Anypoint Platform API Governance
Francesco Suraci
? - Presales Senior Specialist Solution Engineer - 1st and only Italian to write for the official Mulesoft Blog - ?
About API Governance
Anypoint API Governance is a component of the Anypoint Platform that enables you to apply governance rules to your APIs as part of the API lifecycle. API Governance helps you improve your organization’s API quality by enabling you to identify conformance issues and take steps to resolve them.
API Governance enables you to:
·????????Share governance best practices: Publish governance rulesets in Anypoint Exchange to share with other developers.
·????????Apply consistent rules at design time: Enable developers to apply governance rulesets at design time in Anypoint API Designer.
Using Anypoint API Governance, central IT teams can leverage out-of-the-box rulesets provided by MuleSoft or create custom rulesets to avoid managing standards in siloed documents
API Governance is part of Universal API management (https://www.mulesoft.com/platform/api-management)
?
Governance Rulesets
Governance rulesets are collections of rules, or guidelines, that can be applied over the metadata extracted from any REST API definition in the Anypoint Platform. Some examples of governance rulesets are internal and external best practice guidelines, such as naming conventions, and industry-specific government standards, such as making sure your APIs carrying sensitive data are encrypted (HTTPS).
?
Challenge
?By 2025, fewer than 50% of enterprise APIs will be managed as explosive growth of APIs surpasses the in-built security capabilities of most API management tools. Every unmanaged and unsecured API is a potential vulnerability that could create a security incident or a security breach headline.
Design-time governance is growing as a major concern. With exponential adoption of APIs across most organizations, IT leaders need to ensure each specification that involves sensitive information adheres to government regulations, industry standards, or internal best practices to avoid compliance incidents or inefficiencies.?
In this example we will see how apply governance to APIs ?using a ruleset.
?
Govern Your APIs
?Govern your APIs using the following steps:
1.?????Identify the APIs that you want to govern.
2.?????Configure governance profiles to identify which rulesets to apply to which APIs.
3.?????Monitor governance conformance status in the API Governance console.
4.?????Find and fix conformance issues as you author in Design Center API Designer.
5.?????View conformance status for a selected API in Exchange.
?
STEP 1 : Identify APIs
To limit governance to sets of APIs you are ready to govern, identify the API assets in Exchange using tags or categories. This enables you to apply rulesets to specific sets of APIs when you create governance profiles. In this example, we have 4 APIs with category ‘Demo_Governance’
STEP 2 : Configure governance profile
After you identify the APIs in Exchange that you want to govern, you are ready to create governance profiles. governance profiles enable you to select just the sets of APIs that you want to govern for each set of rulesets.?
Create a Governance Profile Using the API Governance Console, that ?guides you through creating profiles.
General Information: Enter a profile name and description that helps others understand what kinds of governance rulesets are included and the kinds of APIs that are validated in this profile
?·????????Rulesets: Select one or more rulesets you want to use to govern your APIs.
·????????Filter Criteria: To identify the APIs to which to apply the selected rulesets, select filter criteria such as API type, tags, and categories. Selections appear in the Tag and Category fields only if APIs are found in Exchange that have those tags or categories. In this example,category is ‘Demo_Governance’
·????????Notifications: Enable or disable automatic notifications for this profile. The default is enabled
·????????Review: Review your profile and click Create
STEP 3 : Monitor governance conformance status
After you configure governance profiles for your APIs and the resulting governance data is available, you can monitor and report on your organization’s REST API definitions' conformance success and failure.
领英推荐
You can view the latest status information on the console.
Governance Profile Statuses
You can view profile statuses in the console. Governance profile statuses are based on the percentage of conformant APIs in the profile:
·????????Normal: More than 70% of APIs are conformant.
·????????At Risk: Less than 70% of APIs are conformant.
API Conformance Across Governance Profiles
API conformance status indicates whether the API definitions that are included in your governance profiles pass all applied governance rulesets:
·????????Conformant: The APIs pass all applied governance rulesets.
·????????Not Conformant: The APIs fail at least one governance ruleset.
·????????Not Validated: The APIs are not validated because they are not included in a governance profile.
Nonconformance by Severity Across Governance Profiles
Nonconformance severity is categorized by the percentage of passed governance rulesets among all applied governance rulesets:
·????????High Severity: 0 - 40% Governance rulesets passed
·????????Medium Severity: 41% - 80% Governance rulesets passed
·????????Low Severity: 81% - 99% Governance rulesets passed
How you can see, there is an API that is Not Conformant. Sò we need to check API design and make it Conformant. ?
?
STEP 4 : Find and fix conformance issues
Apply governance rulesets to API definitions as you author them, either in Design Center using API Designer or by using the governance CLI. You can also validate governance rulesets to make sure they are formatted correctly using the governance CLI.
Validate API Definitions in Design Center
To validate APIs against governance rulesets, add the rulesets as dependencies to API specifications in Design Center API Designer. After you add the rulesets, expand the Project Errors section to view conformance messages. There are 3 important steps to follow:
·????????Add rulesets to your API project.
·????????View conformance issues and filter by level of severity.
Expand the Project Errors section of the text editor to view not nconformance??
As you can see,?Demo_Sys API is not Conformant because baseURI is https://localhost:80
?and not httpS://localhost:80. Sò we need to correct it and re-publish the API.
STEP 5 : Viewing Conformance Status
You can view conformance status in Exchange for APIs that are validated by API Governance. If an API is validated:
?
To view a conformance status in Exchange:
A conformance badge is displayed beside the lifecycle state badge.
The Conformance column shows the governance conformance status for each validated version.
Now, if you come back to API Governance console,?you can see that all API are Conformant
MuleSoft provides several rulesets in Exchange, such as Anypoint API Best Practices, OpenAPI Best Practices, OWASP API Security Top 10, and Authentication Security Best Practices governance rulesets.
If you want to create custom governance rulesets based on rulesets that are already in Exchange, download and modify the rulesets and then upload them as new assets. This is the best approach if a provided ruleset meets most of your needs and you need to make only a few changes.