This newsletter is getting back to the old days format where I distill down what I am seeing across thousands of API producers each week, to help me (and you) understand whats up.

A total of 4,108 posts across 948 API repos this past week, and 258 of them had something API-related in the title. Leading theme was that MCP is no longer a single-vendor feature, it is being treated as platform infrastructure. The supporting stories all sit downstream of that one shift.

Let me walk through what else I saw as I worked to sift through the noise with the help of my buddy Claude.

MCP Gateways Are the New API Gateways
The gateway discussion continues to frustrate me. I really don't think MCP should just be a tack-on to the gateway discussion. But here we are. It is the word y'all know. So I guess let's keep cramming everything in there.

Solo.io published building an MCP Gateway with Apigee API Gateway — the explicit framing is: your existing API gateway gets an MCP layer in front of it, not next to it. Same week, they also published MCP progressive disclosure for token savings and enterprise MCP SSO with Microsoft Entra and Agentgateway. Three posts, one common pattern: Everyone thinks that MCP is going to live where the API gateway lives.

Docker shipped custom MCP catalogs and profiles for enterprise MCP adoption. Gravitee published MCP AI Explained: How Model Context Protocol Works — a sign the API management vendors are now writing the "MCP 101" content their customers are asking for. SnapLogic shipped MCP Server Token Propagation — the iPaaS players are also climbing into this space. Apify, which is more of a long-tail web automation provider, wrote how to configure your MCP server with 25,000 Apify Actors — they are exposing their entire actor catalog as MCP tools, which is a scale of MCP coverage no other vendor has matched. But is scale what we need when it comes to our tools?

MCP continues to dominate the conversation, but I am hearing fatigue in the voices of many of the design partners I am talking as part of my Naftiko work. Agent uncertainty. Reduced investment in API governance. It is all worrying the folks I've been talking with, resulting in more caution when it comes to MCP.

OAuth Identity Passthrough Is the Real Problem
I am no expert in OAuth, so I am thankful that providers like Truto and Gloo are working through this stuff and actively telling the story.

Truto published implementing end-user OAuth identity passthrough for remote MCP servers — the technical writeup of what happens when an agent acts on behalf of a user against a remote API, and the OAuth token has to flow through the MCP server without the MCP server ever holding it. This is the hardest unsolved problem in MCP right now. The naive implementation — MCP server holds the OAuth token — is a security and compliance non-starter for any enterprise scenario. Truto's writeup is one of the cleanest descriptions of the passthrough pattern I have read.

Gloo's enterprise MCP SSO with Microsoft Entra lives in the same neighborhood — federate the MCP authentication into the enterprise identity provider, treat the MCP server as a federated service principal. 1Password's Device Trust MCP Server is yet another angle — the MCP server itself is the policy enforcement point for which devices can issue which queries.

If you are building anywhere near MCP and you have not yet worked out your identity passthrough story, this is the week to dive in. The vendor pattern is solidifying, and the early shape of the answer is "your existing IDP plus an MCP gateway that knows how to relay credentials without storing them."

Merge.dev Is Writing an MCP Cookbook in Real Time
Merge published four MCP-connection how-tos this week alone — Gmail MCP to Claude Code, Gmail MCP to Cursor, Jira MCP to Cursor, and Salesforce MCP to Cursor. The pattern is: pick a popular SaaS (Gmail, Jira, Salesforce, etc.), pick an agent harness (Cursor, Claude Code, Codex, etc.), publish the four-step recipe to connect them. Merge is clearly running this as a content series, not a one-off. Similar to what I do with capabilities.

This is smart positioning. The buyer who is currently learning MCP doesn't want a "what is MCP" explainer — they want "how do I connect X to Y in four steps." That is the SEO-ready, agent-harness-aware top of funnel for any integration platform in 2026. Expect Nango, Truto, Unified.to, and the rest to follow this format if they aren't already.

In the same lane, Nango published Merge.dev vs Nango: which API integration platform should you choose in 2026? and best embedded iPaaS for just-in-time API integrations in 2026. The integration platforms are openly comparing themselves now — which is what happens when a market matures past the "no one has heard of you" phase into the "the buyer is choosing between two of you" phase. I began doing this for Naftiko, with a new comparison page to support conversation I have along these lines.

API Monetization Is Quietly Making a Comeback
I began beating this drum in 2010 and will keep beating the drum that API producers should have a handle on their monetization strategy.

Zuplo wrote rate limiting and API monetization through the developer portal. Worth flagging because the API monetization conversation has been pretty quiet since the OpenAI/Anthropic pricing models reset everyone's mental model of "what is an API worth." Zuplo's post is a return to the older fundamentals — rate limits as monetization, tiered access through the developer portal. The pricing transparency work I shipped a couple of weeks ago lives in this same conversation, and I expect this thread to thicken as more vendors realize their AI-era pricing strategy is its own product surface.

Truto also published how system integrators can productize custom API integrations for MRR — the SI angle on the same theme. SIs and agencies are increasingly turning bespoke API integration work into reusable product. The integration platforms are arming them.

I think we need a new narrative with API monetizatin and productization, the old one doesn't seem to have the intended effect—let's all get brainstorming on how to pitch this differently.

A Few Other Threads Worth Including
api-layer's MCP vs CLI: Which Is Better for AI-Assisted Developer Workflows? is the kind of debate-shaped post that signals MCP has entered the "is it really better than the alternative" phase of its lifecycle. Healthy sign. CLI is still the obvious answer for a lot of agent workflows; MCP wins on structured tool definitions and context efficiency.

AsyncAPI Studio: From Single File to Real World Usage shipped — AsyncAPI has been quietly maturing its tooling. Worth a look if you have any event-driven surface area.

HubSpot shipped hubspot-go, a community Go SDK — and Microsoft announced the Azure SDK for Rust hitting GA. The SDK long tail is still being filled in. Worth watching which languages each big platform finally invests in.

Okta wrote how to build low-code API integrations for enterprise apps using Okta — Okta is now pitching itself as an integration platform, not just an identity provider. Sensible move; the IdP and the integration platform have always wanted to merge.

And on the Microsoft side, custom authorization for API for GraphQL in Microsoft Fabric (Preview) is the kind of niche-but-real thing that quietly shapes which platforms enterprises can use GraphQL inside of. Custom authz on a managed GraphQL layer is a feature most data platforms still don't have.

On API Evangelist
My 83 of the Fortune 100 Have a Developer or API Portal post landed in two repos' aggregations this week — programmableweb and schema-validation both picked it up. The number surprised people, which was the point. The follow-up Fortune 500 and Fortune 1000 numbers are on my list.

The Bullshit Levels Came Down at APIDays NYC, I am just processing what happened the last couple of days at APIDays NYC. I spent Wednesday and Thursday. I love events that I can sleep at home each night, but I’d say that APIDays NYC is my new favorite event because it is focused on APIs, has many of the usual suspects I like to see from the API realm, but also because the bullshit levels came down a little bit from last year.

What I Am Watching Going Into Next Week
Three things. Off the top of my head on this beautiful Monday morning in NYC.

MCP gateway / API gateway convergence. Solo.io, Gravitee, Docker, SnapLogic all moved this week. Expect Kong, Tyk, Mulesoft, and Apigee proper to follow. The vendor that publishes the cleanest "your existing API gateway plus MCP" story wins the enterprise conversation.

MCP-cookbook SEO. Merge's four-posts-in-a-week format is going to get watched. I expect at least three more integration vendors to ship the same shape by the end of May.

Identity passthrough patterns becoming standardized. Truto's writeup is going to be read closely by every other vendor in the MCP space. If a consensus pattern emerges, it will look like Truto's. If it doesn't, we are going to have N+1 incompatible "identity passthrough" stories across N MCP vendors by Q3, and the agent ecosystem is going to be the one paying that cost.

I am really getting a handle on using Claude to pull the blog posts used in this newsletter week. It is way more sustainable and doable than manual RSS curation from across the thousands of API producers I am tracking on. I will be continuing to have Claude produce the deterministic scripts I need to pull and parse.

The stories that do not make into the API Evangelist newsletter each week will now be organized by area, stage, and experience, grouping companies, APIs, tools, press releases, and blog posts by each area. Which I will share via API Evangelist social media channels (LinkedIn, Bluesky, and Substack) and soon via MCP, but round-ups can also be found via APIs.io blog.

This week’s images Using Francis William’s Story To Reveal Algorithmic Bias in Artificial Intelligence from Algorotoscope.