Telcos could reap $35 billion from comms APIs but they must tread carefully

That's the impression given by two contrasting reports on the API market that have appeared this week. One from Juniper Research that will most assuredly fuel the excitement that has rapidly engulfed this particular subject, and another from ABI Research that tempers it somewhat.

First, the good news. According to Juniper, applications – like rich media messaging and conversational AI – that leverage network APIs will generate $35 billion globally for operators by 2027, accounting for 32% of total telco-related API revenues.

The growth is being driven by declining SMS revenue and the subsequent need to make up for the shortfall by spinning up rich communication services (RCS) for business messaging, including AI-powered chatbots.

Indeed, Juniper notes that operators face the twin threats of disintermediation due to the rise of over-the-top messaging services, and falling revenue thanks to so-called 'flash calling' – an automated authentication method that verifies a user's identity by placing a brief call to their phone number, negating the need to send a verification code via SMS.

By exposing comms APIs to software developers, operators have the chance to regain their position in the value chain and get their collective mitts on some of that all-important moolah.

In June, Juniper estimated that telco revenue from the entire API market could reach nearly $160 billion by 2029.

With that in mind, earlier this week, CAMARA – the open source API project led by the GSMA and the Linux Foundation – published its first official release of 25 network APIs, which should help the industry get underway.

Meanwhile, last week a group major operators teamed up with Ericsson to establish a joint venture that will package up and sell network APIs. The group has already agreed to partner with Ericsson's Vonage unit and Google, giving them access to millions of developers around the world.

Also last week, Vonage struck a deal to provide comms API access to business software giant SAP to use for various solutions, including authentication and asset tracking and so-on.

Steady headway is being made then; however, there is a potential pitfall to network API exposure that operators must avoid at all costs.

"It's critical that operators don't rush this," warned Georgia Cooke, digital security research analyst at ABI Research. "API-based network exposure could be a viable counter to slow 5G network return on investment (ROI). Still, it also presents a major security risk and must be achieved in measured and comprehensively reviewed steps."

"APIs have already been the source of major telco breaches, and this will keep happening if good security design and policy isn't included from the very beginning."

ABI says that APIs themselves can be useful in detecting and mitigating cyber attacks that seek to breach telcos through their network APIs. It predicts that the market for security-focused APIs could be worth more than $5 billion by 2028, more than the 5G security software market, which is expected top $4.6 billion over the next five years.

"If well-implemented, APIs could be an invaluable source of data for threat identification systems, with network insight that could alert security analysts to attacks in the early stages and prevent successful breaches," Cooke said.

And yet, "simple misconfiguration or human error could leave networks exposed and vulnerable to attackers," she warned.

"The ecosystem has diverse stakeholders, and the potential returns could be considerable – but there are key security concerns which must be addressed early in the process."

Unfortunately, telcos are no strangers to data breaches. They are well-practised at navigating the fallout, taking steps to patch up the subsequent damage to their reputations, and – crucially – moving on as quickly as possible.

Nonetheless, the industry needs to be mindful that it is one high-profile failure away from blunting the progress of this promising new market.