API Coding

API Coding in 2026: The Contract Is Still Everything

2026-03-28T00:00:00+00:00

I've built a lot of APIs. REST APIs, GraphQL APIs, that one gRPC service I'm still not sure was the right call, internal APIs that were supposed to be temporary and are now load-bearing infrastructure at three companies. I've versioned them badly and versioned them well and versioned them in ways that made sense at the time and didn't survive contact with actual consumers.

Here's what 2026 has done to that experience: it's made the easy parts trivially easy and left the hard parts exactly as hard as they always were. Which sounds like a neutral statement but is actually kind of profound if you think about it for a second.

The Scaffolding Problem Is Solved</h2>
If I need a new endpoint today, I describe it. Forty seconds later I have a handler, a schema, input validation, error responses, and a test file. The code is correct roughly 90% of the time on the first pass. The other 10% is wrong in ways I catch immediately because I know what I'm looking at.
Two years ago, "generate me a REST endpoint with validation and error handling" produced something you'd heavily edit. Today it produces something you lightly review. That gap sounds small. In practice, it has changed my entire day.
I used to budget half a day to stand up a new resource — routes, controller, validation layer, error handling, a basic test suite. That's now forty minutes, and most of that is me thinking about whether the design is right, not implementing the design I already decided on. The implementation has become almost clerical. The thinking hasn't.

But the Design Problem Is Harder Than Ever</h2>
Here's the trap that's swallowed a few teams I've watched up close: when implementation is cheap, bad design ships faster.
The API you design in an afternoon and scaffold in an hour will be with you for years. The consumers you didn't anticipate will arrive. The mobile client that needs a different shape than the web client will show up six months in. The third-party integration that expects snake_case when you went camelCase will cause a support ticket at the worst possible moment.
None of that is new. What's new is that the gap between "had an idea" and "it's in production" is now measured in hours instead of days. The guardrail that used to be implementation time — the friction that forced you to think twice before committing — is mostly gone. You have to install that guardrail yourself, deliberately, or you will ship five endpoints that all do slightly different versions of the same thing and spend the next eighteen months regretting it.
The teams doing this well in 2026 have made design review a genuine gate, not a formality. They're writing OpenAPI specs before they write code. They're asking "who calls this and what do they actually need" before they ask "what's the fastest way to implement this." The tooling rewards speed. The discipline has to come from you.

The Spec-First Renaissance</h2>
OpenAPI was supposed to solve API design years ago. It sort of did. It mostly produced very thorough documentation of APIs that were designed ad hoc anyway, which is useful but not quite the point.
What's changed is that spec-first development now has real teeth. You write the spec, feed it to your AI tooling, and get a skeleton that actually reflects the contract you described. The schema is enforced at runtime. The client SDKs are generated. The mock server spins up for frontend devs while you're still building the real thing.
The spec is no longer documentation after the fact. It's the source of truth before the fact. That's a workflow shift that sounds bureaucratic until you've had the experience of a frontend team and a backend team building against the same spec in parallel and having things actually work when they integrate. That used to be aspirational. Now it happens.
I've stopped thinking of the spec as a document. It's a contract. Contracts exist before either party does the work. That's the whole point of them.

Authentication Is Still a Tar Pit</h2>
I have to say this because it's true and I want the record to reflect it: auth is still a nightmare. Not in the "this is technically hard" sense — it isn't, the primitives are well understood. In the "there are seventeen ways to do it, six of them are fine, three are subtly insecure in ways that only matter at scale, two are legacy burden you're inheriting from a decision made in 2019, and one of them is what you actually need" sense.
OAuth2 flows are still confusing to implement correctly. JWTs are still being used in ways that the people who designed them would find distressing. API keys are still being stored in environment variables that end up in GitHub in a repo that was supposed to be private. Rotating credentials is still treated as optional until it very much isn't.
The AI tooling is actually pretty good at generating auth code. It's not good at telling you which auth pattern is right for your specific threat model and consumer base. That requires judgment. Judgment requires context. Context is yours to hold.
I've started treating auth as the one area where I slow down on principle regardless of how fast everything else is moving. Get the contract right, yes. Get the security model right first.

Rate Limiting and Observability: The Unsexy Stuff That Matters</h2>
The features that keep an API alive under real traffic are the ones that nobody wants to build on day one. Rate limiting, circuit breakers, request tracing, structured logging, latency percentiles, error rate alerting — every experienced API developer knows these matter and nearly every new API is missing at least three of them.
What I've noticed in 2026 is that the gap between "it works in development" and "it survives production" has gotten wider, not narrower, precisely because you can ship faster. The fast path to a working endpoint doesn't include observability by default. You have to ask for it explicitly, and you have to know why you're asking.
The platforms have gotten better about this. Managed API gateways bake in a lot of the infrastructure-level concerns — rate limiting, basic auth, request logging — so you're not building from scratch. But application-level observability, the kind that tells you which endpoint is slow for which consumer under which conditions, still requires you to instrument your own code. It still requires you to think about what you want to know before you need to know it.
Log the things that will matter at 2am. You know what they are. Do it before you deploy, not after the incident.

Versioning: The Tax You Pay for Having Consumers</h2>
I have two opinions about API versioning that are in permanent tension with each other.
The first is that versioning is a sign of maturity. An API that has never been versioned is an API that has never been used seriously enough to accumulate consumers with divergent needs. V2 means you shipped something real enough that people depended on it.
The second is that versioning is a sign of failure. A well-designed API should be able to evolve without breaking changes. If you're shipping V3, something upstream in your design process went wrong, and bumping the version is how you're paying for it.
Both of these are true. The productive thing is to use them as design pressure simultaneously. Design like you'll never need to break the contract. Accept that you probably will anyway. When you do, version cleanly, maintain the old version long enough that consumers can migrate without panic, and document the delta like your relationship with the engineering team consuming your API depends on it. Because it does.
The AI tools are useful for generating migration guides once you know what changed. They are not useful for deciding what should change. That's still a human conversation, preferably had before the breaking change ships rather than after.

The Part About LLM-Native APIs</h2>
There's a new category now that didn't exist in any meaningful sense three years ago: APIs designed to be consumed by AI agents rather than human-written code.
The design constraints are different in ways that are still being worked out collectively. Endpoints need to be more self-describing. Error messages need to be more verbose and semantic, because the consumer interpreting them is a language model making decisions, not a developer reading a stack trace. Pagination and filtering need to be more predictable. Side effects need to be more explicit.
The most interesting design problem I've worked on this year was an internal API that needed to serve both a traditional frontend and an AI agent workflow. The things that made it good for one made it annoying for the other. The endpoint that was ergonomic for a human developer was too implicit for the agent. The endpoint that was self-describing enough for the agent was verbose and over-specified for the human.
We ended up with two surface areas, one underlying implementation. I'm not sure that's the right answer. I'm not sure there is a right answer yet. The norms are forming in real time and the early decisions feel load-bearing in ways we won't fully understand for another couple of years.

What Good API Work Looks Like Right Now</h2>
The best API developers I know in 2026 share a specific set of habits. They write the spec before the code. They treat the contract as a product decision, not an engineering implementation. They instrument everything worth knowing about before they ship. They think about the consumer experience as carefully as application developers think about user experience. And they are deeply, almost pathologically suspicious of fast.
The tools let you go fast. Going fast is not the goal. The goal is a surface that your consumers can rely on, that you can evolve without drama, that fails gracefully and tells you why when it does.
The API is the product for whoever's consuming it. Act accordingly.
Ship the spec first. Instrument before you deploy. Version with humility. Sleep with your pager nearby.
That's still the job.

Model Context Protocol (MCP), Standardizing How AI Systems Access and Use Context

2026-03-27T00:00:00+00:00

A pattern is starting to emerge across AI tooling ecosystems, and it’s not just about better models or faster inference. It’s about how context moves. That’s where the MCP guide—published externally and increasingly referenced across developer circles—lands with more weight than it might seem at first glance. It doesn’t read like a flashy launch announcement. It reads more like a quiet specification of how things are going to work going forward.

The core idea behind MCP, or Model Context Protocol</a>, is deceptively simple: standardize how models access and interact with external context. But once you sit with it for a moment, the implications start stacking up. Context is everything in modern AI systems. Without it, models hallucinate, drift, or just produce generic output. With it, they become precise, situationally aware, and—this is the key part—useful in production environments.

What the MCP guide outlines is not just a format, but a philosophy. Instead of building one-off integrations between models and tools, MCP proposes a structured interface layer. Think of it less like an API and more like a contract. A way for models to reliably query data sources, invoke tools, and maintain state across interactions without each implementation reinventing the wheel.

There’s a subtle shift here from “AI as a feature” to “AI as a system component.” In earlier waves, adding AI meant embedding a model into an app. Now, with MCP-like approaches, the model becomes one node in a broader architecture. It requests context, receives structured responses, and acts within defined boundaries. That’s a very different operational posture.

One of the more interesting aspects highlighted in the guide is composability. MCP allows multiple context providers—databases, APIs, local files, even other models—to plug into a unified interface. This creates a kind of modular intelligence layer. Instead of hardcoding logic, developers can assemble capabilities. Swap one provider for another. Extend without breaking existing flows. It’s almost reminiscent of how microservices reshaped backend architecture, except now the “services” are knowledge and action layers.

There’s also a governance angle that shouldn’t be overlooked. By formalizing how context is accessed, MCP introduces clearer auditability. You can trace what data the model saw, what tools it called, and why it produced a given output. In regulated environments—finance, healthcare, defense—that’s not optional. It’s foundational. The guide doesn’t overstate this point, but it’s sitting there between the lines.

Of course, standardization always comes with trade-offs. Flexibility can feel constrained when you introduce schemas and protocols. Some developers will resist the overhead, especially in early-stage projects where speed matters more than structure. But history tends to favor systems that scale cleanly over those that move fast in isolation. MCP feels like it’s aiming squarely at that long-term equilibrium.

Another layer worth noting is interoperability. If MCP gains traction across platforms, it could reduce fragmentation in the AI tooling landscape. Right now, every vendor has its own way of connecting models to data and actions. It’s messy. The guide hints at a future where those boundaries soften, where tools built in one ecosystem can be more easily leveraged in another. Not fully plug-and-play—let’s not get carried away—but closer than what we have today.

Reading through the guide, there’s also a sense that this is early. Not immature, exactly, but still forming. The concepts are solid, the direction is clear, but adoption will determine whether MCP becomes a true standard or just another well-intentioned framework. That usually depends less on the elegance of the design and more on who builds on top of it.

Still, it’s hard to ignore the timing. As enterprises move from AI experimentation to deployment, the need for structured context handling becomes unavoidable. Ad-hoc solutions don’t scale. They break, they drift, they become impossible to maintain. MCP steps into that gap with a proposal that feels both practical and forward-looking.

So while the guide itself might not make headlines, it’s the kind of document that tends to age into importance. The sort of thing people reference months later and say, “that’s where the shift started.” Not dramatic, not loud—just foundational.

Boomi’s Revolutionary API Management in the AI Era

2025-02-20T00:00:00+00:00

Boomi, the intelligent integration and automation leader, has unveiled its comprehensive API Management solution—a robust platform designed to deliver cloud-scale API management alongside cutting-edge integration, automation, data management, and AI capabilities. This new offering seamlessly combines Boomi’s established API Management framework with strategic assets acquired from Cloud Software Group and APIIDA, forming a holistic solution that transforms APIs into powerful strategic drivers. As organizations increasingly deploy GenAI-enhanced applications—where, according to IDC, such companies manage roughly five times more APIs than those not yet investing significantly in GenAI—the risk of API sprawl, security vulnerabilities, and operational inefficiencies becomes a critical concern. Boomi’s latest solution directly addresses these challenges by enhancing discoverability, security, and scalability, thereby empowering enterprises to harness the transformative potential of their API ecosystems while mitigating the chaos that ungoverned APIs can unleash on digital operations.

The significance of this launch is underscored by industry experts who emphasize that APIs now serve as the backbone of AI-driven innovation, enabling seamless interaction between complex systems and advanced AI models. Shari Lava, Senior Research Director at IDC, has noted that robust API management is no longer optional but a critical prerequisite for ensuring security, scalability, and effective governance. Boomi API Management, powered by Boomi AI Agents, supports both Boomi and third-party API gateways to close security gaps and provide unparalleled transparency across the API landscape. Sebastiaan Kalshoven, CTO of De Volksbank, has highlighted the platform’s ability to unite technical and business stakeholders through comprehensive oversight and quality scoring of APIs, fostering stronger API governance and facilitating the development of dedicated developer portals for diverse user groups. Ed Macosky, Chief Product and Technology Officer at Boomi, encapsulated the vision by emphasizing that the platform unites industry-leading integration, automation, and data management capabilities to accelerate digital transformation and unlock unprecedented business value. This innovative approach not only addresses the operational challenges of the AI Era but also sets a new benchmark for enterprises aiming to drive growth, enhance security, and maintain a competitive edge in an increasingly interconnected and fast-paced digital world.

Elevating API Innovation at DeveloperWeek 2025

2025-02-12T00:00:00+00:00

Frank Kilcommins, Principal API Technical Evangelist at SmartBear, is set to deliver groundbreaking insights at DeveloperWeek 2025, the world’s largest independent developer and engineering conference and expo. With a robust history spanning over 15 years in the technology industry, Frank brings a wealth of expertise that merges software engineering, enterprise architecture, and a fervent dedication to advancing the API community. His presentations, including the much-anticipated “Intro to Contract Testing: Evolving APIs Safely” and “Describing API Workflows with Arazzo,” offer a deep dive into modern API development practices that cater to the intricate demands of microservices and modular API architectures. On Tuesday, February 11, 2025, at the Santa Clara Convention Center as well as online later that week, Frank will introduce the concept of contract testing—a scalable, innovative solution that simplifies provider-consumer validation, addresses the challenges posed by managing dependencies and end-to-end testing, and counters the persistent issues of so-called “zombie APIs.” Through practical demonstrations and real-world examples, he will reveal how contract testing not only rebalances the testing pyramid but also leverages OpenAPI artifacts to foster a collaborative environment for API development and innovation.

SmartBear’s presence at the conference is further amplified by the recognition of its award-winning API Hub, which is being honored with the 2025 DEVIES Award for excellence in API Management & Support. This accolade underscores SmartBear’s commitment to streamlining the API development process for modern teams seeking to deliver reliable and valuable APIs. Frank’s follow-up session at the OpenAPI Summit on February 12, 2025, titled “Describing API Workflows with Arazzo,” promises to showcase a revolutionary workflow specification developed by the OpenAPI Initiative. During this session, he will guide attendees through the intricacies of Arazzo, a tool designed to simplify multi-step API interactions by offering reusable, programmatically readable workflows. Attendees will have the opportunity to experience live demonstrations of AI-driven innovations such as Arazzo Specification GPT, hands-on editing with VSCode, and the use of Spectral for validation with custom rules that enforce team style guides. This immersive session aims to equip API developers with actionable techniques to streamline documentation and enhance both human and machine readability in API workflow processes.

The event will be held at the Santa Clara Convention Center, located at 5001 Great America Pkwy, Santa Clara, CA, with in-person sessions from February 11 to February 13, 2025, and live online presentations extending into February 18 through February 20, 2025. Frank’s dual role as an industry thought leader and a board member of the OpenAPI Initiative is evident in his tireless efforts to inspire and support both the API community and SmartBear’s customers throughout the entire API development lifecycle. His sessions at DeveloperWeek are expected to deliver transformative insights that simplify the complexities of API testing, accelerate delivery, and ultimately drive innovation in API workflows, ensuring that both developers and enterprises can harness the power of well-orchestrated API strategies. For additional information on DeveloperWeek, please visit the conference website, and to learn more about SmartBear’s API Hub and its award-winning capabilities, explore the resources available on the SmartBear website.

Exploring API Integration Platforms for Web App Development

2025-02-06T00:00:00+00:00

API integration platforms serve as a crucial element in connecting various services and systems within a web application, enabling developers to streamline communication between disparate APIs while ensuring security, scalability, and efficient data exchange. AWS API Gateway, for example, stands out as a robust solution that not only manages and routes API calls but also integrates seamlessly with AWS Lambda to support serverless architectures, providing a flexible backend for web apps that can handle fluctuating traffic and complex workflows. Similarly, Microsoft Azure API Management offers a comprehensive suite that covers everything from developer engagement to policy enforcement and monitoring, ensuring that every API interaction adheres to predefined security standards while offering analytics that inform performance optimization. Google’s Apigee, another prominent player in the field, excels in managing the lifecycle of APIs with detailed insights into usage patterns and potential issues, making it easier to adapt to the evolving demands of modern web applications. Enterprise solutions like MuleSoft’s Anypoint Platform offer a unified environment for both on-premises and cloud integrations, which is especially beneficial when web apps require connectivity with legacy systems or need to orchestrate multiple complex services in a cohesive manner.

Additional platforms such as Kong and Tyk provide open-source API gateways that are particularly appealing to developers seeking a customizable approach, allowing them to tailor the integration environment to the specific needs of their application while maintaining a focus on performance and security. IBM API Connect and WSO2 API Manager further expand the array of choices with their extensive support for API lifecycle management, covering aspects from initial design and deployment to ongoing monitoring and scaling. In the realm of workflow automation, platforms like Zapier, Integromat (Make), and IFTTT have carved out their niche by simplifying the process of connecting web apps to a variety of external SaaS services, thereby accelerating development cycles and reducing the need for complex coding in the early stages of product development. Ultimately, choosing the appropriate API integration platform depends on a careful evaluation of your project’s technical requirements, the anticipated scale of operations, and the desired balance between customization and out-of-the-box functionality, ensuring that the web application remains robust, secure, and adaptable to future innovations.

Creating a Powerful API with Bubble and Zapier

2025-02-05T00:00:00+00:00

Developing a robust API using Bubble’s no-code platform in conjunction with Zapier’s automation tools can transform your application into a highly interconnected and dynamic system. The process begins by enabling API workflows in Bubble, which allows you to expose specific functionalities as endpoints accessible by external services. Within your Bubble editor, you must navigate to the settings area and activate the API feature, then design your endpoints by defining the parameters and expected data structures that will be processed. This involves setting up the proper authentication methods—whether through API tokens or other secure means—to ensure that only authorized requests can interact with your app. Once these endpoints are configured, Bubble’s workflow engine takes over, executing tasks such as database updates, triggering subsequent processes, or returning custom responses in a JSON format, all of which can be meticulously tested using tools like Postman to verify that your API behaves as expected.

Integrating Zapier into this system takes your API’s functionality a step further by automating and streamlining communication between your Bubble application and numerous other services. In Zapier, you can create a Zap that either sends data to your Bubble API endpoint or listens for incoming webhooks from Bubble, depending on the nature of your workflow. This is typically done by employing Zapier’s Webhooks feature, which acts as a versatile bridge to connect your Bubble-generated data with a myriad of other platforms such as email services, CRMs, or even spreadsheets. By mapping the data fields from Bubble to corresponding actions in your chosen external application, Zapier facilitates a seamless exchange of information that can trigger automated processes like sending out notifications or updating records. This connection not only reduces the need for manual intervention but also ensures that your digital operations are synchronized, reliable, and scalable, taking full advantage of both Bubble’s user-friendly design and Zapier’s extensive integration capabilities.

Employing a systematic approach to building an API with Bubble and Zapier involves meticulous planning, continuous testing, and iterative improvement to maintain security and efficiency across your digital workflows. As you refine your API endpoints and map out your Zapier integrations, it is crucial to monitor performance and implement robust error handling, ensuring that any anomalies in data transmission or processing are promptly addressed. This integrated methodology not only expands the functional reach of your application but also creates a resilient ecosystem where automated processes work harmoniously to deliver a seamless user experience. By carefully aligning Bubble’s intuitive development environment with Zapier’s powerful automation features, you lay the foundation for an agile system capable of adapting to evolving business needs and technological advancements while minimizing manual workload and enhancing overall efficiency.

Vulnerable APIs and Bot Attacks Costing Businesses up to $186 Billion Annually

2024-09-18T00:00:00+00:00

API insecurity and automated abuse by bots responsible for up to 11.8% of cyber events and losses globally

Bot-related security incident count rose 88% in 2022 and 28% in 2023

Insecure APIs result in up to $12 billion more in losses than they did in 2021

MEUDON, France, September 18, 2024 - Thales, the cybersecurity leader that protects critical applications, APIs, and data, anywhere at scale, releases the “Economic Impact of API and Bot Attacks” report. The analysis of more than 161,000 unique cybersecurity incidents uncovers the rising global costs of vulnerable or insecure APIs and automated abuse by bots, two security threats that are increasingly interconnected and prevalent. The report estimates that API insecurity and bot attacks result in up to $1861 billion of losses for businesses around the world.

The report is based on a study conducted by the Marsh McLennan Cyber Risk Intelligence Center which found that larger organizations were statistically more likely to have a higher percentage of security incidents that involved both insecure APIs and bot attacks. Enterprises with revenues of more than $1 billion were 2-3x more likely to experience automated API abuse by bots than small or mid-size businesses. The study suggests that large companies are particularly vulnerable to security risks associated with automated API abuse by bots because of complex and widespread API ecosystems that often contain exposed or insecure APIs.

Enterprises rely heavily on APIs to enable seamless communication between diverse applications and services. Data from the Imperva Threat Research team, finds that the average enterprise managed 613 API endpoints in production last year. That number is growing rapidly as businesses face mounting pressure to deliver digital services with greater agility and efficiency.

Due to this increased reliance and their direct access to sensitive data, APIs have become attractive targets for bot operators. In 2023, automated threats generated by bots accounted for 30% of all API attacks, according to data from Imperva Threat Research. Today, automated API abuse by bots costs organizations up to $17.9 billion of losses annually. As the number of APIs in production multiplies, cybercriminals will increasingly use automated bots to find and exploit API business logic, circumvent security measures, and exfiltrate sensitive data.

“It’s imperative that businesses across the world address the security risks posed by insecure APIs and bot attacks, or they face a substantial economic burden,” says Nanhi Singh, General Manager of Application Security at Imperva, a Thales company. “The interconnected nature of these threats necessitates that companies take a holistic approach, integrating comprehensive security strategies for both bot and API attacks.”

Some of the key trends identified in the report include:

Increased API adoption and usage is growing the attack surface: The rapid adoption of APIs, inexperience of many API developers, and lack of collaboration between security and development teams has led insecure APIs to now result in up to $87 billion of losses annually, a $12 billion increase from 2021. Bots negatively impact organizations’ bottom line: The widespread availability of attack tools and generative AI models has enhanced bot evasion techniques and enabled even low-skilled attackers to launch sophisticated bot attacks. Up to $116 billion of losses annually can be attributed to automated attacks by bots. API and bot-related security incidents are becoming more frequent: In 2022, API-related security incidents rose by 40%, and bot-related security incidents spiked by 88%. These increases were fueled by a rise in digital transactions, the expanding use of APIs, and geopolitical tensions like the Russia-Ukraine conflict. In the following year 2023, as digital traffic began to stabilize and the pandemic-driven surge in internet activity subsided, the frequency of these incidents moderated. API-related security incidents grew by 9%, while bot-related security incidents jumped by 28%. The overall upward trend in attacks highlights the growing persistence and frequency of these threats. Insecure APIs and bot attacks pose a significant threat to large enterprises: Companies with revenue of at least $100 billion are most likely to suffer security incidents related to insecure APIs or bot attacks. These threats constitute up to 26% of all security incidents experienced by such businesses. Countries around the globe are vulnerable to API and bot attacks: Brazil experienced the highest percentage of events related to insecure APIs or bot attacks, with the threats accounting for up to 32% of all observed security incidents. This was closely followed by France (up to 28%), Japan (up to 28%), and India (up to 26%). While the percentage of events attributed to API and bot-related security incidents was lower in the United States, 66% of all reported events related to vulnerable APIs or automated abuse by bots occurred within the country. “Reliance on APIs will continue to grow exponentially, driving connections to generative AI applications and large language models,” adds Singh. “At the same time, generative AI will also empower cybercriminals to create sophisticated bots at an accelerated and alarming rate. As API ecosystems expand and bots become more advanced, organizations should anticipate a significant rise in the economic impact of automated API abuse by bots unless proactive measures are taken.”

Additional Information:

Download a copy of the “Economic Impact of API and Bot Attacks” report for additional insights on the business impact of API and bot-related security incidents. See how Imperva Advanced Bot Protection and API Security can protect websites, applications, and APIs from automated attacks and without affecting the flow of business-critical traffic. Read the Imperva Blog (Imperva, a Thales company) for the latest product and solution news, and threat intelligence from Imperva Threat Research.

About Thales

Thales (Euronext Paris: HO) is a global leader in advanced technologies specialized in three business domains: Defence & Security, Aeronautics & Space, and Cybersecurity & Digital identity.

It develops products and solutions that help make the world safer, greener and more inclusive.

The Group invests close to €4 billion a year in Research & Development, particularly in key innovation areas such as AI, cybersecurity, quantum technologies, cloud technologies and 6G.

Thales has close to 81,000 employees in 68 countries. In 2023, the Group generated sales of €18.4 billion.

APIs are under attack

2024-09-17T00:00:00+00:00

APIs are under attack. Join Cloudflare, Optiv, and ESG, as we discuss the leading API cybersecurity challenges today’s organizations face and how to bolster your API protections from the threats of today—and tomorrow. Don’t miss it. Register today. https://t.co/rEXnMHpk5V</a> pic.twitter.com/AfuLBwl8MX</a>— Cloudflare (@Cloudflare) September 17, 2024</a></blockquote>