As AI becomes more deeply embedded in software development, it’s not just reshaping how APIs are built—it’s also redefining who (or what) is using them. In these dynamic times, API governance takes on a new urgency. I sat down with several thought leaders in this space—Leo, Head of Engineering at Tyk; Martin, CEO and Founder of Tyk; and Emmanuel, founder of Level 250—to explore two pressing questions.
- First: Can we trust AI-generated APIs to be production-ready?
- And second: What challenges do we face when APIs are consumed by AI agents and MCPs?
Can we trust AI-generated APIs to be production-ready?
All three experts agreed: not yet.
Leo emphasized the issue of accountability and, more critically, the problem of hallucination. “You can’t hold an AI accountable for bad design or broken contracts,” he explained. Large language models often hallucinate, producing incorrect or misleading outputs with high confidence. This makes it especially dangerous during review if the developer assumes the AI’s suggestions are correct.
Martin echoed this, emphasizing that the reliability of AI-generated code heavily depends on the prompt. When doing codegen, he noted that the output can swing wildly between brilliant and unusable. His advice: keep workflows modular and well-defined. The clearer your plan, the better the AI can follow it. If you are prototyping an API, embed clear guidelines and standards in the AI’s input prompts.
Emmanuel also positioned AI as a prototyping accelerator rather than a replacement for traditional development at this stage. “The API lifecycle hasn’t changed,” he said. “You still need to prototype, build, test, document, and govern.” What AI does is reduce the grunt work—no more hand-writing OpenAPI specs—so teams can spend more time on discovery and iteration.
He further stressed the value of combining AI tools with traditional governance. Validation, linting, and organizational standards should still be handled by deterministic tools. Importantly, prompts given to AI should embed these standards explicitly—guidelines, vocabularies, naming conventions—so that AI has a framework to build within. “AI doesn’t invent your standards. You do.”
But let’s be optimistic. Emmanuel added: “We’re seeing rapid advances with Replit Agent and the like.” One day, we might be able to use AI to generate production-grade API in zero-shot or few shots. The key will be embedding our API guidelines into the input prompts, and ensuring both human reviewers and deterministic tools are in the loop to validate the AI’s output and provide feedback to the LLM.
What challenges do we face when APIs are consumed by AI agents and MCPs?
On the flip side, we also have to consider AI as a consumer. Here too, consensus emerged: LLMs are not yet great at consuming APIs reliably, but MCPs offer a path forward.
Leo described MCPs as essential abstraction layers. These act like AI-native API gateways that simplify and translate complex, messy backend APIs into concise, clear actions an AI agent can understand. They mask awkward design decisions, outdated protocols, or non-standard practices.
Martin pointed out the current friction. “AI tool calling is hit or miss,” he said. Agents often make incorrect assumptions and mess up API calls. While better documentation and vendor improvements will help, today’s experience remains frustrating. He also flagged a lesser-known challenge: MCP clients are not always context length aware and can bloat the prompt window. This is difficult to fix as the tool just returns data and shouldn’t need to be aware of caller limitations.
Emmanuel shared a broader outlook. He emphasized the need for simpler, use case-aware APIs. To make this work, we need proper discovery, instant onboarding, the ability to pay transactionally, and a host of other supporting mechanisms. Emmanuel also pointed to emerging standards like Model Context Protocol (MCP), Agent to Agent (A2A) as ways to begin codifying and streamlining these interactions.
My reflection: Better APIs for AI starts with better API design
What struck me through these conversations is this: the problem isn’t always the AI. Sometimes it’s about API design. If our specs are noisy, inconsistent, or overly complex, it’s no wonder AI agents struggle.
To make APIs more consumable for machines, developers need to prioritize clarity, structure, and enforcement. Here’s what that looks like in practice:
- Use concise operation descriptions – Explain what, why, and when an endpoint should be used.
- Define meaningful operationIds – Think getInvoiceById instead of dataFetch1.
- Document all parameters and schema fields – Include types, formats (like date-time), and clear descriptions.
- Provide example requests and responses – Help AI agents (and devs!) learn by pattern-matching.
- Avoid deeply nested structures – Flatten payloads and limit the number of required inputs.
- Lint your OpenAPI specs – Use tools like Spectral to enforce consistency and clarity.
- Use structured error messages – Clearly indicate what went wrong and how to fix it.
- Secure with rate limits and access policies – Prevent AI misuse with gateways like Tyk.
- Keep naming consistent – Use the same field names across endpoints to reinforce semantic patterns.
- Validate requests at the gateway level – Use tools like Tyk to enforce schema correctness early, protect downstream systems, and give AI agents fast, actionable feedback to improve their request accuracy.
When workflows require multiple steps, abstraction layers like Model-Context-Protocol (MCP) or explicit operation chaining guidance should help AI agents reason through them.
Ultimately, good API governance in the age of AI doesn’t replace human oversight. It simply demands that we be even more intentional about how we design, document, and manage our APIs—not just for human developers, but for the intelligent agents starting to call them.
By marrying strong governance with smart AI integration, we can unlock new levels of productivity, and design APIs that serve both people and machines. Tyk AI Studio helps you bring that balance to life, combining structure, speed, and control for AI-powered API workflows.
