In an effort to continue steering the API Evangelist newsletter back towards being the more respectable newsletter it used to be back in the day, I'm tapping into the signals coming out of all of the companies, organizations, institutions, and government agencies I am profiling as part of API Evangelist.

This week's newsletter is assembled from the top 30 stories I curated across 178 stories published about APIs this last week. I am looking to the newsletter back to it's roots in 2014 and 2015, doing the work to understand what is happening directly from API providers themselves and cutting out the middle man, to get past the hype that is out there.

MCP Is the Default Surface For the Market

Eight of the top thirty stories this week are about somebody shipping or connecting an MCP server. HubSpot showed building a Notion database with the HubSpot Dev MCP and Claude Code. Optimizely shipped a Remote MCP Server so you can pull experimentation into your AI tools. Port wrote about connecting external MCP servers into Port for unified access. n8n shipped an MCP server for building and updating workflows. SignOz published their MCP server docs. SoftwareSuggest is talking about a secure MCP server for connecting AI agents to test data. Document360 published a complete guide to MCP server analytics for technical writing teams.

A year ago I would have said MCP was something that mattered only if you were building agent-facing tooling. But it is increasingly being where companies share their developer story, which has kept it bubbling up into my view, shifting it towards being the menu for API providers for me. The nuance I am seeing is that not all of these outputs are equal. Some are wrappers around existing APIs that mostly forward calls, while some are genuinely capability-shaped, meaning the tools the LLM sees are scoped to outcomes a human or agent actually wants, not to whichever endpoints happen to exist. Which is a positive step forward in API design from my vantage point.

This is the gap I have been writing about for months and the gap my own work at Naftiko is trying to close. Wrapping the API surface with MCP is the easy part. Curating it into something that an agent can reason about without burning through context, and that a governance team can sign off on,. is where the work needs to be. We published API Discovery, Reusability, and Governance — Three Capabilities, One MCP Surface for Claude and Copilot this week, along with how this lands on the ground for Axway and Azure API Management to demonstrate how this can serve an ops perspective. I also wrote Capability YAML vs x-mcp: Why Vendor Extensions Aren't the Answer because the temptation to just add a vendor extension to OpenAPI and call it a day is will reveal the path that will give us the next ten years of fragmented agent tooling, when we really need first class solutions.

Skills Are the Other Side of the MCP Coin

Two posts this week converged on something I think are worth noting on the Agent Skills front. Banuba published Integrate Banuba Video Editor & Photo Editor SDKs Faster with Agent Skills and Truto published Truto Agent Skills: Stop AI Hallucinations When Building Integrations.

Skills are the answer to the question MCP doesn't actually answer: what does the agent know about how to use this tool, beyond the tool itself? An MCP server tells the agent that a tool exists. A skill tells the agent how to use that tool well, what the conventions are for the SDK around it, what the gotchas are, and what the right sequence is for a particular outcome. Banuba is using skills to compress SDK onboarding. Truto is using them to suppress hallucinations during integration work. MCP is the interface and skills are how to use that interface in the way that will matter to you.

The Numbers That Back the Technical Debt We Are Accumulating

Zuplo did a writeup of Akamai's 2026 API Security Survey showing an 87% incident rate. Eighty-seven percent. #Winning. That is the headline of the year and reflects the markets we have today. We have been telling people for a decade that the API attack surface was growing faster than anyone's appetite to inventory it, and now the survey numbers are catching up to the reality on the ground.

In adjacent territory, Truto wrote How DevOps Teams Can Automate API Key Rotation & Secret Management at Scale, and AWS shipped VPC endpoint policy enforcement for the IAM Roles Anywhere CreateSession API. Providing insights I can use building Naftiko, but we can all use in our operations.

To tie this to my post earlier in the week about the ten different ways the six big providers handle application credentials, and you get the picture. The secrets lifecycle across our APIs is a mess, the incident numbers are climbing, and the agent ecosystem is about to multiply our exposure by the number of providers our copilots talk to. The companies publishing real automation around rotation and scoping are the ones to keep an eye on.

The Integration Platforms Are All Repositioning (Me Too)

Nango published Best API Integration Platforms to use with Claude Code, Cursor, and Codex (2026), which is a remarkable framing — they are openly comparing themselves in the context of the three AI dev environments their customers actually live in now. That is a real shift. A year ago this post would have been "best integration platforms for SaaS." Today the buyer's frame of reference is the agent harness, not the SaaS catalog. We all gotta shape shift to reflect the market don't we?

Truto added Native Slack & Email Alerts for SaaS API Integration Monitoring and wrote How SIs & Agencies Use Declarative APIs for Faster Enterprise Integrations. Unified.to put out NetSuite API Integration: What to Know Before You Build and Webhook vs API: When to Use Each — interesting pieces, the kind of education the integration platforms have to keep producing because the buyer pool keeps refreshing. I smell opportunity in the disruption. That is the game right?

Appwrite shipped the Variables API to manage function, site, and project variables from Server SDKs, which is the right kind of incremental — give developers programmatic access to the configuration surface so they can stop clicking through dashboards. That is the unsexy work that builds up over time.

API Management is Still Alive and Well in the Enterprise

Microsoft made the rounds with being named a Leader in the IDC MarketScape: Worldwide API Management 2026 Vendor Assessment. We still give out awards for API management? Microsoft has been slowly integrating API Management with Azure AI Foundry, Copilot, and the agent stack, and the analysts are responding to that integration story.

Vonage took a different angle with Rapid API Development With Laravel and API Platform, which is the boring kind of post that keeps ecosystems healthy.

From the .NET realm, the Combining API versioning with OpenAPI in .NET 10 applications post is worth a read if you are anywhere near that runtime. API versioning is one of those problems that never gets fully solved, but is always top of mind for people in the trenches.

Other Threads I'm Watching While Profiling

Adobe restarted their developer blog, which I noticed because the dev blog is one of those leading indicators of whether a company is investing in their developer relationship. Restarted blogs are a good sign. Microsoft also shipped the Azure Developer CLI April 2026 update. Google Chrome expanded developer dashboard roles, which is one of those small permissions changes that quietly make multi-person development on a Chrome extension actually viable. Fern's different types of APIs guide is a good piece for anyone onboarding into the space. These explainer posts are not for the experienced reader, they are for the long tail of new developers showing up every month, and waking up to the API potential.

And on the meta side, Slashdot ran The Case Against an Imminent Software Developer Apocalypse. I am sympathetic to the argument and I think most of the developer-replacement narratives are overcooked, but the part of the developer job that is changing fastest is exactly the API surface. How we discover them, how we authorize against them, how we curate and context engineer them for our agents. This is the work on the table.

What I Am Thinking About Going Into Next Week

The MCP-server-as-product-surface trend feels like it is going to keep shapeshifting. I expect we will see at least three more API management vendors announce capability-shaped MCP layers within the month, and at least two more security vendors will publish 2026 incident numbers that look as bad as Akamai's. The integration platforms repositioning around Claude Code, Cursor, and Codex is the most interesting market shift, because it tells you which buyer the integration platforms now think they are selling to — and that buyer is no longer the integration team. It is the AI engineering that has the budget. I also wonder what this means for API clients and SDKs?

If you are building, governing, or buying APIs right now, the question I would ask yourself this week is the same one I asked at office hours this week: do you actually know what an agent sees when it looks at your API surface? If the answer is no, like me, I recommend beginning to investing in "seeing" this layer of our rapidly growing world. If you can't see it, you can't align with your teams around it. If you can't see it, you can't govern it. So, get to work on seeing the accelerated sprawl being introduced by AI.

"Be fearful when others are greedy and greedy only when others are fearful." - Warren Buffett