2. Safe Harbour Statement
● Both the speaker and the host are organizing this meet-up in individual capacity only. We are
not representing our companies here.
● This presentation is strictly for learning purposes only. Organizer/Presenter do not hold any
responsibility that same solution will work for your business requirements.
● This presentation is not meant for any promotional activities.
2
3. A recording of this meetup will be uploaded to events page within 24 hours.
Questions can be submitted/asked at any time in the Chat/Questions & Answers Tab.
Make it more Interactive!!!
Give us feedback! Rate this meetup session by filling feedback form at the end of the day.
We Love Feedbacks!!! Its Bread & Butter for Meetup.
Housekeeping
3
4. 4
Organizers
⮚ 6+ Years of Experience in Integrations and API Technologies.
⮚ Certified Delivery champion MuleSoft Developer, Integration Architect
and platform Architect
⮚ 8+ Years of Experience in Integrations and API Technologies.
⮚ Certified MuleSoft Developer, Integration Architect and platform Architect.
⮚ MuleSoft Delivery Champion completed
⮚ Senior MuleSoft Developer | Integration Lead
⮚ 11+ years of Integration Experience Certified
Mulesoft Developer, Certified Mulesoft Platform
Architect
5. 5
Speakers
Supriya Pawar
Integration Architect at
Accenture
About the Speaker:
⮚ Having 7+ years of overall experience building integration solutions.
⮚ Certified MuleSoft Developer And Architect.
About the Speaker:
⮚ 8+ Years of Experience in Integrations and API
Technologies.
⮚ Certified MuleSoft Developer, Integration Architect and
platform Architect.
⮚ MuleSoft Delivery Champion completed
Deepak Talluri
Technical Team lead
at Accenture
6. Agenda
API Governance Overview
What is API Governance?
01
Highs and Lows of API Governance
Benefits
05
Create Governance Profiles, Default Rule Sets, Dashboards/ Reports/
Notifications
Demo
04
Profiles, Rulesets, API Conformance, Identify APIs to govern, Adding
Asset Tags, Categories in Exchange
What’s new with API Governance on AnyPoint Platform?
02
Rulesets, Profiles, Conformance, Notifications
API Governance Key Facts
03
7. What is API Governance?
API governance is the practice of applying common rules and guardrails relating to API standards and security policies to your APIs.
These rules are applied through checks and validations.
• The goal of API governance is to ensure proper standardization of your APIs so that they are complete, compliant, and consistent,
and therefore easily discoverable and reusable.
API
Governance
API
Guidelines
API
Security
API Best
Practices
8. What’s New with API Governance
on Anypoint Platform?
Anypoint API Governance is a component of the Anypoint Platform that enables you to apply governance rules to your APIs as part of the API
lifecycle.
API Governance helps you improve your organization’s API quality by enabling you to identify conformance issues and take steps to resolve
them.
01
Publish governance rulesets in
Anypoint Exchange to share with
other developers.
Share governance best practices 02
Enable developers to apply governance
rulesets at design time in Anypoint API
Designer.
Apply consistent rules at design time
03
Automatically apply standards to
your API contract and definition
within your CI/CD pipeline.
Enforce governance within your
DevOps organization
9. API Governance Concepts
Governance Profiles
A governance profile applies chosen governance rulesets to a
select group of APIs. The API definitions are validated against
the governance rulesets.
• A governance profile has two statuses, Normal and At Risk,
which are based on the percentage of conformant APIs in the
governance profile.
At Risk: Less than 70% of APIs are conformant
Normal: More than 70% of APIs are conformant
Governance Rulesets
Governance rulesets are collections of rules, or
guidelines, that can be applied over the metadata
extracted from any REST API definition in the Anypoint
Platform.
• Few Examples - Internal and External best practice
guidelines - Naming conventions, Industry Specific
government standards, such as making sure your
APIs carrying sensitive data are encrypted (HTTPS).
API Conformance
API conformance indicates whether a validated API
definition passes all the required rules in one or more
governance rulesets.
If an API definition is included in multiple governance
profiles, it must pass all the rulesets in all those profiles
to be conformant.
Note: API Conformance applies only to API Definitions that are
published in Exchange as REST APIs
Nonconformance Severity
Nonconformance severity is categorized by percentage of
passed rulesets among all required rulesets.
High Severity - 0 - 40% rulesets
passed
Medium Severity - 41% - 80% rulesets
passed
Low Severity - 81% - 99% rulesets
passed
11. API Governance Key Facts
These are collections of rules, or guidelines, that can be applied over
the metadata extracted from any REST API definition in the Anypoint
Platform.
E.g: internal and external best practice guidelines, such as naming
conventions, and industry-specific government standards, such as
making sure your APIs carrying sensitive data are encrypted (HTTPS).
Custom rulesets can be created as well and used in profiles.
API developers or architects can apply the governance rulesets directly
to API definitions as dependencies in API Designer during the API
design phase.
Multiple profiles can be created depending on the category of APIs.
If an API definition is included in multiple governance profiles, it must
pass all the rulesets in all of those profiles to be conformant.
Rulesets
Profiles
12. API Governance Key Facts
Conformance
The API definitions are validated against the governance rulesets and
conformance is calculated.
API conformance applies only to API definitions that are published in
Exchange as REST APIs.
APIs with >70% conformance are treated as “Normal"
APIs with <70% conformance are treated as “At Risk”
APIs are validated if they are identified by the selection criteria of at
least one of the governance profiles.
API conformance indicates whether a validated API definition passes
all the required rules in one or more governance rulesets.
Notification
API Owner will be notified about the Conformance of the API
Conformance report with violations can be emailed to stake holders.
Same report can be exported to excel
14. Consistency
in API specs
and the
standards
across the
platform
High Security
assured by
minimizing
risks
highlighted
by OWASP
High Quality
assured with
Anypoint Best
Practices
rules
Allows
developers to
ensure APIs
are in
conformance
at design
time
CI/CD
compatible
• Adds performance
overhead, but this
could overcome by
following design &
development best
practices
Low
Highs/Benefits
API Governance - Benefits