Episode 089: 2‐20‐2025 Detecting and Correcting API Drift - GluuFederation/identerati-office-hours GitHub Wiki

Title: Detecting and Correcting API Drift

• Host: Mike Schwartz, Founder/CEO Gluu
• Guest: Mayur Upadhyaya, CEO at APIContext
• Guest: Jamie Beckland, Product and Growth at APIContext

Watch on:

• Linkedin Live
• Youtube Live

Description

APIs are the lifeblood of modern digital ecosystems, driving 80% of internet traffic and enabling seamless integration between applications, services, and devices. The gap between API specifications and production behavior—known as "API drift"—is a major source of inefficiency and friction in the API ecosystem. Drawing insights from APIContext's recent white paper, this discussion will explore the state of API specifications, their critical role in ensuring interoperability, and why keeping them up-to-date and accurate is essential for robust API governance.

Join us for Identerati Office Hours to uncover insights on:

• 🚀 The Role of APIs: Powering 80% of all internet traffic, APIs are the backbone of modern digital applications.
• 📉 The Problem of API Drift: 25% of APIs don't conform to their specifications. What is the impact to performance and reliability?
• 🛠️ Best Practices for API Governance: Explore actionable strategies to mitigate API drift, from publishing clear OpenAPI Specifications to proactive monitoring.
• 🤖 Agentic AI: Amplifying API Drift: The rise of autonomous AI agents adds a new layer of complexity to the existing challenge of API drift. Managing agent interactions and ensuring they adhere to evolving API specifications makes maintaining accuracy and preventing drift even more critical.

Homework

• APIContext Drift Report
• A CI-based Auditing Framework for Data Collection Practices by Athina Markopoulou, Rahmadi Trimananda, and Hao Cui
• Privacy as Contextual Integrity by Helen Nissenbaum

Takeaways

• ⚡ Make sure all your internal and external facing APIs have OpenAPI specifications. Reject any PR's for changes to an API without OpenAPI updates. You can't monitor API drift if you don't even have a spec for your API, or if the spec is old.

• ⚡ Use conformance testing to compare the OpenAPI spec to the APIs that are actually running in production. Discuss the delta with the API team. UK Open Banking is a great example of defining a spec, and using conformance testing to assure 100% alignment.

• ⚡ The impact of API Drift could have significant business impact for the enterprise--outages may ensue. Additional security risk may also result from unknown or forgotten about API functionality.

• ⚡ APIContext is your eyes on the outside. They can help enteprises understand how developer see their APIs, which may be different then how they look from the internal network.

Livestream Audio Archive

Will be Here