APIs emerged in the early days of computing, well before the personal computer. At the time, an API was typically used as a library for operating systems. The API was almost always local to the systems on which it operated, although it sometimes passed messages between mainframes. After nearly 30 years, APIs broke out of their local environments. By the early 2000s, they were becoming an important technology for the remote integration of data.
Back in the 1950s, an API was understood as a potential method to facilitate communication between two computers. The term was first mentioned in a 1951 book written by Maurice Wilkes and David Wheeler called ‘The Preparation of Programs for an Electronic Digital Computer.’ It outlined several key computing terms, including an early version of an API. At this stage, an API was starting to exist, but they were limited to simple, command-line interfaces that enabled programmers to interact with computers. These early APIs set the stage for variations of APIs to crop up in the future.
In the early 2000s, the internet was taking off, and developers were looking for ways to simplify web development and programming. In 2000, a dissertation by Roy Fielding called ‘Architectural Styles and the Design of Network-based Software Architectures’ defined REST as the protocol of choice, allowing for standardized communication between devices across the internet.
As online applications grew in popularity, organizations started moving everything to the cloud. Salesforce, eBay, and Amazon pioneered the delivery of services, using HTTP to provide access to machine-readable data in a JSON or XML format through web APIs. Very soon, both innovative startups and large-scale enterprises were implementing as-a-Service offerings that leveraged the cloud and its API-first model. By the time Apple launched the iPhone in 2007, APIs had already revolutionized the way companies deployed infrastructure.
Not only were APIs infiltrating SaaS-based applications, but they were also being built on top of platforms that leveraged APIs. Amazon was one of the first cloud providers to pioneer an API-focused determination, mandating all shared digital resources to have an API. Others followed their lead, inspired by Amazon Simple Storage (S3) and Amazon Elastic Compute (EC2).
The evolution of APIs has so far been a long and winding road. APIs have been around for many years and have become the standard for businesses to remain digitally relevant. As API adoption continues growing, APIs themselves are evolving in two ways to address some of their inherent challenges.
Firstly, security is becoming more important each year, itself being a byproduct of the proliferation of APIs. As systems become increasingly distributed, hackers have a much wider surface area to attack meaning far more vulnerabilities to exploit. This makes the case for API security imperative.
Zero-trust security is a hot trend at the moment as it addresses these concerns and will likely continue growing in adoption as a result. Zero-trust is essentially the principle that you should never trust, by default, any entities in your infrastructure or network. Even if a request entering your application comes from a client inside your network, you must verify the client is both authenticated and authorized. Your application needs to know who they are and that they have the right permissions. You must also make sure all network calls are encrypted.