Community Spotlight
Sharad Ballepu: API Developer Experience at Enterprise Scale
Sharad Ballepu is Senior Director of API Management at Quest Diagnostics, where his work focuses on API platforms operating across a large healthcare environment with strict security, compliance, and integration requirements. His work covers how APIs are secured, governed, and made usable across teams working with clinical systems, patient workflows, diagnostics, billing, and internal platforms. Quest has publicly discussed its use of API policies and gateway tooling to manage different security and integration requirements across systems.
In large organizations, teams often work across different gateways, authentication models, cloud environments, legacy systems, and partner platforms. Documentation quality changes between teams. Sandbox environments behave differently from production. Integration knowledge becomes dependent on a few internal experts.
This creates problems that are easy to underestimate. Developers spend time figuring out authentication instead of building workflows. Teams duplicate integrations because they cannot find existing APIs. Support teams repeatedly answer the same onboarding questions. Internal platforms become harder to adopt because each team learns to integrate systems differently.
Quest Diagnostics provides a useful example of the kind of complexity involved. The company supports APIs tied to electronic health records, patient workflows, laboratory ordering, test results, billing, scheduling, enterprise resource planning systems, and document workflows. Quest also publishes FHIR-based guidance for developers connecting healthcare systems through standardized patient data interfaces. In this kind of environment, APIs are not isolated technical products. They sit inside systems where reliability and consistency matter.
Ballepu’s work also reflects how API management has expanded beyond uptime and governance. Historically, API programs focused on security policies, traffic management, and whether endpoints returned the expected response. Enterprise platform teams are now spending more attention on usability. Can developers quickly discover the right API? Are onboarding steps predictable? Does documentation explain how systems behave in real production conditions? Can integrations be tested without needing tribal knowledge from internal teams?
Healthcare environments make these issues more sensitive because systems are tightly connected. A poorly documented integration not only creates frustration for developers, but it can also slow workflows that depend on accurate data exchange between systems. Authentication inconsistencies, unclear contracts, or unreliable testing environments increase the chances of delays, rework, and integration failures between business-critical systems.
Quest uses custom API policies to address different security requirements rather than applying a one-size-fits-all approach. That reflects a broader enterprise reality. Large organizations rarely operate a single API standard. They manage different environments, teams, and security expectations simultaneously.
Teams need to make APIs easy to find, easy to understand, easy to test, and consistent to integrate across environments. The goal is to reduce repeated support questions, duplicate integrations, unclear ownership, and time lost due to authentication or documentation issues. In large enterprises, a good API program is measured by how quickly teams can use APIs correctly without needing help from the platform team.
API Feed
Know the Latest from the World of APIs
Anthropic acquired Stainless, the SDK generation company that created API client libraries and Model Context Protocol tooling. Stainless is widely used for generating typed SDKs directly from OpenAPI specifications. The acquisition brings API consumption, tool calling, and agent connectivity infrastructure closer to Anthropic’s core platform as AI systems increasingly interact with external APIs.
DocuSign launched an MCP server and new APIs for agentic workflows at Momentum 2026. The company introduced an MCP server, an Agreement Manager API, and IAM tooling to enable AI agents to work with agreements and enterprise workflows programmatically. Enterprise vendors are exposing systems via MCP and agent-ready interfaces rather than traditional REST alone.
Research shows that prompt instructions alone fail to secure access to the MCP tool, pushing teams toward architectural enforcement. Researchers tested multiple models and found that agents still invoked unauthorized tools despite explicit instructions. Across three models (Qwen 2.5 7B, Llama 3.1 8B, Claude Haiku 3.5) and 150 adversarial tasks spanning four attack categories, the proxy reduced the unauthorized invocation rate (UIR) to 0% while adding under 50ms of median latency. Prompt-based restrictions reduced UIR by only 11-18 percentage points, leaving substantial residual risk.
A new study on agent-ready OpenAPI documentation found stable APIs still fail when consumed by agents. Researchers analyzing hundreds of endpoints found documentation quality directly affected agent planning, tool selection, and payload generation. OpenAPI specifications are not automatically usable by AI systems. API descriptions need to be written for machine reasoning, not only human developers.
Big Story
End-to-End API Testing in CI/CD
API failures occur across workflows rather than at individual endpoints, making isolated request testing insufficient in production environments.
As enterprises expand AI-driven and event-based systems, API testing is shifting toward scenario validation that measures how multiple services behave together.
CI/CD pipelines are evolving beyond deployment automation. They are used to test integrations, dependencies, and workflow execution continuously before changes reach production.
Teams are investing in end-to-end testing because fragmented environments, third-party dependencies, and asynchronous architectures make production failures harder to predict using traditional API testing methods alone.
For years, enterprise API testing focused primarily on validating individual requests. Did the endpoint respond correctly? Did authentication succeed? Did the payload match the expected schema? If those checks passed, the API was considered production-ready.
That approach no longer reflects how modern enterprise systems actually operate.
Today’s production environments are built around workflows. A single customer interaction may trigger authentication services, payment platforms, fraud engines, messaging systems, analytics pipelines, recommendation engines, and third-party integrations within seconds. In AI-connected environments, the complexity increases further as agents dynamically chain APIs together across systems that were not originally designed to operate as a single execution flow.
An endpoint may pass every unit and contract test while still causing production issues once integrated into a larger workflow. Authentication tokens expire unexpectedly across chained requests. Retry logic amplifies traffic during partial outages. Event streams process messages out of order. Rate limits cascade across downstream systems. Payloads remain technically valid while breaking business logic inside connected applications.
This is why teams are shifting toward end-to-end scenario testing inside CI/CD pipelines. Instead of validating whether a single request succeeds, organizations test whether complete workflows execute reliably. The question is no longer simply whether an API works. It is whether the system built on top of multiple APIs behaves correctly under production constraints.
The shift reflects how enterprise architecture itself has changed. Modern systems are distributed across cloud providers, SaaS platforms, internal microservices, event-driven infrastructure, and AI orchestration layers. A workflow may depend on dozens of APIs owned by different teams, each with its own deployment schedule and assumptions. Traditional endpoint testing cannot reliably model those interactions.
AI systems amplify the problem further because they generate less predictable execution paths. Human users often follow relatively narrow behavioral patterns. Agents do not. An AI workflow handling customer support, for example, may dynamically query multiple systems, retry failed operations, escalate requests, or execute workflows in unexpected sequences depending on context. These paths are difficult to capture through static test cases focused on individual endpoints.
The consequences are becoming expensive. Integration failures create downstream business problems. Payment retries can duplicate transactions. Inventory synchronization delays can expose unavailable products. Inconsistent API responses can create workflow deadlocks across automated systems.
As a result, CI/CD pipelines are evolving into broader validation systems. Teams are adding workflow simulation, synthetic traffic generation, dependency testing, event replay systems, and production-mirroring environments directly into deployment pipelines. This is also changing how organizations think about observability. Teams need visibility into workflow completion rates, retry behavior, dependency chains, and cross-service execution patterns, rather than relying solely on isolated API metrics.
Testing strategies built around isolated endpoint validation were designed for simpler architectures where systems operated more independently. Modern enterprise environments operate as interconnected execution networks in which business outcomes depend on workflows that span multiple APIs, services, and automation layers simultaneously.
That is why end-to-end API testing is moving closer to the center of enterprise operations. As organizations expand automation, AI-driven systems, and distributed architectures, the reliability of the workflow matters more than the reliability of any individual request inside it.
Resources & Events
📅 apidays Amsterdam (Tolhuistuin, Amsterdam, Netherlands - June 9-10, 2026)
apidays Amsterdam brings together API practitioners, architects, and platform leaders for two days focused on operating APIs as products in enterprise environments. The 2026 program includes sessions on API design, lifecycle management, governance, and platform strategy, as well as discussions on how APIs are evolving alongside AI-driven systems and automation. The event is designed for teams building and scaling API programs across organizations, with a mix of technical sessions and practitioner-led case studies. Details →
📅 apidays Munich (Smartvillage Bogenhausen, Munich, Germany - July 8-9, 2026)
apidays Munich brings together API architects, platform engineers, and enterprise technology leaders for two days focused on API strategy, platform operations, and AI-driven enterprise systems. The 2026 program includes sessions on API lifecycle management, developer experience, event-driven architectures, and the operational challenges of managing APIs across distributed environments. Designed for teams scaling enterprise API programs, the event combines technical discussions, practitioner-led case studies, and platform engineering perspectives on how APIs are evolving alongside automation and AI-connected workflows. Details →
You can find a list of all Apidays events here
Apply to speak at Apidays Singapore, NY, London, Paris, and more here
📅 AWS re: Invent 2026 (Las Vegas, USA - November 30-December 4, 2026)
AWS re: Invent is Amazon Web Services’ flagship conference for cloud, AI, and enterprise infrastructure leaders. The event features keynotes, technical sessions, and hands-on labs focused on agentic AI systems, enterprise AI infrastructure, API integration, cybersecurity, observability, and AI-assisted software development. Details →
📊Report Spotlight: 2026 Data Breach Investigations Report (Verizon)
Verizon’s latest report examines how AI-assisted cyberattacks are accelerating the exploitation of vulnerabilities and reshaping enterprise security operations. It highlights the rise of Shadow AI within organizations, increasing risks of sensitive data exposure, unauthorized AI use, and operational governance gaps as enterprises deploy generative AI systems in production. Read →
Insight of the Week
OpenAI’s New Macro Evals Guide
OpenAI’s new macro evals guide shows how teams can evaluate full agent runs across traces, tool use, handoffs, routing decisions, and repeated behavior patterns, rather than judging only the final answer. For API teams, this is a useful shift. Once agents start calling APIs, the important question is whether the full workflow behaves correctly across systems, not whether a single prompt or endpoint worked in isolation.
For the Commute
AI: The New Jobs Automation Frontier (apidays)
In this APIdays Paris session, Axelle Arquie examines how generative and agentic AI are reshaping the automation frontier by moving beyond repetitive administrative work into complex cognitive tasks involving reasoning, planning, decision-making, and creativity. The talk explores why AI should be viewed as a general-purpose technology, similar to electricity or the internet. Arquie also analyzes the broader economic implications of AI-driven productivity gains and potential pressures from white-collar automation as firms restructure work around AI systems.
That’s it for this week.
Stay tuned for bold ideas, fresh perspectives, and the next wave of API innovation
-The Apidays Team
