超越监控：战略性 API 使用管理的迫切需求_AI阅读总结 — 包阅AI

Software architecture must swiftly adapt to the soaring usage of AI. Relying solely on monitoring is like checking the oil in a car without ever considering the engine’s performance. With the rapid rise of AI and increased dependence on APIs, companies need more than just oversight — they need a strategic, proactive approach to API consumption management. Despite being API-savvy, many companies struggle to keep up, often wasting valuable developer time on inefficiencies hidden in their day-to-day operations.

A recent survey from Lunar.dev’s “2024 State of API Consumption Management” report reveals that many organizations fail to prioritize strategic API monitoring. Without the right tools, 36% of companies spend more time troubleshooting APIs than developing new features. This neglect introduces security risks, hampers performance, and inflates operational costs, making dedicated API management tools beneficial and essential.

Here are a few key insights from the report that indicate a bigger problem:

The Time and Budget Drain of ‘Simply Monitoring’

The survey highlights a stark reality: While cost-effectiveness is a significant advantage, many companies overlook it. The hidden API maintenance and troubleshooting costs — especially with AI and LLM APIs — add up quickly.

Time and developer productivity are the biggest casualties, with 54% of companies dealing with API issues weekly, and 33% daily.

Organizations should consider investing in egress management tools to gain visibility into patterns to optimize costs and identify potential bottlenecks.

Scaling API Usage: The Top Priority

Fifty-seven percent of companies consider scaling API usage their primary concern, while only 15% identify cost-effectiveness as a significant challenge in API consumption.

As products grow and consumption rises, challenges become more pronounced, especially during peak traffic. Companies need greater flexibility to manage these traffic surges but often face constraints due to rate limits and costs.

Organizations must be prepared and aware of the benefits of a centralized control plane for managing and governing all outbound API traffic to scale API consumption flexibly as needed. This must be done to increase awareness of third-party API consumption with a minimal footprint.

To conclude, the more governance there is, the more granularity on external traffic there is, and the more control and clarity there is internally.

The Growing Risk of Unmanaged API Traffic

Only 33% of companies ranked API maintenance as a high or very high priority, 5% marked it as a non-priority, and 62% as moderate.

By not prioritizing the maintenance and optimization of their API integrations, companies are more vulnerable to unsafe API consumption.

Companies that aren’t currently managing their third-party APIs effectively may be jeopardizing the performance of their products and, consequently, business performance as well.

This lack of concern is perhaps why “API10:2023 – Unsafe Consumption of APIs” is now on the OWASP top ten. Unsafe consumption is a growing concern since it’s becoming a prominent supply chain attack, and developers do not have adequate proactive measures to enforce security on API consumption.

There Needs To Be a Clear Owner

Like with many things in organizations, there needs to be clear ownership to excel.

As companies continue to evolve in their reliance on and usage of third-party APIs, driven by AI advancements, managing and optimizing APIs will increasingly require a cross-company effort rather than being confined to a specific application or integration team.

Currently, many companies are using duplicate API keys across various environments and services, leading to unclear ownership.

When asked who is responsible for resolving API integration problems, responses were split between the platform team, the integration team, and the application engineer. Moreover, most companies selected multiple options, including team leads, DevOps, individual contributors, etc., indicating a need for clear ownership.

API consumption impacts product development, business operations, and engineering productivity. Building a comprehensive API stack within a company will necessitate a clear owner.

Conclusions and the Next Gen of Architecture

The architecture of modern software is evolving.

As companies evolve into a “thinner” backend infrastructure but rely much more on third-party API integrations, the need for a new mediation layer becomes apparent. Just as API gateways rose to mediate between customers and API providers, a similar evolution is required to manage the APIs that applications consume.

The overlooked risks and costs of API consumption underscore the need for proactive API management, dedicated tools, and clear ownership. Companies must shift their approach to understand where API consumption fits within their overall architecture and build with these considerations in mind.