API Governance: Your Business’ Guardian Angel 

API governance is making a comeback. Let’s dig into two common examples that illustrate the challenges.

Jiri De Jagere Jiri De Jagere

APIs make the modern world go round. They are the glue that holds most enterprise systems and processes together. APIs come with a lot of benefits that are not only technical. They help power the shift from rigid, monolithic on-premises software to cloud- and microservices-based applications. Cloud and microservices deliver increased agility and enable businesses to adapt and innovate much faster than ever before. However, the old adage “with great power comes great responsibility” applies. APIs deliver great flexibility which you do not want to limit in any way, but at the same time you need to guarantee their quality, availability, and security. A great many things have been said and written about API Integration. But integration does not solve all challenges. This is why API governance is making a comeback. Let’s dig into two common examples that illustrate the challenges.

Everything has an API 

Whatever the business requirements that lead to new digital projects — whether it is to replace a legacy capability or to introduce a new one — it is almost unthinkable that you would not be considering SaaS applications as a part of the solution today. Whether large or small, generic or niche, most SaaS applications have well-defined APIs that will help you integrate them with your existing setup of business applications and processes. Quite often, a great API is one of the evaluation criteria that lead businesses to select one solution over another.  

While a core set of users access the SaaS application directly, many others — including employees, customers, and partners — won’t. They’ll use other systems like portals, mobile apps, or even APIs to interact with your business. A part of that includes data managed by the SaaS application, but many other applications or systems could be involved as well. API Integration helps orchestrate and mediate these composed scenarios, but API Governance is what makes this composed architecture sustainable.  

API Governance helps everyone in the organization understand what APIs are available, who owns them, how they can get access and what are the requirements or restrictions for using them. At the same time, API Governance helps providers ensure quality, performance and security.

Everyone is building APIs 

Digital innovation is pervasive in business today. Digital technologies are used across all functions and departments. This also implies that lots of different teams are simultaneously creating and using APIs — teams who likely use different technologies and who might not even be internal to your company. The flexibility of APIs enables businesses to scale innovation initiatives rapidly. Thanks to APIs, existing capabilities can be combined with new development to compose new capabilities with unprecedented time to market. But you also need to think about the day after! 

Decentralized and outsourced development is common in today’s world, and often required to keep up the pace of innovation. But a consequence is that not everyone uses the same tools, techniques, and technologies when building APIs. Not everyone is as versed in aspects like developer experience, quality assurance or API Security. Shortcuts may be taken for the sake of budget or deadlines without a proper understanding of future drawbacks. Shortcuts may be taken for the sake of budget or deadlines without a proper understanding of future drawbacks.

Without governance today’s agility will lead to tomorrow’s technical debt.

Again, this is where API Governance is important as governance processes help enforce and protect that what is important for the success of your APIs and business. Yet, it is important to emphasize that the goal of API Governance is to increase productivity without hurting speed and innovation. It is important to find a balance between keeping everything in check as well as giving teams autonomy to decide, adapt and deliver.

API Governance is your guardian angel 

Governance has a connotation of being a necessary evil. Delivery teams often feel they need to do a lot of extra work just to comply with something that does not contribute to their project’s business outcomes. However, when your API Governance processes and practices empower teams with predefined roles, tools, and automation it becomes a guardian angel that enables them to focus on the core business value and deliver business outcomes faster.  

You can interpret API Governance as a very comprehensive set of prescriptions and practices. It is a domain that encompasses many things: style guidelines, quality assurance, performance testing, security assessments, lifecycle management, monitoring, and more. But you do not need to boil the ocean. As you design API Governance processes for your organization, flexibility is key. Start with what makes sense for your current situation. Focus on providing teams with the tools and automation that help both them and you. Embed governance into your DevOps processes and make it a natural part of delivering software for your business. Adapt and evolve as requirements change. You will prevent teams from wasting time, while giving them the independence to make their own decisions and protect the business’ investment in its APIs.