Contents

• Introduction

• Are your APIs trustworthy? Michael Jackson on APIs at Scale

• Interesting Content for the week

• Tools Updates/New Release

• Upcoming Conferences

• FeedBack & Share

Introduction

Apidays Helsinki was a great conference, and you can catch my talks from the event here and here. Last week, I was on the Treblle webinar for the presentation of the 2025 API Intelligence Report, and you can catch the recording here. Also, I would to recommend the API Context white paper, Enterprise API Readiness in the Era of Agentic AI, where I shared a thought.

In this issue, I discuss one interesting talk from Apidays Helsinki Conference. And our usual roster for interesting content links in the API space.

Enjoy!

Are your APIs trustworthy? Michael Jackson on APIs at Scale

At Apidays Helsinki, Mike Jackson, Senior Architect at Loihde, delivered a talk titled “APIs at Scale: Designing for Alignment, Trust and Intelligence.” Among the many insightful presentations, this one was, for me, the most impactful. Mike made several excellent points, and I want to highlight three of them.

The first key takeaway is that we should perceive APIs not merely as interfaces, but as trust surfaces. I have always viewed platform APIs as an interface to some business capability or data, but I had never considered them from the perspective of trust. Can an API's customer truly trust it to perform as expected? Can they trust its documentation? When an API's behaviour deviates from customer expectations, trust can erode over time. This erosion can lead to the API falling into disuse, especially if the customer has alternative options. To drive API adoption and usage, building and maintaining trust is a crucial factor. How trustworthy are your APIs?

The second point is that APIs reveal assumptions, not just data. An API customer operates with certain assumptions about an API, and their usage is based on these, whether documented or not. If these assumptions are broken, the customer's trust in that API will be compromised. Since some of these assumptions are implicit, we cannot always rely on documentation to fully grasp how the customer expects the API to function. Nor can we depend solely on our established monitoring, as it may not account for these implicit assumptions. We must pay close attention to what customers tell us and how they use the API to uncover these unspoken assumptions. An API might appear to be "working correctly" according to measured metrics and documented behaviour, yet still be problematic for the consumer because a held assumption about the API has changed, for instance, due to an update.

The third point emphasises that in complex systems, misalignment is systemic. While defining an API's purpose and ensuring alignment with business goals is essential, this is only the beginning of the alignment challenge. Entropy inevitably sets in, and misalignment is inherent in complex systems. Therefore, constant communication with product owners, business analysts, tech teams, architects, and other stakeholders is necessary to ensure everyone is aligned on the API's overarching goal. This includes not only documenting the API's purpose but also regularly revisiting and re-communicating it.

Mike also highlighted that merely having API metrics does not equate to having effective feedback loops in place. Effective feedback occurs when information obtained from the API can be and is acted upon to improve the system and improve the customer experience.

After his talk, I had the opportunity to discuss these points further with Mike. We were joined by a senior engineer who Mike’s talk also left an impression on. He told us how his team where the customers of a large advertising API and he expressed his frustration with this untrustworthy API. He provided a compelling example: when they made a request to create an ad using the API, the call sometimes failed with a 5xx error. Subsequently, a request to fetch ads on the system would return no results. Assuming the creation request was unsuccessful, the team would repeat the ad creation request. However, this often resulted in duplicate ads because the initial request had, in fact, created an ad silently. These duplicate ads incurred significant costs for the team and its clients. (It appeared to me that the ad API was not designed with idempotency in mind.) The team had reported this issue to the large ad provider, but their repeated complaints received no response. Consequently, the team had to bear the cost of building costly workarounds to compensate for the API's unreliable behaviour. The API clearly was not meeting the customer’s assumptions, despite what was expressed in the API’s documentation. Unfortunately for the team, this API provider is one of the largest in the market, leaving them no alternative but to use it.

In summary, this discussion vividly illustrated Mike’s point about an API not designed with trust in mind, and where the API provider was not attending to customer feedback to improve the API.

Interesting Content for the Week

AI API Consumption Governance

How Model Context Protocol (MCP) Impacts APIs: Kristopher Sandoval in this article discusses the transformative role of the Model Context Protocol (MCP) in the evolving landscape of APIs and AI integration.

Debugging agent workflows with MCP observability: Drishti Shah in this article examines the growing complexity of AI agent workflows and the corresponding need for enhanced observability.

Deep Dive into llm-d and Distributed Inference: Christian Posta digs into the llm-d project and how it does distributed inference. It addresses the inefficiencies of running large language model (LLM) inference workloads on monolithic infrastructure.

MCP Gateway Access Controls: Defining Permissions for LLM Agents: Eliav Lavi in this article outlines the critical role of access control mechanisms in safely deploying large language model (LLM) agents using the Model Context Protocol (MCP), providing practical examples of how to block or allow access based on consumer identity.

Comparing 7 AI Agent-to-API Standards: J Simpsons provides a comparative analysis of seven emerging standards designed to bridge the gap between AI agents and APIs, evaluating each standard based on criterias such as agent usability, schema richness, discoverability, and support for dynamic workflows.

Platform API Production Governance

Choosing the Right Self-Managed WSO2 API Gateway for Your Needs: Universal, Immutable, and Kubernetes Gateways: Sanjeewa Malalgoda in this article provides a comprehensive guide to selecting a suitable self-managed WSO2 API gateway based on deployment requirements and operational priorities.

From Strategy to Execution: What it Really Takes to Mature Your API Program: McKenzie Tucci in this article addresses the persistent challenge of translating API strategy into effective execution, the article introduces the API Enablement Model, which is structured around three pillars and outlines a seven-part framework for building a comprehensive API platform.

How Engineering Teams Should Monitor Customer Health and API Usage: This article by Moseif calls for a shift in how engineering teams monitor APIs, urging a move beyond traditional infrastructure metrics, recommending customer-centric observability practices.

Tools updates/New release

Kong Gateway Operator 1.6: Improved Support for Konnect and AWS Transit Gateways: Kong introduces version 1.6 of the Kong Gateway Operator (KGO), highlighting enhancements aimed at simplifying the deployment and management of Kong Gateway in Kubernetes and hybrid environments. The update focuses on improving support for Konnect, AWS Transit Gateways, and multi-tenant Kubernetes clusters.

Gloo Gateway 1.19 accelerates context-rich, real-time AI apps with Gateway API: Gloo announces the release of Gloo Gateway 1.19, highlighting its enhanced capabilities for real-time, AI-driven applications and deeper alignment with Kubernetes Gateway API standards.

Postman Unveils Agent Mode: AI-Native Development Revolutionizes API Lifecycle: This article announces the launch of Agent Mode, a new AI-native assistant integrated into the Postman platform. Designed to transform the API development lifecycle, Agent Mode interprets natural language input to autonomously execute tasks such as designing, testing, documenting, and monitoring APIs.

New tools and features in the Responses API: This article introduces a suite of enhancements to OpenAI’s Responses API, aimed at improving the development of agentic applications. The update includes expanded tool support, improved reasoning capabilities, and enterprise-grade features for reliability and privacy.

Upcoming API Conferences

Platform Summit 2025: Date: October 13-15, Location: Stockholm, Theme: Engineer Next-Gen API Architectures Register to get your tickets.

API Conference Berlin: Theme: The Conference for Web APIs, API Design & Management, Date: October 20 - 22, 2025. Register to get your tickets.

Kong API Summit Live 2025, Join developers, leaders, and visionaries from around the world as we explore the latest innovations around APIs, microservices, and AI. Date: Oct 14 - 15, 2025, Location: New York City

APIdays Germany: Theme: “Accelerate AI Use Cases with APIs” Date: July 2nd & 3rd, 2025. Location: Smartvillage Bogenhausen, München, Germany. Register Here

APIdays London: Theme: “No AI Without APIs” Conference Date: September 22nd - 24th, Location: Convene 155 Bishopsgate, London EC2M 3YD

API Governance Consulting

Feedback & Share

I appreciate your feedback. Please help me improve this newsletter by filling out this 1 minute survey. If you find my newsletter useful, please forward and share it with a friend.