|
This week in APIs, one issue stood out clearly: non-human identities are becoming one of the most important control points in modern systems.
As more applications, services, automation pipelines, and AI workflows interact through APIs, access is increasingly handled by API keys, tokens, and service accounts rather than people. These identities now sit at the center of how systems operate, but they are often granted broad permissions, reused across environments, and left active longer than they should be.
That creates a growing security problem. Credentials are still commonly exposed through code, configuration files, and service-to-service communication, and once exposed, they can often be used immediately with little additional validation. As the number of integrations and automated workflows increases, so does the number of active credentials—and with it, the difficulty of tracking what is still needed, what is over-permissioned, and what should have been revoked long ago.
The takeaway: API security is no longer just about managing endpoints. It is increasingly about managing the identities behind API activity. As systems become more automated, teams that can properly control, limit, and govern non-human access will be in a much stronger position to reduce risk and maintain trust in production.

|
apidays New York (May 13-14) just got bigger! We’re bringing together a unique federation of colocated events, each diving deep into a key dimension of the AI and API ecosystem:
GenerationAI New York — where builders, researchers, and operators explore the next wave of GenAI applications across finance, healthcare, media, and enterprise.
GreenIO New York — gathering 300+ tech leaders to tackle one of the biggest questions of our time: can AI be sustainable? Expect practical insights at the intersection of AI, regulation, and environmental impact.
Hacking APIs Conference (HAC) — a hands-on security track focused on real-world threats, live demos, and how to build APIs that can withstand modern attacks.
FINOS Dev Day — bringing together financial services engineers and open source contributors shaping the future of fintech infrastructure.
AI Collective Day — a community-driven space for sharing practical AI use cases, experiments, and emerging patterns.
Drupal AI Summit NYC — showcasing how AI is transforming content platforms, with real-world implementations and case studies.
Voice AI Space, Travel Tech, OpenAPI, GraphQL, and more — covering everything from conversational interfaces to API standards and industry-specific innovation.

|
We’re excited to welcome a great lineup of speakers, including:
Rajgopal Devabhaktuni (Macy’s) - on evolving microservices into AI-enabled systems that learn, adapt, and make real-time decisions through practical architecture patterns and model lifecycle management.
Sivakumar Dhanasekar (Equifax) - on how AI is transforming finance across risk management, fraud detection, trading, and compliance—while raising new challenges in governance and explainability.
Kin Lane (API Evangelist) - on governing APIs at the agent consumption layer, showing how to manage large-scale API operations without disrupting existing team workflows.
Gaurav Kumar (Amazon) - on why context-aware AI workflows are the key to unlocking the next wave of engineering productivity, enabling faster and more effective AI-driven development.
We’re also proud to be supported by our global partners:
Gravitee - an open and flexible API management platform helping organizations design, secure, and govern APIs at scale. As APIs become the backbone of machine-to-machine interactions, strong governance is essential.
Akamai - a global leader in edge security and delivery, protecting APIs and digital experiences at scale. In an agent-driven world, securing API traffic and mitigating threats in real time is more critical than ever.
Kong - a leading API platform enabling organizations to manage, secure, and scale APIs and services across any environment. As systems become more distributed, platforms like Kong ensure performance, control, and reliability.
WSO2 - providing open-source API management, integration, and identity solutions that help enterprises build and orchestrate connected systems. In a world of autonomous workflows, seamless integration is key.
Broadcom - delivering enterprise-grade software and infrastructure solutions, including API management and security, to support large-scale digital transformation. As APIs power critical business operations, resilience and scalability become foundational.

