am interested in helping establish Naftiko as the library for where stay up to date on standards. I envision Naftiko being the place where you go to do the due diligence before delivering any new service, tool, or specification. I think that the API space is so sprawling and fragmented because we don’t have anyone tending to the landscape across these standards. I think we have such an imbalance between business and engineering because we have balanced the number of technical standards with the number of business standards. We haven’t done the work to connect the dots across these standards, and provide plain, common, and declarative ways for stakeholders to express what they need. Most damaging, we also haven’t done a good job of keeping everyone updated and aware of what is happening. In reality, things are getting noisier and more chaotic, and we need to do better. We will do better.
“I have always imagined that Paradise will be a kind of library.” ― Jorge Luis Borges