The weekly API governance conversation yesterday provided a wealth of insight that I will be looking to amplify as part of my storytelling on API Evangelist. I had ten people come by to discuss topics, with my opening up the conversation around Spectral, Vacuum, Redocly, and APIMATIC rules. I wanted to hear from the community what ruleset, tools, and approaches they were taking, and contrast with the conversations I am having with customers. I heard similar narratives for what rules were being applied, and the tooling they were using in their pipelines as I am seeing within the enterprise, with the following highlights.
- Spectral Usage - The Spectral ruleset is leading the conversation because it has been around the longest, but Vacuum is also being explored.
- OWASP Security - Dave and Carol both echoed that security, and specifically the OWASP rulesets were a priority when it came to API governance.
- Pipelines Enforcement - Yarra highlights the challenges in pipelines with the size of OpenAPI, as well as the different tooling being applied.
- Default Rulesets - Everyone pointed to the default rulesets for each of the providers and established a strong base for teams to look at when governing.
- Table Stakes - It was articulated several times over that API rules were table stakes and the default rules from Spectral were a minimum entry.
Spectral usage, default rulesets, OWASP security, and approaches to generation, validation, and enforcement in the pipeline all echo what I am hearing from customers. It was good to hear it echoed within the community. You can tune into the conversation on Youtube, and you are welcome to register and join in on the conversation. The introduction to API governance rules, helping navigate between Spectral, Vacuum, Redocly, and APIMATIC, as well as the prioritization and evolution of rules, with ultimately enforcement via CI/CD pipelines are the top concerns of enterprises I am talking to today. There is a lot to learn when it comes to API governance rules that may not be evident when you study from the outside, and I am happy to help teams navigate the nuances of API governance.
