Headless architecture is on the rise

Lori MacVittie 缩略图
Lori MacVittie
Published December 12, 2022

The explosive and expansive use of APIs is contributing to the rise of headless architecture and providing GraphQL a prominent place in this neomodern application architecture.

For more than two decades, significant paradigm shifts in app architectures have directly impacted the evolution of app delivery. Historically, application architectures destined to dominate and influence our makret rise and begin to shape the market every five years and become dominant about five years after that, which in turn drives change into the app delivery market. 

Microservices (cloud-native) gained market mindshare in 2015, but it was not until 2020 that service mesh and ingress control rose driving the direction of the app delivery landscape. We are now seeing early indications of a new architecture—headless—rising that will replace microservices as the driving force in app delivery.

Impacts of apps on app delivery

Based on historical trends, headless architecture will reach market mindshare by 2025 and begin driving change into the app delivery market. The reliability of this cycle, combined with the increasing activity and interest in the market related to APIs and graph technology, forfends significant impact on app deliery by the year 2030.

Trends driving headless architecture

There are several external forces driving two technology trends to converge that will result in the next big shift in app delivery: API-first design and the democratization of data.

  1. Digital Transformation
  2. The drive to digitize business manifests as ‘digital services’ delivered by a ‘digital enterprise.’ Digital services are ephemeral, business constructs composed of apps, app delivery, app security, and data, integrated, orchestrated, and operated through the use of APIs. Eighty-two percent of organizations today deliver digital services to both internal and external consumers (SOAS 2022).

    Simultaneously, adoption of microservices, which communicate primarily via APIs, has continued to rise. According to our own research, we estimate “the number of public and private APIs today is approaching 200 million, and by 2031 that number could be in the billions.”

    Trend: The result is a shift toward APIs on a magnitude that will drive disruption into the mature app delivery market, much in the same manner mobile and microservices disrupted the app delivery market between 2010 and 2020.

    • “APIs are heavily leveraged, with an average of 15,564 APIs in use among survey respondent organizations, and a growth rate of 201% through 2021” (Noname Security).
    • 18% of the market activity I tracked in FY22 related in some way to APIs. Investments into APIs will increase or remain the same at organizations over the coming 12 months, according to 89% of respondents in Postman’s 2022 State of the API Report, which surveyed more than 37,000 API professionals.

  3. Decentralization
  4. Decentralization is the result of distributed digital activity arising from remote work, mass IoT adoption, and concerns over data privacy. Decentralization is often tied to Web3 technologies such as blockchain as well as edge computing, particularly when applied to industrial IoT. The result of decentralization, however, is actually what drives disruption. Both data and applications ‘decentralize,’ which introduces the expected performance and security challenges of any distributed system. This includes the 77% of organizations looking to deploy data processing and digital front end workloads at the edge (SOAS 2022).

    Trend: Decentralization has consequences beyond distributed applications as it also incorporates the ability to distribute data. Traditional approaches relegate data to a protected tier, behind applications. Decentralization is forcing a new approach in which data is exposed through APIs directly, without requiring an intermediary (application). This shift eliminates the tier-based approach to application architecture and provides a direct-to-data route for external partners, third-party developers, and consumers. The beginning of this democratization of workloads within application architecture can be seen in microservices architectures. We also see the extant business value of democratizing data in business models that rely on inversion; that is, freeing data through APIs to create value for partners and third-party developers.

    We also see the extant business value of democratizing data in business models that rely on inversion—that is, freeing data through APIs to create value for partners and third-party developers.


  5. Low-Code/No-Code
  6. Digitization is driving demand for more engineering talent than exists in the market. This leaves organizations unable to tap into the vast stores of data generated by a digital business. Talent that does exist is overloaded and often unable to develop as quickly as business demands.

    This gap in supply and demand is driving a surge in low-code/no-code solutions to enable a broader set of users to develop solutions and services. Research indicates 75% of businesses will adopt a “mixture of low-code/no-code and conventional innovation.”

    Trend: Low-code/no-code solutions rely on access to business logic and data, both of which are made broadly available by the democratization of data and API-first design. The need for these solutions acts as an accelerant to the maturation of both data and API trends.

The language used in market related to APIs—routers, gateways, middleware—is similar to language used before prior shifts in the market driven by microservices, mobile, and architectural changes. The activity, terminology, and rate of API creation indicate this shift will have significant impact on the app delivery and security markets.

We are already seeing the beginning of API-based disruption in the industry in the form of products and services focused specifically on API observability, security, threat intelligence, and federation.

These shifts do not occur in a vaccuum. Indeed, the shift in app delivery caused by microserivces was largely due to widespread adoption of Kubernetes and its architectural decision to directly incorporate capabilities traditionally offered by app delivery technologies such as ingress controllers (L7 routing).

The API shift is no different, and current trends indicate this shift will drive the rise of GraphQL, an approach to designing APIs that more directly interacts with data and addresses performance concerns with REST-based solutions and, more importantly, will incorporate app delivery capabilities into its core feature set.

Headless Architecture

The dominance of APIs is driving what analysts are calling “headless architecture”; that is, business capabilities and functions exposed as APIs without the traditional presentation layer. This architecture is often discussed in the context of ‘composable applications,’ another waxing technology trend emerging in the market.

Headless Architecture

Headless architectures are a good fit to address the need for low-code/no-code solutions, as APIs are a practical way to deliver composable logic that is easily customizable without considerable effort. Headless architecture also serves the need to compose digital services from a variety of applications, services, and systems, and they are eminently practical ways of integrating distributed workloads, as already evidenced by the predominantly API-driven IoT market.

Thus, it seems sound to say that the next shift in app delivery and security technologies will be driven by APIs, which will drive headless architectures into the mainstream.

The most significant impact will be to API delivery and security services. The market has long treated APIs as simply a specialized use case of web app delivery and security. This shift will expose the reality that APIs are a separate class of entities with specific delivery and security needs that cannot be addressed by traditional means. This is especially true when exploring the impact of data services directly exposed via APIs. For the bulk of history, data has been exposed only through applications. The exposure directly via an API is a significant shift on its own, but provides the perfect example of why APIs are no longer a subset of web apps but a discrete architectural component in their own right. 

The Role of GraphQL in Headless Architecture

This shift in app architectures is also occuring at a time when API approaches also historically shift, typically in response to the way APIs are used. All APIs are ultimately used to exchange data, but over time the type and format of that data change to reflect application architecture constraints and capabilities. For example, REST and JSON became popular along with a shift toward mobile and microservices as a response to the need for more frequent exchanges of data and the reduced computing power of mobile platforms. SOAP and XML required extensive parsing and consumed excessive bandwidth. REST and JSON reduced the burden by leveraging existing HTTP constructs to describe endpoints and shifting to a simpler data format in JSON.

Both SOAP/XML and REST/JSON require traditional developer skillsets, however, and the trend is toward low-code/no-code, which assumes little if any developer skills. GraphQL is a simple query language, geared toward non-developers and highly affine to simple tooling that makes it available to a broader set of users. This makes APIs accessible and composable into digital services of all kinds. This makes it a perfect replacement for REST/JSON as architectures move toward API-only (headless).

GraphQL is the current favorite solution to the problem of API sprawl and the same performance issues that helped drive the shift from SOA (service-oriented architecture) to REST. GraphQL also has the benefit of a specification, which is helping to drive the development of low-code/no-code solutions that offer relief to the challenge posed by a talent shortage.

Finally, because GraphQL queries APIs, and the vast majority of data stores today are API-enabled, GraphQL based solutions can effectively eliminate the application “middle man” and go directly to the data source itself. This is particularly helpful for distributed applications that need fast, direct access to data in remote locations.

This places GraphQL in a great position to act as a “gateway” to headless architecture, much in the same way that ingress controllers rose to act as the “gateway” into microservices architecture.


They say the only constant is change, and that holds true for technology. We rarely stand still for more than a few years before someone changes the rules of the game. In the world of app delivery and security, those rules are partially defined by application architectures. Thus, no significant change in application architectures occurs without acting as a forcing function on app delivery and security to also evolve.

This shift is still a few years away, but you can already see the profound impact technologies like GraphQL and APIs are already having on everything from infrastructure to edge to app delivery.

Headless architecture is on the rise, and GraphQL will play a significant role.