Contact Us 1-800-596-4880

Anypoint API Governance Overview

Anypoint API Governance is a component of Anypoint Platform that enables you to apply governance rules to your APIs as part of the API lifecycle.

With Anypoint API Governance you can:

  • Improve your organization’s API quality:

    Identify conformance issues in governed APIs and take steps to resolve them.

  • Share and enforce governance best practices:

    Customize and publish governance rulesets to share and enforce organization-specific best practices with your developers.

  • Apply consistent rules from design time to deployment:

    Use governance rulesets to apply centralized governance to multiple aspects of your APIs, from specifications at design time to instances at deployment.

  • Enforce governance within your DevOps organization:

    Automate API governance in your CI/CD pipeline using CLI commands or through API solutions using the experience API.

Governance Console

In the API Governance console, governance administrators can:

  • Create governance profiles to apply governance rulesets to a targeted set of APIs. The API Governance console then provides a conformance summary for all of your validated APIs.

  • Monitor API conformance and notify developers to help improve conformance.

Screenshot of the API Governance console
1 View a summary of your governance usage and API conformance status information to more easily monitor your organization’s API conformance.
2 View, filter, search, and take action on a summary list of your active and draft governance profiles or your governed APIs.
3 Export conformance reports in CSV format.
4 Create a profile and save it as draft or active.
5 View the comprehensive governance report for an API.
6 Select from the more options menu to take relevant actions. You can export reports for a selected profile or API, view, edit, or delete a profile, notify API owners, or open an API in Exchange.

Governance Across Anypoint Platform

In addition to viewing API conformance information in the API Governance console, developers, architects, and implementors can view governance conformance information and take action to fix issues using:

  • Exchange

    • Developers can view conformance status details for published API specifications, discover rulesets, and publish custom rulesets.

    • Implementors can view rulesets to determine how to fix API instance conformance issues.

  • Anypoint Code Builder and Design Center:

    • Developers or architects can check API specification conformance in the API design phase by applying governance rulesets directly to API specifications as dependencies.

  • API Manager:

    • Implementors can check API instance conformance by viewing comprehensive governance reports.

Anypoint API Governance Concepts

Following are the concepts you must know to use Anypoint API Governance.

governance profiles

A governance profile applies selected governance rulesets to a filtered group of APIs. API Governance then validates the APIs against the rulesets to determine governance conformance.

active profiles

Use active profiles to share API conformance information with developers and notify them of conformance issues. APIs targeted by active profiles are governed APIs and their conformance information is shown across Anypoint Platform.

draft profiles

Use draft profiles to test settings before revealing their targeted APIs' conformance information across Anypoint Platform. APIs targeted by draft profiles are governed, but their conformance information isn’t shown outside of the draft profile view unless they’re also targeted by an active profile.

governance rulesets

Governance rulesets are collections of rules, or guidelines, that can be applied over the metadata extracted from APIs in Anypoint Platform. Examples of things you can use governance rulesets to help enforce are:

  • Internal and external best practice guidelines, such as naming conventions

  • Industry-specific government standards, such as encryption for sensitive API data (HTTPS)

MuleSoft provides several rulesets in Exchange, such as Anypoint API Best Practices, OpenAPI Best Practices, Authentication Security Best Practices, and Mule API Management Best Practices. Discover rulesets in Exchange by filtering the search by the Rulesets type. See Search for Assets.

governed APIs

APIs are governed if they’re identified by the selection criteria of at least one governance profile. If an API is governed, all versions of that API are considered one governed API. Subscription limits are set based on your organization’s purchased capacity. The UI gives information about usage and shows alerts when you near or exceed your subscription capacity.

API

The entire API, including all its aspects. In Anypoint Platform, aspects of an API might also be called just API in context with the product that is managing them. For example, in Exchange, API might refer to the API specification, documentation, and catalog. In API Designer, API might refer to the API specification. In API Catalog, API might refer to the API instance, policies, and contracts.

API aspects

Parts of an API. Examples of API aspects include specifications, instances, catalog information, and documentation.

API specification

Details the functional and expected behavior of an API, as well as the fundamental design philosophy and supported data types. It contains both documentation and API definitions to create a contract that people and software can read.

API implementation

A realization of the API specification to make the API functional.

API instance

An instantiation of the API implementation. An API can have multiple instances across different environments and gateways, which can be used by clients to make API calls. Instances that are configured but not deployed are also captured as part of this aspect.

An instance can be either a proxy of an API that serves the upstream or an application endpoint.

API documentation

Helps consumers understand and use the API, with content such as examples, use cases, and tutorials.

API catalog information

Properties related to an API’s entry in an API catalog, such as name, version, owner (contact), tags, and categories. In Anypoint Exchange, these properties are associated with APIs in asset portal information.