Yeah, it's me again.
I made two applications.
I've been accepted in two.
So that's it, right?
So the API industry,
we've talked a little bit before on the thermal services,
but now it's really a complete view about the landscape,
and again, some work I've been doing over the last 10 years about
mapping this industry.
So a little bit about who I am now,
I can talk more a little bit about me before it was really
a collaboration between me and Celia and you know, Cube.
So I'm the founder and CEO of Olimp.Legal,
which is an AI assistant for data protection officers.
We want to help people who are involved into making
personal data reality, make their job better.
And also the founder of API days conferences,
the main series of industry conferences about the APIs,
on the business aspect and the technical aspect.
You can, yeah, so that's it.
I'm co-author of two books on APIs called Continuous API Management.
API's need versions, so book need versions too, right?
Some reports for the European governments,
and the report on GDPR data portability.
Like if there is an API,
can you transfer data according to GDPR and law?
No, it doesn't work.
The company don't respect,
so I saved you 40 pages of the landscape.
But it's interesting to know why, right?
And also I co-authored the API landscape industry
a third of the market every year,
where this data comes from.
So this is the landscape, at least at the end,
in December, that was the landscape.
It was 15, I have not 15, 1800 companies
or open source projects on a map, right?
That was, that you could try to guess
when you want to develop an API, document an API,
build it, design it, secure it,
when you want to promote it, version it.
So this was all the tools and for-profit tools
and open source tools for that, right?
The new version is here, it's live,
it's on apilandscape.apic.io,
I will show you the link.
So now this is this full map of 2100 tools,
where, and we will dive it in together,
but when you have the old APLF cycle,
with coding tools, design tools, gateway management,
API ops, whatever, the security adjacent API tools,
you know, like you can go there
and you can click on any company,
let me, do you want to name a company,
I can try to find it.
No, I don't know, let's click on,
let's click on a, I don't know, a company here,
Postman, for example, here.
So you can see many information about them
and you can see the complete profile.
What's the potential headcount?
What's their diversity?
Are there women in top management?
Is there the management diverse in terms of ethnicity,
funding, you know, like tool, patents,
granted, active products, whatever,
known, and all their sections, right?
And we'll try, so I will save you to the 2100 tools,
but I will try to give you some hints
about how to understand the landscape these days, right?
And on the 2100 tools that you can see on this landscape,
there are approximately 700,
which are completely open source with,
let's say, license that,
which are a copy left or copy center,
functional scratch, of course.
You know, have you tried to turn it on again?
But at least this is the landscape here
that you can navigate and it's free
and the data is also accessible.
We make it simpler, it's a big air table,
like a hosted database,
but at least you can see,
you can try to get stuff, understand stuff there.
On apilandscape.apc.io,
you can download the map if you want to post there,
about it in your room.
There is a search engine, actually at the conference,
we print it and people take it, right?
And report if there is a bug or something.
So, and you can also add your tool.
You can add your tool here
if you think your tool should be there, right?
So we've gone from there to the other one
and we'll see actually what does that change.
And now my talk here is to try to give you some hints
about what's the update and what's changed, right?
In summary, we will see that there is a full API mindset.
Many new products are evolving
into helping people to build APIs
and more and more open source.
So we'll dive more into that.
Regulations are enforcing the obligation to publish APIs
for companies or for administration.
That enable a lot of tooling.
Many industries are pushing the tooling
to be dedicated to their standards
or to their norms.
Security and privacy, and we had a speaker and security
like Arno is stand alone industry almost by itself.
Now they are dedicated to API security
on top of existing product like API management
or API gateways.
So new layers are hiding each other.
Also the privacy aspect,
checking if there is personal data,
checking if the regulations are enforced.
Again, new layers of product, like it's really 1000 layers.
There is also what we call the API as a product aspect
or transactional API, payment API, communication API,
SMS APIs, maps APIs, forms API,
like really the building bricks
of the digital infrastructure.
And last but not least, which we consider APIs
which are all the low code and no code,
which is API for non-developers
or for citizen developers,
the ability to mix APIs together, right?
So I give you a hint.
Now we are updating the landscape with all the AI APIs,
you know, like this model,
sub-unsource versus others,
but it's not there yet because we started the work, right?
The API mindset, I just wanted to give you one thing
to really understand what's happening in industry.
We've often believed APIs are here
to expose capabilities to others,
to make them automated and programmable.
Actually I had a discussion with Sam Newman,
the author of the microservice book,
who told me, no, an API is as much exposing
as much as hiding.
Tony's like a menu in a restaurant.
When you go in a restaurant,
when you look at the menu,
it's not what the cook can do,
he's hiding 99% of what he can do.
Just show you 1% of he wants what you to order and do.
And this is what the design,
this is really understanding the diner experience
that you wanna give, right?
And so this is something that's extremely important
and this is why we have so much security
and compliance stuff, right?
I love this advertisement of Lego, right?
You know, APIs are,
and the service behind APIs are building bricks.
And when we expose them,
people will consume them the way they want,
not the way obligatory you expect,
but how they want, exactly like these Lego bricks.
You publish Lego bricks, I use them the way I want.
Oh, this is a diner, this is a plane,
this is a tank, or this is a car,
or this is whatever you want, right?
So that's really the idea.
Unless you understand that,
I think you can't understand what's happening
in the API industry.
Large trend that we have seen in this industry,
if you want it to be digital in the 2000s,
you need a website or a website strategy,
2000s to be mobile, you remember?
Solo, mobile, social, local, mobile,
you remember that, right?
I'm old, right?
No, but like the 2000s, like the mobile aspect,
you needed APIs actually to make mobile applications,
to talk to the remote servers,
and the backends and stuff like that.
But now the 2000s are really API driven,
to actually expose data to everyone else's website,
or everyone else's mobile application.
So that's really the idea, right?
The first one was really like funnel channels,
but now with APIs, I try to embed my data
or my services to everyone else.
So it's really horizontal aspect here.
And last but not least,
what we call the axiom of the API economy industry,
whatever, is that organization, public, private,
non-profit, at some point will open
and provide their core competencies
in the digital world through APIs.
You know, they will, but I do really well.
I will expose it to others so they can use it
and consume it, right?
And I will consume what others are doing the best
in my system.
So it's really the circular thing,
I wouldn't say economy,
at least it's circular use case,
where I focus on what I do the best.
I expose it to others and I consume what others
are doing the best to support my stuff, right?
So this is exactly the software we know,
like the average application now,
I think that's 37 APIs approximately, the consume.
It's globalized, right?
Let's say the digital world is really globalized.
So I often take this comparison with the car industry.
You know, like the car manufacturers,
the old style of cars, right?
Not the electric one, but these ones,
actually they have hundreds of suppliers
that they gather with each other,
that they orchestrate.
And I think the landscape, you know,
showed you the previous version of landscape,
is a little bit like that, right?
At some point we will just gather
project software, project libraries,
web APIs, frameworks,
and actually we will build a whole stack
that is not for an application.
So unless you understand that,
I think it's really hard to understand
what I will say later.
So that was the latest version, right?
And the latest version had five layers.
First on top was the APLF cycle platforms,
the back-end big needles,
the API as a product, the transactional API,
the business process of the service,
the integration platform as a service,
like how do I consume any APIs in one time,
or the abstractions or the aggregators,
you know, like how when API is wrapping a lot of them,
I'll be able to consume them.
The new version and updated version is different.
So we made hard work, again,
I will share the slides on social media and stuff,
but like it's really different.
We really try to not just make a list of tools,
but understand the dynamic.
So on the top left, you have the standard bodies,
the governance bodies, and the protocols, right?
These protocols are actually what we believe
the standard, the base, right?
And then after you have what we call
the full life cycle, right, on top,
which is the data provider providing APIs,
delivering that with developer experience,
security privacy, digital readiness,
infrastructure availability, you know, all this stuff, right?
Below you have the government and regulators
that oblige sometimes to do it, that give a context, right?
And all of this is now the exposition of the API.
So all of this is behind the firewall,
and now this is the term of services and the consumers.
Now you expose these APIs into products,
all the products API, transactional API
that you consume to do something,
oh, PDF reader, or whatever,
and then you have the, on the right,
the whole society, we believe it's important,
but you also have all the aggregators,
people who help you to consume these APIs, right?
So standard bodies, full life cycle management,
infrastructure, regulation and community,
exposition, consumption, right?
And so we try to do another taxonomy that looks like that.
It's a little bit more complex,
but I will drive you through that, right?
So here, this is the infrastructure.
All the project you may know about Docker,
container, Kubernetes, all the cloud native aspect,
you know, like Open Policy Agent,
or you know, all this opens,
this is really where a lot of the open source tools are, right?
In this infrastructure, right?
I guess someone who was nothing,
I'm gonna say a lot of open source, but still.
The standard bodies here,
we believe they help things to happen on there in blue,
and then we have the core aspect.
So now we have 1400 approximately tools just there, right?
The life cycle management, open source project,
whatever, right?
Developer proposal.
So this is, if you work in the API space,
these tools are mostly the one you know, right?
Infrastructure is mostly made by ops, DevOps, whatever,
but still they enable the microservices, architecture,
the service mesh architecture,
the stuff like that, right?
Then we also put the industry, community, and intelligence.
You know, many companies are providing services,
consulting, whatever, design, whatever,
so we put them here.
And we said now it's the exposition,
so now it's the product, the right.
And then the discovery aggregators or marketplaces,
I don't know where it's got,
but at least you know,
this is the, that helped you consume these ones
who are produced, managed by these ones,
who are actually powered by these ones, right?
Just to give you a hint.
So when you will go back here,
I'll just go there,
when you will go back not on the middle here,
this is, we could not do a presentation on one page
because we don't have a screen like this as big,
but at least this is what you will be able to get
but now in a vertical, yes, in a vertical manner, right?
And so, yeah, I have still some more minutes
to what actually we can get from this.
You can play with it, right?
But at least if you wanna,
in seven minutes to have the conclusion.
So first, the core of this API industry
is really what we call the API management.
The ability to know for every data or services inside
that we publish internally or externally,
who is using it at what rate, for what use case,
for at what level of authorization,
and yeah, like mostly that, right?
So yeah, so it was mostly the API gateway
that's really the core, the technological core of this,
but now there's a full practice around that,
the governance, the design, the documentation,
the development, the testing, the monitoring.
So all of this that will go to the management
is becoming a commodity.
Many, many, the prices, yes, prices are really going down,
many more open source tools.
And just to show you how it becomes a commodity,
this is the acquisition of the top layers
of other management solutions.
Broadcom acquired, CA technology who had acquired layer seven,
who had acquired Renscope, like it's really,
it's really like the fish eating the other fish, right?
Google acquired Apigee, who had acquired
user greed and Firebase, AppSheet, IBM acquired Red Hat,
three scale and Trongloop, and Software AG
like few weeks ago, for, I don't know if you know
web methods, but web methods now
has been acquired by IBM, right?
And you can see that, just to say that
when so many big players are constantly dating,
doesn't mean there is so much innovation.
When they're constantly dating,
it means innovation is not there.
This is why many new companies actually made
things open source, say okay, it's commoditization,
you know, innovation is slowing down,
it's time to cut the, to hit the market
with open source free software API management solutions.
So most known one are Gravity, Kong,
actually Kong opened the software at the beginning,
and when they raise money from investors,
they're closing it, right?
Sometimes the business model of the opening
is the closing, unfortunately.
NGDX acquired by EFI, but solo, three scale,
acquired by HEDAT, acquired by IBM,
TAIC and WSO2, who has been open source
is the beginning, but just to let you know,
that now there's a real open source stack
that is strong, that is complete,
that can do the full lifecycle, right?
So if company wants to go full on APIs,
they can do it full open source too, right?
And with a license that allows it to do it, right?
About the other trends, many regulations
have obliged companies or institutions to open APIs.
One of the first, the main one that has been,
is PSD2, who is familiar with PSD2,
whoever heard about it?
What it is?
No, I'm joking.
No, PSD2 is the payment service directive too,
it's in banking, obliging banks to open APIs.
So now in Europe, if you can have
what we call bank aggregators easily,
no, like on your bank account,
you can import other banking account easily,
even they are competitor, it's because of this regulation.
If I go back to the previous talk,
it's an API neutrality aspect.
Every bank is obliged to allow access
to any other financial institution,
as long as they're registered,
to open APIs to make any applications.
Pure neutrality, you know?
So yeah, so just to give you a hint,
but yeah, so many banks have been obliged to open APIs
because of PSD2 directive.
This is a landscape a little bit of the regulation maps.
All in green, they have strong banking regulation
obliging to open APIs.
Yellow, it's coming in the next year.
And red and orange, it's not there yet.
But just to let you know,
like at least Europe invented this regulation
and has been copied by others.
There's also the healthcare,
you know, HL7, fire standard,
to do smart application as they call it.
But yeah, so just to let you know,
many standard in healthcare,
so many tooling dedicated for that, right?
And specifications there.
Last but not least,
personal data regulations like GDPR,
CCPA in California, like PIPL in China and whatever.
60 countries of regulations inspired by GDPR.
We're really good at regulation in Europe, right?
Yeah, really good at regulations.
But yeah, obliging to open APIs
because the user needs to get their data back,
need to transfer it,
so many, many regulations have applied to that.
And a new tooling around that.
You will see to the slides, especially,
so the AUAI Act recently,
in the AUAI Act, there's one proposal
that actually you will not be able in Europe,
I don't know if it's where we go there,
to consume an API that is not hosted in Europe, right?
On AI, right?
The API has to be hosted in Europe
or from a European company in Europe, right?
So again, the API is really at the center
of the regulation.
The open source models can be open source,
but hosted and consumed, it has to be in Europe,
so many new tooling will come to be sure
that you consume what you're allowed
in the place you're allowed to do that.
In the US, they have the Access Act,
which is actually sometimes better than GDPR and portability,
that oblige company to have APIs
when you request your data,
or in GDPR is not the case.
When you ask your data on GDPR,
we give you a JSON file or PDF that you can't use,
the Access Act, it has to be an API access.
And just for the story, if, for example,
you ask your data from Facebook, GDPR,
they will give you a JSON which is not incomplete.
It's great like that.
If you create an app just for yourself
and ask permissions to have data for yourself,
you will have a lot, right?
So if you create their,
they give less data according with GDPR
than when you sign their platform policy,
which is nonsense, but just to tell you
how the GDPR sometimes is not strong enough to oblige,
because it didn't put the word API.
It has to be machine readable, machine readable.
Okay, JSON, man.
Oh, girl.
So you will see in the landscape,
there are specific sections for,
if you're from specific industry,
like banking, finance, insurance,
or other aggregator in the space,
I'll just go a little bit there to respect the time.
Section three, API security.
So we had a speaker earlier about API security, yes.
API security now standalone thing.
We had the API management layer,
and now new threats.
There's a new layer of pure API security tools,
pure play that comes.
It's inspired by the DevSecOps approach.
I don't know if you heard that term before,
you know, like the ability to put security
in the DevOps pipeline between the dev
who build the apps and apps who ship it.
You know, the security inside the code, right?
This really side, yeah.
And yeah, it's really a rimes racing up.
Unfortunately, there is again,
a lot of money injected in that industry.
You will see a little bit like in the landscape,
this is pure API security players, right?
On top of API gateways.
Imagine now you are a developer or an architect.
How many layers you have to just publish your APIs, right?
And what I like here in this report from Sol Security,
here, sensitive that exposure privacy incident,
like 30% of people believe it's one of their main,
it's one of their main concern.
So the privacy aspect is there,
and we believe a new generation of privacy tools will rise.
Section number four, the API product aspect.
I love this quote from the CEO of Twilio,
who resigned as CEO actually.
But the word is getting broken down into APIs.
Every part of the stack of a business developer might need
to build is eventually turning into APIs
that developer can use.
This is the map of the car I showed you.
The trend is really high,
and we have a few hundred tools there,
just for that, but actually there are thousands.
There are thousands of thousands, we can't map them.
Just in the landscape, we give a hint there.
And he made a book called, Ask Your Developer,
which is not too bad, which is good for a CEO, right?
Yeah, and some companies just to show you,
so now it was last year valuation,
now it's 13, no, some up and down.
But yeah, it's just to show you that when you do
one thing really well, and everybody consume it,
you can really scale at large, and APIs enable that.
I just take the example of a company called Avalara here.
Avalara, they just do tax, VAT, tax calculation
in e-commerce cart.
You know when you have a cart,
they have to calculate the VAT,
but depending on the country, especially in the US,
depending on the state, VAT will be different
depending on where you're delivered.
They just do an API for that, there are 4,000 employees.
New standards with a new logo,
but open API initiative, async API for asynchronous API,
GRPC mostly for microservices
and high scalable infrastructure.
JSON, LDJ, JSON schema, GraphQL
for people who don't like to design APIs,
and APIs JSON from KinLane.
Now I'm joking about GraphQL, but API JSON,
I put it in a standard base because it's a way to publish
all the interfaces and all the links important to your APIs.
It's suspect that KinLane is developing there.
So new standard for new infrastructure.
That's but not least the local aspect.
There's a huge trend into the local no code,
all part of APIs consuming these tools,
enabling aggregation.
I'll let you discover that because just an example,
we lack five developers we consider until 2025,
and just 260,000 just with API skills.
So we lack of resource, people who want to automate more,
and yeah, this is the trend here.
So as a wrap up, the full landscape
that you can visit, download, consult, search in.
API management is coming to community,
more open source tools there.
Regulation obliged to open APIs
that leads to specialization of many, many tools.
API security is no standalone product
and privacy the next wave.
APIs are the new business infrastructure
and with the new open source technical stacks
with standards that people respect almost all the time.
And citizen developers, non-developers
are the next API users and consumers
thanks to no code and no code.
I just recap the address here,
APIlandscape.APICn.io.
Okay, no, I cannot.
Good try.
But you can see APIlandscape.APICn.io,
which is a media, and then you will be able to click
on any company and get data and know what you will integrate
or as an open source project or consume as a product.
Thank you very much.
We have five minutes for questions.
Three, four, two.
Yeah, sorry.
Like you've been working a lot
through creating the content like the landscapes.
You think it's still used for creating more products
related to API.
I think we have a lot of companies
that are doing things related to APIs,
but you think you have something
that could help bringing something new?
On it or?
So two examples, again, how it evolved.
GraphQL when it came, wow,
few dozens and hundreds of tools in the few years.
Now it's quite stable, some are dying, some are reviving.
Async API, like ever driven architecture,
asynchronous API, great community,
no like whoop, we see that coming, right?
So yeah, it leaves some part of the landscape
where we remove hundreds of companies every year
or projects that we consider not relevant
for this year, not maintained or whatever,
and some new are coming.
As I said, for this year,
the research we're connecting,
the open source, AI, ML, APIs, whatever,
there will be a lot of things.
There is an API called form blur GPT
to hide personal data from open source models.
So many, many new tooling on AI APIs will emerge
and we believe it will be a full section
by the end of the year, right?
Just an example here, right?
So, great.
That's a really more related to AI.
Let's say, again, when you see the funding that goes there,
a lot of open source projects are coming,
a lot of companies are doing it,
you know, follow the money, right?
Yeah, yeah, yeah.
Yep.
I think I got to get the part on the new AI Act.
Yeah, I know, it was just a mention.
It was just a mention that in the AU AI Act,
you know, in all the GPR stuff,
the data has to be hosted in Europe, right?
Unless you show that the word hosted
respect the same values as in Europe
and it's complex, right?
We call it like that a transfers, you know, stuff like that.
But the AI Act, like proposed,
one of the proposition is that in Europe,
you are not able to consume an API
where the data is not hosted in Europe,
even if the model is open source,
but it has to be accessible,
the model has to be hosted in Europe
and accessible by an API in Europe.
You just to say that the API now comes
into the regulation, the term,
versus the API when there is no API
and people send you machine readable file,
like Excel or PDF or,
the claim PDF is machine readable,
but or GZAN actually, right?
The fundamental,
what's the fundamental decision behind that?
No, the fundamental reason is the data localization.
You know, we consider it's your sovereign
as long as the data is in a place
where you can send the police and take it, right?
I make it really short.
But, you know, like this is why company,
country like Russia or China or others,
have regulation that obliges
the data to be on site,
because at some point you're most sovereign
if you can knock at the door, right?
No.
And ask a backdoor.
Yeah, be good.
Thank you very much.
Thank you.
Thank you.