API Governance is about providing tools and controls to create an effective and efficient API strategy. It is usually considered from the API Provider perspective: design linting, lifecycle management, applying security policies, monitoring usage, etc. These are all crucial tasks that help create an effective API strategy and their importance cannot be stressed enough. However, there is another persona in the API ecosystem that cannot be ignored: the API consumer. APIs are only as valuable as the applications that are created using those APIs, and API consumers are the ones who are creating those applications. Therefore, in order for organizations to ensure that they have an effective API strategy, they should provide their application developers with the necessary tools and guidance to help them do their job in an efficient and informed manner.
That’s where governance comes into play. As I explained in my previous blog post, the goal of API governance is to encourage efficiency and reusability through secure, discoverable, composable, and self-service APIs and applications. In this blog post, let’s consider the API consumers and see how an organization can enable their application developers to create useful applications without wasting any time through governance.
How API Governance can help application developers
Application developers enjoy coding. Once they have an idea for an application, they usually want to get to implementation right away. The time that it takes to create an application blueprint and get to its implementation depends on how fast application developers can find and learn how to use APIs that will be the building blocks of that application.
Through API governance, organizations can enforce a standard API definition, naming, metadata, and tagging format to ensure that all APIs are presented to the consumers in a standard form. This makes those APIs easily searchable. Organizations can further ensure that the right supplementary documentation should be attached to each APIs to help API consumers to easily understand what the API does and its SLA. If the API developer can quickly find the necessary information about the API, they can quickly decide what building blocks already exist out there and what needs to be built.
No matter how much information or documentation is already put out by the providers, consumers may still have some questions about the APIs or need help from other developers on certain tasks. The sooner those questions are answered, the faster better-quality applications will be created.
API governance can help to clarify which team owns the API support, and what tools and mechanisms exist to ensure that application developers can reach the relevant API provider teams or other developers to have their queries answered. If the API providers make these teams and tools easily available to their consumers, they can quickly create high quality applications.
Application developers would like to get updates on new versions of the APIs they are using, what additional features are added and how to use those, what features are removed, and how to remediate.
API governance can ensure that provider organizations create a comprehensive changelog with each API version, and they have a list of all the applications created with this API so that all its consumers can be provided with this changelog.
End of life
Similarly, as in versioning, if not more crucially, sunsetting of APIs has implications on their users. Consumers of APIs which are reaching the end of their lives need to be informed of the upcoming changes. They should know when the API will be unavailable well in advance, and how they can remediate their applications because you would not want to frustrate your developers by catching them off guard.
Provider organizations can implement API governance rules to gracefully manage this transition. First, they can ensure that they have a list of users of all their APIs. Second, they can set a rule to not allow deprecation without announcing it ahead of time, say three months. Third, they can ensure that the deprecation notice provides detailed information on how to remediate for existing users. Optionally, they can also choose to enforce a retirement period where they don’t allow new applications while they manage these communications with existing users.
Organizations would not want to waste their application developers’ time creating duplicate applications. If there is a business requirement for a certain function or data, maybe an application that provides the same functionality already exists, and end users can use this application instead of having a duplicate created.
To avoid application duplication, API providers can implement an application gallery that is searchable. They can enforce compliance rules for naming, tagging, metadata, user identification, and authentication and communicate these rules to all application developers. These application compliance rules can be considered as an extension of API governance for efficient application creation.
Applications need maintenance throughout their lives. Application owners, who are not always necessarily the person who developed that application, may need to refresh API keys, change application owners, update those applications, or delete their API subscriptions.
As I mentioned in my previous blog post, shift left is a best practice of API governance where organizations would want to have a task done when it is first applicable to avoid wasting cycles. Giving the tools and controls to application developers and owners for editing their API subscriptions is a great example of shifting left in governance. The API consumers would benefit from having these controls to quickly be done with administrative and maintenance tasks. And API Providers would benefit from this as well because they would avoid having duplicate applications consuming resources, spending time monitoring and scrubbing for unused applications, and communicating with developers for these mundane tasks.
Developer Portal as your gateway to application developers
Developer Portals are where the relationships between the providers and consumers are managed. The market leading webMethods Developer Portal provides comprehensive tools to enable your organization to reach and help your application developers. Coupled with the webMethods API Gateway, the webMethods Developer Portal can provide the above features and more to ensure that you can help your application developers to act fast with an excellent Developer Experience through API Governance.