Boomi takes aim at zombie APIs with control plane

Boomi takes aim at zombie APIs with control plane

Boomi has pledged to help users slash their through hordes of “zombie” APIs by shipping the control plane it teased back in May at its Boomi Connect user conference.

The Boomi API Control Plane builds on the federated API management business the integration firm bought from APIIDA earlier this year. It also acquired API management assets from Cloud Software Group.

The firm is banking on API management being critical to the development of enterprise AI systems, as enterprises work to pool their applications and resources, whether on prem or from SaaS.

EMEA CTO Ann Maya said this would naturally rely on APIs. “You build all the cool sexy stuff on the front, but if you boil it down without those little two-prong Lego pieces, nothing gets created, right?”

API building had been democratized, she said. But this API explosion created additional headaches and risks not least in terms of security. “The problem is that it’s easy. So, lots of people probably shouldn’t be doing… that’s created a zombie API problem.”

This created an attack surface, not least for critical enterprise data, she said, and were easily scanned for and identified by attackers’ bots.

Research by the Cequence CQ Prime Threat Research group in the first half of 2022 identified 5 billion “malicious transactions” targeting “unknown, unmanaged and unprotected APIs.”

Boomi’s Control Plane Service scans organizations’ infrastructure, identifying all APIs deployed on a gateway and bringing them back under the governance of IT. It doesn’t matter where that gateway is located. What the Control Plane currently does not do is discovery that is based on the network traffic.

“So, you now create a kind of catalog of APIs, dare I say, a registry. You know that you now have this view of all the APIs in your environment,” said Maya.

Developers working to create a new APIs can submit it to the Control Plane, and the organization can then apply the relevant policies, and manage the overall API lifecycle. “It will run through some tests to make sure that this is compliant, it passes security tests, and then passes a quality assurance test as well. Now, it’s ready to be packaged into an API product.”

APIs can then be loaded into a dev portal and made available to other users.

The API announcement follows the launch of the first six Boomi AI agents under the Agent Framework it also debuted at Boomi world. These are a set of “integration and no-code development capabilities” powered by AI. 

The first crop included Boomi DesignGen, which is used to design integration processes; BoomiGPT, which allows users to “describe integration and automation needs using natural language”; and BoomiPathfinder, which helps users when building integration processes. BoomiScribe also assists with producing documentation on integration processes.