Competition for data control will push API prices higher

Over the summer of 2025, several major software vendors took steps to restrict access to their APIs.

Vendors restricting API access and imposing new rules on use include Reddit, Slack, Meta, Microsoft, Salesforce CRM (but HubSpot is taking a different tack), NetSuite, and Workday (although Workday has a very interesting approach to AI training using synthetic data).

In many cases, the rationale given is to protect user data and to manage the load on their systems imposed by AI-intensive applications. Many users dispute this and do not want their data locked into these applications.

Resolution of this tension is likely to be new pricing models and higher overall prices for APIs.

TL:DR

Major SaaS and social platforms (e.g., Slack, Salesforce, Meta, Microsoft, Reddit) are tightening API access and imposing new restrictions, especially in response to AI use cases.

• B2B SaaS and social media platforms diverge in philosophy: SaaS sees data as customer-owned, while social platforms treat user data as a monetizable platform asset.

• API restriction trends:

  • SaaS vendors emphasize contract controls, focus on synthetic data, and let enterprise customers negotiate terms.

  • Social platforms prioritize platform control, move toward data licensing, and restrict end-user negotiation.

• Slack (Salesforce): Severe rate limits, mandatory marketplace vetting, and explicit bans on using Slack data for AI model training now apply.

• Security and competitive drivers: Restrictions aim to prevent data exfiltration, bolster platform security, and protect revenue by locking data into proprietary ecosystems.

• Industry impact: Workflows and integrations—especially headless and API-dependent apps (e.g., Glean)—face significant disruption, impacting enterprise automation and search functions.

• API pricing trends:

  • Historically, APIs were bundled or cheap; now, prices are rising as access to data becomes critical for AI/agent workflows.

  • A new four-party value chain (customer, enterprise app, AI agent, foundation model) creates complex flows of data, value, and dollars.

  • Legacy vendors are shifting to demand direct, higher-value payments from AI/agent apps for API access.

• Predicted next 18 months:

  • API prices will rise sharply; vendors will charge AI agents directly, regardless of customer licensing.

  • Some AIs may bypass APIs by leveraging data lakes.

  • API and protocol (e.g., MCP, A2A) changes will reshape SaaS pricing and product models, introducing new mechanisms for monetizing data access and pushing costs higher for AI apps and agents.

Legacy vendors’ response to AI vendors’ API access

We surveyed how different B2B SaaS vendors and social media platforms are changing API access in response to AI.

We can see some common themes emerging.

Data Ownership Philosophy Divide

B2B SaaS: "Customer data belongs to the customer"

• Focus on synthetic/anonymized data for internal AI development

• Contractual protections against unauthorized AI training

• Customer sovereignty over their own information

Social Media: "User content is platform asset"

• User-generated content treated as valuable training inventory

• Aggressive monetization of data access to AI companies

• Limited user control over content usage

Revenue Model Evolution

B2B SaaS: Cautious integration approach

• API access remains value-add or competitive differentiator

• Subscription-first model with selective monetization

• Mixed strategies based on market positioning

Social Media: Fundamental business model shift

• Move from pure advertising to data licensing revenue

• API access becomes primary monetization vehicle

• Uniform adoption of pay-per-use models

Customer Power Dynamics

B2B SaaS: Enterprise buyer leverage

• Large contracts provide negotiation power

• Custom agreements and grandfathering policies

• Gradual implementation with customer communication

Social Media: Platform dominance

• Individual users have minimal negotiation power

• Rapid, disruptive policy changes

• Limited appeal or exception processes

AI Competition Strategies

B2B SaaS: Varied competitive responses

• Some tighten control (Slack/Salesforce)

• Others expand access (HubSpot) for competitive advantage

• Focus on customer retention through ecosystem value

Social Media: Uniform defensive posture

• Aggressive protection against AI training data extraction

• Exclusive licensing deals with select AI giants

• Closed ecosystem with controlled access points

Slack, now a Salesforce subsidiary, provides a good case study of how companies are locking down their APIs.

These changes have unfolded in three phases (different B2B categories may be in different phases).

Phase 1 (2023): Initial Restrictions

• Social media platforms lead with dramatic API changes

• B2B SaaS companies begin policy reviews

• Focus on preventing unauthorized data scraping

Phase 2 (2024): Policy Refinement

• Business model adjustments and pricing optimization

• Enterprise negotiations and custom agreements

• Regulatory scrutiny increases

Phase 3 (2025): Strategic Divergence

• Clear separation between B2B and social media approaches

• Market positioning through API policies

• Long-term competitive strategies emerge

Why and how Slack throttles API access

Slack introduced severe rate limits for two critical API methods starting May 29, 2025:

• conversations.history: Limited to 1 request per minute for non-Marketplace apps

• conversations.replies: Also restricted to 1 request per minute for non-Marketplace apps

• Message limit: Maximum of 15 messages per request (reduced from 1,000)

These restrictions apply to all commercially distributed applications outside the Slack Marketplace, while internal customer-built apps maintain their existing higher rate limits of 50+ requests per minute with up to 1,000 messages per request.

Mandatory Marketplace Requirements

Slack updated its Developer Policy to clarify that commercial distribution must go through the Slack Marketplace. The policy explicitly states that:

• Apps intended for commercial distribution at scale must undergo Marketplace review

• Unlisted apps are for development and testing purposes only, not large-scale distribution

• The Marketplace requires manual review to ensure quality and security standards

Data Usage Restrictions

The updated terms reinforce strict safeguards around data handling:

• Prohibition of LLM training: Apps are explicitly prohibited from using Slack data to train large language models under any circumstances

• Limited data storage: Third-party applications can no longer bulk download, index, copy, or permanently store Slack messages via APIs

• Immediate deletion requirement: Data acquired via API must be deleted immediately after use for non-approved applications

Legacy App Deprecation

Slack is discontinuing support for older app types:

• Legacy custom bots will be discontinued by March 31, 2025

• Classic apps will be discontinued by November 2026

• These apps must migrate to the modern Slack app framework

Slack’s Reasons for the Restrictions

AI and Data Security Concerns

The primary driver for these restrictions is the growing concern about AI systems and data security:

• Prevention of bulk data exfiltration: The restrictions aim to prevent unvetted applications from potentially exfiltrating large amounts of sensitive conversational data

• Protection against AI training: Slack explicitly prevents third-party applications from using customer data to train AI models, addressing concerns about unauthorized use of proprietary business communications

• Maintaining access controls: Bulk downloads risk exposing sensitive information and undermining Slack's built-in access controls, such as private channel membership

Platform Security and Trust

Slack emphasizes that these changes strengthen the security ecosystem:

• Marketplace review process: The mandatory Marketplace review includes security analysis and scope verification, ensuring apps meet security standards before widespread distribution

• Preventing abuse: The restrictions target applications that pose the highest risk to customer data security

• Enterprise confidence: The review process helps enterprise customers trust the apps they install

Real-World Security Incidents

Several high-profile security incidents have demonstrated the risks of unrestricted API access:

• Disney breach (2024): Hackers exfiltrated 1.1TB of data from Disney's Slack, including unreleased projects, code, and credentials

• Uber breach (2017): Attackers accessed Uber's GitHub repository by stealing credentials from a Slack account, exposing data for 57 million users

• These incidents highlight how Slack can become a vector for broader organizational breaches

The ‘real’ reasons

Industry analysts suggest additional motivations:

• Platform lock-in: The restrictions effectively keep Slack data within Salesforce's ecosystem, potentially forcing customers to use Salesforce's own AI and analytics tools

• Revenue protection: By limiting third-party integrations, Slack can direct customers toward its own premium features and marketplace partnerships

• Data as a competitive advantage: In the AI era, controlling access to conversational data provides significant competitive leverage

Alternative Solutions Offered

Slack introduced a Real-time Search API as an alternative to bulk data access:

• Allows real-time querying of Slack data without storing it locally

• Maintains permission-based access controls

• Currently in closed beta with select partners

• Designed to unlock AI use cases while keeping data secure

Slack announced support for the Model Context Protocol in collaboration with Anthropic:

• Enables modular, secure AI workflows

• Features OAuth authentication that respects existing permissions

• Provides rich data grounding for AI applications while maintaining security

Industry Impact and Reactions

The restrictions have generated significant controversy within the developer community:

• Broken workflows: Many companies report that their Slack-based automations and integrations have been severely impacted

• Loss of functionality: Enterprise search tools like Glean can no longer index Slack data, hampering AI-powered knowledge management

• Customer trust concerns: Critics argue that Slack is violating customer trust by restricting access to their own data

There is speculation that Glean is one of the main targets of these actions. Glean. Glean solves the problem of information discovery in large organizations where knowledge is scattered across dozens of different tools and applications. It is completely dependent on API access to work.

This is an example of a headless, API-dependent application. This is an emerging class for applications that may rewrite are expectations of B2B software. Such software can be critically undermined by sudden rate-limit changes.

Pricing of APIs: Past, Present, Future

Pulling up a level, pricing of APIs was initially done as a professional service, part of integration work. Companies then decided that (i) there is an ongoing cost to maintain integrations and (ii) that value from integrations accrues and builds over time. This led to the introduction of subscriptions to third-party integrations. Then, integration platforms like Zapier emerged that crashed the cost of implementing and maintaining integrations, and API level integration was seen as glue that would make applications sticky. The price of subscriptions and API access dropped sharply.

We are not in a phase shift. The value of integrations and the data they give access to has gone up dramatically, while AI has made crosstalk and data mapping much cheaper. The value lies not in the integration per se but in the data it provides access to.

How is that data providing value from 2025 forward?

There is a lot of tension between the three (or is it four) concerned parties.

The four parties concerned are:

• Customer/User - the source of all data and dollars, perhaps we should differentiate between the customer or buyer and the end user, who may have very different perceptions of cost and value.

• Enterprise App - the legacy app that often serves as a data repository and system of record.

• AI App or Agent - the new AI app or agent that wants to access data from the enterprise app to train its own models and enhance its value.

• Underlying Foundation Model - the foundation model that is often powering at least part of the AI app or agent’s functionality.

To understand how the pricing of APIs will evolve under the pressure of AI, we need to map three types of relationships between these four actors:

• Data flow - where is data created, and where is that data captured? The arrow points from the creation of the data to the place where it is captured.

• Value flow - one actor creates value and provides it to another; the arrow points from the creator to the beneficiary.

• Dollar flow - who is paying, the arrow flows from the payer to the payee (the recipient of the payment).

Tension arises when value flow and dollar flow go in opposite directions or there is value flow and know dollar flow, or dollar flow and no value flow. Cycles can also cause tension in these systems as they lead to arguments about value attribution (who should get credit for creating the value).

The following diagrams have been simplified as much as possible.

The data comes from the customer and the foundation model. Customer data runs through a cycle from customer to enterprise app to AI agent or app, where it is enriched with one or more foundation models and then fed back to the customer. These cycles lead to conflict about who is really creating the value and how much of that value each participant can claim. We could make this picture even more complicated by adding a direct connection between the customer and the foundation model.

Many companies have direct business relationships with the foundation model companies (OpenAI, Cohere, Anthropic, Mistral, etc.) and pass data down to train foundation models. They pass dollars along with that data, and value flows back up.

Does value flow in the same direction as data, or are there counterflows? This is a critical factor to consider when thinking about the future of AI and API pricing.

There are two key disconnects here.

• Value and data both flow in the same direction from the Enterprise app to the AI app or agent. Instead of ‘I give you data and get value back,’ it is ‘I give you data and you get value from that data, what do I get?’ The answer will have to be ‘dollars.’

• Value and data both flow from the AI app or agent to the customer. This is not always the case, of course. It is limited to when the Enterprise app is the source of data and the agent is a decoration on top of that. Quite often, the AI agent or app also collects data. But the perception that the agent/app is providing value and data can give it much higher willingness to pay than is there for conventional apps, and we are seeing this in the actual pricing, where agents general have a premium over the enterprise app (much to the dismay of legacy vendors, many of whom are in denial about this).

The conclusion is that legacy enterprise app vendors are going to want money from the agent vendors in return for providing API access.

The key insight from all this is that the legacy enterprise app vendors will demand that dollars flow from the agents to them. This is a change in business model. based on conversations we have had with dozens of AI agent companies, they are not prepared for this and will resist it.

• Enterprise apps are providing value to AI agents

• The AI agents are frequently not paying for this and are riding off the agreements between the customer and the enterprise app

• Enterprise apps will demand direct payments from the AI agent/app

• The AI/agent app will be able to cover this additional cost from the higher willingness to pay that many customers have for agents relative to legacy applications.

Conclusion

APIs are getting more valuable. The era of cheap access to APIs paid for by the customer or end user is coming to an end.

Over the next 18 months, expect:

• Legacy software vendors to charge agents for access to their APIs, independent of the payments by the customer to the legacy enterprise application

• Prices for API access to go up, depending on the current pricing, this change could be several orders of magnitude

• Some agents to take an alternate approach (an end run) by connecting to data lakes rather than enterprise APIs (which makes data lakes more valuable, so the prices for data lakes could also go up)

APIs and API pricing will be almost as big a challenge as agent pricing over the next 18 months. APIs and their modern enhancements, such as MCP (Model Context Protocol) and A2A (the Agent to Agent protocol), are going to have a big impact on overall SaaS pricing and will move from being an afterthought to the main meal. The emergence of headless applications like headless CRM (a CRM with no user interface that relies on agents for user interactions) will blend with API and agent protocols to change how we think about value creation, delivery, and capture through pricing.

Recommendations:

• For SaaS Vendors:

  • Audit existing API access policies and pricing to anticipate competitive and regulatory shifts.

  • Clearly communicate API changes to customers and partners.

  • Explore new pricing models (e.g., tiered, usage-based, direct-to-agent licensing).

  • Invest in protocols/APIs that facilitate secure, value-additive integrations (MCP, A2A).

• For AI/Agent Developers:

  • Build contingency plans for rate-limited or restricted APIs.

  • Establish direct partnerships with data sources and SaaS vendors.

  • Consider hybrid architectures leveraging data lakes where APIs are restricted.

• For Enterprise Buyers:

  • Reassess integration dependencies across their SaaS landscape.

  • Proactively engage vendors about future pricing and access changes.

  • Factor API access terms into procurement, security, and digital transformation strategies.

• For All:

  • Monitor regulatory developments and industry standards around data portability, API access, and AI governance.

Navigating the new pricing environment brought by AI agents? Contact us @ info@ibbaka.com