Reading Time: 8 minutes

Over the last few years, the IT industry has seen a significant increase in the number of APIs.

When building APIs, have you been ensuring they’re consumed and reused efficiently? While an increase in the number of APIs is a good sign, at the same time it takes a toll on API management and security. To better understand the power of reusability, we will explore the relationship between governance and reusability for APIs, as well as how to effectively govern  APIs via API governance rulesets. 

Understanding API governance and API reusability

API governance and API reusability are strongly associated, though they differ in meaning. To reuse the APIs we need to ensure that APIs are consistent in terms of best practices, standards and guidelines. And to build APIs that are consistent, we need to govern the APIs. While API governance doesn’t lead to reusability, governance ensures reusability is more effective and efficient.

  • API governance refers to applying policies, rulesets, best practices and standards to your APIs to ensure that our APIs are consistent and managed effectively. Governing an API ensures that you’re delivering a high-quality API that adheres to best practices and standards.
  • API reusability refers to reusing the APIs to save human efforts and speed up the delivery time. The composable nature of APIs allows them to be integrated, orchestrated and combined to promote reusability of APIs.

The developer perspective: Why API governance matters

Every time a new developer joins an existing team or starts working on a new project, they review the existing project or APIs to familiarize themselves with standards and best practices. Even when a developer is familiar with this, the chance for human error is present. 

Traditionally, developers have been using third-party tools like SonarQube, DeepSource, and so others, to keep track of code quality and bugs when developing their applications. Similar to the approach devs have been using while developing their applications, we needed an approach to ensure consistency while designing our API. That’s where API governance comes into play.

API governance ensures that APIs are conforming to the standards and best practices. Now, let’s learn about MuleSoft’s API Governance capabilities and how developers can govern their APIs with the help of Anypoint API Governance. 

API governance

MuleSoft’s Anypoint API Governance enables you to apply governance rulesets like Anypoint Best Practices, and Authentication Security Best Practices to your APIs, and so on to your APIs. These rulesets ensure that the designed APIs conform to the rulesets we’ve applied to our APIs.

Let’s use an example: 

We have Sam, a MuleSoft Developer, who has newly joined the team. He’s responsible for updating the previously built API named “customer-sys-api”. Sam’s team has enforced the ‘Anypoint Best Practices’ ruleset to “customer-sys-api”. This means that every time Sam makes changes to the API and publishes it over Exchange, the API will be validated for Anypoint Best Practices. If the API built by Sam isn’t conforming to the ruleset, it won’t let Sam publish the API to Anypoint Exchange.

With this in mind, let’s go over the steps on how to apply API governance in Anypoint Platform. 

Step 1: Navigate to API Governance via Anypoint Platform. You need to create an API Governance profile to apply governance rulesets to your APIs. Please note that your APIs need to be published to Anypoint Exchange before applying API Governance rulesets.

Step 2: You need to select the rulesets you want to apply to your APIs. You can also view the details about the rulesets in Anypoint Exchange.

Step 3: Once you’re done selecting the rulesets, select the APIs to which you want to apply the rulesets. You can filter the APIs based on the API Types, Tags, Categories and API Lifecycle stage and API Instance (i.e Environments Types and Environment Name).

Step 4: Later, configure the email recipients for non-conformance notifications.

Step 5: Lastly, review all your configurations and your API Governance profile will be created. 

Allow some time to validate all the APIs associated with your API Governance profile. Once validated, you’ll see the metrics around conformance and non-conformance status of your API.

You can also create custom rulesets as per our organizational requirements. 

To learn more, watch our demo of Anypoint API Governance to ensure consistent API quality and security with self-service tools.