Presenting Global API Trends

Anatomy
of an API
2024 Edition

Based on data from 15K APIs,

500K endpoints & 1B requests
Introduction
Last year we published our first edition of the Anatomy of an API report with the idea
to track how things change in the API world from year to year. This is the first year we
can actually compare two datasets side by side. On top of that, this year's dataset is
even richer and more diverse because we, as a company, grew a lot in 2024.

Treblle went from processing 100M API requests per month in January 2024 to 2.4B
API requests per month in November 2024. on our public cloud platform. We
onboarded more than 150K users across 15K APIs mostly from three major
geographies: US, UK and Nordics.

We released multiple new groundbreaking products:

Treblle 3.0 - API intelligence platform that helps organizations figure

out their APIs in less than 60 seconds with solutions like: Observability,
Security, Compliance and Analytics.

Aspen - API testing client with a strong focus on privacy and security
that allows most organizations to test their APIs without anyone snooping.

Alfred AI - AI assistant that dramatically speeds up API integration and

adoption both for internal and external APIs.

API Insights - Automated API governance solution that helps teams

build and ship better APIs across 4 different categories.

1
Besides that, Gartner, IDC, Nucleus Research, and Everest Group mentioned us in
multiple API-related research papers. To finish off the year we just won an award for
Best in API Observability for 2024 at API World 2024.

All in all, we were busy. But 2024 wasn’t just a good year for us at Treblle, it was an
incredible year for APIs and the industry as a whole. API usage exploded in 2024.
primarily driven by the shift to AI and the need to exchange more information in a
machine readable format. This, as we all know, is the reason why APIs exist in the first
place. More and more companies are choosing to go API first because it enables them
to move faster and be more agile at the same time. It allows them to create new
revenue streams, be present on multiple different platforms at the same time and
appeal to an ever growing number of engineers. The companies we highlighted last
year as leaders in the API world: Salesforce, Amazon, Google, and Meta are now
leaders in this new AI world. This doesn’t happen by accident and the reason why they
were able to transform their business so fast and add more than 2 trillion USD to their
market cap are APIs. Most of their business, services and money rely on APIs and AI
simply accelerated their growth.

This is exactly why we publish our report: to help the ecosystem learn, grow, and
expand. For this year's report, we analyzed a huge dataset that included 15 thousand
APIs, 500 thousand endpoints, and 1 billion API requests. This data was anonymized,
and no private, secure, or sensitive data was ever included. All this data was collected
and processed at runtime using one of our SDKs. This allows us to gain a unique insight
into how people actually build and design APIs without relying on surveys which can
oftentimes misrepresent reality.

Vedran Cindrić
CEO @ Treblle
Vedran Cindric

2
Key Findings
The scale of the enterprise API landscape is substantial
Most enterprise-level organizations maintain over 1000 APIs within their landscape,
the majority of which are designed for internal use.

Javascript-based APIs score lower than the average

The average API quality score in 2024, across all languages, was 57 (out of 100).
Javascript-based APIs scored 26% below the average with a score of 42 (out of 100).

APIs are becoming increasingly complex

The average API in 2024 had 42 endpoints. This represents a substantial increase
since last year when the average was just 22 endpoints.

The rapid expansion of APIs is being fueled by AI

In 2024. the number of AI-related APIs grew by 807% compared to last year while the
average growth across all other sectors and industries has been 10%.

The bar for API security is very low

52% of requests had no form of authentication, 55% of requests didn’t use SSL/TLS
encryption and the average security score was 40 (out of 100).

3
API Design
Designing great REST-based APIs is challenging for most organizations due to the lack
of standardized rules. REST only offers guidelines, not strict standards, leading to a
few common issues:

• Subjectivity: Varying interpretations of guidelines and best practices result in

inconsistencies and bad practices, especially as teams and API numbers grow
• Education: API design is a skill that requires training and practice. Often,
developers building APIs and those designing them have different goals and
knowledge levels
• Tooling: Existing tools often prioritize performance over design quality and lack
clear, universal guidelines for good API design. Additionally, many tools are
cumbersome and difficult to use

The web had a similar set of problems with most websites being slow, poorly designed,
and wildly insecure. Google stepped in and developed a set of tools like Lighthouse,
Page Speed, and a set of recommendations on how to build great websites. Things
changed for the better, and most websites you visit today have invested serious time
and money in performance, security optimizations, and design best practices. Before
we can attempt to do something similar with APIs, we first need to understand what
people are doing today and how good or bad most APIs are.

In this new world of AI where everyone is looking to increase productivity with AI tools
and even develop software with AI, it’s critical to have APIs done right. Just like how
every website started adopting Google’s SEO standards, the day is not far when every
API will be optimised to AI agents. Staying on top of the quality and security of APIs is
critical for all API developers in the next few years.

Manjunath Iyer Basarala Srinivas

Engineering Manager, Cloud Commerce Platform @ Atlassian

4
 TREBLLE 3.0

API Governance
Treblle offers automated API governance solutions that give
you a unique and easy to understand quality score.

Now, in the same way a website has pages and links, APIs have endpoints. Endpoints
are the backbone of any API and understanding how people structure their APIs is a
great starting point for understanding how they design APIs. Our data indicates a
typical API in 2024. had an average of 42 endpoints. Just last year, that number was
22 endpoints per API which means most APIs got a lot more complex in a single year.
This is both good and bad at the same time. Good because it means people are
growing their APIs and offering more services through APIs. Bad because bigger and
more complicated APIs often lead to more performance and security issues especially
in the form of zombie endpoints. Bigger and more complex APIs require a lot more
discipline, governance and insights because things can get quickly out of control.
Things get even more interesting when we take a look at the distribution of endpoints
across 4 major groups:

5
 Average endpoints per group

50%

41%
40%
Number of APIs (%)

30%
30%
24%

20%

10%
4%

0%
1 - 10 11 - 50 51 - 100 >100 Number of endpoints

Average endpoints per group, source: Treblle; sample data 2024

As we explained, most APIs fall in the 11-50 endpoints group but surprisingly the
51-100 group grew 13% when compared to last year. The bulkiest group with over 100
endpoints per API grew only 1%. The only group that didn’t grow but rather shrunk is
the 1-10 endpoints group which lost 18%. This kind of change across the groups
represents a shift from a heavily microservice-focused architecture to a more
centralized one where a single API, simply put, does more. This is in line with what we
hear from customers in the real world. People are rethinking the microservice craze
because it’s more complicated to maintain a large portfolio of standalone
microservices.

The "API sprawl bill" is past due on the APIs we developed for web and mobile and we
are about to get the first "API sprawl bill" in service of our frenzied AI buildout - it won't
be pretty.

Kin Lane
API Evangelist and Chief Technology Officer @ APIs.io

6
 Last year’s data revealed an interesting statistic about the use case of most of those
endpoints, which is simply fetching data. 68% of all requests were GET requests
which, as we know, simply return data from the server. This year the number of GET
requests fell by 5%, but what’s even more fascinating is that the number of POST
requests grew by 4%.

This means that a lot more endpoints are actually creating some kind of content
rather than just fetching data. This is important because APIs shouldn’t be a one-way
street and to fully live up to the idea, you want APIs creating content. If we put that in
the context of AI it’s evident that the growth in the AI world is connected to APIs
creating more content. All other HTTP methods stayed at the same level except
PATCH which grew by 1% - another sign of APIs doing more.

HTTP method usage

80%

63%
Number of endpoints (%)

60%

40%

25%

20%

4% 4% 3% 1% 0%
0%
GET POST PUT PATCH DELETE OPTIONS HEAD HTTP method

HTTP Method usage, source: Treblle; sample data 2024

Now that we understand how people are structuring their APIs with endpoints let’s
understand how they’re signaling what happens on those endpoints. A big part of that
is HTTP response codes. These codes indicate the result of a client’s request to the
server.

7
They are standardized, universally understood, and included with every HTTP server.
There are 63 different HTTP response codes grouped into five groups:

1xx range: Informational responses

2xx range: Success responses
3xx range: Redirection messages
4xx range: Client error responses
5xx range: Server error responses

Their importance in designing great REST-based APIs is often overlooked because

their impact is often misunderstood. Correctly indicating what happened on a
particular API request using HTTP response codes allows clients to handle things
differently. If you’re dealing with an error and return a 200 response code the client will
not be able to handle that as an error without implementing some custom logic.
Returning a 500 response code will allow virtually all client libraries to handle a server
error properly. This is especially important in the context of building machine-readable
and AI-friendly APIs. All these models and agents perfectly understand all HTTP
response codes and have built-in logic to handle everything that happens on your API.

Last year we learned that most people ignore HTTP response codes and simply return
200 OK on 92% of all responses. This year the situation is a little better with 88% of all
requests returning a 200 OK.

Request error ratio

WITH
18% ERROR

WITHOUT
82% ERROR

Request error ratio, source: Treblle; sample data 2024

8
 Response group distribution

400M

41%

300M
Number of requests

30%

24%
200M

100M

4% 4%

0M
1xx - 2xx - 3xx - 4xx - 5xx - Response code group
Informational Success Redirection Client Error Server Error

Response code group distribution, source: Treblle; sample data 2024

But even that is a false positive because lvooking at the error data captured by the SDK
we see that the number of affected requests is 18%. This means that 10% of requests
are labeled as 200 OK but in reality contain an error. This is fundamentally a bad API
design practice misleading the end-customer and clients into handling a problem as a
successful request.

Another interesting statistic from analyzing response code use is a significant

increase in 304 Not Modified responses, from 2% last year to 8% this year. This
indicates that a lot of APIs are implementing some sort of caching at a HTTP level
which does indicate a positive trend when it comes to API performance.

The last insights from response codes come from the 4xx range. Last year 3% of all
requests were returning a 401 Unauthorized, this year that number fell below 0.5%.
This is also a positive trend because it means that API producers are clearly
documenting API Authentication methods which leads to fewer problems with
forgetting to authenticate.

Another interesting area of API design is semantics or to be more precise best

practices around naming endpoints and parameters.

9
Following a consistent naming pattern can make a significant difference in the overall
understanding of your APIs.

This directly translates to the time it takes to integrate your API - the faster someone
can understand it the faster they can integrate it. The two main best practices and
recommendations are to use nouns instead of verbs and use plurals instead of singular.
Our data show that 77% of all endpoints use nouns but only 16% are in plural. This
means that we should be seeing fewer endpoints with names like “getUsers” or
“storeUser”. API producers are starting to understand that HTTP request methods
(GET, POST, PUT…) are already verbs and they don’t need to prefix the endpoint name
with another verb.

But, plural usage is very low which represents a basic misunderstanding of RESTful
conventions as they favor plural naming. Mainly because it makes your API more
consistent across resources and operations on those resources. To put it more simply,
you’re rarely dealing with 1 user or one payment on your API but rather multiple - hence
plural.

TREBLLE 3.0

Alfred AI
Treblle’s AI assistant Alfred understands any API documentation and
helps customers integrate and adopt APIs ten times faster.

10
A rather disappointing statistic in the API design category would be around the use of
rate limiting. Only 15% of all APIs had some sort of rate limiting on their API. This is
problematic because rate limiting is here to prevent misuse, ensure fair resource
distribution, and maintain system performance and reliability under high demand.

To finish on a positive note though, 71% of all APIs used some sort of versioning. API
versioning is important to ensure backward compatibility, allowing developers to
introduce changes, improvements, or fixes without breaking existing integrations for
customers relying on older versions.

As the API economy has matured, it has given rise to added complexity: greater
deployment of APIs is causing API sprawl; building digital solutions and services with
APIs and data adds more stakeholders to our value chains; and greater API
functionality with more endpoints increases risk vectors and security threats. But this
API economy maturity has also meant that complexity is being addressed head on:
standards and API governance best practices are increasingly being adopted; new
business models and contracts define the value to be shared between co-creation and
collaboration partners; and new tools are emerging that map API endpoints, allow
360-degree observability, and defend infrastructure.

Mark Boyd
Director @ Platformable

11
API Performance
API performance is a measure of how efficiently an API processes and responds to
requests, encompassing factors like speed, reliability, and scalability. It plays a pivotal
role in the overall user experience and system efficiency, especially in an era where
applications rely on APIs for real-time data exchange. Whether it's powering an AI
model, handling millions of daily transactions, or enabling seamless integrations, API
performance directly impacts the success of digital services.

Average endpoint load times

<150 ms
50% LOAD TIME

>500 ms
26% LOAD TIME

150ms to 300ms
14% LOAD TIME

300ms to 500ms
9% LOAD TIME

Average endpoint load times, source: Treblle; sample data 2024

When it comes to API performance, one of the most critical metrics is endpoint load
time. It reflects how quickly an API responds to a client’s request, directly impacting
user experience and system efficiency. In 2024, the average endpoint load time was
695ms. Looking at the load time data across 4 distinct groups, we see that 50% of all
requests have a load time of 150ms or less, which is considered a gold standard when
it comes to fast response times. This is great but also 4% less than last year. Given that
we know APIs and their responses are getting more complex this isn’t surprising. All the
other groups saw improvements, especially in the 150ms - 300ms where we saw 4%
more requests in this group. What is troubling is that more than a quarter of requests
are still extremely slow, with a load time of more than 500ms. In general, the
distribution of these results highlights a growing divide in the API ecosystem between
high-performing, modern APIs and those that are lagging behind.

12
As APIs increasingly power AI models and applications, speed is more important than
ever. Latency directly impacts how quickly AI models can process and respond to
data. APIs with response times in the sub-150ms range are more suited to AI-driven
applications, as they minimize the delay in data exchange.

API Governance Score per SDK

Laravel 62

NetCore 59

AdonisJS 56

GO 55

PHP 54

NET 54

Spring Boot 52
SDK

Rust 49

Actix 48

Node 47

Strapi 46

Django 46

Ruby 42

Fastify 39

Express 38

0 20 40 60 80
API Score
API Governance Score per SDK, source: Treblle; sample data 2024

Treblle's automated API Governance solution evaluates APIs across 3 different

categories: performance, security, and design on every single request. It provides a
unique score on a scale from 0 to 100 (or A to F) that helps customers quickly and
easily understand how good or bad their API is. This means that every API using Treblle
has a score that we can easily cross reference with data about which programming
language or framework that API was built in. As we know, building a high performance
API isn’t easy and sometimes proper tooling can make a difference.

13
 TREBLLE 3.0

API Observability
Treblle offers an API observability solution that automatically discovers all
your endpoints and starts tracking metrics around them

Looking at the data we can see that the clear winner, this year again, is Laravel with
an average score of 62 (out of a 100). This isn’t surprising because Laravel is highly
opinionated about best practices and has a strong set of good defaults built-in to the
frameworks itself. This makes it harder for developers to make mistakes when it comes
to basics of security and performance. Microsoft's .NET ecosystem closely follows
Laravel and continues to show tremendous growth and popularity especially with .NET
Core.

Laravel remains committed to ensuring developers can build scalable and secure
APIs. Through its robust authentication system, rate limiting middleware, and
comprehensive validation tools, the framework provides developers with
enterprise-grade security features out of the box.

Taylor Otwell
CEO @ Laravel

14
What is concerning, however, is that Javascript-based APIs (Express, NodeJS, Fastify,
Strapi, AdonisJS) continue to have below average scores for the second year in a
row. The average API quality score in 2024, across all languages was 57 (out of 100).
Javascript-based APIs scored 26% below the average with a score of 42 (out of 100).
There is one exception here and that is AdonisJS. Out of all Javascript-based
languages, AdonisJS APIs had an average score of 56 which makes it third-best overall
score while all other JS-based languages scored below 50. Similar to Laravel, AdonisJS
comes with a very good set of defaults for building great APIs and is even called The
Laravel of JS frameworks.

The low scores in some languages are definitely not a reflection of the language itself
and its performance but rather how developers use that language to build APIs. As we
know, building great APIs is a skill which primarily requires developer education.
Without a strong community and a plethora of content from that community on how to
build great APIs it’s hard for developers to learn. Another big differentiating factor is
tooling and the lack of API specific tooling when it comes to certain languages and
frameworks.

In 2024, the API landscape within enterprises is vast and growing at an unprecedented
pace. While the complexity and number of APIs have surged, driven significantly by AI
innovation, there remains a critical need for heightened security measures. The lower
quality scores of JavaScript-based APIs highlight an industry challenge, emphasizing
the necessity for better design and implementation practices. OpenAPI, with its
standardized approach, offers a structured framework to tackle these complexities,
foster interoperability, and enhance the development of API products. As APIs become
the backbone of modern digital infrastructures, leveraging OpenAPI can help ensure
robust security and quality assurance, safeguarding and optimizing this expansive
ecosystem.

Abhijit Dey
VP Product @ Axis Bank

15
API Security
API security is the practice of safeguarding APIs against unauthorized access, data
breaches, and other cyber threats. A single vulnerability in an API can expose sensitive
data, disrupt critical operations, and damage trust with users and partners.

The biggest challenges in API security often stem from poor design and lack of best
practices. Common issues include unauthorized access, where APIs lack robust
authentication and authorization mechanisms, and exposure of sensitive data due to
improper request handling or over-permissioned endpoints.

Despite these challenges, the importance of API security has never been greater. With
APIs driving innovations in AI, IoT, and cloud computing, organizations must adopt
proactive measures to secure their APIs against evolving threats while maintaining
performance and usability.

Zombie vs. Active Endpoints

ZOMBIE
35% ENDPOINTS

ACTIVE
65% ENDPOINTS

Zombie vs. Active endpoints, source: Treblle; sample data 2024

API endpoints are the foundation of any API, acting as access points for clients to
interact with applications. However, not all endpoints are actively maintained or used
as intended. Zombie endpoints remain accessible but are no longer monitored or
updated, posing a significant security risk. They can serve as easy targets for
attackers, introducing vulnerabilities that may compromise an entire API or system.

16
In 2024, 65% of endpoints were classified as active, a significant decrease from 76%
in 2023. That means that the number of zombie endpoints increased significantly,
jumping from 24% in 2023 to 35% in 2024.

This substantial rise in zombie endpoints highlights a worrying trend. As APIs grow
more complex and organizations deploy more endpoints, keeping track of and
managing unused or deprecated endpoints becomes increasingly difficult. Zombie
endpoints often lack the necessary updates to address security vulnerabilities and
may expose sensitive data, making them attractive targets for attackers.

Another fundamental aspect of API security is Authentication which ensures that only
authorized users or systems can access API resources. Despite its critical importance,
the proportion of authenticated requests in APIs remains alarmingly low. In 2023, 49%
of API requests were authenticated, while 51% lacked any form of authentication.
Unfortunately, the situation got worse in 2024, with authenticated requests dropping
to 48% and unauthenticated requests rising to 52%.

Authenticated vs. Unauthenticated requests

AUTHENTICATED
48% REQUESTS

UNAUTHENTICATED
52% REQUESTS

Authenticated vs. Unauthenticated requests, source: Treblle; sample data 2024

This downward trend highlights a persistent issue in API security: many APIs either fail
to implement robust authentication mechanisms or choose to leave endpoints exposed
for ease of access. The most common explanation for this is that most APIs are internal
APIs meant to be used only for private and internal applications.

17
 While that might be true it still doesn’t justify the lack of authentication as you still need
to control access within the company. Especially in this new AI world where you can
easily build an LLM model to access and symptom the data from any of those APIs
without any limits. Not to mention the growing risk of exposing that API publicly or even
to partners. Including a very basic form of authentication is better than not having any
at all and is something every API should have by default regardless of the intended use
case.

APIs are the hidden glue that connects digital services. But, although pervasive across
modern enterprise IT, they're often left insecure or with inconsistent development
guidelines. This year, we've seen steps in rectifying that gap, with some great
discussions around guiding internal standards, spotting potential vulnerabilities, and
more awareness of the role of APIs in modern IT. Following the interplay of the AI and
API economy will be very interesting in the years to come.

Bill Doerrfeld
Editor in Chief @ Nordic APIs

HTTP vs. HTTPs

60% 55%

45%
Number of requests (%)

40%

20%

0%
HTTPs HTTP Protocol

HTTP vs. HTTPs, source: Treblle; sample data 2024

18
 The usage of HTTPs, the secure version of HTTP, experienced a significant decline in
2024, dropping from 74% in 2023 to just 45%, while HTTP usage increased from 26%
to 55%. This shift is alarming, as HTTPs is essential for encrypting communication
between clients and servers, protecting sensitive data from being intercepted or
tampered with.

The growing use of HTTP suggests a concerning trend where APIs are either failing to
implement secure connections or reverting to less secure protocols. This may be due
to legacy systems or a lack of awareness about the risks of unencrypted data
transmission. Given that we know that a lot of APIs are internal, API producers opt-in
for a less secure version of HTTP which couldn’t be more wrong. Without HTTPs, APIs
expose themselves to vulnerabilities like data interception, man-in-the-middle attacks,
and compromised user trust.

Security threat level breakdown

80% 76%
Number of requests (%)

60%

40%

24%

20%

0%
0%
Low Medium High Security threat level

Security threat level breakdown, source: Treblle; sample data 2024

API security is not just about preventing catastrophic breaches; it’s also about
addressing the small cracks in defenses that could escalate into larger problems.
Treblle offers an API Security solution that automatically measures run-time security
and best practices on every single request. It classifies the results into 3 very easy to
understand threat levels: Low, Medium, and High.

19
These levels are determined based on a variety of security checks, ranging from basic
configurations like Content-Type Specification to critical issues such as SQL Injection
or missing Secure Connections.

In 2024, we observed a significant shift from last year. Low Threat group is now at 24%
of all requests which is 20% less than last year and is a good sign. The Medium Threat
group on the other hand is 21% more than what it was last year. This group includes
audits across a lot of security best practices which means most organizations are not
following those suggestions. Finally, the High Threat group went down to almost 0%
which is great as this group includes the most crucial audits like SQL Injection checks,
IP reputation attacks and similar.

The shift in threat levels from 2023 to 2024 underscores the evolving challenges in API
security. While eliminating high-threat requests is a major milestone, the rise in
medium-risk requests serves as a reminder that security is a continuous process. As
APIs grow in complexity and significance, addressing medium-level risks will be critical
in ensuring APIs are not just functional but also secure, reliable, and resilient.

At Telstra, we’re transitioning to a Federated API Management Architecture and Model.

This pivotal transformation will enable us to establish cross-company API lifecycle and
governance standards. It allows different API producers and management capability
providers to innovate and operate at their own pace while adhering to a common set of
standards and best practices, ensuring API consistency. This approach will help us
meet the demands of the rapid proliferation of APIs as we transition to a modern
API-first and AI-based enterprise, laying down an effective API governance framework
and foundation.
One key practice we’re implementing is mandatory API registration to tackle 'API
sprawl'. Additionally, having a common API lifecycle standard will significantly reduce
the likelihood of 'API drift', where the actual API implementation deviates from the API
specification.

Patrick Chiu
Enterprise Architect - API Management, API Standards & Governance @Telstra

20
API Market
The API market is at the core of modern digital transformation, powering applications,
integrations, and innovations across every industry. APIs enable organizations to
unlock new revenue streams, streamline operations, and enhance customer
experiences by seamlessly connecting systems, data, and services. From fintech to
healthcare and from AI-driven platforms to IoT ecosystems, APIs have become
essential for creating scalable and interoperable solutions.

As companies increasingly adopt an API-first approach, the market continues to

expand at an unprecedented pace. This growth is driven by the rising demand for
real-time data exchange, the proliferation of cloud-based services, and the shift
toward automation and AI.

Most popular Treblle SDKs

Laravel 30%

Node 25%

Express 12%

Strapi 6%

NetCore 6%

PHP 5%

Django 4%
SDK

Spring Boot 3%

NET 2%

AdonisJS 2%

GO 2%

Fastify 1%

Ruby 1%

Rust 1%

Other 2%

0% 10% 20% 30%

Number of APIs (%)
Most popular Treblle SDKs, source: Treblle; sample data 2024

21
Our journey of understanding the API market starts with the tools people use to build
those APIs. Based on the data we have 45% of developers build APIs using
Javascript-based languages and frameworks. We’ve talked about the problems with
the overall quality of those APIs but in terms of popularity Javascript is a top choice for
many developers. This isn’t surprising as the bearer to entry in Javascript languages is
very low and there is a strong community driving adoption. The second most popular
option for building APIs are PHP-based languages with 34% of developers followed by
Microsoft's .NET ecosystem with 8%.

This data also matches our overall theme of AI-powered API growth. A lot of
developers want to participate in the AI boom and simply need to develop APIs to do
that. This is their first time building APIs of course they will choose the easiest
language with a largest community. Of course those APIs will be lower in quality and
will most likely not succeed because of that.

Top 10 Industries

IT & Services 48%

Financial services 6%

Higher education 6%

Marketing &
Advertising 3%

Goverment
administration 2%
Industry

Telecom 2%

Health, wellness
& fitness 2%

Retail 2%

Online media 1%

Management
consulting 1%

Other 27%

0% 10% 20% 30% 40% 50%

Number of APIs (%)
Top 10 Industries, source: Treblle; sample data 2024

22
 The API market is experiencing continued expansion across a diverse range of
industries, with certain sectors solidifying their positions while others undergo gradual
shifts. In 2024, the Information Technology & Services industry maintained its leading
position, expanding from 45% in 2023 to 48%. This growth underscores the critical
role that APIs play in supporting IT infrastructure, cloud services, and software
ecosystems. The financial services industry, another key sector, saw its share increase
from 5% to 6% compared to the previous year. The financial sector has a longstanding
relationship with APIs and a significant reliance on them. Not only that but besides AI is
the largest producer and consumer of APIs. This means API growth is tightly coupled
with the growth of the financial services sector.

As industries continue to digitize, the reliance on APIs to connect systems, automate

workflows, and enhance customer experiences will only grow. This diversification of
API adoption underscores the expanding role of APIs as a universal enabler of business
transformation across both traditional and emerging industries.

Growth of AI-related APIs

100%
90%
Number of requests (%)

75%

50%

25%
10%

0%
2024 2023 Year

Growth of AI-related APIs, source: Treblle; sample data 2024

The explosive growth of AI-related APIs in 2024 highlights the critical role APIs play in
the rapid advancement and adoption of artificial intelligence technologies. The
numbers speak for themselves: AI-related APIs skyrocketed 807% this year.

23
 TREBLLE 3.0

API Analytics
With Treblle’s customizable dashboard you can track key metrics about
your AI-API product in a very easy way.

With the momentum built in 2024, AI-related APIs are expected to continue growing as
businesses increasingly adopt AI-first strategies. However, this growth also brings
challenges, such as ensuring security, managing data privacy, and maintaining
performance as AI models become more complex.

An alarming 807% surge in AI-related APIs and escalating complexity across the board
expose a critical void in runtime API governance globally. As APIs proliferate and
become more integral to enterprise operations, the absence of robust runtime
governance isn't just risky — it's unsustainable. At Traefik Labs, we're dedicated to
making runtime API governance accessible to all, empowering organizations to
seamlessly secure, manage, and observe their APIs. The urgency is clear: the time to
act is now.

Sudeep Goswami
CEO @ Traefik Labs

The unprecedented surge in AI-related APIs underscores the transformative impact of

AI technologies across industries. APIs are not just connecting systems; they are
enabling the next wave of innovation, where artificial intelligence becomes a seamless
part of everyday business operations.

24
Average API score per industry

IT & Services 58

Financial services 61

Higher education 54

Marketing &
Advertising 62

Goverment
administration 33
Industry

Telecom 56

Health, wellness
& fitness 50

Retail 56

Online media 50

Management
consulting 78

0 20 40 60 80
API Score
Average API score per industry, source: Treblle; sample data 2024

As we’ve mentioned before, Treblle's automated API Governance solution evaluates

APIs across 3 categories and provides a unique score on a scale from 0 to 100. In 2024,
most industries demonstrated notable improvements, highlighting the growing
emphasis on optimizing API quality. Information Technology & Services improved from
a score of 53 to 58, while Financial Services made significant strides, rising from 48 to
61, driven by the need for secure and efficient APIs in fintech and banking. Similarly,
Marketing & Advertising saw a remarkable increase from 44 to 62, reflecting the
critical role of APIs in data analytics and automation. The Telecommunications sector
improved its score from 48 to 56, and Health, Wellness & Fitness climbed from 46 to
50, showcasing a gradual focus on optimization in these industries.

The overall improvements across most industries reflect a growing recognition of the
importance of high-quality APIs in enabling innovation, efficiency, and scalability,
though some sectors continue to lag behind.

25
With an incredible growth of AI in Fintech and other industries, it is becoming
increasingly important to have a rock solid API Governance Program that enables a
great API design at a scale we could not even imagine only a few years ago. Thinking
about seamless integration, consistent API designs, AI-to-AI integrations is crucial and
nothing will happen without a magic digital glue in the middle, APIs!

Ado Trakic
Enterprise Architect (API) @ Capital One

Top 10 countries based on request volume

Country:

1. United States 17% 6. France 9%

2. United Kingdom 11% 7. Canada 9%
3. Germany 10% 8. Singapore 8%
4. Netherlands 10% 9. Ireland 8%
5. India 9% 10. Russia 7%

26
This year API requests came from a diverse set of countries, highlighting the global
adoption of APIs across industries. The United States leads the pack, accounting for
17% of all requests, underscoring its dominance in the tech ecosystem and its role as
a hub for innovation and API-driven solutions. Close behind, the United Kingdom
generated 11% of requests, reflecting its strong presence in financial services,
e-commerce, and AI applications.

Interestingly, Germany, Netherlands, and India each contributed 10%, showcasing the
widespread use of APIs across Europe and the growing demand in India’s rapidly
expanding tech sector. France and Canada followed closely with 9%, both benefiting
from advanced digital ecosystems and increasing investments in API-driven platforms.
This geographic distribution highlights the global importance of APIs, with a strong
presence across North America, Europe, and Asia. The widespread adoption
emphasizes that APIs are not just a regional trend but a universal enabler of innovation
and growth in every corner of the world.

Top 10 cities based on request volume

City:

1. Ashburn, United States 14% 6. Singapore, Singapore 10%

2. Chicago, United States 11% 7. Los Angeles, United States 9%
3. Frankfurt am Main, Germany 10% 8. Manhattan, United States 9%
4. San Jose, United States 10% 9. Dublin, Ireland 9%
5. Amsterdam, Netherlands 10% 10. Santa Clara, United States 9%

27
API requests in 2024 were heavily concentrated in key technology hubs, reflecting the
infrastructure and industries driving API adoption. Ashburn, United States, led with
14% of requests, followed by Chicago at 11%, showcasing the dominance of U.S. data
centers and tech ecosystems. Often referred to as "Data Center Alley," Ashburn is
home to the largest concentration of data centers globally, forming the backbone of
the internet. Its dominance in API requests is due to its role as a hub for cloud providers
like Amazon Web Services (AWS), Microsoft Azure, and Google Cloud, which host APIs
for businesses worldwide. Chicago’s central location and robust infrastructure make it
a key hub for cloud services and API traffic. The city is also a hotspot for financial
technology (fintech) firms, logistics companies, and e-commerce platforms, all of
which rely heavily on APIs for their operations.

European activity was centered in Frankfurt am Main, Germany(10%) and Amsterdam,

Netherlands (10%). Frankfurt is a major financial center in Europe and a key location
for data centers and cloud providers, thanks to its well-developed infrastructure and
connectivity. Its importance in handling API traffic stems from its role in supporting
financial institutions, enterprise technology solutions, and cross-border e-commerce.

In Asia, Singapore contributed 10%, reinforcing its role as a tech and financial hub. San
Jose and Los Angeles in the U.S. also accounted for 10% and 9%, respectively. Other
significant contributors included Manhattan, United States, and Dublin, Ireland, both
at 9%, reflecting strong usage in finance and technology. Santa Clara, United States,
rounded out the list with 9%, showcasing its importance in the Silicon Valley
ecosystem.

These cities represent the epicenters of global API activity, demonstrating how APIs
power innovation in technology, finance, and commerce. The geographic distribution
further highlights the interconnectedness of these digital hubs in driving the API
economy worldwide.

28
Client distribution per device

DESKTOP
79% DEVICE

ANDROID
15% DEVICE

iOS
6% DEVICE

Client distribution per device, source: Treblle; sample data 2024

API requests originate from a variety of devices, reflecting the platforms where
applications and services are consumed. In 2024, Desktop devices emerged as the
overwhelming leader, accounting for 79% of all API requests, a sharp increase from
55% in 2023. Meanwhile, Android and iOS saw declines, with Android dropping from
23% to 15% and iOS from 22% to 6%.

This data isn’t a reflection of the decline in the mobile world but rather the type of APIs
most organizations build. As we know most APIs are internal APIs which are generally
called through other microservices. Because of this all those API requests would fall
under the Desktop device category. The second insight comes from previously
analyzed industry growth. As we know, the IT and Financial services industries are
heavy users of desktop devices and applications. This means that many of APIs are
built to communicate with proprietary internal applications running on Windows, Mac,
or Linux devices.

The growing dominance of desktop-originated API requests highlights the importance

of optimizing APIs for desktop applications and web platforms. Developers must focus
on delivering high-performance APIs that support the heavier workloads and data
requirements often associated with these environments. At the same time, the decline
in mobile-originated requests underscores the need to continue supporting efficient,
lightweight APIs for mobile platforms, as they remain critical in consumer-facing
applications.

29
 Request volume per day of the week

20%

15,3% 15,1%
15,0%
14,7% 14,7%
Number of requests (%)

15%
12,7% 12,5%

10%

5%

0%
Monday Tuesday Wednesday Thursday Friday Saturday Sunday Day

Request volume per day of the week, source: Treblle; sample data 2024

Analyzing API request volume by day of the week provides insight into user activity
patterns and how APIs are utilized throughout the week. In 2024, the data revealed a
steady demand for APIs during the workweek, with Monday through Friday each
accounting for approximately 15% of requests. Activity drops slightly on the weekend,
with Saturday and Sunday at 13%.

The relatively even distribution from Monday to Friday suggests that API-driven
applications are critical tools used consistently throughout the week, particularly in
industries like IT, financial services, and marketing, where APIs power daily workflows.

APIs are much more than just Here To Stay. Their significance to—and growth
at—organisations of all sizes and shapes, is testament to the need for API management
discipline across the board. From concept, to design, to deployment and ongoing
monitoring and support.

Claire Barrett
Director @ APIsFirst

30
Conclusion
By 2025, the API market is poised to become a cornerstone of the global technology
ecosystem, fueled by the exponential growth of AI and the increasing digitalization of
industries. APIs will underpin an ever-expanding range of applications, from traditional
enterprise systems to edge computing and IoT devices.

The symbiotic relationship between AI and APIs will intensify. APIs will be the
foundational layer enabling AI models to access and process data. This will drive both
the volume and sophistication of APIs in sectors such as healthcare, finance, logistics,
and smart cities.

The increasing complexity of APIs due to more intricate data flows, stricter regulatory
requirements, and global scalability will demand advanced tools for lifecycle
management. Automation will play a key role, with AI-powered platforms assisting in
the design, testing, and monitoring of APIs, reducing development time and improving
reliability.

Security and observability will be a top priority in 2025, with advanced AI-powered
threat detection and compliance tools becoming standard. Organizations will
implement stricter policies to address vulnerabilities and ensure data protection,
particularly in regulated industries like healthcare and finance.

In summary, by 2025, the API market will be characterized by explosive growth,

advanced automation, heightened security, and a central role in enabling AI-driven
innovation. APIs will not just be tools but essential infrastructure for the next wave of
digital transformation.

31
treblle.com