Boost API Development Velocity with Practical AI Tooling by Sumit Amar (WEX)

Transcript

1. Boost API Development with Practical AI Tooling apidays 2025, New

   York Sumit Amar @ChiefCoder May 15, 2025

2. Disclaimer The opinions expressed in this presentation and on the

   following slides are solely those of the presenter, and not necessarily those of WEX. Products, Sites, and tools mentioned focus on commercially available technology, and are for illustrative, educational purposes only. The views expressed in this presentation do not endorse or recommend any commercial products, process, or service.

3. Sumit Amar

4. Agenda • Introduction and Outcomes • Stages of API Development

   • Challenges in API Development Cycle • Remediating Challenges with AI Tools • Summary

5. The Why

6. The Why • About a quarter of the current YC

   startups, 95% of the code was written by AI – Gerry Tan, YC CEO • “What that means for founders is that you don’t need a team of 50 or 100 engineers,” Tan said. “You don’t have to raise as much. The capital goes much longer.” Source: https://www.cnbc.com/2025/03/15/y-combinator-startups-are-fastest-growing-in-fund-history-because-of-ai.html

7. The Why – PwC Source: https://www.pwc.com/gx/en/issues/c-suite-insights/the-leadership-agenda/AI-jobs-impact.html

8. The Why - HBR Source: https://hbr.org/2024/11/research-how-gen-ai-is-already-impacting-the-labor-market

9. Primer of Stages in API Dev • Design and Specification

   • Code / Implementation • Testing and Validation • Monitoring • Continuous Security Consideration • Developer Experience (Portal, Sandbox etc.)

10. Challenges in API Dev • Slide in spec and implementation.

    • Tedious, predictable, repetitive code a and its review cycle. • Lower than 90% code coverage. • Keeping monitors and alarms up to date, manually and via code. • Expensive security / penetration testing. • UI development cost for building portals. • Managing public sandbox environments

11. Addressing The Design Phase • Using GPT-4 (via ChatGPT or

    Open AI API) and Claude Sonnet in Copilot and Cursor to generate OpenAPI 3.0 specs from descriptions

12. Generating Mundane Code • GitHub Copilot (using GPT4, Gemini, Sonnet

    ) - generates boilerplate code from comments or API specs. • Amazon CodeWhisperer - spits API Contracts using Postman AI or (for serverless tech such as Lambda contract generation and API Gateway integration) • Swagger Codegen / OpenAPI Generator - generates scaffolding codebase / server stubs and client SDKs (Java, Python, TypeScript, etc.) from OpenAPI specs.

13. Developer Efficiency • VS Code with Copilot to spec, generate

    code, and find errors • Cursor AI – a VS Code based native-AI IDE to accelerate development initiatives by generating, explaining, describing, and fixing code. Like Copilot it integrates with several LLMs (such as Sonnet – which helps in architecting, code gen, and code reviews) • Tabnine – ML-powered code completion across multiple languages. • Cody (by Sourcegraph) – offers codebase- level Q&A and refactoring guidance using AI over entire repositories

14. Testing and Validation • Testfully – an AI-powered API testing

    platform that auto-generates test scenarios from OpenAPI specs. • PactFlow + Pact - to do consumer-driven contract testing. PactFlow offers AI- powered change analysis. • Postman AI - to auto-generate test cases, explain responses, and analyze test coverage. • Diffblue Cover - Uses AI to write unit tests for Java APIs by analyzing the codebase.

15. Monitoring • Datadog Watchdog - uses machine learning to detect

    anomalies in API latency, throughput, and error rate— alerting when there's an unexpected pattern. • ChatGPT – to craft contract intelligence, which allows us to mine API logs to surface most/least used endpoints, detect deprecated usage, or suggest caching strategies.

16. Security Considerations • Snyk Code - can review code snippets

    and flag potential risks before merge. • StackHawk - can scan API code and specs for common vulnerabilities (e.g., injection attacks, broken auth). It can scan the API (via OpenAPI spec or CI pipeline) for OWASP vulnerabilities like broken auth or injection flaws.

17. Developer Experience • ReadMe AI - auto-generates dynamic, interactive API

    docs using OpenAPI specs and custom content. • Mintlify - automatically generates elegant developer documentation from source code and offers AI summaries for code comments. • Swimm - helps explain and maintain code, including legacy mainframe codebase. • Chatbots - on DevEx to answer developers’ questions without having them raise customer contacts / support tickets.

18. Demo • VS Code with Copilot • Cursor AI with

    Sonnet

19. Summary • Using AI tooling in development Is Not optional.

    • AI tooling is abundant for all stages of the cycle. • AI tools are to be used to grow. business, not only add efficiencies • AI tooling could reduce the need of multiple expert developers. • AI tooling must be used to reason/explain code.

20. Thank you