API ECOSYSTEMS IN THE AGE OF ARTIFICIAL INTELLIGENCE
DOI:
https://doi.org/10.18623/rvd.v23.n4.4344Keywords:
API Ecosystems, Artificial Intelligence, Agentic AI, API Security, Governance, Interoperability, Energy EfficiencyAbstract
APIs are undergoing a fundamental shift from static integration mechanisms toward dynamic, AI‑interpretable interaction surfaces. Large language models and autonomous agents increasingly discover, understand, and orchestrate APIs with minimal human intervention, reshaping integration paradigms across domains. This systematic review (2020–2026) analyzes emerging AI‑native API ecosystems along six dimensions: functionality, security, governance, architecture, efficiency, and application areas. The findings highlight an evolution from conventional REST, SOAP, and messaging architectures to adaptive, context‑aware, and policy‑driven interface models. Concurrently, novel security risks—such as prompt injection, model manipulation, and cascading threats in multi‑layer API orchestrations—intensify the need for advanced protective controls, including mTLS, OAuth 2.1, and zero‑trust governance architectures. A key contribution of this work is a taxonomy that classifies AI‑driven API ecosystems according to autonomy level, governance maturity, interoperability, security posture, and energy efficiency. The review positions APIs as foundational components of intelligent systems and offers guidance for research, standardization efforts, and the secure deployment of AI‑native API architectures.
References
[1] M. Posada and L. Vaccari, "APIs for Governments: why, what & how," European Commission JRC—APIdays Paris, https://interoperable-europe.ec.europa.eu/, 2020.
[2] S. -P. Ma, M. -J. Hsu, H. -J. Chen and C. -J. Lin, "RESTful API Analysis, Recommendation, and Client Code Retrieval," Electronics, vol. 12, no. 5, p. 1252, doi: 10.3390/electronics12051252, 2023.
[3] L. Wang et al., "A survey on large language model based autonomous agents," Frontiers of Computer Science, vol. 18, doi: 10.1007/s11704 024 40231 1, 2024.
[4] A. Yehudai et al., "Survey on Evaluation of LLM based Agents," arXiv, 2503.16416, doi: 10.48550/arXiv.2503.16416, 2025.
[5] T. Schick et al., "Toolformer: Language Models Can Teach Themselves to Use Tools," arXiv, 2302.04761, doi: 10.48550/arXiv.2302.04761, 2023.
[6] M. Li et al., "API Bank: A Comprehensive Benchmark for Tool Augmented LLMs," EMNLP, pp. 3102–3116, doi: 10.18653/v1/2023.emnlp main.187, 2023.
[7] X. Li, "Survey of LLM based Agents: Theories, Technologies, Applications," IEEE (Early Access), 2025.
[8] J. S. dos Santos et al., "Analysis of Tools for REST Contract Specification in Swagger/OpenAPI," ICEIS, https://www.scitepress.org/Papers/2020/93812/93812.pdf, 2020.
[9] A. Lercher et al., "Generating Accurate OpenAPI Descriptions from Java Source Code," arXiv, 2410.23873, 2024.
[10] M. Niswar et al., "Performance Evaluation of Microservices Communication with REST, GraphQL, and gRPC," Int. J. Electronics and Telecommunications, vol. 70, no. 2, pp. 429–436, doi: 10.24425/ijet.2024.149562, 2024.
[11] N. Hamo and S. Saberian, "Evaluating the performance and usability of HTTP vs gRPC," BTH Thesis, https://www.diva-portal.org/smash/get/diva2:1768795/FULLTEXT02.pdf, 2023.
[12] I. Khan and M. K. Ahamad, "Enhancing Security and Performance of gRPC Based Microservices using HTTP/3 and AES 256," Journal of Information Systems Engineering & Management, https://www.scitepress.org/Papers/2020/93812/93812.pdf, 2025.
[13] F. A. A. Gomes et al., "Impact of OpenTelemetry Configuration on Observability and Telemetry Storage Cost," ADVANCE Workshop, https://hal.science/hal-04723959v1/file/ADVANCE_2024_Almada_1_.pdf, 2024.
[14] E. Norgren, "Optimizing Distributed Tracing Overhead in a Cloud Environment with OpenTelemetry," Master’s Thesis, https://www.diva-portal.org/smash/get/diva2:1867119/FULLTEXT01.pdf, 2024.
[15] D. Gurumurthy and L. Querel, "OpenTelemetry Semantic Conventions and How to Avoid Broken Observability," USENIX SREcon25 Americas, 2025.
[16] A. Mahmutovic, "EU AI Act: a proactive framework for comprehensive AI regulation," Int’l J. of Law and Information Technology, doi: 10.1093/ijlit/eaaf028, 2025.
[17] S. Greenstein and M. Zamboni, "Navigating the legislative dilemma: evaluating the EU AI Act," Theory and Practice of Legislation, vol. 13, no. 3, doi: 10.1080/20508840.2025.2513177, 2025.
[18] H. Graux et al., "Interplay between the AI Act and the EU digital legislative framework," European Parliament Study, https://www.europarl.europa.eu/RegData/etudes/STUD/2025/778575/ECTI_STU%282025%29778575_EN.pdf, 2025.
[19] M. Seet, "ISO 42001 and Legal Compliance: A Principled Implementation of the AI Management System," Springer, https://link.springer.com/book/10.1007/979-8-8688-2099-1, 2025.
[20] K. L. Lucy, "Overview of ISO/IEC 42001," UNIDO/Microsoft Presentation, https://www.unido.org/sites/default/files/files/2025-07/Microsoft%20-%20Overview%20of%20ISO%20IEC%2042001.pdf, 2025.
[21] R. Dotan et al., "Evolving AI Risk Management: A Maturity Model based on NIST AI RMF," arXiv, 2401.15229, https://arxiv.org/pdf/2401.15229, 2024.
[22] R. M. S. Khan et al., "Agents Under Siege: Breaking Pragmatic Multi Agent LLM Systems with Optimized Prompt Attacks," ACL, pp. 8743–8759, https://aclanthology.org/2025.acl-long.476.pdf, 2025.
[23] D. Lee and M. Tiwari, "PROMPT INFECTION: LLM to LLM Prompt Injection within Multi Agent Systems," arXiv, 2410.07283, https://arxiv.org/pdf/2410.07283, 2024.
[24] S. Gulyamov et al., "Prompt Injection Attacks in LLMs and AI Agent Systems: A Comprehensive Review," Information (MDPI), vol. 17, no. 1, doi: 10.3390/info17010054, 2026.
[25] A. Patel, "Designing Enterprise Grade Microservices Security," Implementing Security with AI in GCP, Springer, pp. 113–132. (mTLS & Istio service mesh), https://link.springer.com/chapter/10.1007/979-8-8688-2213-1_6, 2026.
[26] E. K. Kähler et al., "Modular Security Analysis of OAuth 2.0 in the Three Party Setting," IEEE, https://ieeexplore.ieee.org/document/9230361, 2020.
[27] S. Rose, O. Borchert, S. Mitchell and S. Connelly, "Zero Trust Architecture," NIST SP 800 207, doi: 10.6028/NIST.SP.800 207, 2020.
[28] J. Viswanathan, D. Kumar. N and S. Udhaya Kumar, "Zero Trust Security for Web Applications in Microservice Based Architectures," IEEE, https://ieeexplore.ieee.org/document/10960955, 2025.
[29] M. J. Page et al., "PRISMA 2020 explanation and elaboration," BMJ, 372:n160, doi: 10.1136/bmj.n160, 2021.
[30] M. J. Page et al., "The PRISMA 2020 statement," BMJ, 372:n71, doi: 10.1136/bmj.n71, 2021.
[31] A. A. B. Aissa et al., "An LLM Powered API Navigator: Building an Intelligent Assistant for API Specification Understanding," IEEE Feedforward Magazine, vol. 4, no. 3, pp. 1–15, https://hal.science/hal-05234168v1/file/AK_Beckn2025.pdf, 2025.
[32] B. Xu, "AI Agent Systems: Architectures, Applications, and Evaluation," arXiv:2601.01743, https://arxiv.org/abs/2601.01743, 2026.
[33] S. Sajjadi et al., "A Survey of Large Language Models: Evolution, Architectures, Adaptation, Benchmarking, Applications, Challenges, and Societal Implications," lectronics, vol. 14, no. 18, https://www.mdpi.com/2079-9292/14/18/3580, 2025.
[34] R. Chan et al., "Adapting LLMs for Structured Natural Language API Integration," EMNLP Industry Track, pp. 991–1000, https://aclanthology.org/2024.emnlp-industry.74/, 2024.
[35] M. Lamothe et al., "A Systematic Review of API Evolution Literature," ACM Computing Surveys, https://users.encs.concordia.ca/~shang/pubs/mlamothe_csur_2021.pdf, 2020.
[36] F. Di Lauro et al., "Towards Large scale Empirical Assessment of Web APIs Evolution," APIACE/ICWE Workshops, https://design.inf.usi.ch/sites/default/files/biblio/apiace-icwe2021-api-evolution.pdf, 2021.
[37] Gartner, "More Than 30% of the Increase in API Demand Will Come From AI and LLM Tools by 2026," Gartner Press Release, https://www.gartner.com/en/newsroom/press-releases/2024-03-20-gartner-predicts-more-than-30-percent-of-the-increase-in-demand-for-apis-will-come-from-ai-and-tools-using-llms-by-2026, 2024.
[38] W. Liu et al., "ToolACE: Winning the Points of LLM Function Calling," arXiv:2409.00920, https://arxiv.org/abs/2409.00920, 2024.
[39] D. Kim et al., "Beyond Perfect APIs: A Comprehensive Evaluation of LLM Agents Under Real World API Complexity," arXiv:2601.00268, https://arxiv.org/pdf/2601.00268, 2026.
[40] I. Gim, S. Lee and L. Zhong, "Asynchronous LLM Function Calling," arXiv:2412.07017, https://arxiv.org/abs/2412.07017, 2024.
[41] Y. -C. Chen et al., "Enhancing Function Calling Capabilities in LLMs," NAACL Industry Track, https://aclanthology.org/2025.naacl-industry.9.pdf, 2025.
[42] S. Sadruddin et al., "LLMs4SchemaDiscovery: A Human in the Loop Workflow for Scientific Schema Mining," arXiv:2504.00752, https://arxiv.org/abs/2504.00752, 2025.
[43] S. Sadruddin et al., "SCHEMA MINERpro: Agentic AI for Ontology Grounding," Semantic Web Journal, https://www.semantic-web-journal.net/system/files/swj3871.pdf, 2025.
[44] M. Parciak et al., "Schema Matching with Large Language Models," VLDB TaDA Workshop, https://tabular-data-analysis.github.io/tada2024/papers/TaDA.8.pdf, 2024.
[45] P. WoL et al., "Schema Inference for Tabular Data Repositories Using Large Language Models," arXiv:2509.04632, https://arxiv.org/abs/2509.04632, 2025.
[46] B. John et al., "Adaptive Human in the Loop Testing for LLM Integrated Applications," https://www.researchgate.net/publication/391908960_Adaptive_Human-in-the-Loop_Testing_for_LLM-Integrated_Applications, 2025.
[47] A. Ndlovu and I. Mahlangu, "AI Augmented Middleware: A New Paradigm for Intelligent Enterprise Integration," https://www.researchgate.net/profile/Israel-Godwin-Mahlangu/publication/396684560_AI-Augmented_Middleware_A_New_Paradigm_for_Intelligent_Enterprise_Integration/links/68f5287cffdca73694b9010b/AI-Augmented-Middleware-A-New-Paradigm-for-Intelligent-Enterpris, 2025.
[48] Y. Lin, "AI Gateways: The Future Trend of AI Infrastructure," Apache APISIX, https://apisix.apache.org/blog/2025/06/18/ai-gateway-future-trend-of-ai-infrastructure/, 2025.
[49] A. Marshan, "AI Augmented Teaching and Assessment in Higher Education," IEEE CAI Workshop, https://www.ieeesmc.org/cai-2026/w1-teaching/, 2026.
[50] S. S. Chowa et al., "From language to action: a review of large language models as autonomous agents and tool users," Artificial Intelligence Review, https://link.springer.com/article/10.1007/s10462-025-11471-9, 2026.
[51] X. Li et al., "A survey on LLM-based multi-agent systems: workflow, infrastructure, and challenges," Vicinagearth, vol. 1, article 9, https://link.springer.com/article/10.1007/s44336-024-00009-2, 2024.
[52] S. Han, Q. Zhang, Y. Yao, W. Jin and Z. Xu, "LLM Multi-Agent Systems: Challenges and Open Problems," arXiv preprint, arXiv:2402.03578, https://arxiv.org/abs/2402.03578, 2024/2025.
[53] Y. Gao and S. Wu, "A Four-Layer Security Governance Framework for LLM-Based AI Agents," Journal of Artificial Intelligence Practice, vol. 8, no. 4, https://www.clausiuspress.com/assets/default/article/2026/01/07/article_1767842801.pdf, 2025.
[54] S. Raza, R. Sapkota, M. Karkee and C. Emmanouilid, "TRiSM for Agentic AI: A Review of Trust, Risk, and Security Management in LLM-based Multi-Agent Systems," arXiv preprint, arXiv:2506.04133, https://arxiv.org/pdf/2506.04133, 2025.
[55] Y. Wu et al., "Multi-Agent Autonomous Driving Systems with Large Language Models," indings of ACL: EMNLP, pp. 12756–12773, https://aclanthology.org/2025.findings-emnlp.683/, 2025.
[56] M. Leo, F. Tan, T. Miao and G. Anand, "From threat to trust: assessing security risks of agentic AI systems," International Journal of Information Security, vol. 25, article 23, https://link.springer.com/article/10.1007/s10207-025-01185-y, 2026.
[57] K. Grimes et al., "SOK: Bridging Research and Practice in LLM Agent Security," Carnegie Mellon SEI, https://sei.cmu.edu/documents/6414/Bridging-Research-and-Practice-in-LLM-Agent-Security.pdf, 2025.
[58] OWASP, "LLM Prompt Injection Prevention Cheat Sheet," OWASP, https://cheatsheetseries.owasp.org/cheatsheets/LLM_Prompt_Injection_Prevention_Cheat_Sheet.html, 2025.
[59] B. Hofesh, "Prompt Injection vs. Data Poisoning: The Two Biggest Security Threats to LLM Applications," Bright Security, https://brightsec.com/blog/prompt-injection-vs-data-poisoning-the-two-biggest-security-threats-to-llm-applications/, 2025.
[60] V. S. Narajala, "Securing Agentic AI: A Comprehensive Threat Model and Mitigation Framework," arXiv, https://arxiv.org/pdf/2504.19956, 2025.
[61] T. Erlin, "The API Imperative: Securing Agentic AI and Beyond," Security Boulevard, https://securityboulevard.com/2025/04/the-api-imperative-securing-agentic-ai-and-beyond/, 2025.
[62] OWASP GenAI Project, "OWASP Top 10 for LLM Applications," OWASP , https://owasp.org/www-project-top-10-for-large-language-model-applications/, 2025.
[63] J. Braidwood, "LLM Security Guide: OWASP Top 10 & Defenses 2026," GLACIS, https://www.glacis.io/guide-llm-security, 2026.
[64] European Union Agency for Fundamental Right (FRA), "Assessing High-Risk Artificial Intelligence: Fundamental Rights Risks," https://fra.europa.eu/en/publication/2025/assessing-high-risk-ai, 2025.
[65] CMS LawNow, "2024 EU AI Act: A detailed analysis," https://cms-lawnow.com/en/ealerts/2025/03/2024-eu-ai-act-a-detailed-analysis, 2025.
[66] S. Biroğul, Ö. Şahin and H. Əsgərli, "Exploring the Impact of ISO/IEC 42001:2023 AI Management Standard on Organizational Practices," Advances in Artificial Intelligence Research, vol. 5, no. 1, pp. 14–22, https://dergipark.org.tr/en/pub/aair/issue/92433/1709628, 2025.
[67] ISO, "ISO/IEC 42001:2023," Artificial Intelligence Management System, https://www.iso.org/standard/42001, 2023.
[68] National Institute of Standards and Technology, "AI Risk Management Framework (AI RMF 1.0)," NIST, https://www.nist.gov/itl/ai-risk-management-framework, 2023.
[69] NIST, "Artificial Intelligence Risk Management Framework: Generative AI Profile (NIST AI 600 1)," NIST, https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf, 2024.
[70] O. O. Ajayi, A. S. Adebayo and N. Chukwurah, "Ethical AI and Autonomous Systems: A Review of Current Practices and a Framework for Responsible Integration," International Journal of Multidisciplinary Research and Growth Evaluation, vol. 1, no. 1, https://www.futureengineeringjournal.com/uploads/archives/20250315123154_FEI-2025-1-003.1.pdf, 2024.
[71] A. Batool, D. Zowghi and M. Bano, "AI governance: a systematic literature review," AI and Ethics, vol. 5, https://link.springer.com/article/10.1007/s43681-024-00653-w, 2025.
[72] C. Wood, "Announcing OpenAPI v3.2," OpenAPI Initiative, https://www.openapis.org/blog/2025/09/23/announcing-openapi-v3-2, 2025.
[73] OAI/OpenAPI-Specification, "The OpenAPI Specification Repository," GitHub, https://github.com/OAI/OpenAPI-Specification, 2025.
[74] N. Park, "What’s New in OpenAPI 3.2," Zylo Docs Blog, Aug, https://blog.zylosystems.com/posts/openapi-3-2-key-changes-for-api-documentation, 2025.
[75] M. Noël, "Resilient connectivity for gRPC using Multipath QUIC," École polytechnique de Louvain, https://thesis.dial.uclouvain.be/, 2024/2025.
[76] T. Dang, "gRPC over HTTP/3 in Production," ThinhDA Engineering Blog, https://thinhdanggroup.github.io/grpc-over-http3/, 2025.
[77] N. Gazit and G. Liu, "Observability for Large Language Models with OpenTelemetry," OSACon , https://osacon.io/slides/2024/Observability-for-Large-Language-Models-with-OpenTelemetry.pdf, 2024.
[78] Ashnik Team, "Insights From the 2024 Observability Landscape," Ashnik Insights, https://www.ashnik.com/, 2024.
[79] D. Hope, "The Next Evolution of Observability with OpenTelemetry and Generative AI," Elastic Observability Labs, https://www.elastic.co/, 2025.
[80] D. Narváez et al., "Designing Microservices Using AI: A Systematic Literature Review," Software, vol. 4, no. 1, https://www.mdpi.com/, 2025.
[81] J. Willard and J. Hutson, "The Evolution and Future of Microservices Architecture with AI-Driven Enhancements," IJRES, vol. 12, no.1, https://www.ijresonline.com/, 2025.
[82] B. Sanwouo, P. Temple and C. Quinton, "Generative AI-based Adaptation in Microservices Architectures," ICWS , https://hal.science/hal-05082732v1/file/ICWS%2725.pdf, 2025.
[83] A. Aarab et al., "Integrating AI in Public Governance: A Systematic Review," Digital, vol. 5, no. 4, https://www.mdpi.com/2673-6470/5/4/59, 2025.
[84] OECD, "Governing with Artificial Intelligence: Are Governments Ready?," OECD AI Papers No. 20, https://www.oecd.org/en/publications/governing-with-artificial-intelligence_26324bc2-en.html, 2024.
[85] S. Pulijala, "Artificial Intelligence in Governance: Opportunities, Challenges, and Ethical Implications," IJFMR, https://www.ijfmr.com/papers/2024/6/29990.pdf, 2024.
[86] X. Wang et al., "Safety Challenges of AI in Medicine in the Era of Large Language Models," arXiv, https://arxiv.org/abs/2409.18968, 2024/2025.
[87] J. C. L. Chow and K. Li, "Large Language Models in Medical Chatbots: Opportunities, Challenges, and AI Risks," Information, vol. 16, no. 7, https://www.mdpi.com/2078-2489/16/7/549, 2025.
[88] F. De Micco et al., "Artificial Intelligence in Healthcare: Transforming Patient Safety," Frontiers in Medicine, https://www.frontiersin.org/articles/10.3389/fmed.2024.1522554/full, 2025.
[89] S. Joshi, "Review of Gen AI Models for Financial Risk Management," IJISEM, vol. 4, no. 2, https://satyadharjoshi.com/, 2025.
[90] Z. Feng et al., "Leveraging Artificial Intelligence in Financial Risk Management," JFRM, vol. 14, no. 2, https://www.scirp.org/pdf/jfrm_2410975.pdf, 2025.
[91] S. T. Battula, "AI Driven Risk Management for Fintech Enterprises," IJSAT, https://www.ijsat.org/papers/2025/1/2804.pdf, 2025.
[92] Y. Wang et al., "Generative AI for Autonomous Driving: Frontiers and Opportunities," arXiv, https://arxiv.org/abs/2505.08854, 2025.
[93] R. Acharya, "LLM Integration in Autonomous Vehicle Systems," WJARR, https://journalwjarr.com/, 2025.
[94] IEEE MOST 2025, "Call for Papers: Mobility, Autonomous Systems, and AI," IEEE Mobility Conference, https://ieeemobility.org/MOST2025/call_for_papers.php, 2025.
[95] A. Ghosh, A. Saini and H. Barad, "Artificial Intelligence in Governance: Recent Trends, Risks, Challenges, and Future Directions," AI & Society, vol. 40, https://link.springer.com/article/10.1007/s00146-025-02312-y, 2025.
[96] D. Kurpiewski et al., "Formal Verification of Probabilistic Multi Agent Systems for Ballistic Rocket Flight Using Probabilistic Alternating Time Temporal Logic," arXiv preprint, https://arxiv.org/abs/2511.22572, 2025.
[97] H. N. Nguyen and A. Rakib, "Formal Modelling and Verification of Probabilistic Resource Bounded Agents," Journal of Logic, Language and Information, vol. 32, pp. 829–859, https://link.springer.com/article/10.1007/s10849-023-09405-1, 2023.
[98] A. Cimmino, M. Poveda Villalón and R. García Cast, "Ontologies and Semantic Interoperability," Springer Handbook of Internet of Things, https://link.springer.com/chapter/10.1007/978-3-031-39650-2_17, 2023.
[99] M. Stäbler et al., "Why an Automated, Scalable and Resilient Service for Semantic Interoperability is Needed," Proceedings of AI Safety and Security Research, https://pdfs.semanticscholar.org/ad48/ddec71c54e8fbc91ed5cbdc8dd7d8677bdbd.pdf, 2023.
[100] L. Fernández Becerra et al., "Enhancing Trust in Autonomous Agents: An Architecture for Accountability and Explainability," arXiv preprint, https://arxiv.org/pdf/2403.09567, 2024.
[101] P. K. Goel, S. P. Yadav and P. Upadhyay, "Sustainability in Multi Agent LLM Systems: Energy Efficiency and Green AI Initiatives," Advancements in Multi Agent Large Language Model Systems for Next Generation AI, IGI Global, https://www.igi-global.com/chapter/sustainability-in-multi-agent-llm-system/389183, 2026.
[102] H. Wang, A. Papachristodoulou and K. Margellos, "Distributed Safe Control Design and Probabilistic Safety Verification for Multi Agent Systems," Automatica, vol. 179, https://kostasmargellos.github.io/assets/downloads/publications/journals/AUT_WPM_2023.pdf, 2025.
Downloads
Published
How to Cite
Issue
Section
License
I (we) submit this article which is original and unpublished, of my (our) own authorship, to the evaluation of the Veredas do Direito Journal, and agree that the related copyrights will become exclusive property of the Journal, being prohibited any partial or total copy in any other part or other printed or online communication vehicle dissociated from the Veredas do Direito Journal, without the necessary and prior authorization that should be requested in writing to Editor in Chief. I (we) also declare that there is no conflict of interest between the articles theme, the author (s) and enterprises, institutions or individuals.
I (we) recognize that the Veredas do Direito Journal is licensed under a CREATIVE COMMONS LICENSE.
Licença Creative Commons Attribution 3.0
