Assumptions and Constraints

The ground truth this research is built on. If any of these assumptions change, the problem prioritization shifts with them. These aren't predictions—they're the conditions we observe today across every design partner conversation.

🌐 Customers will continue to depend on third-party APIs they do not control

🚧 Integration teams remain resource-constrained

🔒 Security and compliance requirements will increase, not decrease

🤖 MCP and agent-based integration patterns will become standard enterprise requirements

🏗️ Existing API governance investments must be leveraged, not replaced

❌ Manual registration approaches will continue to fail at scale

📝 AI agents will increasingly consume APIs, requiring higher metadata quality

🛡️ Enterprise security restrictions will limit standard distribution mechanisms

📈 Reuse must be measured by business outcomes, not just activity metrics

👻 Shadow infrastructure (team-owned gateways) will continue to exist and must be accommodated

🧩 Data/schema consistency is a prerequisite for effective AI agent integration

🔑 Teams will resist centralized credential management without clear value proposition

🧪 Context engineering will emerge as a formal discipline, requiring dedicated roles, tooling, and evaluation frameworks

👤 Identity and authorization infrastructure (Entra, Okta) will need to evolve to support agent-to-agent and on-behalf-of token patterns

🔀 APIs are only a fraction of the integration landscape — SAP, iPaaS, Kafka, Solace, EDI, and custom protocols carry equal or greater business-critical traffic

💱 Vendor economics will change after enterprise adoption (pricing shifts, feature gates, acquisitions), making lock-in risk a structural concern not a one-time evaluation

📑 Documentation is now infrastructure — markdown files drive agent behavior and need governance comparable to code (reviews, standards, gates)

🚧 Governance will continue to be culturally rejected unless it is repositioned as enablement ("golden path") rather than enforcement ("gate")

💻 AI-generated code is entering production without security attestation, and the volume will outpace manual review capacity

📏 Target customers operate at 10x typical enterprise scale (5,000+ interfaces, 7,500+ applications) — architecture that assumes 100-500 integrations will fail them

📡 Enterprise network infrastructure (proxies, firewalls, security policies) is incompatible with streaming protocols (SSE, long-lived HTTP) that MCP and AI services depend on

📝 IDEs and coding assistants are replacing portals as the primary developer touchpoint — governance that doesn't reach the IDE won't reach the developer

📐 Buyers will require open standards (OpenAPI, AsyncAPI, JSON Schema, MCP) as a non-negotiable — vendor lock-in resistance is a purchasing criterion, not a preference

🌍 Globally distributed engineering teams require consistent governance regardless of geography — organic consistency through tooling, not manual review across time zones