API Governance Overview

Anypoint API Governance is a component of the Anypoint Platform that enables you to apply governance rules to your APIs as part of the API lifecycle. API Governance helps you improve your organization’s API quality by enabling you to identify conformance issues and take steps to resolve them.

API Governance enables you to:

  • Share governance best practices: Publish governance rulesets in Anypoint Exchange to share with other developers.

  • Apply consistent rules at design time: Enable developers to apply governance rulesets at design time in Anypoint API Designer.

  • Enforce governance within your DevOps organization: Automatically apply standards to your API contract and definition within your CI/CD pipeline.

In the API Governance console, you add governance rulesets to governance profiles to apply the governance rulesets to multiple APIs across your organization. The API Governance console then provides you with an overview of conformance for all validated APIs. You can monitor your APIs' conformance and notify developers to help improve the conformance.

Screenshot of the API Governance console
1 View a numeric summary of your governance profiles, API conformance, and nonconformance by severity.
2 View, filter, and search a summary list of your governance profiles or validated APIs.
3 Export conformance reports in CSV format.
4 Add a new profile.
5 Select from the more options menu to export reports and view, edit, and delete profiles.

API Governance is integrated with these other components of Anypoint Platform:

  • Anypoint Design Center, where governance rulesets are applied to API definitions (as dependencies)

  • Anypoint Exchange, where governance rulesets are cataloged and discovered

API developers or architects can apply the governance rulesets directly to API definitions as dependencies in API Designer during the API design phase.

Screenshot of rulesets applied as dependencies in API Designer
1 Add rulesets to your API project.
2 View conformance issues and filter by level of severity.
3 Expand the Project Errors section of the text editor to view nonconformance messages.

API Governance Concepts

Following are the concepts you need to know to use API Governance.

Governance Profiles

A governance profile applies chosen governance rulesets to a select group of APIs. The API definitions are validated against the governance rulesets.

A governance profile has two statuses, Normal and At Risk, which are based on the percentage of conformant APIs in the governance profile.

  • Normal: More than 70% of APIs are conformant

  • At Risk: Less than 70% of APIs are conformant

Governance Rulesets

Governance rulesets are collections of rules, or guidelines, that can be applied over the metadata extracted from API definitions in the Anypoint Platform. Some examples of governance rulesets are internal and external best practice guidelines, such as naming conventions, and industry-specific government standards, such as making sure your APIs that have sensitive data are encrypted (HTTPS).

MuleSoft provides several rulesets in Exchange, such as Anypoint API Best Practices, OpenAPI Best Practices, OWASP API Security Top 10, and Authentication Security Best Practices governance rulesets. You can discover rulesets published in Exchange by filtering the search in Exchange by the Rulesets type. See Search for Assets.

Governed APIs

APIs are governed if they are identified by the selection criteria of at least one of the governance profiles.

API Conformance

API conformance indicates whether a validated API definition passes all of the required rules in one or more governance rulesets. If an API definition is included in multiple governance profiles, it must pass all of the rulesets in all of those profiles to be conformant.

API conformance applies only to API types supported by API Governance, such as REST API and AsyncAPI.

Conformance Status

Conformance status indicates the status of your API definitions' conformance to selected rulesets, as configured in your governance profiles.

Nonconformance Severity

Nonconformance severity is categorized by percentage of passed rulesets among all required rulesets.

High Severity

0 - 40% rulesets passed

Medium Severity

41% - 80% rulesets passed

Low Severity

81% - 99% rulesets passed

Conformance status indicates the status of your API definitions' conformance to selected rulesets, as configured in your governance profiles.

Project Errors

Project errors are shown in the Design Center API Designer text editor page. The Project Errors section of the page shows functional issues and nonconformance messages found in the API definition that is open in the text editor.

API Governance Usage Reports

You can view usage reports to gain insight into your monthly usage of API Governance. See Viewing Usage Reports for API Governance.

Was this article helpful?

💙 Thanks for your feedback!