3Scale was one of the original three API management service providers alongside Mashery and Apigee — the OG three — and the one I’ve always considered the most honest about what API management was ...
APIs.json is the discovery specification I created, and it’s one of the things I’m proudest of even though it never achieved the adoption I hoped for. APIs.json is a machine-readable format that le...
Accountability in the API space is the question of what happens when things go wrong — when a platform misuses data, when a deprecation strands thousands of developers, when an API-enabled product ...
Developer advocacy is one of the most misunderstood roles in the API industry, and also one of the most important. At its best it is a two-way bridge: someone who carries the message of a platform ...
Agent skills are the latest expression of a question I’ve been asking the API community since at least 2016: what does your API actually let someone do? Not what database table it exposes, not what...
API aggregators are services that bring multiple provider APIs together behind a single interface — and, in the best cases, expose entirely new APIs that only become possible because of the aggrega...
Arazzo is the specification that finally gives the API world a standard way to describe workflows — the multi-step sequences of API calls that actually accomplish meaningful business outcomes — and...
Artifacts are the machine-readable definitions that make the modern API lifecycle possible. When I talk about an artifact, I mean a structured, machine-readable document that describes some dimensi...
Asynchronous APIs are everything that doesn’t fit the simple synchronous request-response model that REST made dominant. In a synchronous API you make a call and wait for the answer. In an asynchro...
AsyncAPI is the specification standard for event-driven and message-driven APIs — the OpenAPI of the asynchronous world. Where OpenAPI describes synchronous HTTP request-response APIs in a machine-...
Authentication is the act of verifying who is making an API call before granting them access, and it’s the front door of every API. It’s also one of the most consistently botched, under-standardize...
Awareness is, to my mind, the single most underrated thing that APIs actually deliver. People talk about APIs in terms of integration, automation, revenue, and developer ecosystems, but underneath ...
The blog is the beating heart of API evangelism, and I say that as someone whose entire career is a blog. API Evangelist is fundamentally a blog — fifteen years of near-daily writing about the API ...
CI/CD is where the API lifecycle stops being a diagram on a whiteboard and becomes an automated, enforceable reality. Continuous integration and continuous delivery — the pipeline — is the machiner...
The command-line interface is one of the most underappreciated and most durable interfaces to APIs we have, and it sits at an interesting intersection right now — between the API, the web console, ...
Capabilities are where my thinking about APIs has landed after fifteen years, and the shift is significant enough that I’ve started dropping the word “API” from the front of it. For years I said “A...
When I talk about governance in the API space I try to be precise about which kind I mean, because there are at least two fundamentally different animals that share the word. There is lowercase-g g...
Change is the great enemy of a successful API. An API is a contract, and the entire value of a contract is that the other party can depend on it. The moment you change the contract, you risk breaki...
The API client is the consumer’s primary tool — the thing a developer actually opens to explore, test, and put an API to work. If the API is the contract and the documentation is the explanation, t...
The collection is one of the most important and most underappreciated artifacts in the entire API world, and I’ve spent years arguing that it deserves to be understood as a first-class citizen alon...
Community is where APIs actually live or die, and it’s the part of the business that the spreadsheets and the architecture diagrams never quite capture. An API is a technical artifact, but an API p...
Compliance is where the law meets API operations, and it’s one of the places APIs quietly prove their worth. Every organization of any size operates under a web of legal and regulatory requirements...
API consumption is half the equation that most API programs forget to govern. We spend enormous energy on the producing side — design, deployment, management, documentation — and then we assume tha...
The most important thing I ever did as API Evangelist was talk to people. Not write posts, not build tools, not generate research — talk. Have conversations. The writing and the tools mattered, but...
Copilots are where the AI wave landed most concretely in the API world, and they arrived at both ends of the pipeline at once — inside the IDE helping developers write API integrations, and increas...
Cost is the argument that finally gets API governance taken seriously in most organizations, and it’s the argument I’ve had to learn to make more explicitly over the years. Technical people underst...
API deployment is the lifecycle stage where an API goes from a design or a definition to an actual running thing that serves real traffic — and it’s far more varied and more interesting than the si...
Deprecation is the part of the API lifecycle that everyone wants to skip, and skipping it is exactly what causes the most damage. Every API will eventually be retired — versions get superseded, end...
API design is the discipline of deliberately shaping what an API does and how it works — and the difference between a designed API and one that just happened is the difference between an API people...
Developer relations is the profession I helped define and the discipline I’ve spent fifteen years practicing, critiquing, and occasionally despairing over. DevRel is the organizational function res...
Developers are the audience that API evangelism exists to reach, and getting the relationship with them right is the difference between an API that thrives and one that languishes with great techno...
API discovery is the problem I’ve spent more time on than almost any other, partly because it’s genuinely hard and partly because I tried to solve it myself and learned exactly how hard it is. Disc...
API documentation is the single most important factor in whether an API succeeds, and I have believed this since the very beginning. It was one of the first things I wrote about when I started API ...
The API design editor is where governance actually meets the human being doing the work, and that’s why I’ve cared about editors for as long as I’ve cared about API design. An editor is the tool wh...
The governance engine is the machinery that makes API governance real rather than aspirational. A governance rule is just a statement of what should be true about an API — but a statement is inert ...
API governance is, at its root, an epistemological problem — a problem of knowledge. Before you can govern an API, you have to know things about it: what it does, where it lives, what it promises, ...
Evangelism is the word my entire career is built on, and after fifteen years I’m more convinced than ever that it was the right word — not a marketing euphemism, not an accident, but a precise desc...
Event Destinations is a specification and an initiative — and the fact that there is any initiative at all is more significant than most people appreciate. The core of what it does is simple: it ex...
Event-driven is the half of the API world that the request-response paradigm spent two decades overshadowing, and it represents one of the most important shifts in how I think about what an API act...
API experience is the sum of everything a developer feels while working with your API, and it’s the thing that most determines whether they stay or leave. The experience isn’t the API itself — it’s...
External evangelism is the public-facing third of the evangelism job — the outreach, storytelling, and community work aimed at the developers, partners, and broader audiences outside your organizat...
The feedback loop is how an API program stays alive and stays honest. An API without a feedback loop is talking into a void — shipping features nobody asked for, repeating mistakes nobody flagged, ...
Foursquare is the API that defined the location era — the moment when mobile, social, and geographic data converged and APIs became the way the physical world got wired into the digital one. Foursq...
The API gateway is the piece of infrastructure that sits between consumers and your backend services and makes an API into a managed, governed, observable thing rather than just an endpoint. At its...
Git, and specifically GitHub, is the factory floor of modern API operations, and I’ve believed this longer and more insistently than almost anything else in my work. Git is version control — a dist...
Government is where I did some of the most meaningful API work of my career, and the history of government APIs is one of the most important and most overlooked chapters in the whole API story. Gov...
GraphQL is the API technology I’ve had the most complicated relationship with, and I think working through that complication is more honest and more useful than either the breathless hype or the re...
Guardrails is the metaphor that finally makes API governance palatable, and it captures the single most important shift in how I think governance should work. A guardrail doesn’t stop you from driv...
HTTP 1.1 is the bedrock that the entire web API economy is built on, and I don’t think most people in the API space fully appreciate how much they owe to it. When we talk about REST APIs, web APIs,...
HTTP/2 is the performance upgrade that the API world quietly adopted without most developers having to change how they think about APIs, and that seamlessness is precisely what makes it interesting...
HTTP/3 is the newest evolution of the protocol that the entire API economy runs on, and it represents a more fundamental rethinking of the transport layer than HTTP/2 did — while still preserving t...
Hackathons are one of the most visible and most overhyped activities in API evangelism — a real building block of community engagement that energizes developers and generates excitement, but one th...
Hypermedia is the most intellectually compelling and most commercially frustrating idea in the entire API design world, and I’ve held both of those feelings about it for over a decade. A hypermedia...
The IDE is where developers actually work, and that simple fact makes it one of the most strategically important surfaces in the entire API lifecycle. For years the API industry built its tooling —...
APIs land differently in every industry, and the politics of how they land — who they empower, who they threaten, how they’re regulated, and who controls the standards — varies enormously from sect...
API integration is the work that actually matters to the business — the connecting of systems through APIs to accomplish real outcomes — and it’s the part of the API story that the producing-obsess...
Internal evangelism is the unglamorous, invisible, and often most important third of the evangelism job — the work of winning over your own organization. Everyone pictures evangelism as the public-...
Interoperability is the promise at the heart of APIs and the political battleground where that promise is constantly contested. The whole point of an API, in principle, is interoperability — differ...
JSON:API is the specification that tried to solve one of the most tedious and most real problems in API design: the endless bikeshedding over how to structure a JSON response. Every team that build...
JSON Schema is the most important and most overlooked specification in the entire API world, and I’ve spent years trying to get people to see why. JSON Schema is a vocabulary for describing and val...
JSON-LD is the technology that tries to bridge the world of APIs and the world of linked data, and it represents one of the most intellectually ambitious and most underadopted ideas in the API spac...
JWT — JSON Web Tokens — is the compact, self-contained, cryptographically signed token format that became the workhorse of modern API authentication and authorization. A JWT is a small, URL-safe to...
Journalism and APIs are bound together in ways that go to the heart of the politics of information, and I’ve watched the relationship deepen and complicate over fifteen years. On one side, news org...
The API key is the humblest and most foundational unit of API access there is — a simple string that identifies who’s calling and lets a provider track, manage, and control that access. For all the...
The API landscape is the full territory that governance has to cover, and mapping it is the precondition for everything else. Before you can govern your APIs, you have to know what you have — where...
The API lifecycle is the organizing framework for everything I know about how APIs are produced and operated, and it’s the backbone that governance hangs on. The lifecycle is the full set of stages...
API literacy is the foundation that governance is built on, and it’s the thing most governance programs assume rather than build. You can write all the governance rules you want, deploy all the lin...
Lowercase-g governance is the distinction that unlocked API governance for me, and it’s one of the most useful framings I’ve developed. There are two kinds of governance, and conflating them is the...
MCP — Model Context Protocol — is the protocol that emerged to let AI agents and assistants call tools and APIs, and it’s the technology I’ve had the most pointed and complicated reaction to in rec...
API management is the operational and business layer that turns a raw API into a managed product, and it’s one of the foundational concepts of the entire API economy. API management is what sits be...
Marketing is the discipline that API evangelism is constantly mistaken for and constantly has to distinguish itself from, and navigating that relationship has been a recurring theme in my work. Mar...
API marketplaces are the recurring dream of the API economy — the idea that there should be a place, like an app store, where API providers list their APIs and consumers discover, try, and purchase...
Meetups and events are the connective tissue of the API community, and they’re where the human reality of this work has always lived for me. For all the blog posts, specifications, and tooling, the...
Microservices is the architectural pattern that dominated the 2010s — breaking monolithic applications into small, independently deployable services that communicate through APIs — and my relations...
Mocking is the practice of simulating an API’s responses before the real backend exists, and it’s one of the most underrated capabilities in the entire API lifecycle. A mock API returns realistic, ...
Monetization is the question every API program eventually has to answer — how does this make money — and it’s both simpler and more complicated than people expect. At its most direct, API monetizat...
Newsletters are the quiet workhorse of API evangelism — the regular email publication that sustains awareness and engagement over time, reaching people in the one channel almost everyone still chec...
OAuth is the standard that solved one of the hardest problems in API security — how to let a third-party application access your data without giving it your password — and it became the foundation ...
Observability is the capacity to understand what’s actually happening with your APIs — who’s using them, how, when, with what results — and it’s one of the most important and most politically loade...
Onboarding is the make-or-break moment in the entire developer relationship — the journey from “I’m curious about this API” to “I made a successful call” — and it’s where most API programs lose mos...
Ontological governance is governance grounded in shared definitions of what things actually are, and it’s the necessary companion to the epistemological side of governance. Where epistemology asks ...
Open source is the foundation that the entire API tooling ecosystem is built on, and the business dynamics around it are some of the most important and most contested in the API economy. From the s...
OpenAPI is the most important specification in the API world, and arguably the most consequential standard the API economy has produced. OpenAPI — formerly known as Swagger — is the machine-readabl...
OpenAPI Overlays is the specification that solves a problem the API world has quietly struggled with for years: how do you modify, extend, or specialize an OpenAPI definition without altering the o...
Partnerships are the second of the three legs of evangelism — the collaborative, co-creative relationships that amplify the work and extend the reach of an API program through aligned partners. Whe...
People are what API governance is actually about, and recognizing that is the single most important shift in how I’ve come to understand governance. For years, governance was discussed as if it wer...
Podcasts are the long-form, conversational, intimate channel of API evangelism — the place where the human voice and the unhurried conversation build a kind of trust and authority that written cont...
Policies are the connective tissue of API governance — the layer that links the business and human intent above to the technical rules below. A rule is a machine-executable check: every path must f...
Production is where APIs stop being artifacts and become operational reality — live, serving real traffic, with real consumers depending on them — and governing the producing side is one of the two...
ProgrammableWeb is the institution that documented the birth of the API economy, and its rise and fall is one of the most important and most poignant stories in the entire history of APIs. John Mus...
Provenance is the chain of custody for API knowledge — the history and origin story behind every artifact, rule, and decision — and it’s one of the quietly essential foundations of trustworthy gove...
Quality is the ultimate purpose of API governance — the whole apparatus of rules, engines, policies, and people exists to produce APIs that are correct, consistent, complete, and genuinely good to ...
REST is the architectural style that became synonymous with “API” for most of the modern era, the dominant approach to designing HTTP APIs, and the thing that, when people say “API,” they usually m...
Rate limiting is the technical mechanism at the heart of API management — the control that determines how much a given consumer can use an API in a given window — and it’s far more consequential an...
Regulation is where the politics of APIs gets the force of law, and it’s become one of the most consequential dynamics in the entire API economy. Regulation, in the API context, runs in two directi...
Regulations are, from a business perspective, both a burden and one of the most powerful market forces shaping the API economy — and the organizations that understand this navigate them as opportun...
Rules are the atomic unit of automated API governance — the individual, machine-executable checks applied to API definitions to verify they meet your standards. A rule says something specific and c...
SDKs — software development kits — are the language-native libraries that wrap an API’s operations so developers can use it in their preferred programming language without dealing directly with raw...
Sales and API evangelism have a complicated, sometimes adversarial relationship, and navigating it honestly is one of the harder parts of the evangelism practice. Sales is the function of convertin...
Salesforce holds a unique place in API history: it launched what is widely considered the first commercial web API, on February 7, 2000, and in doing so it didn’t just create an API — it helped inv...
API security is the discipline of protecting APIs from unauthorized access, abuse, and vulnerabilities, and it’s simultaneously one of the most important and most chronically underinvested areas of...
Self-service is one of the foundational business innovations of the API economy, the thing that distinguished the modern API from the enterprise integrations that came before it. Self-service means...
Semantic versioning is the convention for communicating the scope of changes to an API through its version number, and it’s both genuinely useful and a subject I’ve grown increasingly skeptical abo...
Serverless is the compute model that made deploying APIs radically simpler, and it reshaped how a generation of APIs got built. Serverless — functions-as-a-service, exemplified by AWS Lambda — lets...
Social media is one of the core channels of API evangelism, the place where API storytelling reaches developers in real time and where the community conversation actually happens. For all the forma...
Data sovereignty is the political reality that the borderless internet keeps running into, and APIs sit right at the collision point. Sovereignty, in the API context, is the assertion of national o...
Spectral is the linting engine that became the de facto standard for API governance, and Spectral rules are the machine-readable expression of design standards that made automated governance real f...
Storytelling is the single most important tool in the API toolbox, and I’ve said it so many times that it has become one of the defining claims of my entire career. The technology never sells itsel...
The API design style guide is where API governance begins for most organizations, and it’s the artifact that bridges human design wisdom and machine-enforced governance. A style guide is a document...
Surveillance is the dark shadow of the API economy, the use of the same APIs that connect and empower us to collect, monitor, and analyze human behavior at scale. Every API that tracks who’s callin...
Talent acquisition is one of the quietest but most valuable returns on a healthy API program and developer community, and it’s a connection most organizations miss. When you build a genuine develop...
Testing is the discipline of verifying that an API actually does what it’s supposed to do, and it’s one of the most important and most neglected parts of the API lifecycle. An API is a contract, an...
Traceability is the ability to follow something — a request, a piece of data, a change — across the boundaries of a distributed API system, and it’s become essential precisely because modern system...
Transparency is the political instrument that APIs make possible and that powerful interests resist, and it’s one of the threads I’ve pulled on hardest throughout my work. APIs can make systems tra...
Vacuum is the OpenAPI governance engine that represents the maturation of the API linting category beyond Spectral, and I got genuinely excited about it because it pushes the rules engine forward i...
Velocity is the variable that governance is always negotiating with, and the relationship between the two is the central tension of the whole governance discipline. Velocity is how fast teams can s...
Video is one of the most underused channels in API evangelism, and it occupies a distinctive place in the storyteller’s toolbox because it shows developers how something works rather than just tell...
Webhooks are the simplest and most widely adopted form of event-driven API, and I’ve described them for years as “APIs in reverse.” Where a normal API has the consumer calling the provider to ask f...
Workshops are one of the most effective forms of API evangelism and education there is, because they’re where abstract API concepts become hands-on, concrete skills. A workshop is a structured teac...
gRPC is the high-performance, contract-first API protocol that brought the RPC tradition into the modern era, and from a governance perspective it represents both an opportunity and a challenge. gR...
