In today’s episode of the Brains Byte Back podcast, we speak with Rakshith Rao, Co-Founder and CEO of APIwiz, a low-code, API automation platform allowing developers to build and release reliable APIs quickly.
During our conversation, we discuss what an API driven economy is and how APIwiz first started. Alongside this, we also pick apart a recent blog post by APIwiz (7 Questions to Ask Yourself for Top API Security) and Rao goes over how to tell if your API portfolio is well managed and highlights some API security tests you should be using.
While discussing this, Rao stresses that organizations need to have a proactive monitoring and compliance system in place to detect anomalies or security breaches and take immediate action to fix them. Moreover, Roa also covers the importance of API security tests and why it is critical to constantly observe and take insights from the data to identify and prevent potential security breaches.
Additionally, Rao explains that an API-driven economy is the foundation of the digital economy, with over 83% of internet traffic today being API-based. Without API’s, the entire ecosystem would fall apart, which is why API-driven economies are becoming more important.
He also shares how the name APIwiz comes from the company’s desire to take something complex and make it easier for developers to work with while improving productivity. They use a wizard-based approach to simplify API programs, making it easier for businesses to see outcomes.
Overall, Rakshith emphasizes the need for organizations to prioritize API security by managing their API portfolios and constantly testing and monitoring their APIs. He urges organizations to implement proactive security measures and have guardrails built into their systems to prevent security breaches and protect sensitive data.
Alternatively, you can find a transcript below:
Rakshith: I am taking care of the other co founders and the CEO of the organisation APIwiz is a software platform, specifically focusing on helping organisations were managing their API lifecycle. Here, we make the vision of our customers our mission.
Sam: Fantastic, excellent. And I’m really curious to know, like when and how did APIwiz first start?
Me and the co founder were dabbling around this specific area for a while. And it was in 2020, when we finally got together and started putting the platform together. And initially, it was based on both of our experience being in the API management space for over a decade each. So having built and ran API programmes globally, and have my co founder having worked and implemented some of those, we started seeing some of the common pain points, which is, hey, it’s easy for us to start thinking about API API programme and API economy. But in reality, then really seeing the fruits of that was something they were not very happy with a lot of them took six, nine months to even think about getting started properly. And even after that constant breakages systems start aligning properly, business outcomes not being met, is some of the key pain points we saw, which helped us to come together to say, let’s go help build comprehensive local API automation platform to bring the API programme outcomes to bearing for all the businesses that we were working with. And that’s how APIwiz came together in 2020.
Sam: Awesome, fantastic. Well, I have to say, I have a better understanding of why the need of this was created. And you know, what, what motivated you folks to get it going? But I’m really curious to know, what is the story behind the name APIwiz?
Rakshith: So initially, we thought about, hey, what are we really trying to do, we are trying to take something which is not complex, and we are trying to turn it into something which is more easier for developers to work with, improve their productivity, and for businesses to really see outcomes happen. But all with the common goal towards making sure that there is proper governance baked into the whole flow, which is what we thought about how do we make sure that we can drive this. And then dabbling with quite a few things is what we came up with the local nature of what we do. It has to be driven through wizard, it cannot be through where it requires complex education and people going through upskilling and everything else. So wizard based approach is what we wanted to bring to an API programme. So hence, API and wealth, which is for APIwiz finally came together.
Sam: Okay, that’s cool. That’s cool. I have to say that we haven’t necessarily, like dived into this topic in any real depth before. So this is all quite new to me. But I’d be curious to know, like, what is an API driven economy?
Rakshith: We don’t really see API’s to our naked eyes on a day to day front, which is what makes it beautiful and interesting, state of what it is. But to understand this, we need to take a step back and look at it right. So if you see today, there are over 20 billion devices connected to the internet. Everything that we use smartwatches, to IoT devices, to the connected homes to connected cars, everything that we think about is essentially a connected device, which is talking to the internet. And if you thought that the number was staggering, just imagine that it is going to be around 29 billion by the end of the year. So the rate at which these connected devices and connected economies coming together is at a lot faster pace. Now, where does the API really fit in? So if we think about all of this traffic, over 83% of this internet traffic today is all API based, because API is the globe that is allowing the systems to talk to each other and exchange the information. So API has become more like the the pipe are the glue that holds the whole economy, digital economy that we see today out there, making it so much more important that without these core API’s being in place, the whole thing that we take for granted today as a connected ecosystem typically falls apart, which is why the API driven economy is becoming centre stage and becoming the notch the natural norm for all of the organisations to put on it. And if we thought the, the number of API’s to pump these billions of devices connected devices is growing by the day. And API is not new, it existed for a while. It’s just in the last five to eight years, the rate at which the connected digital ecosystem is growing is what has made it super important. Because without this core foundation, things will start start falling apart.
Sam: It sounds super vital, like, I can definitely start to see like, why this is so important, and how ubiquitous it is. And with that, I kinda want to know, are there other companies operating in this space? And if so, like, how do you differentiate yourself from the competition?
Rakshith: So it’s a really interesting question, right? So when we started thinking about this and what is the current problem statement? What we realised was, it has not been thought through from this lens of approaching to solve the entire API lifecycle management under a single pane of glass. Typically, if you look at it, the majority of the focus is towards the core runtime gateway and everything else, but not the life cycle around it. And if you ask, why is that important? Maybe I’ll take an analogy to help explain this.
Sam, I hope you’re familiar with IKEA and the IKEA concept, right?
Sam: I think so. Yeah, yeah.
Rakshith: So if you want to bring in, let’s say, a small table, a coffee table, which is called like two, three moving parts, the chances of you putting things together and making it stand and making it work perfectly fine. It’s fairly easy. And typically, the chances of people messing it up is fairly low, and you generally high rate of success. But if you take the same concept and break it into, like, how do you assemble the whole house, which means to the furniture, to the desks to the beds, and everything is put together, and you’re doing it all along with us also have one or two people. Imagine the complexity that you because you have gotten a lot of moving parts, everything needs to come together, and you cannot mess things up. And the frustration people go through is, after going through all of this one, the effort really worth it. Because it’s got some old, some new learned some open source pieces all put together within an enterprise, and people start realising that it’s not easy to get up and running. And even if you put a mammoth effort to get it up and running, the complexity is changing by the day. Because if you think about it, a couple of years back, the rate at which people made a new release to a software or an app was in the cure of months and quarters. Now, it’s an ongoing basis, like every day, you see new refresh and updates coming in through and the number of API’s within the organisation has also grown. So if you look at one of the recent industry analysts 451 groups report, the number of API’s within an organisation is at staggering, 15,000 API’s. And if you think about a larger organisation, it’s over 25,000 API’s within the organisation. So the current and Gartner predicts that by 2025, or 50% of the enterprise API’s will be unmanaged. Because of the rate at which it is growing. It is surpassing the capabilities of existing API management tools to manage them. So we are already seeing the problem of API’s for all really kicking in and despite the technologies and not having the right skill set really hurting people that is currently not being solved. And today, people are solving it in bits and pieces, a foreign API design, we use something for API testing, we use something for automation, we do something else from a consumption side catalogue, we use something else. But it’s being spread across a range of tools and technologies. And the moment you go down this path, you have too many moving parts. And people need to make sure that they integrate, integrate well and make it work. Obviously, the biggest pain point people are really missing out on all of this is the security aspect, which is how do you make sure that you’re doing things the right way. And security and governance really is well taken care of when it is spread across so many pieces of technology and people involved If it’s not well done today, and it came as is one of the front runners in bringing this to the table for organisations to adopt.
Sam: Fantastic. Well, I think I’m getting a better understanding of all of this now. And I have to say, in addition to speaking with you, I find it helpful looking at your blog, you have some amazing posts on there. And there’s one I really liked called seven questions to ask yourself for top API security. I’d highly recommend listeners go and check that out to get a rundown of each of these seven questions. But I’d love to go into more detail regarding a couple of the questions while I have you here. And the first question I would like to go over is, is my API portfolio well managed? How can our listeners ensure that portfolios are well managed?
Rakshith: Good question. If you think about it today, like I said, quoting some staggering numbers, it is becoming humanly impossible for organisations to keep up with what do they have? Who’s using what to what extent? Where are they spread across? And how do we make sure that we are not having fiascos like what we saw with team of Ireland operators, and quit quite a few other organisations where people are exposing API’s outside the organisation perimeter for consumption. And those are becoming more and more susceptible for attack surface area, because it’s not complex anymore for organisations or hackers to penetrate other organisations. Because the access to data through API’s, though, it makes it a lot easier, and also becomes an easy weekend to break in. So they need to be able to manage their portfolio in such a way that they have one visibility, so that they can make sure that what whatever they have, are relevant and needed, and only what is required is being exposed outside. Second is they have actionable data points to constantly look at where things are going wrong. For example, if I make a change to an API that is being used by across 10s, and 20, other API’s, how do you find out where is the breaking changes, because of the specific aspects. So if General Services are gonna break, because of a simple change that you make on one, one single API, can be catastrophic in production. So the portfolio management people need to really start looking at it as make sure that they have relevant API’s that they’re working with. And only what’s required is actually in production. And if it’s not required, they should deprecate them. They need to have an insight into what’s being used for who’s actually using them, and to what extent. And they have a proactive monitoring and compliance and governance built into the system so that they have actionable ways through which if things are going wrong, they can actually stop them. Because if it’s a large organisation, the number of people who are actually participating in an API programme are fairly high, you cannot sit and control every aspect of it. So a lot of things need to be built with some guardrails behind the scene, so that it allows innovation. But some of the important things like constant checks, making sure that you’re not exposing what it’s not supposed to be exposed, containing the data changes, making sure that other systems are not breaking. And even if something is, by mistake, skipping all of this is in production, you have a monitoring that can pick them up, track them down and notify your pain. This is where you need to take some actions against a fixed. So these principles really allow people to make sure that the API portfolio that they’re managing, is in a direction that helps the organisation to grow with confidence, expanding the reach of things.
Sam: Okay. Yeah, I think that’s solid advice to that question. And there are more questions in there, which I would love to go over. But there’s just one last one that I really want to cover while I have you here. And it’s the final question. So number seven. So spoiler alert, for those that do want to go and read it. But what API security tests will I use? Like, can you share why this is an important question to ask yourself, and like how a listener can best answer this question?
Rakshith: Sure. So one of the things that we really step up security and APS, it is if you are trying to look at security after part, which is Hey, now we’re donating something. Let’s go make some checks against those runs. In fact, we have test cases and say, now it’s it does not fit and we expose it out, then you’re obviously missing out on the aspect of trying to one, solve a problem pretty late and constantly trying to catch them fairly early is so many people are remote redo stuff before they can actually come back and release it out. Second is the security loopholes are something that constantly keeps evolving. So it’s not something that you can test once and fire and forget saying that it’s taken care of. So you need to be able to have an ability through which you constantly observe more and derive insights from those. So what does that mean? Problems can happen at design stage, at development stage, at testing stage, and release stage, and often ways, you need to be able to constantly take care of continent new production things that needs to keep coming. So if you look at it, the problem areas are spread across the entire API lifecycle. So to which you can derive context and use that to it read and stop things from happening at every stage is super important. So what I would advise people as it is not about trying to build a couple of test cases and say you’re done. Think about the API as a product. And if a product is a thing that it’s going to have from ideation to deprecation, it’s a life cycle. So which means you need to constantly iterate, look at the vulnerabilities and attacks that can keep happening, look at the events, try to bring all of those contexts together and act on top of that. So it’s not a one time effort or done once in an API lifecycle. It’s something that constantly needs to be happening as long as an API is Kafka in production before the application.
Sam: Okay, okay, fantastic. Well, like I mentioned before, if anyone wants to go and check out the article, I highly recommend it, you can find the answers those questions and many more on their blog. So on that blog, rather, so I really want to know like, now as my last question, what’s next for APIwiz?
Rakshith: So what do you have especially seen as the, the way in which organisations are working with they need to be able to work in a hybrid environment with Cloud multi cloud compromise and Rodman’s, and the technologies that they keep working with as the runtime layers like API gateways and service mesh, constantly keep evolving. So APIwiz since its, Inception, has been abstracting a lot of this complexity. And making sure that for us to make this vision even more concrete, we are expanding the aperture area. So APIwiz 2.0, was launched last month with the security focus. The next is to make sure that we are able to concretely able to help people with their API portfolio, and monetization. So these are some of the key things which are on the horizon of APIwiz.
Sam: Awesome, fantastic. Now, if people do want to keep up to date with the work you folks are doing, then how can they do that? Obviously, you got the blog, but where else can they go?
Rakshith: So our social media handles on LinkedIn, our blog post are some key places where things keep coming out. And well, and YouTube is another place where you will constantly start seeing, we recently ran a workshop on hands on training. Outside the APIwiz more on top leadership in terms of lending, so there is going to be a lot more coming out there. So keep an eye out for those.
Sam: Excellent, fantastic Well, we’re gonna have links to all of those in the show notes as well as the blog that we mentioned today. But otherwise, thank you so much for joining me.
Rakshith: Great talking to you, Sam. Have a great day.
Disclosure: This episode includes a client of an Espacio portfolio company