API Governance pt.3: A definition for API Governance

Before we introduce the definition for API governance, let us sample through common issues introduced with APIs and why governance becomes critical.

Enterprises are drawn to API-led architectures with the promise of being able to deploy discrete pieces of functionality as microservices, a significant step up from the monolithic approach. An API captures the design of a microservice and yields significant cost savings if reused. However, discovering, indexing, and managing internal and external APIs while also monitoring performance become increasingly daunting as the number of APIs deployed grows. Compounded with ever-expanding data and platform strategies, these challenges will become harder to solve.?

In the post-SOA era, new development frameworks and technologies are a recipe for sprawl and scatter. Renewed interest in domain-driven design (DDD) and testing automation calls for a revisit of our approach. Furthermore, it is difficult to manually normalize different schools of thought of software developers to an organization’s internal standards for design, development, and security. So, the innate styles and practices of different developers result in inconsistent code and API designs.

Simple adjustments to legacy EA governance models or Phase-gate processes are not sufficient in handling crosscurrent API initiatives. Organizations are still wrangling monolithic IT architecture in the face of Digital Transformation due to traditional know-how and outdated technologies. Project Gating committees and Enterprise Architecture Review Boards still measure production readiness using subjective and non-scalable techniques. Finally, multi-line business models and autonomy requirements at line level, complicate the implementation of a 'one-size-fits-all' approach to governing APIs at the enterprise strata.

As organizations race to deliver their APIs quickly, visibility in critical areas can get reduced:

• Value of the original intent of the Program and Governance
• Security
• Audit and Controls
• Quality
• Compliance
• API investment to organizational alignment
• API usage

API governance is a modern subcomponent within an organization’s overall IT governance strategy and can be defined as follows:

API Governance is an establishment of tools, processes and people that supports the building of organizationally aligned APIs. It promotes two essential components that can be self-defined and flexibly applied: compliance and observability.

Unpacking this definition we see that API Governance wants to support building APIs that are aligned to the organization. What 'aligned' means is up to the organization. Alignment is achieved by applying compliance and observability. What they mean and to what extent you want them enforced is based on the organization's unique situation. Hence, they can be self-defined and flexibly applied.?

This definition provides reprieve from fears that API governance will become a bottleneck or must be strict in its enforcement. Creating tiers or levels of governance based on API classifications can be useful in being purposeful and moderate with its enforcement.