Skip to Content
API Governance

🛡️ API Governance Overview in AllThingsAPI (ATA)

API Governance in AllThingsAPI (ATA) is a comprehensive framework for managing, tracking, and ensuring the compliance of APIs across your organization. This feature provides visibility into the full lifecycle of APIs, helps enforce company-wide standards, and ensures that APIs meet security, performance, and compliance requirements. By integrating governance into your API management processes, you can maintain a robust, secure, and well-documented API ecosystem.

API Governance includes several essential components:

  • API Inventory: A list of all the APIs within your organization.
  • Application Inventory: A view of all applications created in your company, along with their associated APIs and specifications.
  • Schema Inventory: A repository for storing and managing schemas used in your API specs.
  • Governance Policies: Rules and policies that ensure your APIs adhere to security, data validation, and compliance standards.
  • Dashboard: Provides a centralized view of API status, categorization, and other key metrics.
  • Dependency Tree: Allows you to track the relationships and dependencies between APIs, teams, and business applications.
  • 🔗 Producer-Consumer Dependency Management: Advanced dependency mapping where producers always know their consumers and vice versa.
  • ✅ Consumer-Defined Acceptance Criteria: Consumers can define their own acceptance criteria and test cases that producers validate against.

This document will guide you through the core features of API Governance, detailing how they work and how they can be used to enforce standards, track dependencies, and maintain compliance within your organization.

🔑 Core Components of API Governance

1. API Inventory

API Inventory is a centralized listing of all APIs created and managed in ATA. This section allows you to track and monitor the APIs within your organization, giving you visibility into their lifecycle, usage, and dependencies.

Key Features of API Inventory:

  • API Details: View key metadata for each API, including:
    • Application Name: The name of the application associated with the API.
    • Endpoint Name: The name of each API endpoint.
    • API Exposure Type: Whether the API is exposed internally, externally, or as BFF (Backend for Frontend).
    • Team: The team responsible for managing the API.
    • Business Application: The business application related to the API.
    • Created By: The individual or team that created the API.
  • Tracking API Versions: Monitor the versions of each API, ensuring that changes are tracked and managed properly.
  • Managing API Exposure: Understand how APIs are exposed and which teams or business units have access.

Example:

An API called User Management API may have the following details in API Inventory:

  • Application Name: User Management API
  • Endpoint Name: /users/{id}
  • API Exposure Type: Internal
  • Team: Backend Team
  • Business Application: User Management
  • Created By: John Doe

2. Application Inventory

The Application Inventory is a view-only interface that provides detailed information about all applications within your company. This section aggregates data from Developer Studio and shows the current status of applications, including package info, API specs, linked collections, and documentation.

Key Features of Application Inventory:

  • View All Applications: See the complete list of applications across your organization, including their metadata, such as:
    • Package Info: Title, version, and status.
    • Release Notes: Track updates made to applications across versions.
    • API Spec: Access the OpenAPI Spec for each application.
    • Linked Collections: View which test collections are linked to the application.
    • Documentation: Access generated Swagger Docs, Design Docs, or File Level Docs for the application.
  • Monitor API Usage: Understand which APIs are being used by which applications, helping you track dependencies and integrations across teams.

Example:

In the Application Inventory:

  • Application Name: User Authentication API
  • Package Info: Version 1.0.0, Draft status.
  • API Spec: OpenAPI Spec (Swagger).
  • Linked Collections: Test Collection A.
  • Documentation: Swagger Docs for interacting with the API.
All Things APIAPI and Application Inventory