Adaptive Governance

This version of the documentation is aimed at users using Sensedia Adaptive Governance within the API Manager (versions 4.7.0.0 and earlier of Sensedia API Platform).

Welcome to the Sensedia Adaptive Governance User Guide.[1]

Adaptive Governance is a Sensedia API Platform add-on that integrates with the API Manager, adding a new item to the Manager’s main menu: Governance, with three different screens — Attributes, Impact Analysis and Workflows — and a feature integrated into the APIs screen — Interface Completeness.

To understand the value that Adaptive Governance adds to your API strategy, it’s important to understand what (good) API governance looks like. This page is all about that, and the following pages show how to use each feature.

What is API governance?

APIs are everywhere. It’s because of them that companies from the most diverse sectors have been able to create digital businesses like never before, and increasingly fast. As API experts, we at Sensedia have always tried to show companies that APIs are open to everybody. Companies of all sizes can explore the interconnected world to be more effective, gain visibility and deliver more value. But one thing must be made clear: APIs are not a panacea for all maladies or a shortcut that leads to all opportunities in the digital realm; in fact, if misused, they become an additional source of pain, wasting effort and resources.

Think, for example, of some of the multiple ways an API can "fail":

on the provider’s side: on the consumer’s side:

  • APIs are not reused, causing code duplication and difficult maintenance;

  • many different teams take care of the same APIs, with little organization and a lot of rework;

  • there’s lack of clarity regarding the business objectives of each API;

  • there’s no visualization of success metrics.

  • APIs often don’t work (and error responses seldom explain what’s going on);

  • APIs are difficult to use because they are poorly designed and/or documented.

To sum up, APIs make a great broth, but how do you prevent it from spilling? This is exactly where governance comes into play.

API Governance is the identification and implementation of a series of practices to ensure consistency between API lifecycle and the business strategy adopted by the company.

The idea is to identify the practices that should be put in place to prevent providers from spending more than they could without delivering value and to prevent consumers from getting frustrated because they feel they are wasting time instead of gaining resources.

Pillars, mechanisms, benefits

Good API governance works as a support structure for API management, offering tools to monitor the functioning of the APIs and defining rules and standards for them. It’s based on the following pillars:

  1. keeping APIs running;

  2. managing complexity;

  3. ensuring security/compliance;

  4. having in mind the return on investment (ROI) of creating each API and alignment with business.

With these pillars as principles, good governance postulates the creation of a reference architecture, detailing the standards and good practices to be followed, and identifies the details of the API lifecycle, defining their whole development process and the different roles involved.

When successfully implemented, API governance fosters alignment between the IT and business areas, reducing:

  • the costs of API design and implementation;

  • the company’s operational risks (including problems with compliance and security);

  • the time to market of digital products.

Adaptive governance

These things we mentioned about governance may seem a little abstract. This is because governance is primarily a matter of strategy, and this is different for each company.

Good governance has solid principles, but it never postulates uniform and specific actions that everyone should follow, because not everyone is the same. There are different styles of governance, adapted to different corporate styles (often present within the same company).

For example, a team or company may adopt a command-and-control development style, which is quite common in projects involving regulatory bodies and which require very strict rules. Other teams follow agile methodologies, and are thus less bureaucratic and have greater need for flexibility. There are also extremely autonomous teams that follow less defined standards, usually involving disruptive innovations that work more on a trial-and-error basis than following widely tested and approved standards.

For all of these cases, you must identify the right style of governance, be it:

  • centralised, with one small team in charge of governance, reviewing and approving any architectural change;

  • decentralised, with small and more autonomous teams but that follow established guidelines to reduce impact; or

  • distributed, with each team being responsable for their product, and any decisions regarding it.

All of them, of course, following the principles of good governance. That’s why we created an add-on aimed at adaptive governance: we created features that help automate parts of the API development process while configuring different customisable scenarios, adapted to each team’s style.

Adaptive Governance features

One thing to note here is that the Sensedia API Platform has built-in governance tools:

  • dashboards;

  • advanced API Catalog with detailed search;

  • management of apps that consume the APIs;

  • management of API plans, including access permissions, control of number of calls, infrastructure protection and billing quota;

  • policies (our interceptors) that allow you to configure access rules, security standards and behaviour of the APIs, their versions and revisions;

  • several levels of user organization (teams, roles, visibility rules);

  • API deployment in different environments;

  • Developer Portal to organize API publication and documentation.

The features brought by Adaptive Governance add to these, providing more flexibility and control. They are:

  • Workflows by organization or teams, allowing you to define different maturation stages, with requirements for promotion between them.

  • Impact analysis, which gives visibility to the integration network of each API with the other objects (apps, plans, resources, operations and backends); then, you can see who will be impacted by changes to your APIs, which APIs will be affected by backend modifications, and it’s easier to mitigate risks.

  • API attributes, which allow you to classify APIs according to business rules, increasing control and management over them.

  • Interface Completeness, an API quality analysis based on Swagger which helps to keep APIs within consistency standards.

In addition to the Adaptive Governance add-on, we have a professional services team specialised in API governance, from identifying the ideal governance style for your teams to establishing a reference architecture based on Sensedia’s Governance Playbook. Get in touch to find out more!

See also

  • Our Head of Solutions for EMEA talks about API governance in this webinar:

1. This document is the property of Sensedia. It should not be used for commercial purposes, nor reproduced, partly or in its entirety, without our explicit authorisation.
Thanks for your feedback!
EDIT
How useful was this article to you?