Skip to main content
Version: 1.2

API Governance

API governance helps save time and money because it ensures that APIs are built proactively to achieve specific goals and bring value to API providers and consumers. API governance also helps organisations make intelligent decisions regarding API programs and establish best practices for building, deploying, and consuming APIs.

API Governance should include:

  • API Specification and Resource Definitions – governing contracts and resource definitions helps improve the consistency and reusability of APIs;
  • Style and Pattern Guidelines – standardizing API design ensures APIs remain consistent and improve usability;
  • Automation – establishing guardrails to make it easier to comply with policies than not. For example,scaffolds or templates that automatically generate security and audit componentry for APIs or build pipelines that enforce security policies, such as coding standards and security scans;
  • Lifecycle – governing the lifecycle of an API, from publication to versioning and deprecation to retirement;
  • Tracking and Analytics – keeping track of where APIs are deployed, who is using them and how they are being used. This information helps inform other aspects of API governance.
  • A robust code review process. Ensuring that your development teams understand the concepts laid out in this document and establishing a practice where collaborative code reviews are performed. It is recommended that software is developed using a branch strategy with at least one peer review required prior to code merge and deployment.

It is important to understand the governance must be a collaborative process. When your API designers and developers are on the same page regarding APIs, the more efficient, valuable, and successful your API programs will be. Governance is especially beneficial for organisations that have a large API program or microservices architectures.

For more information, refer to this concise summary of API governance.