BY: MAYUR UPADHYAYA AND JAMIE BECKLAND
Welcome to our new series, ‘Ask the Experts: Understanding the API Context Maturity Model.’ In the course of developing the Context Maturity Model, we spoke with hundreds of technology leaders across a variety of industries. In this series, we hear from some of these experts in their own words. Throughout this series, we will share their candid thoughts and feedback anonymously, to give you the most unfiltered view of the current state of APIs.
Our journey begins at Level 0 – Open, Public API Calls. APIs at this level are accessible to anyone and can be called freely. They serve as the foundation for organizations entering the realm of APIs, creating an open-ended environment for data sharing but also posing significant potential risks.
A technology lead at a multinational oil and gas company offered insight into their experience at this level. He noted, “APIs initially seemed like a simple way to share data and establish connections. However, we quickly realized that without proper control measures, our exposure to risk was far greater than necessary.”
These sentiments underscore the trade-offs businesses must consider at Level 0. While open, public API calls can accelerate digital transformation, they also emphasize the importance of implementing secure API practices from the outset.
Another perspective came from a manager at a global retailer, who described an incident where public access to an API led to its misuse and unnecessary exposure of a significant amount of data. This experience further highlights the potential pitfalls at this level.
Open, public API calls are incredibly useful, but they should only be used once you have confirmed that there is no risk of proprietary or sensitive data leaks.
As we progress through the Context Maturity Model in subsequent posts, we will explore how to navigate these challenges and adopt more secure and sophisticated API practices. The journey from open, public API calls to achieving open standards compliance has many considerations, but by understanding each level’s unique challenges, your organization can confidently navigate the path to API maturity.
Join us in our next post as we delve into Level 1 – Authenticated API Calls. As always, if you’d like more information on API security and best practices, feel free to reach out. We’re here to help!