AI Agents Are Coming For Your APIs

In a recent MCP Week discussion, John McBride, staff software engineer at Zuplo, shared insights from his talk "Agents Are Coming For Your APIs." His message is clear: the future remains fundamentally API-driven, even as AI agents reshape how we interact with digital services.

The article highlights some of the key takeaways from that discussion around how APIs and agents are going to interact and how engineers can prepare themselves and their APIs.

If you'd prefer to watch Martyn & John's conversation, you can in the video below!

The Loop That Never Sleeps#

At their core, AI agents operate through a continuous validation loop. Unlike the "one-shot" interactions we saw in early ChatGPT implementations, modern agents persist until they achieve their goals. They consume JSON schemas, make API calls, validate responses, handle errors, and iterate continuously.

This persistence creates both opportunities and challenges. Agents will autonomously decide to use your APIs, and if your service fails them, they'll simply move on to a competitor that has prepared for this agentic future.

Why Blocking Isn't the Answer#

The temptation to block agent traffic mirrors past reactions to web scrapers, but this approach misses the bigger picture. Agents are already finding ways to use platforms through suboptimal channels like browser automation tools that click through user interfaces never designed for programmatic access.

Rather than playing defense, successful companies will embrace governance and policy frameworks that enable controlled agent access. This isn't just about preventing problems; it's about capturing opportunities in an increasingly automated world.

Consider these examples:

Rate limiting policies that recognize agent behavior patterns and provide appropriate cooling-off periods instead of blanket blocks
Clear error handling that helps agents understand problems and correct course rather than endlessly retrying failed requests
Batch processing endpoints that enable agents to submit multiple operations efficiently rather than making hundreds of individual calls

Your API Response Is Your Dialogue#

When agents interact with your API, your responses become the only communication channel available. This makes traditional API design principles more critical than ever:

Schema Precision Matters More#

Agents rely on JSON schemas to understand how to interact with your endpoints. Unlike human developers who can interpret documentation contextually, agents depend entirely on these structured definitions. Loose or ambiguous schemas will cause agents to fail repeatedly in their validation loops.

Error Messages Need Intelligence#

Generic HTTP status codes aren't enough. Agents need explicit feedback about what went wrong and how to fix it. Clear error messages help break agents out of endless retry loops and enable them to course-correct effectively.

Documentation Becomes Executable#

Future API documentation will be increasingly use-case driven, written in natural language that Large Language Models can process. The descriptions in your OpenAPI specifications and MCP tools aren't just for human reference anymore. They're instructions for AI systems.

The Persistence Problem#

This persistence cuts both ways. While an agent's ability to work continuously provides value, it can also create operational challenges. A thousand agents stuck in retry loops can overwhelm your infrastructure just as effectively as any traditional DDoS attack.

Rate limiting becomes essential, but it's not just about quotas anymore. Smart rate limiting policies can recognize agent behavior patterns and provide appropriate cooling-off periods. Error handling needs to be designed to break agents out of futile loops rather than encouraging endless retries.

Rethinking API Design for Automation#

Single-request endpoints may not suit agent workflows. Just as cloud providers offer batch processing for LLM inference to reduce costs and improve efficiency, APIs serving agents should consider:

Bulk Operations#

Enable agents to submit multiple requests in a single call, reducing both network overhead and the chance of getting stuck in repetitive loops.

Asynchronous Patterns#

Implement submit-and-check patterns that allow agents to initiate long-running processes and poll for completion, rather than holding connections or repeatedly hammering endpoints.

Self-Service Capabilities#

Agents can't email sales teams or schedule meetings to get API access. Automated onboarding, key generation, and account setup will become essential for platforms that want agent adoption.

The MCP Gateway to the Future#

Model Context Protocol (MCP) represents a standardized way to expose API capabilities to AI agents. Companies building developer tools are already seeing the competitive advantage. For example, GitHub's early MCP server enables seamless integration with AI coding assistants, creating new workflows that feel increasingly natural to developers.

The pattern is simple but powerful: MCP servers are often just proxy to existing REST APIs, but they present those capabilities in a format that agents can discover and use autonomously.

Key Takeaways for Engineering Teams#

If you're starting out refactoring your API approach to suit a more "agentic" end user, you might well want to consider these three tips right now before you get into the newer, shiny stuff:

Audit Your API Catalog#

Review your OpenAPI specifications, schema definitions, and documentation. Ensure they're precise, complete, and written with natural language processing in mind.

Implement Smart Rate Limiting#

Deploy rate limiting policies that can handle the unique patterns of agent traffic. These patterns are persistent, high-frequency, but often predictable.

Consider MCP Implementation#

Start with developer-facing APIs, but consider how MCP servers could make your services more accessible to the growing ecosystem of AI agents.

The agent revolution isn't coming. It's already here and moving very, very quickly. Ultimately, the question isn't whether AI agents will use your APIs, but whether you'll be ready when they do.

Companies that prepare now will capture the opportunities of an automated future, while those that resist may find themselves automated away.

Have thoughts on this topic? Want to talk to us about our new remote MCP Server support in Zuplo? Reach out to in the #mcp channel of our Discord. We'd love to hear from you!