There is an automate and forget it mentality that exists around API governance rules today. It is another one of those confounded technical details that enterprise engineering and increasingly product leadership knows that they need, but don’t quite understand. Leadership wants all the rules, and wants them enforced in the CI/CD pipelines across teams, but few have the time and bandwidth to learn what each rule does or doesn’t do, which is something that trickles down to teams who are implementing and being guided by API governance rules. While not everyone needs to have a complete understanding of API governance rules, in my experience teams should have the following awareness.
- Know why a rule matters in the context of their work.
- Have a voice in crafting or changing rules.
- Have access to the provenance for each rule.
- Have a voice in where and when a rule is run.
- Have the ability to provide exceptions to rule.
Without this awareness governance will become a bottleneck. API governance is not the rule, it is fostering this awareness amongst your teams who are producing APIs. Think about the real world governance in your community. Is governance issuing speeding tickets or is it there signs informing people about the speed and people having an awareness of the laws around speeding. D) All the Above. Yes enforcement is necessary, but the police can’t address all of the speeding concerns in a neighborhood, we have to self-govern. There is more to governance than enforcement. Investing in API governance rule awareness amongst teams who are producing APIs prior to development, during development, and after development is how you get there.
