Big Story

Over the past decade, APIs have primarily been designed for human developers. Engineers read documentation, understand workflows, and construct requests deliberately. Even automated systems are typically operated under patterns originally designed for human-driven integrations.

The rise of AI agents is changing this model. Agents act as autonomous consumers of APIs. Instead of executing a single predefined request, they can interpret goals, select tools, and coordinate multiple API calls across systems. This shift introduces new coordination challenges that traditional API interfaces were not built to address.

Several emerging protocols are attempting to define how this interaction layer should work. One of the most visible developments is the Model Context Protocol (MCP), which allows AI systems to discover tools and interact with APIs through a structured interface designed for machine reasoning. Rather than manually constructing requests, an agent can query available capabilities, understand expected inputs, and generate calls dynamically.

At the same time, the ecosystem is exploring complementary protocols for other parts of the workflow. Agent-to-Agent (A2A) coordination protocols focus on how multiple agents collaborate, exchange context, and divide tasks across services. Agent-to-Human (A2H) frameworks are emerging to formalize how agents request approvals, gather information, or escalate decisions back to human operators.

Together, these efforts suggest the early formation of an additional protocol layer above existing APIs. APIs still expose functionality and data, but new coordination mechanisms define how autonomous systems discover, orchestrate, and govern those capabilities.

This does not replace the API layer. Instead, it increases the importance of API clarity and consistency. If the interface lacks clear intent or predictable behavior, automated workflows can misinterpret capabilities or generate unintended requests. This places greater pressure on API design and governance practices.

Autonomous systems must be able to identify which APIs exist, what actions they support, and how they should be used. Agents can generate requests at machine speed and potentially access multiple services in a single workflow. Identity management, authorization controls, and audit trails need to account for automated clients whose behavior may differ from traditional application traffic.

The next phase of API maturity will include a formal coordination layer for machine-driven interactions. Protocols such as MCP, A2A, and A2H represent early attempts to standardize how autonomous systems interact with APIs, to make automated workflows safer, more predictable, and easier to govern.

API Feed

Community Spotlight

Arnaud Lauret has spent more than fifteen years working with APIs in large enterprise environments, including extensive experience in the banking sector. Over time, his work has focused on how organizations design APIs that remain understandable, consistent, and maintainable as their API portfolios grow.

Through his writing and speaking as The API Handyman, Lauret has built a reputation for translating practical API design challenges into clear guidance for engineering teams. Much of his work centers on the idea that API design is fundamentally about communication. An API must clearly express what it does, how it behaves, and how developers should interact with it. When those signals are ambiguous, integration complexity increases, and long-term maintenance becomes more difficult.

A major contribution from Lauret is his emphasis on consumer-first API design. Instead of designing interfaces based solely on internal implementation, he advocates designing APIs from the perspective of the developers who will consume them. This approach encourages clearer naming, predictable behavior, and stronger contracts between systems.

His book The Design of Web APIs, now in its second edition, reflects this philosophy and expands guidance across modern interface styles, including REST, GraphQL, and gRPC. The book has become a widely referenced resource for teams developing internal API standards and design guidelines.

Lauret also created the API Stylebook, a curated collection of API design guidelines used by organizations across industries. The project helps teams understand how other companies structure API standards, offering practical examples that can accelerate the development of internal style guides.

Currently working as an API Industry Researcher at Postman, Lauret continues to focus on how design practices influence the scalability of API ecosystems. As organizations expand their API surfaces and automated systems increasingly interact with those interfaces, his work highlights the importance of clear, consistent design as a foundation for reliable API platforms.

Resources & Events

apidays Singapore brings together API builders, architects, and platform leaders in one of Asiaʼs biggest fintech and digital transformation hubs, with a strong focus on how APIs are evolving for the AI and agentic era. The program blends practical case studies and technical sessions across API management, security, governance, and automation. Details →

apidays New York is positioned as a high-density gathering for teams operating APIs at scale, with sessions spanning monetization, security, AI-driven automation, and platform governance. Itʼs built for senior practitioners and decision-makers, bringing together 1,500+ participants from 1,000+ companies, making it a strong anchor event for anyone tracking where enterprise API strategy is heading next. Details →

You can find a list of all Apidays events here

Apply to speak at Apidays Singapore, NY, London, Paris, and more here 

Platform Summit is focused on the future of API-driven platforms and enterprise architecture. The event brings together API architects, platform engineers, and technology leaders to explore topics such as API governance, identity and access management, cloud-agnostic architectures, and the integration of AI agents with APIs. Sessions also cover emerging standards, security strategies, and real-world case studies from industries building large-scale API ecosystems. Details →

Stacklok surveyed enterprise technology leaders to understand how organizations are adopting the Model Context Protocol and the security challenges emerging as AI agents connect to internal systems. The report finds that roughly half of respondents are already experimenting with MCP servers, though only a smaller share has reached production deployments. Security governance remains the main barrier to broader adoption because MCP environments often connect AI agents directly to sensitive enterprise tools, making authentication, permission control, and policy enforcement central concerns as the ecosystem matures. Read →

Insight of the Week

Authorization models originally designed for human users are being tested by autonomous agents. Research around the OWASP Top 10 for Agentic Applications highlights a shift toward intent-based permissions, where agents receive only the access required to complete a specific task rather than inheriting a userʼs full role. For API platforms, this suggests authorization models may move toward fine-grained, task-scoped access controls as automated systems become routine API consumers.

For the Commute

Modern AI systems depend on real-time data flows rather than static datasets. In this session, Julien Testut (Oracle) and Alessandro Cagnetti (Solace) explore how event-driven architectures enable AI agents to consume live operational data using AsyncAPI streams and an event mesh. The talk demonstrates how change data events from operational systems can be streamed to AI agents, enabling real- time analytics, automation, and intelligent workflows across enterprise platforms.

Stay tuned for bold ideas, fresh perspectives, and the next wave of API innovation

-The Apidays Team

Visit the Website