Governing APIs can be a complex, multi-faceted task that traverses multiple organizations and applications. APIs themselves have multiple aspects to them (specification, instances, catalog, documentation, and more), adding further complexity to aligning on proper conformance.
In 2022, MuleSoft launched Anypoint API Governance to help organizations automate API governance evaluations for API specifications. Our ultimate vision with Anypoint API Governance is to govern any API end-to-end of its full lifecycle as part of Universal API Management.
Today, we are excited to announce a new capability to govern configurations and policies of API Instances. An API instance is the instantiation of an API definition used to share data between gateways (Anypoint Flex Gateway) and the control plane (Anypoint API Manager). An API instance can either be a proxy of an API that serves the upstream or a Mule application endpoint.
With the new capability, you can:
- Govern and validate API Instances in API Manager
- Utilize the API management Best Practices Ruleset
- View the enhanced API governance report
Let’s dive into each feature.
Govern and Validate API Instances in API Manager
With Anypoint API Manager you can do the following for each API instance:
- Enforce policies
- Collect and track analytics data
- Manage proxies and applications
- Provide encryption and authentication
Now, with governance capability integrated with API Manager, you can automatically check if each API instance has certain policies and settings enabled.
With a single view into governance and security, API Manager becomes your one-stop shop for all API instances regardless of where the application runs.
Utilize Mule API Management Best Practices Ruleset
So, what comes with the out-of-the-box Mule API Management Best Practices Ruleset provided by MuleSoft?
The ruleset is composed of seven rules we’ve defined as critical to API Instance governance and checks for:
- One or more authentication policies (i.e. Basic Authentication – Simple, Auth 2.0 Token Introspection)
- One or more logging policies (i.e. Message Logging)
- Rate limiting policy
- One or more caching policies (i.e. HTTP Caching)
- TLS
- Proper policy ordering
Including checking whether the API Instance URL matches with the Server Object definition within the API Contract. If you need a ruleset customized for your specific API governance needs, you can create your own custom ruleset using the built-in rules provided.
View the Enhanced API Governance Report
Security teams can now get a full validation report to evaluate the API Specification, Instances, and Catalog information to see all the violations in one place for a specific API. In addition to the overview Dashboard, the full validation report drills down into each aspect of the API and gives direct links to each of the following:
- Anypoint Design Center to update the API Specification
- API Manager to update the API Instance
- Anypoint Exchange to update the API Catalog
More capabilities, more security
With the additional capability added to Anypoint API Governance, you can:
- Govern and Validate API Instances in API Manager
- Utilize Mule API Management Best Practices Ruleset
- View the full API governance report
API security attacks are on the rise. You can combat them through proper boundaries set by security best practices to secure your digital estate. To try out Anypoint API Governance, sign up for a 30-day Anypoint Platform trial!
