SuperApps are defining the future of capitalism in the 21st century. It is a model that was born in China; however, because of its success, it has spread throughout the world.
The e-commerce giant Alibaba, for example, is the center of an ecosystem with thousands of business partners that simultaneously take advantage of Alibaba data and deliver data to Alibaba. This SuperApp uses an open data exchange platform to generate a very rich data flow, a key element for profiling (building the customer profile) and, from there, monetizing the data in order to generate tailored offers for each consumer.
At Alibaba, the basis of these exchanges is the Alibaba Open Platform, an environment that, in January 2019, used 1,500 different APIs (Application Programming Interfaces) to exchange data with its business partners. The API is software that intermediates two applications – its mission is to share data. In early 2019, the 1,500 APIs in the Alibaba ecosystem accounted for more than 5 billion data exchanges a day.
AliPay accounts for 24.5% of all payment methods in China
The importance of APIs for the Alibaba conglomerate extends to its financial services, the Alipay – app responsible for 24.5% of all payment methods in China (2018 data). With the help of thousands of APIs, Alipay has become critical for restaurants, supermarkets, hotels, airline companies, cinema chains, taxis, subways and even churches.
In all cases, APIs connect Alipay to the applications that support these businesses, promoting data exchanges that lead to innovation, the search for the best user experience and, of course, increased sales. The APIs accelerate the growth of this ecosystem as a whole, preventing the developer of Alipay or its business partners from having to start from scratch to add new functionality to the platform.
APIs are invisible to the layman’s eyes, but critical to the digital economy. Whether people realize it or not, their favorite apps (Uber, Airbnb, PayPal, Internet / Mobile Banking) are based partly on their own data, running in their local structure or in the cloud, and partly on data that reaches the application through APIs.
The use of maps in the 99 app, for example, depends not on maps developed by 99, but on data contracted with Google Maps and charged for use. These are APIs that connect the Google engine to the 99 engine.
A survey carried out in the USA in 2017 stated that, in the next 5 years, the explosion of APIs could bring profits in the order of US $ 1 trillion for the world market. This picture is corroborated by a survey carried out in 2019 by IDC under the order of F5 / NGINX. The study looked at the strategic importance of APIs in business innovation for consulted executives – 71% of the 200 U.S. organizations interviewed by IDC planned to triple their use of APIs in 2020.
The same trend is happening in Brazil. A survey conducted by consultancy Sensedia, a company specialized in data integration, points out that, since January 2020, the consumption of APIs by its customers has increased 34% compared to the same period last year.
Companies that invest in API Economy need to pay for the data they receive. The API motivates financial exchanges between those who created the data and those who consume it. The contracts are very varied, allowing, for example, to contract data blocks that accept from 1,000 to 3,000 accesses per day.
For a long time the consumer believed that he needed, for example, to fill out forms so that a service provider would know his name
These and other features of the global API market are outside the users’ radar. For a long time the consumer believed that he needed, for example, to fill out forms so that a supplier of some service would know his name, his address, his shoe and clothing number, etc. With the APIs, that kind of interaction has lagged behind. APIs transfer data about the consumer to another point of data consumption (an application different from the one where the data was initially created) without the user having any control over it.
On the eve of the start of the inspection of the General Data Protection Law (LGPD), few people in our market are aware of the challenges related to APIs. The current law does not legislate specifically about the care to protect the API. The focus of the legislation is on the data itself, and not on the software used to move that data from its point of origin to its point of consumption.
With the expansion of APIs in our market, it becomes essential to learn more about these critical elements of applications and SuperApps. Some of the APIs are open environments, developed without any concern for data security. Today, control over APIs is very limited. They were born free and available and, for many developers, they have to remain that way to fulfill their mission.
Another question is to define who is responsible for making the API secure. The API ecosystem is often a two-way environment, where the responsibility for the data and the API is not always clear.
It is also common for developers in this market to have no visibility into API vulnerabilities
Within this framework, it is essential to fight for the integration of the DevOpsSec teams and for the development of secure APIs. This is a major challenge, as innovation in digital business necessarily involves the development of new applications or functions of platforms that already existed. As a result, the deadline imposed on development teams is increasingly shorter.
One way to overcome this dilemma is, along the development of APIs and applications, to carry out tests that check the security of these systems. This is done in order to protect the data and, at the same time, free the developer from being the only one in charge of printing security to the system being built.
The application and API time-to-market cannot be delayed. For this reason, any solution that adds security to this context must have excellent performance, in addition to respecting the profile and the pressures on the developer.
This model is capable of ensuring real integration between the DevSecOps teams. The best solutions to ensure security throughout the life cycle of APIs, applications and SuperApps do their work in silence, without burdening either the physical infrastructure or the developer, but at the same time, offering a new digital maturity to this whole universe.
Digital transformation of Brazil
Since the beginning of the pandemic, the digital transformation of the Brazilian economy has accelerated even more. This requires a new look at the development and consumption of APIs. With the arrival of the LGPD, it is important to accept that, in addition to data security and the applications that consume this data, it is necessary to protect the APIs, synapses that are constantly expanding in our market.
This target will be reached by those who use solutions that protect APIs and, in parallel, invest in cultural transformations that eliminate barriers between development and security teams.
Beethovem Dias, author of this article, is a Solutions Engineer at F5 Brasil.