An API Governance Model for Great APIs

A key determinant of your enterprise’s API and Service strategy success is not only how many APIs and Services you’ve developed, how much business and technical capability coverage you’ve built out (and how many people can contribute to it). A vital factor of success is how high-quality your portfolio is. The best APIs and Services need to be discoverable, reliable, reusable, and compliant (with well-managed and visible exception pathways), and alignment to an API governance model ensures this.

An effective API governance model can also enable effective KPI tracking of API efforts; to demonstrate the business value of APIs and Services. Aligning your enterprise’s governance model to both a catalog of existing assets and the API and Service lifecycle is critical to enable this level of reporting.


We’re using API governance model as a catch-all term; it’s in fact more than APIs and more than just governance — it’s a whole maturity model for your enterprise to use in determining how reliable, reusable, and compliant APIs and Services are. It typically includes (we’ll use the term API in this list as an umbrella term for all APIs and Services):

  • API design patterns and standards, that are ideally baked into the process, for easy identification of what is in and out of compliance
  • With guidance on methods, parameters, platform and region requirements supporting top-down and bottom-up API development
  • Information models for consistent resources (in request/response payloads) and APIs that are designed in the language of the business
  • Automated API governance and validation flows against approved style guides, providing real-time guides on acceptable artifacts
  • With governance summaries including API name and description, version and lifecycle state, owner, Specification type (REST, SOAP etc.), classifications, method/operation consistency, NFRs, policies
  • Common utility services like security, and policies that can be configured based on usage
  • Non-Functional Requirements (NFRs) and Service Level Agreements (SLAs)
  • ID access control for production modification
  • The ability to generate consumable runtime-ready artifacts (leveraging template-driven output to ensure consistency and save API development time)
  • Standard and best practice policies as well as fault tolerant flows for ensuring consistent error responses
  • Best practice policies for greenfield and brownfield APIs
  • Validation against code rules in the CI pipeline
  • Unit test examples for policies/code and script runners for acceptance testing of the proxy
  • Software Development Kits (SDKs)
  • Documentation


We see three main pain points in current approaches to API governance model alignment:

  1. API Standardization. Most large enterprises rely heavily on contracted developers working in their own IDEs/basic editors to code their APIs, with API governance model standards held in documents or spreadsheets — therefore it’s hard to enforce enterprise standards and scale beyond a handful of talented developers
  2. API Governance Reporting. Not only is it hard to enforce the actual standards, but near impossible to report on, as there’s no single source of truth into an API or Service’s level of maturity and governance compliance — and enterprises desperately need this view into their portfolio — for both internal executive and external regulatory reporting
  3. User Experience for Applying Governance. We see most enterprises are still treating APIs as mere technology assets created as project by-products. As more of the upfront design and build work moves from IT focused and manual to one with clear business direction and self-service for providers, APIs need to be developed and deployed in an optimal way allowing your organization to successfully industrialize and commercialize them. API governance and standards that are transparent, easy to align to, and baked into the process through an easy to follow UI/UX become a key contributor to enabling proper catalog expansion, increasing developer production, and expanding the lifecycle and audience able to participate.

To read the full blog post, check it out here.

About the Author

Gemma Sindall
Gemma is a Marketing Manager at digitalML. She has a keen interest in digital strategy and the best ways to merge people, process and technology. Her experience spans Marketing and Client Services in the Technology and Financial Services industries.

Originally published at



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



Large enterprises use our ignite Platform for digital recombination, APIs & Services at scale, Rapid IT Modernization, and Business & IT alignment