APIContext has released its OpenAPI Specifications in the Real World white paper, an analysis into APIs, whether they conform to their OpenAPI Specification (OAS) and whether APIs deviate from their framework during their lifecycle – known as API Drift. 

To gather the results, a number of API provider specifications that were publicly available within APIContext’s Directory were reviewed. With APIContext’s Conformance Analysis tool, an API’s accuracy could be measured and determined if the API had drifted away from its OpenAPI Specifications.

API drift can result in a multitude of problems including hindered user experience for customers and developers in addition to security and governance issues. 

The findings of the investigation revealed that three quarters (75%) of APIs tested had nonconformant API endpoints. In addition to this, 89% of specifications have not been updated in the previous six months. 

This highlights the need for significant work to be done in ensuring that API specifications and the APIs deployed are fit for purpose. 

APIs are the unsung heroes of the modern internet, as they account for over 80% of all internet traffic and as they become more reliable, they enhance the facilitation of digital applications and generate value for stakeholders. Hence, it is critical for all API providers to give a well-documented specification to API users.  

The OAS defines how to communicate with an API, what information can be requested and what information can be returned. While there are substantial benefits for publishing an OAS for an API, many developers choose to keep their OAS private, as more than a third (43%) of the APIs examined had no discoverable OpenAPI Specification.

This is surprising given the level of public consumption of these APIs. Additionally, more than half (57%) of APIs examined had an OAS that was readily available, with 48% having an official specification and 9% having an unofficial specification.  

Other key report highlights: 

• Nearly one third (30%) of specifications reviewed are still on OAS 2.0 (Swagger), which has not been updated for eight years.
• Less than half (48%) of the APIs evaluated had public, official OpenAPI Specifications available.
• More than half (52%) of specifications have not been updated in the previous six months. 
• Banking, fintech and bulk management APIs showed no sign of API drift with 100% conformance. 

“Even though we have heard from the industry that API Drift was an issue, we were surprised by the scale of the problem.” said Mayur Upadhyaya, CEO of APIContext. “We know it’s possible to keep production APIs in conformance with specifications, because some teams do it as a matter of course.

“The majority of API teams, however, make their APIs much more difficult to use which impacts adoption.”

To download a copy of the APIContext OpenAPI Specifications in the Real World whitepaper, click here. 

To read more Eskenzi news, click here.