The API is one of the most common means through which many developers interact with data. Therefore, an API design should be well-organised, consistent, and intuitive. The developer’s experience is one of the most important metrics in measuring the quality of an API. If the API design is not clear and difficult to understand, the chances it will be consumed are minimal.
However, when it comes to API design, encouraging best practices seems constantly overlooked in the complete API lifecycle, mainly in order to improve development efficiency. While the short-term benefits of rapid development can boost speed to market, without the proper foundation (API design-first approach), the API will surely lack future reusability and simply increase development headaches. Instead, when applying and following API design best practices, while the overall development time might increase, there is much less confusion in the API consumption which leads to reduced cost for development.
Sadly, the API design best practices documentation alone lacks follow-up and control over its implementation.
“Best practice when enforced becomes governance"
Organisations have long recognised the need to enforce governance on standards and best practices in order to achieve consistency in common operating procedures across different departments. When done properly, governance can provide clear direction, remove obstacles, and allow different departments of the organisation to function independently.
API governance is the process of applying common rules and requirements related to API standards and security policies to the organisation's APIs. It is verified then by different checks and validations (for example - checking the existence of examples for API requests and responses).
API governance ensures that the backend systems powering the enterprise as well as services provided are well-defined, discoverable, and properly consumed. Additionally, it provides the overall state of the system, which can help evolve and steer in the right direction.
API governance helps save time and money, because it achieves consistency and completeness of API designs, allowing them to be easily discoverable and reused, and ensures that APIs are compliant with API best practices for design, development, deployment, and consumption.
Introducing MuleSoft Anypoint API Governance
To help organisations maintain API design best practices, achieve consistency in the implementation of API internal standards, and provide assistance to their developers in order to comply with these rules, MuleSoft introduced a new feature to its Anypoint Platform - Anypoint API Governance.
The Anypoint API Governance is a component of the Anypoint Platform that applies governance rules to organisation APIs as part of the API lifecycle. API Governance helps to improve an organisation’s API quality by identifying conformance issues and taking steps to resolve them.
By creating profiles in the Anypoint API Governance console and applying rulesets to them the IT leaders no longer have to follow a manual approach of conformance validation avoiding possible delays in API delivery. It also reduces the struggle with enforcement and inconsistencies of API design best practices. API Governance offers two options either out-of-the-box or custom-made rulesets which could be applied to multiple APIs across the organization (a ruleset is a collection of rules or guidelines that can be applied over the metadata extracted from any REST API specification in Anypoint Platform).
After the profiles are created and rulesets applied, the API Governance console shows an overview of conformance for all validated APIs. The IT leaders can use it to monitor the API conformance, and notify API owners about non-conformities and ways to improve their API designs.
Ensure conformance during API design
The MuleSoft Anypoint API Governance feature makes governance seamless for development teams to adopt. Created API Governance profiles can be accessed as dependencies in MuleSoft Anypoint API Designer during the API design stage, so that the developers can check and correct conformance issues in real-time, hence reducing additional manual validations in the future.
Enforce API Design Best Practices with MuleSoft Anypoint API Governance
- To enforce the API design best practices with Anypoint API Governance, the APIs that need to be governed have to be identified first and be included in a new profile of Anypoint API Governance (the APIs can be identified through tags or categories of APIs in Anypoint Exchange).
- The next step would be to add the Anypoint Best Practices out-of-the-box ruleset, which contains over 30 best practices for API design, to a newly created profile (alternatively, a custom ruleset can be created if the organisation’s API best practices are different from the existing MuleSoft ruleset).
After the API Governance profile is configured, the monitoring and reporting will be available for the organization’s REST API designs’ conformance success or failure. Additionally, non-conformance notifications can be sent to the API owners automatically or manually from an API Governance profile.