State of the API Report

For years, API-first was a promising idea: by treating APIs as products rather than projects, organizations would drastically benefit from how they built, scaled, and monetized their digital offerings.

Today, the data makes it clear: the shift from code-first to API-first is not just happening, it's accelerating.

The most common API activities reveal why coordination matters so much:

Traditional API security models were designed for predictable human behavior: developers making dozens of calls per day, following documented patterns, and operating within reasonable rate limits.

AI agents disrupt these assumptions:

These security concerns aren't unfounded. When asked about the biggest obstacles to using AI tools at their organizations, developers cite real trust and compliance issues: 36% lack trust in AI systems, and 33% have ethical, legal, and compliance concerns. The solution isn't to avoid AI, though. It's to build the security infrastructure that makes AI adoption safe and compliant.

Organizations are backing this revenue generation with increased investment. Forty-six percent plan to spend more time and resources on APIs in the next 12 months, compared to just 11% planning to reduce investment. This isn't just about direct monetization. It's about recognizing APIs as strategic assets that enable business growth.

MCP promises to be the structured interface between AI models and real-world systems. In theory, it solves critical problems like unified agent access, standardized security models, and structured tool definitions that agents can reliably understand.

But here's the critical insight: Agents are already calling your APIs, with or without MCP. With only 10% regular adoption, MCP hasn't reached mainstream developer workflows. Even among those who've evaluated it, many chose not to implement it, suggesting practical barriers to adoption.

If your interface isn't AI agent-ready, every team builds one-off wrappers that break, leak secrets, and waste time. Making your APIs agent-consumable now provides immediate benefits and future flexibility—whether MCP becomes the standard or something else emerges.

Regardless of MCP adoption timelines, certain practices make APIs more consumable by both humans and machines:

The root cause isn't a lack of documentation. It's that the documentation is scattered across too many places. Teams may use chat tools for quick questions, internal docs for formal specifications, emails for approvals, and wikis for examples. When API information lives everywhere, it becomes outdated or unreliable.

Organizations solving collaboration challenges share common patterns:

Monitoring reveals significant fragmentation: Grafana leads at 36%, followed by Sentry and Elastic at 20% each. Concerningly, 17% use no monitoring tools at all—a gap that becomes critical as APIs drive more business value and face new security threats from AI agents.

Testing practices reveal a maturity gap. Functional and integration testing both reach 67%, showing strong adoption of basic testing practices. Performance testing at 57% indicates growing awareness of scalability concerns. However, contract testing lags at only 17%, a critical gap given the importance of API contracts for both human and AI consumers.

Change management shows inconsistent practices: 60% version their APIs and 57% use Git repositories, indicating version control is standard. However, only 26% use semantic versioning, meaning most teams track changes without communicating the impact of those changes effectively.