An API Governance Model for Great APIs

WHAT’S AN API GOVERNANCE MODEL AND WHAT DOES IT INVOLVE?

  • API design patterns and standards, that are ideally baked into the process, for easy identification of what is in and out of compliance
  • With guidance on methods, parameters, platform and region requirements supporting top-down and bottom-up API development
  • Information models for consistent resources (in request/response payloads) and APIs that are designed in the language of the business
  • Automated API governance and validation flows against approved style guides, providing real-time guides on acceptable artifacts
  • With governance summaries including API name and description, version and lifecycle state, owner, Specification type (REST, SOAP etc.), classifications, method/operation consistency, NFRs, policies
  • Common utility services like security, and policies that can be configured based on usage
  • Non-Functional Requirements (NFRs) and Service Level Agreements (SLAs)
  • ID access control for production modification
  • The ability to generate consumable runtime-ready artifacts (leveraging template-driven output to ensure consistency and save API development time)
  • Standard and best practice policies as well as fault tolerant flows for ensuring consistent error responses
  • Best practice policies for greenfield and brownfield APIs
  • Validation against code rules in the CI pipeline
  • Unit test examples for policies/code and script runners for acceptance testing of the proxy
  • Software Development Kits (SDKs)
  • Documentation

RECOMMENDED APPROACH TO IMPLEMENTING AN API GOVERNANCE MODEL — ALIGN TO A HOLISTIC CATALOG AND EXTENDED API AND SERVICE LIFECYCLE

  1. API Standardization. Most large enterprises rely heavily on contracted developers working in their own IDEs/basic editors to code their APIs, with API governance model standards held in documents or spreadsheets — therefore it’s hard to enforce enterprise standards and scale beyond a handful of talented developers
  2. API Governance Reporting. Not only is it hard to enforce the actual standards, but near impossible to report on, as there’s no single source of truth into an API or Service’s level of maturity and governance compliance — and enterprises desperately need this view into their portfolio — for both internal executive and external regulatory reporting
  3. User Experience for Applying Governance. We see most enterprises are still treating APIs as mere technology assets created as project by-products. As more of the upfront design and build work moves from IT focused and manual to one with clear business direction and self-service for providers, APIs need to be developed and deployed in an optimal way allowing your organization to successfully industrialize and commercialize them. API governance and standards that are transparent, easy to align to, and baked into the process through an easy to follow UI/UX become a key contributor to enabling proper catalog expansion, increasing developer production, and expanding the lifecycle and audience able to participate.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store