Issue #79
Write docs 4x faster. Without hating every second.
Nobody became a developer to write documentation. But the docs still need to get written — PRDs, README updates, architecture decisions, onboarding guides.
Wispr Flow lets you talk through it instead. Speak naturally about what the code does, how it works, and why you built it that way. Flow formats everything into clean, professional text you can paste into Notion, Confluence, or GitHub.
Used by engineering teams at OpenAI, Vercel, and Clay. 89% of messages sent with zero edits. Works system-wide on Mac, Windows, and iPhone.
Table of Contents
Introduction
In my latest API Platforms for Scale podcast, I talk with Nicholas and Samuel from ApyHub and we explore how APIs are transforming into foundational building blocks, the importance of certification and compliance, and how trust can be established and maintained in a rapidly evolving API landscape.
In this episode our discussion covered:
The shift of APIs from simple connectivity points to trusted building blocks in modern architectures.
The need for formal certification models: moving beyond badge-based trust to descriptive, machine-readable certifications
How non-functional requirements like data residency, retention, and security influence API trustworthiness
The role of compliance in supply chain security, especially for third-party libraries and services
Challenges in establishing universally adopted standards for API certification and trust
The concept of API consumption governance, especially in agent-driven interactions
Practical approaches for early-stage security and compliance checks (shift-left strategies)
Future outlook: certification becoming a seamless part of API and service lifecycle
Get the episode on YouTube, Apple Podcasts, and Spotify.
Can JSON Schema and JSON-LD Finally Work Together?
What if your data could be both rigorously validated and semantically understood? Juan Cruz Viotti explores the new interoperability between JSON Schema and JSON-LD, bridging two technologies that have traditionally served different purposes. By combining structural validation with rich semantic context, it opens the door to more interoperable APIs, smarter data models, and AI-friendly systems.
Building Better MCP Tools Isn't About the Protocol, It is About the Design
If your AI agent keeps choosing the wrong tool, the problem may not be the model at all. Daniel Wells and Raian Osman explores the practical trade-offs of MCP tool design, showing how factors such as tool granularity, context size, parameter design, and lazy loading can dramatically affect agent performance. It demonstrates that well-designed tools reduce confusion, improve accuracy, and make AI agents more reliable at scale.
API Governance Is Mostly About People—Not Tools
The biggest obstacle to effective API governance isn't choosing the right tooling, it's getting people to embrace the right behaviours. Kin Lane challenges the common belief that governance begins and ends with linters and automated rules. Instead, it argues that successful API governance is driven by collaboration, shared ownership, and organisational culture, with technology acting as an enabler rather than the solution.
What API Sprawl Really Looks Like
You probably know your organisation has API sprawl—but do you know how extensive it really is? Drawing on insights from the APIs.io index, this article reveals the scale and complexity of today's API landscape, highlighting why discovery, governance, and lifecycle management are becoming increasingly difficult. As organisations continue to publish and consume more APIs, visibility is emerging as one of the biggest governance challenges.
A2A vs MCP: They're Not Competing - They're Complementary
Is it A2A or MCP? The answer may be both. Tom Alvarez cuts through one of the biggest misconceptions in the agentic AI ecosystem, explaining why A2A and MCP solve different problems rather than competing for the same role. Understanding where each protocol fits could save architects from making costly design decisions as multi-agent systems become more common.
Read-Only AI Agents Can Still Leak Your Data
Giving an AI agent read-only access may feel safe but is it really? Martin Buhr challenges the assumption that preventing agents from making changes is enough to protect your systems. It explores how read-only permissions can still expose sensitive operational data, logs, and infrastructure details, making least-privilege access, identity, and governance just as critical for AI agents as they are for human users.
Exposing Local APIs to AI Agents without Exposing Them to the Internet
Testing MCP integrations shouldn't require making your local services publicly accessible. Thomas Rooney introduces MCP Tunnels, a new approach for securely exposing local APIs and development environments to AI agents without the complexity of public deployments. By removing friction from the development workflow, it makes it easier to build, test, and iterate on agent-ready APIs before they reach production.
Why API Security Must Start Long Before Deployment
Finding API vulnerabilities in production is expensive. Preventing them in the delivery pipeline is far more effective. This paper explores a security-first approach to API development, arguing that security should be embedded into every stage of the API lifecycle, from design and testing to deployment and runtime protection. By combining DevSecOps with Zero Trust principles, it offers a blueprint for building resilient APIs from the outset rather than securing them after the fact.
It's easy to keep adding permissions. It's much harder to know when you've added too many. Kristopher Sandoval explores the growing problem of scope sprawl where OAuth and API access scopes multiply over time, making permissions harder to understand, govern, and secure. As AI agents and automated systems consume more APIs, controlling access with clear, well-defined scopes is becoming a critical part of API security and governance.
The Most Important Step in the API Lifecycle Isn't What You Think
Teams spend months designing, building, and deploying APIs—but one crucial step is often overlooked. Bruno Pedro argues that the long-term success of an API depends less on how it's built and more on what happens after it's released. It highlights a frequently neglected phase of the API lifecycle that can determine whether an API delivers lasting value or quietly fades into obscurity.
AI Agents Need Identities Too
What if the biggest security risk in agentic AI isn't the model—but the agent's identity? Kay James explores why treating AI agents as first-class identities is becoming essential for enterprise adoption. From self-service onboarding to short-lived credentials and fine-grained authorisation, it examines how identity management is evolving to support autonomous agents securely at scale.
Books
What do you think of this newsletter issue?
The Ikenna Consulting Newsletter curates intelligence on the trends, technologies, and practices shaping API platforms.





