I’ve been researching, talking to people, and writing stories about API governance for a while. I’ve been working with OpenAPI for many years, and have been immersed in the creation of governance rules with Spectral for over five years now. I left the insulated world of a startup to spend a year in a medium-sized enterprise to learn more about what API governance was, and what it isn’t. Now I am looking to take these learnings and offer what I know as a service to other enterprises, while simultaneously continuing my API Evangelist approach to telling stories about API governance.
I enjoy deeply thinking about API governance, and the wider definition of governance, as this reflects how others see the phrase and role. I see API governance as the Venn diagram of three things: 1) “Governance is the process of making and enforcing decisions within an organization or society. It encompasses decision-making, rule-setting, and enforcement mechanisms to guide the functioning of an organization or society.” 2) “A governor is an administrative leader and head of a polity or political region, ranking under the head of state and in some cases, such as governors-general, as the head of a state’s official representative.”, and 3) “a governor, or speed limiter or controller, is a device used to measure and regulate the speed of a machine, such as an engine”. For me, API governance across these three definitions reflects the technology, business, policies, and people of APIs.
Most API governance stories, services, and tools I see out there focus on only the technology of the enterprise, or the technical design of the surface area of HTTP APIs. You see some expansion to governing wider API operations, and hints of the business with talk around APIs as products, but almost nobody is talking about policies (business & technical), and the people (product & consumer) who are involved in API operations. API governance must be hands-on and self-service, not because of some warm and fuzzy Kumbaya API moment, but because the people of the enterprise must be accountable for their own portion of governance for this to work. If API governance is purely centralized and enforced, it will be a bottleneck, and perpetually collapse under the weight of the enterprise. APIs govern the performance and velocity of the enterprise in 2024, and API governance will make or break this performance and governance.
I see every API contract for an API or grouping of APIs as a gear in overall API governance, but also overall enterprise governance. I see the performance and velocity of each gears defined by the maturity and quality of policies and rules, and the hands-on self-service contribution of each individual team member producing an API within a contract, but also the individual consumers who are putting an API to work in an application, and is dependent on the API contract. The maturity and quality of the contract, the alignment between product and engineering, as well as the alignment between producer and consumer, all collectively add up the overall performance and velocity of the enterprise. APIs define the business of your enterprise, and I am to demonstrate how API contracts reflect the value your organization brings to the table within your industry (or not). The consistency of the design of APIs is just one small slice of the technical friction an enterprise is experiencing today across their API sprawl and chaos, and there is a wealth of business and people friction in there that needs addressing as well.
Enterprise API governance is a participatory team sport that business and engineering stakeholders participate in and leadership is aware of and contributes to. For API governance to work it must be hands-on and self-service, guiding product and engineering stakeholders throughout the lifecycle, while layering in security, support, sales, marketing, and other functions along the way, throughout an agreed upon and well-known API lifecycle. API governance will vary from enterprise to enterprise and industry to industry, but the strategy, program, platform, policies, lifecycle, rules, and evangelism will largely be the same no matter what industry you encounter. A key performance indicator for any enterprise API governance program will be just how hands-on and self-service it is, and just how engaged producer and consumers stakeholders are with API governance—shaping and redefining API governance in motion through conversations and collaboration.
