APIdays London 2019 - Selecting the best API Governance for your organisation with Jon Scheele, API Strategist
Download as PPTX, PDF3 likes265 views
The document outlines the key aspects of API governance, emphasizing the importance of establishing policies and monitoring their implementation within organizations. It discusses challenges related to centralization versus decentralization, the pace of change, and the structures governing API lifecycle management. The document also highlights the significance of standardization in API design and the need for clear decision-making processes in onboarding partners and managing APIs.
APIdays London 2019 - Selecting the best API Governance for your organisation with Jon Scheele, API Strategist
- 1. Selecting the best API Governance for your organisation Jon Scheele API Strategist & Organiser, APIdays Singapore London, 13-14 November 2019
- 2. Governance: Definition “Establishment of policies, and continuous monitoring of their proper implementation, by the members of the governing body of an organization. It includes the mechanisms required to balance the powers of the members (with the associated accountability), and their primary duty of enhancing the prosperity and viability of the organization”. 2 Source: http://www.businessdictionary.com/definition/governance.html
- 3. What is Governance? • Governance should make it easy for people to do the right thing, but hard to do the wrong thing – But what is the right thing, and who decides? • Governance needs to help the organisation: – Manage change – Sustain on-going operations 3
- 4. Challenges • Centralisation vs Decentralisation – who decides • Pace of change: what is best practice today is obsolete tomorrow 4 Conway’s Law: "organizations which design systems ... are constrained to produce designs which are copies of the communication structures of these organizations."
- 5. The API Life Cycle Publish Realise Maintain Retire Create • Who gets to create? • Who owns the API? • Who gets to consume? • Who monitors & maintains: – Individual APIs – System-wide • Who decides to retire an API, and how? 5Source: “Continuous API Management”, Mehdi Medjaoui, ErikWilde, Ronnie Mitra, MikeAmundsen
- 7. 7 Medium Scale – Multiple teams
- 9. Governance definition revisited “Establishment of policies, and continuous monitoring of their proper implementation, by the members of the governing body of an organization. It includes the mechanisms required to balance the powers of the members (with the associated accountability), and their primary duty of enhancing the prosperity and viability of the organization”. • What principles, policies, standards? • How to monitor? • Who is a member? • Who has decision rights? • How to align to organization’s strategy? 9Source: http://www.businessdictionary.com/definition/governance.html
- 10. Artefacts • Principles • Policies • Standards • Style Guides • Patterns • Anti-Patterns • Benefits of Standardisation – Clarity of purpose – Prioritisation – Re-usability – Risk management • Costs – Artefact development – Communication/education – Enforcement – Decreased autonomy/innovation 10
- 11. 11 Partner Onboarding Process 1 Partner Self-Test Register user account Create app Generate key Prototype Sandbox testing Request access to production 2 Business Assessment Business value assessment Partner background & compliance checks 3 Technical Readiness Create test cases White-listing onTest Provision onTest environment Conduct E2E testing Backend verification Business Readiness Testing 4 Commercial Launch Issue Production API keys White-list on Production Authorise partner to add to store
- 12. Who decides – traditional enterprise example Activity ProductTeam APITeam Architecture Marketing Security Risk/ Compliance Finance ITOperations Outsource Provider Create API R/A C I I I PublishAPI R/A C C I C C C Realise - Launch R/A Internal onboarding I R/A I I I C ? Partner onboarding C R/A I C C C C ? Maintain R/A C C C C ? Retire R/A C C C C C C C ? 12
- 13. API Governance at Amadeus • All Amadeus APIs are designed in the same way (error structure, error codes, request/response format, pagination, query parameters, versioning) • They have the same documentation format, the same type of materials (WSDl, XSD, Swagger) and are ready for developers to start coding. • Valid materials: Understandable documentation, release notes, valid endpoint, valid configuration setup. • Interoperability: Common Data Dictionary across APIs. 13Source: Patrick Brosse, https://developers.amadeus.com/blog/api-governance
- 14. How to decide • How does the organisation work? – Centralised <> Decentralised – Waterfall <>Agile – Manual <>Automated • Engagement: Coach or Cop? • Automation: – Integrating toolchain,Testing, Deployment • What is the culture you have? • What is the culture you want to foster? 14
- 15. Jon Scheele https://www.linkedin.com/in/scheelejon London, 13-14 November 2019 Useful References: Selecting the Best API Governance Framework https://jonscheele.com/best-api-governance-framework/ Continuous API Management Mehdi Medjaoui, ErikWilde, Ronnie Mitra, Mike Amundsen
Editor's Notes
- #4: The goals of API governance are to: Maximise the value of the partner ecosystem Provide guidance to partners and staff on the firm’s priorities State the degree of autonomy partners and staff have to innovate Protect the firm’s customers and assets (digital, physical and financial) and sensitive information Meet customer expectations for transparency, privacy and gaining consent before sharing information with third parties Comply with laws and regulations
- #5: APIs offer the opportunity to forge new communication paths inside and outside the organisation. But this can only happen if the governance structures and processes adapt to guide the firm’s activities towards these goals, while protecting the firm’s operations, assets, their partners and customers.
- #9: In “Microservice vs Monolith: Which One to Choose?” https://dzone.com/articles/microservice-vs-monolith-which-one-to-choose Shamik Mitra argues that, if your team members are experienced and multi-skilled, a microservice “you build it, you run it” approach can work well. If not, a monolithic/modular system may be more sustainable, enabling team members to gain proficiency in a narrower set of skills. Other factors to consider are how the firm’s infrastructure is organised, and the criticality of domain knowledge in a given function.