dragonstock - stock.adobe.com

Postman API platform will use Akita to tame rogue endpoints

Akita's discovery and observability will feed undocumented APIs into Postman's design and testing framework to bring them into the enterprise governance fold.

Users of Postman's API design platform will soon be able to pinpoint the sources of performance bottlenecks and better wrangle unknown application components following its acquisition of Akita Software this week.

Postman picked up the six-person startup for an undisclosed amount, and all employees of the fledgling API observability vendor based in San Mateo, Calif., will join the parent company. Once Akita's software is integrated later this year, Postman's customers will have a new way to bring APIs into their testing and design workflows and establish control over them, officials at both companies said.

"The technology [can] scan production environments and build an API inventory in a very low-touch, non-intrusive way" through eBPF, said Abhinav Asthana, CEO and co-founder of Postman. "Akita's team has been able to show that even in a brand-new environment … you can build an inventory of APIs and put that into Postman, where developers are actually doing their day-to-day work."

This is Postman's first foray into production API lifecycle management. Akita's scans also include performance and error tracking as well as the ability to identify endpoints that are causing issues, whether they're documented by development teams or not.

"[Akita] drops into people's systems, watches API traffic and tells them, 'These are your endpoints. Here's what's slow. Here's what's throwing errors,'" said Jean Yang, founder and CEO of Akita. "The long-term vision for us was to tell people about what was going on in production without them having this knowledge beforehand."

Initially, the integration will focus on gaining visibility and control over customers' internally developed APIs, but dealing with third-party APIs will also be on the long-term roadmap, Asthana said.

Postman has several competitors in API platforms that also offer both API design and testing and API lifecycle management, such as Stoplight, Boomi, SwaggerHub, MuleSoft, Azure API Management and Google Apigee. The concept of offering an end-to-end API management platform isn't a new one in the industry, said Andy Thurai, an analyst at Constellation Research.

"There are a couple of things that Akita does well -- automated API end point discovery and monitoring API traffic constantly for … uptime, errors, etc.," Thurai said. "By integrating that into Postman, they could get into the API monitoring area, though a lot of other companies are offering a solution in that space."

That's where Asthana said Akita will differentiate itself because of its light touch.

"Organizations we talked to are struggling with controlling their API sprawl," he said. "They have tried gateways. They have tried many, many different approaches. But all of them require very heavy lifts."

ESG API management challenges
API management challenges including observability and integration are on the rise as enterprises move to multiple clouds.

API growth puts API observability in the spotlight

Postman's expansion is timely given the growth in enterprise use of APIs in an age of microservices and external cloud provider services, said Rob Zazueta, a freelance technical consultant in Concord, Calif., who has worked with the Postman API platform in the past.

"It's very easy to wind up with dozens and dozens and hundreds and hundreds of API endpoints, even if you don't have that many microservices," he said. "Tracking down the internal APIs that we haven't even documented is a very common problem."

Market research shows that while security remains a top concern for enterprises as APIs proliferate, API lifecycle management issues are also a growing concern. Of 377 respondents to an April survey by TechTarget's Enterprise Strategy Group, 31% said security was their top challenge in managing multi-cloud applications. But managing diverse sets of APIs was a close second at 30%. Just over a quarter of respondents, 26%, chose network interconnect availability differences, while 25% selected meeting application performance expectations.

Akita was founded in 2018 as an API security vendor but pivoted to API observability once it realized that, despite DevSecOps buzz, developers and security pros remained distinct user bases, Yang said.

"We still have security teams show up to our product. And it's interesting because initially, security teams know to look for API discovery," she said. "They know what eBPF means. But developers would show up and they would say, 'Oh my gosh, if you have this capability, can you build this for us? We want this other thing; we want this other thing.' And we ultimately were more excited about building for that workflow."

Postman offers API security testing and design features already, and Asthana didn't rule out a further expansion into API security management for production workloads as a long-term goal. But for the near future, Postman plans to maintain its focus on developer experience.

"API security companies also struggle with what's in the workflow and not in the workflow," he said. "We like to simplify the product and the problem for people versus adding many different things when there are already quite a few things on a developer's plate."

Beth Pariseau, senior news writer at TechTarget, is an award-winning veteran of IT journalism. She can be reached at [email protected] or on Twitter @PariseauTT.

Dig Deeper on Software design and development