-
Internal and external best practice guidelines, such as naming conventions
-
Industry-specific government standards, such as encryption for sensitive API data (HTTPS)
Anypoint API Governance Overview
Anypoint API Governance is a component of Anypoint Platform that enables you to apply governance rules to your APIs as part of the API lifecycle.
With Anypoint API Governance you can:
-
Improve your organization’s API quality:
Identify conformance issues in governed APIs and take steps to resolve them.
-
Share and enforce governance best practices:
Customize and publish governance rulesets to share and enforce organization-specific best practices with your developers.
-
Apply consistent rules from design time to deployment:
Use governance rulesets to apply centralized governance to multiple aspects of your APIs, from specifications at design time to instances at deployment.
-
Enforce governance within your DevOps organization:
Automate API governance in your CI/CD pipeline using CLI commands or through API solutions using the experience API.
Governance Dashboard
The API Governance Dashboard offers an organization-wide view of your API landscape, allowing you to quickly grasp the overall status of your APIs and identify areas that require attention. It serves as a starting point for understanding your API governance posture and taking initial steps to improve it.
From the API Governance Dashboard, you can:
-
View metrics, such as the number of unprotected APIs, governed APIs, APIs in Exchange, and APIs in production.
-
Understand the distribution of your APIs by type, including REST API, AsyncAPI, and HTTP API.
-
Understand your API governance posture, including conformance status and nonconformance severity for governed APIs.
-
Take action from the Dashboard based on the presented metrics, such as initiating the creation of new governance profiles to start governing unprotected APIs and navigating to lists of APIs for further review.
See API Governance Dashboard Overview for details.
Governance Console
In the API Governance console, governance administrators can:
-
Create governance profiles to apply governance rulesets to a targeted set of APIs. The API Governance console then provides a conformance summary for all of your validated APIs.
-
Monitor API conformance and notify developers to help improve conformance.
See API Governance Console Overview for details.
Governance Across Anypoint Platform
In addition to viewing API conformance information in the API Governance console, developers, architects, and implementors can view governance conformance information and take action to fix issues using:
-
Exchange
-
Developers can view conformance status details for published API specifications, discover rulesets, and publish custom rulesets.
-
Implementors can view rulesets to determine how to fix API instance conformance issues.
-
-
Anypoint Code Builder and Design Center:
-
Developers or architects can check API specification conformance in the API design phase by applying governance rulesets directly to API specifications as dependencies.
-
-
API Manager:
-
Implementors can check API instance conformance by viewing comprehensive governance reports.
-
Anypoint API Governance Concepts
Following are the concepts you must know to use Anypoint API Governance.
- governance profiles
-
A governance profile applies selected governance rulesets to a filtered group of APIs. API Governance then validates the APIs against the rulesets to determine governance conformance.
- active profiles
-
Use active profiles to share API conformance information with developers and notify them of conformance issues. APIs targeted by active profiles are governed APIs and their conformance information is shown across Anypoint Platform.
- draft profiles
-
Use draft profiles to test settings before revealing their targeted APIs' conformance information across Anypoint Platform. APIs targeted by draft profiles are governed, but their conformance information isn’t shown outside of the draft profile view unless they’re also targeted by an active profile.
- governance rulesets
-
Governance rulesets are collections of rules, or guidelines, that can be applied over the metadata extracted from APIs in Anypoint Platform. Examples of things you can use governance rulesets to help enforce are:
MuleSoft provides several rulesets in Exchange, such as Anypoint API Best Practices, OpenAPI Best Practices, Authentication Security Best Practices, and Mule API Management Best Practices. Discover rulesets in Exchange by filtering the search by the Rulesets type. See Search for Assets.
- governed APIs
-
APIs are governed if they’re identified by the selection criteria of at least one governance profile. If an API is governed, all versions of that API are considered one governed API. Subscription limits are set based on your organization’s purchased capacity. The UI gives information about usage and shows alerts when you near or exceed your subscription capacity.
- API
-
The entire API, including all its aspects. In Anypoint Platform, aspects of an API might also be called just API in context with the product that is managing them. For example, in Exchange, API might refer to the API specification, documentation, and catalog. In API Designer, API might refer to the API specification. In API Catalog, API might refer to the API instance, policies, and contracts.
- API aspects
-
Parts of an API. Examples of API aspects include specifications, instances, catalog information, and documentation.
- API specification
-
Details the functional and expected behavior of an API, as well as the fundamental design philosophy and supported data types. It contains both documentation and API definitions to create a contract that people and software can read.
- API implementation
-
A realization of the API specification to make the API functional.
- API instance
-
An instantiation of the API implementation. An API can have multiple instances across different environments and gateways, which can be used by clients to make API calls. Instances that are configured but not deployed are also captured as part of this aspect.
An instance can be either a proxy of an API that serves the upstream or an application endpoint.
- API documentation
-
Helps consumers understand and use the API, with content such as examples, use cases, and tutorials.
- API catalog information
-
Properties related to an API’s entry in an API catalog, such as name, version, owner (contact), tags, and categories. In Anypoint Exchange, these properties are associated with APIs in asset portal information.