Anypoint API Governance Overview
Anypoint API Governance is a component of Anypoint Platform that enables you to apply governance rules to your APIs as part of the API lifecycle.
With Anypoint API Governance you can:
-
Improve your organization’s API quality:
Identify conformance issues in governed APIs and take steps to resolve them.
-
Share and enforce governance best practices:
Customize and publish governance rulesets to share and enforce organization-specific best practices with your developers.
-
Apply consistent rules from design time to deployment:
Use governance rulesets to apply centralized governance to multiple aspects of your APIs, from specifications at design time to instances at deployment.
-
Enforce governance within your DevOps organization:
Automate API governance in your CI/CD pipeline using CLI commands or through API solutions using the experience API.
Anypoint API Governance Overview Video
Watch the Anypoint API Governance Product Spotlight video to see a quick overview of Anypoint API Governance.
Governance Console
In the API Governance console, governance administrators can add governance rulesets to governance profiles to apply the governance rulesets to multiple APIs across your organization. The API Governance console then provides an overview of conformance for all of your validated APIs. Monitor your API conformance and notify developers to help improve conformance.
| 1 | View a numeric and visual summary of your governance profiles, governance status, conformance status, and nonconformance by severity. |
| 2 | View, filter, and search a summary list of your governance profiles or governed APIs. |
| 3 | Export conformance reports in CSV format. |
| 4 | Add a new profile. |
| 5 | View the comprehensive governance report for an API. |
| 6 | Select from the more options menu to take relevant actions. You can export reports for a selected profile or API, view, edit, or delete a profile, notify API owners, or open an API in Exchange. |
Governance Across Anypoint Platform
In addition to viewing API conformance information in the API Governance console, developers, architects, and implementors can view governance conformance information and take action to fix issues using:
-
Exchange
-
Developers can view conformance status details for published API specifications, discover rulesets, and publish custom rulesets.
-
Implementors can view rulesets to determine how to fix API instance conformance issues.
-
-
Design Center API Designer:
-
Developers or architects can check API specification conformance in the API design phase by applying governance rulesets directly to API specifications as dependencies.
-
-
API Manager:
-
Implementors can check API instance conformance by viewing comprehensive governance reports.
-
Anypoint API Governance Concepts
Following are the concepts you must know to use Anypoint API Governance.
- governance profiles
-
A governance profile applies selected governance rulesets to a filtered group of APIs. API Governance then validates the APIs against the rulesets to determine governance conformance.
- governance rulesets
-
Governance rulesets are collections of rules, or guidelines, that can be applied over the metadata extracted from APIs in Anypoint Platform. Examples of things you can use governance rulesets to help enforce are:
-
Internal and external best practice guidelines, such as naming conventions
-
Industry-specific government standards, such as encryption for sensitive API data (HTTPS)
MuleSoft provides several rulesets in Exchange, such as Anypoint API Best Practices, OpenAPI Best Practices, Authentication Security Best Practices, and Mule API Management Best Practices. Discover rulesets in Exchange by filtering the search by the Rulesets type. See Search for Assets.
-
- governed APIs
-
APIs are governed if they are identified by the selection criteria of at least one of the governance profiles. If an API is governed, all versions of that API are considered one governed API. Subscription limits are set based on your organization’s purchased capacity and the UI gives information about usage and alerts when you are nearing or exceeding your subscription capacity.
- API conformance
-
API conformance indicates whether a validated API specification passes all of the required rules in one or more governance rulesets. If an API specification is included in multiple governance profiles, it must pass all of the rulesets in all of those profiles to be conformant.
- API conformance status
-
API conformance status indicates whether the APIs that are included in your governance profiles pass all applied governance rulesets:
-
Conformant:
The APIs pass all applied governance rulesets.
-
Not Conformant:
The APIs fail at least one governance ruleset.
-
Not Validated:
The APIs are not validated because they are not included in a governance profile.
Versions of an API might have different conformance statuses. Total version conformance status counts are shown in the API Governance console and conformance status indicators are shown for API versions in API Governance, Exchange, and API Manager.
API conformance applies only to API types supported by API Governance, such as REST API and AsyncAPI. -
- nonconformance severity
-
Nonconformance severity is categorized by percentage of passed rulesets among all required rulesets:
-
High Severity:
0 - 40% rulesets passed
-
Medium Severity:
41% - 80% rulesets passed
-
Low Severity:
81% - 99% rulesets passed
-
- governance status
-
Governance status in the API Governance console shows the number of governed APIs, total number of APIs of supported API types, and subscription limit information.
- governance profile status
-
You can view profile statuses in the API Governance console. Governance profile statuses are based on the percentage of conformant APIs in the profile:
-
Normal:
More than 70% of APIs are conformant.
-
At Risk:
Less than 70% of APIs are conformant.
-
- project errors
-
Project errors are shown in the Design Center API Designer text editor page. The Project Errors section of the page shows functional issues and nonconformance messages found in the API specification that is open in the text editor.
- API
-
The entire API, including all its aspects. In Anypoint Platform, aspects of an API might also be called just API in context with the product that is managing them. For example, in Exchange, API might refer to the API specification, documentation, and catalog. In API Designer, API might refer to the API specification. In API Catalog, API might refer to the API instance, policies, and contracts.
- API aspects
-
Parts of an API. Examples of API aspects include specifications, instances, catalog information, and documentation.
- API specification
-
Details the functional and expected behavior of an API, as well as the fundamental design philosophy and supported data types. It contains both documentation and API definitions to create a contract that people and software can read.
- API implementation
-
A realization of the API specification to make the API functional.
- API instance
-
An instantiation of the API implementation. An API can have multiple instances across different environments and gateways, which can be used by clients to make API calls. Instances that are configured but not deployed are also captured as part of this aspect.
An instance can be either a proxy of an API that serves the upstream or an application endpoint.
- API documentation
-
Helps consumers understand and use the API, with content such as examples, use cases, and tutorials.
- API catalog information
-
Properties related to an API’s entry in an API catalog, such as name, version, owner (contact), tags and categories. In Anypoint Exchange, these properties are associated with APIs in asset portal information.