Expert Op-Ed: APIs Are the Gatekeepers of Agentic AI

Artificial intelligence agents are everywhere. They promise to simplify our lives by knowing how to do whatever needs to be done. That means agents must have access to resources such as services, tools, and data, but that access should not be unlimited. To operate responsibly, resources must be accessible only in the appropriate context. The following guidelines show how APIs fulfill this role.

Standards Promote APIs as Structured Intermediaries

APIs are a structured intermediary. Invoking APIs creates an execution space where actors discover resources, access is controlled, and authorization is verified. APIs are flexible, reducing exposure while simultaneously enabling a variety of actions sanctioned by the business. The downside of this flexibility is the lack of standards that hinder interoperability. Consequently, emerging standards such as the Model Context Protocol (MCP), the Open Agentic Schema Framework (OASF), the LangChain Agent Protocol, and the Agent2Agent Protocol (A2A) are a step in the right direction. They encourage thoughtful API design and their use as the primary external interface within agent ecosystems—the service, tool, and data ecosystems that agents will rely on to accomplish their self-directed work plans.

Securing APIs with Infrastructure Services

Today’s business applications expose their functionality through APIs, but APIs do not operate in isolation. Gateways consolidate cross-API functions such as user access, authorization, and service discovery. Firewalls filter ports, enforce routing rules, and shield against malformed protocol requests. Authorization proxies implement advanced identity controls such as authorization code flows and policy consultations. APIs are the entry points to business applications. Infrastructure services streamline, improve, and enable proper validation of requests addressed to APIs.

Dynamic Validation Will Replace Static Validation

When an AI agent lacks the authority to perform a specific action, it can collaborate with another agent that does have the authorization. This keeps workflows moving without breaching access boundaries. For example, a shopping assistant could request a discount code from a order-processing agent instead of pulling it directly from a sensitive database. APIs facilitate this interaction while preserving the separation of duties. It works well today because agents can act on behalf of a human user or a role.

Users and roles represent static authorization schemas supported by current identity and policy systems. In the future, it is conceivable that agents will possess their own identity (or multiple identities), which will heighten the need for robust safeguards to govern resource access across a wide variety of situations. Ultimately, dynamic Zero Trust–style security measures, which will validate the requester, the target resource, and the action at run time, will replace predefined static validation.

API-First Designs Will Prevail

APIs are essential for AI agents because agents require a clear delineation of the resources they may access and the security context to apply for each action they undertake. As the number of deployed agents grows, their access to resources and the number of requests they generate— all through APIs— increases. If a single agent handles multiple tasks, there may be multiple authorizations using multiple security contexts. The demand for high-performing APIs intensifies as more agents come into play. APIs must enable appropriate access, automatically and at an extremely large scale.

Today, users access resources through applications and custom APIs. In the future, standardized APIs will emerge as the strategic control point where AI agent systems and business resources interact across networks, organizations, and industries. An API-first approach will usher in the era of agentic AI, delivering governance, interoperability, and scalable growth.
* James Hendergart is the Senior Director of Technical Research at F5