APIs are the backbone of enterprise platforms, yet many continue to operate on unsupported frameworks alongside modern services. This mismatch introduces inconsistent standards, security risks and growing technical debt, slowing delivery and increasing operational friction.

In large enterprises, APIs evolve over a decade or more, accumulating undocumented behavior, implicit contracts, and hidden dependencies. As a result, modernization becomes less about rewriting code and more about rediscovering intent.

Most modernization effort is spent understanding existing behavior rather than implementing the new solution. However, AI-driven migration offers a new path forward by accelerating API uplift activities such as dependency discovery, instruction-guided controller migration, and the transformation of legacy unit tests into modern test suites.

The challenge 

Recently, a Thoughtworks team helped a client modernize an enterprise platform. Aware of the challenges of understanding the existing system, we developed a migration framework that uses AI to orchestrate & accelerate legacy API modernization

The client’s platform, which powers a B2B retail app, is supported by 25+ backend APIs across multiple domains, such as invoices, operations and payments. Each contains anything from 100 to more than 1,200 controllers and handles critical operational processes. Built more than a decade ago on .NET Framework 4, the system has evolved to meet business demands; this has resulted in increased architectural complexity and technical debt. 

While the platform remains essential for day-to-day operations, its legacy foundations now create challenges for maintainability, security and modernization. Addressing these challenges requires a thoughtful approach that reduces risk while maintaining the stability of critical business workflows. The challenges include:

  • High system complexity: 25+ APIs across domains with large controller footprints (100–1200+) create tightly coupled services and difficult-to-manage codebases.

  • Aging technology stack: The system is built on .NET Framework 4, which is now outdated and increasingly difficult to maintain or extend.

  • Accumulated technical debt: Over 11 years of incremental development has introduced inconsistent patterns and complex dependencies.

  • Security and compliance risks: Legacy framework vulnerabilities in .NET4 have introduced security risks and compliance issues.

  • Operational risk: APIs support critical workflows. That means any changes could be a commercial risk without careful planning.

  • Engineering productivity constraints: Large controllers and fragmented logic increase development effort, regression risk and time required for system analysis.

Why traditional API uplifts struggle to scale

Traditional uplift is constrained not by coding effort, but by uncertainty about the existing system: lack of documentation and knowledge stuck only in the minds of those who worked on it (who may no longer be working at the organization) are real and familiar challenges to people who do this kind of work. 

Indeed, when working with large, business-critical API ecosystems, the majority of the effort shifts from coding to understanding, validating and coordinating changes safely. In practice, this creates several systemic bottlenecks.

The discovery tax

Before any migration work can begin, engineers must first understand the existing API landscape — its endpoints, consumers, downstream systems and contracts. This discovery phase can be manual and time-intensive, especially in legacy systems where documentation is incomplete or outdated.

Fear-driven development

Each change introduces risk, especially when APIs support existing core business, financial or operational workflows. Engineers will often proceed cautiously, often replicating legacy patterns to avoid breaking anything.

The test coverage gap

Legacy systems often lack reliable automated validation, forcing long manual regression cycles. This can significantly extend release timelines and introduce operational friction.

The practical limits of traditional migration approaches

In practice, traditional API uplift approaches struggle to deliver modernization at the speed required by the business. Taking the environment we were working with, timelines looked something like this:

  • The average migration velocity would be approximately two controllers per sprint per developer.

  • Validating regressions would be around four weeks per release cycle.

  • The estimated timeline for full migration of the 25+ APIs, around 10 years.

Clearly, modernization is slow and time-consuming. Such timelines understandably make large-scale transformation difficult to sustain. This is because prolonged modernization cycles tie up engineering capacity, extend exposure to legacy security risks, increase operational costs, and delay the adoption of modern architectures—ultimately limiting the organization’s ability to innovate and respond quickly to evolving business needs.

From AI as a generator to a guided agent

To streamline API modernization, we introduced a semi-automated, instruction-driven migration framework powered by Copilot. The approach focuses on accelerating understanding of existing behavior and enabling confident transformation through structured guidance. 

Instead of treating AI as a free-form generator, Copilot operates as a guided migration agent governed by defined rulebooks. This turns modernization into a consistent and repeatable engineering workflow. The breakthrough was not simply using Copilot, it was constraining it which ultimately led to transforming our approach.