For many, governance is a necessary but tedious task. But when done right, governance offers a clear direction, breaks down barriers, and enables different parts of the organization to function independently. So how does one make the most out of governance?
To achieve this empowering style of governance one needs to prioritize strategic goals and align them with the dynamics of the organization that needs governing. Incentivizing the attaining of these goals is also an important part of overall governance.
Since different goals can sometimes come into conflict, divide the categories of API governance into 5 areas: program, product, portfolio, principles, and platform. This allows your organization to outline a complete API governance model with clear objectives that helps the business achieve its long-term strategies and minimizes friction.
- API Program Governance
Organizations often look for ways to utilize APIs for the betterment of their business and support their digital transformation efforts. The first step is to define the API strategy that corresponds with the organization’s business goals and dynamics. The following steps that implement the strategy are best guided by an enterprise API program. The API program leadership (an API Center for Enablement (C4E) within the organization) is responsible for defining the overall API governance model, including governance of the program’s objectives.
At its core, APIs are about connectivity and scalability. The most effective API programs are comprehensive, considering not just changes in technology, but also factoring in delivery methodologies, team structures, and even workplace culture. Similarly, API program goals vary. API program governance involves gauging the program’s progress against its goals; correcting discrepancies by adjusting the course.
Here are some of the questions that are needed for effective API program governance:
- How can we measure the program’s effect on its specified goals?
- How can we measure and increase the organization’s implementation of an API-led approach?
- How can we ensure that our program goals are the right ones?
The C4E should maintain ownership of API program governance for the length of the program. A clear focus on program goals and governance helps the C4E keep the API program on course.
- API Product Governance
Each API product needs to have a standalone product strategy and planned business model, regardless of the overall enterprise API strategy. An effective API product should be self-sustaining. This makes it obvious why the governance of an API product should be separate from the supporting organization’s API program. The API product team, especially the API product manager is responsible for the API product governance.
API product governance revolves around the lifecycle management of individual APIs, making sure they achieve their business objectives and measuring the API product against its defined business model.
These are questions you should ask and address via API product governance:
- Are the product vision, business models, market strategy, product design, and roadmap aligned?
- How efficiently is new feature delivery being balanced with the retirement of technical debt?
- What channels are in place to collect consumer feedback and measure API product performance?
- What API product risks need to be mitigated, and what regulatory compliance is required?
- API Portfolio Governance
Over time businesses will end up amassing more API products. As API products increase, so will the need for governance of some cross-cutting concerns. While API program governance deals with enterprise-wide concerns that are change-oriented, API portfolio governance is needed to manage those that are ongoing. Without this governance, an organization runs the risk of providing unreliable developer experiences and creating vulnerabilities.
API portfolio governance involves overseeing the entirety of API products in an organization. This allows a merger of similar API products, deprecates unused APIs, drives consistency around design, applying consistent policies, and collective external perspectives.
These questions will help address and navigate API portfolio governance:
- What are our highest value API products? How do we manage redundant or unused APIs?
- What security and operational policies have to be imposed across our API product portfolio? How are we protecting all the data involved?
- Which design standards should be followed across the portfolio?
- How much correspondence is there between the various developer communities using the APIs?
API program and portfolio governance are usually a C4E responsibility at the beginning of an API program. As the program grows, the C4E must shift accountability for portfolio governance to other long-living units within the organization
- API Platform Governance
There is also the API governance that occurs automatically in the organization’s runtime API interactions. This is needed to provide the level of efficiency and scale required in a digital organization. This allows the enterprise leaders to observe and measure the effectiveness of their governance measures and allows them to enforce governance policies in real-time.
API platform governance has a two-fold nature. On one hand, it involves providing metrics to and enforcing policies for the other three groups of API governance. It is also about using automation and digital native capabilities to ensure stability, security, and resilience in the operational environment where the API products are employed.
Here are a few questions that should be asked and addressed through API platform governance:
- What runtime capabilities are necessary for enforcing API product governance policies?
- What runtime capabilities are needed to implement API portfolio governance policies?
- What are normal operations like and how can operational irregularities be mitigated?
- Is there an API platform business model and how can its efficiency and effectiveness be recurrently measured?
As with portfolio governance, API platform governance often starts under the ownership of the API C4E. It should be gradually switched to a cross-organizational group within IT.
- API Principles Governance
The most important aspect of the API governance model is mediating the dispute between the different categories. Early in an API program, there is often contention between the program’s aims and the organization’s status quo. Because of this, firm program governance is required from the start.
As the program develops, the number of API products grows, and the friction between the product and program governance may rise. On one hand, API product managers won’t want their feature delivery slowed down by bureaucratic red tape. However, those governing the API product portfolio won’t want unreliable and inconsistent APIs.
Outlining the different categories of governance will simplify roles and alleviate potential disputes in the general API governance model. Focusing on consumer needs will offer additional guidance to resolve conflicts. A simple measure that any C4E can take to optimize the governance model is establishing a set of principles that outline the API program’s vision. While different aspects of governance will change over time, an organization’s principles will last for the years to come.