API Warfare

Mar 17, 2022

API-first. "Headless" e-commerce. "Headless" BI. We've seen a resurgence of startups reimagine startups like Shopify and Wordpress, but built for developers and built for composability. The API is the product.

There's three major risks to building on an API.

(1) Requests and responses aren't always the full contract. What happens in between is the important part, and callers always end up depending on undefined behavior (Hyrum's Law).

(2) Platform risk. Some of the best ideas for Twitter came from third-party apps that built off of Twitter's then-public API. Some of these applications were growing faster than Twitter and monetizing more effectively (through ads). Some raised large amounts of venture funding. Twitter responded by shutting off its API access to the majority of third-party apps. Zynga nearly went under when Facebook changed its API.

(3) APIs can be implemented. Gmail's backend implements SMTP, POP, and a variety of other protocols associated with email. Google Cloud's storage solution implements the AWS S3 API. I imagine we'll start to see more drop-in replacements for well-defined SaaS APIs (why do API companies have low churn rates?). And copying an API is perfectly legal – see Google vs. Oracle.