API Complexity Is a Lie

The author offers no evidence for the claim that API management and security solutions are needlessly complex in order to create more business for themselves. I think it&#x27;s much more likely that API management and security software has grown to address the more complex needs of the APIs they serve. It isn&#x27;t 2010 anymore - handing out plaintext API keys that never expire isn&#x27;t good enough for many products, and features like RBAC and IAM have become more necessary as more people use APIs to do more stuff.<p>Now let me go remind myself how OAuth works again...

&gt; What is hard isn&#x27;t the API ...<p>Clearly someone who hasn&#x27;t gazed into the maw of OAuth :Þ<p>Though I guess the article wouldn&#x27;t call that an API but &quot;api security&quot; added to the <i>real</i> API. A bit potatoes potatoes from my eyes.<p>----<p>Fun reading: <a href="https:&#x2F;&#x2F;metacpan.org&#x2F;dist&#x2F;LWP-Authen-OAuth2&#x2F;view&#x2F;lib&#x2F;LWP&#x2F;Authen&#x2F;OAuth2&#x2F;Overview.pod#The-Purpose-of-LWP::Authen::OAuth2" rel="nofollow">https:&#x2F;&#x2F;metacpan.org&#x2F;dist&#x2F;LWP-Authen-OAuth2&#x2F;view&#x2F;lib&#x2F;LWP&#x2F;Aut...</a>

I was looking at monetizing an API about a decade ago and was pretty shocked to see every API management tool out there had zillions of <i>nice to have</i> features but none of them had a facility to attach a payment gateway — the single feature I needed to <i>have a business.</i>

&gt; Anyone telling you that working with APIs is hard isn&#x27;t telling the truth.<p>Having encountered a difficult to use API, I must disagree with the thesis.<p>Or I&#x27;m a one of the many people not telling the truth. Who can know for sure?

If anybody else is wondering what the heck the blog post is talking about: this is about web dev, which at some point hijacked the term API to mean &quot;custom message protocol&quot;.

&gt; According to Gartner&#x27;s 2023 hype cycle for APIs, API security testing was at the top. Sitting at the so-called &quot;peak of inflated expectations,&quot; API security companies will most surely enjoy two to five years until the industry matures.<p>Ok.<p>&gt; Today, though, API security testing is navigating Gartner&#x27;s infamous &quot;trough of disillusionment&quot; showing that it&#x27;s trying to become mature.<p>Lost me.<p>So in 2003 it was projected they would be around for 2-5 years, but now (2024) they’re in Gartner trough of disillusionment… showing that they’re becoming mature. (?)<p>&gt; There&#x27;s clearly money to be made in the API security area … In other words, what these companies sell is a painkiller that doesn&#x27;t fix the security problem but, instead, provides a way to discover and mitigate it.<p>???<p>It feels like this is the example of “bad, making things complicated deliberately”, ok, sure, but what does this have to do with the trough of disillusionment and becoming mature? How are those two things relevant or related? Why is it significant that the 2023 &#x2F; 2024 out looks are so different? How is this “companies making money” related to the trough of disillusionment?<p>I feel like if I just skim the article without trying to actually understand anything it’s saying I get a general sense of what they’re saying but damn I’m struggling with it when I read it closely.<p>:&#x2F;