Skip to content

Latest commit

 

History

History
25 lines (17 loc) · 2.5 KB

managing-governance.md

File metadata and controls

25 lines (17 loc) · 2.5 KB

Managing Governance

Your governance sets the rules your teams will use to work with, roll out, and manage APIs across the enterprise. Here are some of the factors leaders consider in creating a governance strategy and making guidelines available to the teams who will use them.

Elements

  • Shape - The shape of governance depends in part on the existing organizational apparatus. You must always ensure that API operations are in alignment with the business.

  • Domains - Governance means carving operations into logical bounded contexts that can be used to define and shape how teams operate.

  • Guidelines - Formal documentation, wikis, or other documents define your governance and enable teams to do the right thing as part of their work.

  • Maturity - You should have a clear definition of what constitutes API maturity, while allowing for different levels of maturity to coexist with a balanced set of expectations.

  • Standards - Teams should have a strong and ever-evolving awareness of standards that exist inside and outside the enterprise, and a strategy for how they will be applied.

  • Templates - Provide as many reusable templates as you can to help demonstrate and apply patterns, standards, and other elements to APIs and the operations surrounding them.

  • Rules - Establish sets of linting rules that can be applied at design time to guide the creation of standardized APIs and applied across the entire API life cycle.

  • Policies - Define standard source control, CI/CD, gateway, and other policies to help govern API operations, standardizing the configuration and shape of API production.

  • Centralization - Consider which parts of governance should be centralized, developing a single body within the enterprise to help guide governance.

  • Federation - Consider which parts of governance should be federated, relying on teams to define, shape, and lead when it comes to their own enablement

  • Design Reviews - Formal reviews examine the design of APIs, providing self- service. Peer reviews also help API producers consider the big picture when designing.

  • Quality Reviews - Formal reviews help ensure that all APIs are fully documented and properly tested.

  • Security Reviews - Formal security reviews look at the security of each API, ensuring that encryption, authentication, authorization, and other security elements are in place.

  • Enablement - Governance on the ground floor enables teams to do the right thing throughout their regular work.