INTERFACE by apidays 2023 APIs for a “Smart” economy. Embedding AI to deliver Smart APIs and turn into an exponential organization June 28 & 29, 2023 Governance Doesn't Have to be a Dirty Word Jason Harmon, CTO at Stoplight ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

1. Governance Doesn’t
Have to Be a Dirty Word
Jason Harmon, CTO of Stoplight

3. 2
Jason Harmon
Chief Technology Officer, Stoplight
Engineering, Product, Security, IT
Host of #APIIntersection Podcast
Background:
● Previously:
→ Senior Director of Platform Architecture @Expedia Group
→ Chief Platform Officer and CTO at @Typeform
→ Head of API Design @Paypal
→ API Architect @uShip
● Co-founded Austin API Meetup
● Founding member of OpenAPI Initiative (inactive)
● Founding member of RAML Working Group (inactive)

4. 3
Ghosts of SOAP/SOA Governance
Past — 2010 & Onwards
● Tedious and Time Consuming:
Review committees & program
management from my time at a large old
enterprise
● SOAP: (Simple object access protocol)
official protocol developed by Microsoft
as 1.0/1.1, later amended by IBM as 1.2.
Industry-wide practices determined by
the largest players

5. 4
The SOAP Era
● “Centralized-Control”
● Large, Slow, Controlling
● Industry Consortium
● Power structure entrenched
● Top-down Approach
4

6. 5
…versus The Open
Source Approach
● SOAP standard vs REST architectural
pattern
(and other modern API standards)
● Typically a few committers and a
community of people around them
providing input, feedback, and contribution
● Compare that model of early 2000s web
service governance, vastly different!
5

7. “
6
Governance has changed,
but we don’t always look
at it as “governance” today.

8. 7
Today: Decentralized Governance
and the “Federated Approach”
Community
of passionate
and informed
people
Building
APIs in a
platform
ecosystem
Core team
comprised of
silo-breakers
“Wanted
Influence”

9. 8
Consider the inner
source as your
culture-change agent.
● How are you contributing
between organizations?
● How are you conducting reviews?
● Do they have the right permissions?

10. 9
This enables
platform -thinking.

11. 10
So, what does
that mean for
governance
today?

12. 11
APIs as Products
1

13. 12
The Rise of the API
Product Manager Era
● An ever-changing role
● Not-necessarily-technical
● Broader sense of inclusion
● APIs are business critical assets
● Partnership capability
12

14. 13
Treating APIs as a Product
Recognize
Relationships
Gain Business
Buy-In Enhance Your
Acceptance Criteria

15. 14
If you don’t treat
your APIs as products…
It becomes just a commodity.
A tech artifact.
You end up with an engineered design experience
instead of designing for the end-user.
This is system-centric, not customer-centric.

16. 15
Evolving Review
Processes
2

17. 16
“
SOAP era: principal engineers wield unchecked
power
Modern era: end product of the API, an
intentional design, distributed authority
If using a suite of APIs that fits cohesively
together, there is a design effort put behind it.
Governance makes it possible.

18. 17
The New Review Process
● More inclusive
● Contributors, curators, maintainers & non-technical
stakeholders
● Building for an ecosystem
● This leads to:
→ Better developer experience
→ Happier customers
→ Satisfied partners
→ Increased Scalability

19. 18
Key Takeaways
3

20. 19
Key Takeaways: Today’s
“Governance” Means:
● Decentralized Control; distribute power
● Maintain intentional consistency; small
centralized team
● APIs as a product; more inclusive product
development process
● Greater Transparency; educate & evangelize

21. 20
Let’s look at some examples…
“To make sure we can scale & provide consistency & reliability across our APIs we
ultimately relied on API product managers to enforce governance. They had to work
with each domain and each business area to make sure that we can understand the
customer's perspective … and [then] translate their requirements into the API
design itself and ensure standardization requirements are met.”
- Dave Holliday, API Product Manager.
● Goal: Fiserv has the goal of creating more consistency, shared
language, and better change management across the API program.
● Challenge: The massive amount of data and payments involved mean
different teams are working on different components to develop the
final product, but the goal is to give all customers a consistent,
predictable, and secure experience.
● Approach: From a customer’s perspective, a developer defines
consistency as seeing the company as one unified entity. But in reality,
the process involves many different teams who create the whole
product, hence why Fiserv relied on API Product Managers & the right
tools (Stoplight) to enforce their governance program and standards.
Case Study

22. 21
Let’s look at some examples…
● Goal: Pagerduty aims to be the central nervous system of IT Ops and
DevOps. An ambitious goal and demanding customers mean PagerDuty
must deliver on high expectations with consistency, innovation, and
reliability, as well as improve developer productivity.
● Approach: PagerDuty wants external developers to be able to adopt
new APIs and scale up quickly and painlessly. To meet that goal, they
iterate constantly based on customer feedback. They also worked to
create a “guided experience” with consistent implementation, style
guidelines, and predictable tooling (Stoplight). With lots of iteration and
constant feedback, they have to be able to standardize quickly and
globally across all of their efforts.
● Results: By enforcing style guidelines, their team was able to meet a
high-demand feature request while also making the internal developer
experience better is a great achievement. It’s the result of PagerDuty’s
constant focus on their core values of productivity, consistency and
reliability.
Case Study

23. 22
Tools to Help Improve
Your Governance Efforts
● Style Guidelines
→ Standardization of naming conventions
● Collaboration Tools to smooth out
the design review process
● Shared Components/ Model Libraries
● A solid API Product Manager!
Psst! If you use
Stoplight Platform,
you can get all of
these things and
more!

24. 23
For more tips
and tricks on the
API space…

25. 24
Check out Stoplight’s
API Intersection Podcast
The podcast on the intersection between
API design and digital transformation.
Available Wherever You Listen to Podcasts

26. 25
Questions?