Finding and Fixing Conformance Issues
API Governance helps you continually improve your organization’s API conformance by providing tools and guidance for finding and fixing conformance issues.
Governance admins typically:
-
Initiate validation of APIs against rulesets in API Governance for all supported API aspects.
-
View conformance information in the validation report in API Governance.
-
Notify developers or implementors about conformance issues.
Developers and implementors typically:
-
Initiate validation of API specifications against rulesets in Anypoint Code Builder or Design Center.
-
View conformance information for each rule in the context of the open specification project.
-
Fix conformance issues using the following:
-
Anypoint Code Builder or Design Center for specifications
-
Exchange for documentation
-
Exchange for catalog information
-
API Manager for instances
-
Regardless of which tasks you’re responsible for in governance for your organization, you can view conformance information for APIs that are centrally governed by API Governance in the following places in Anypoint Platform:
-
Validation reports in API Governance or API Manager
-
Conformance Status pages in Exchange for specifications
-
Governed APIs pages in Exchange for rulesets
View Conformance Information in the Validation Report
View a comprehensive governance validation report in API Governance or API Manager.
1 | View an overview of the API’s conformance to each ruleset it’s validated against. |
2 | View a ruleset in Exchange. |
3 | Select an API aspect in Conformance Breakdown to view the conformance information for that aspect. Issues that apply to the entire API are listed in the Global tab. |
4 | View details of the API’s conformance to a specific ruleset. |
5 | View the API specification in Design Center. |
To view conformance information in the governance validation report:
-
In the API Governance console, select the Governed APIs tab.
-
If the API has a Not Conformant badge, click View Report for information about the conformance issue.
-
View all issues:
Click View Details for a ruleset the API is nonconformant to.
-
View issues for a selected aspect only:
-
Select an aspect of the API in the Conformance Breakdown section of the report.
-
Click View Details for a ruleset the API is nonconformant to.
-
-
View Conformance Status for an API in Exchange
You can view governance conformance status in Exchange for versions of API specifications. The status is one of the following:
-
Conformant: The API specification is conformant to governance rulesets against which it has been validated.
-
Not Conformant: The API specification is not conformant to governance rulesets against which it has been validated.
-
Not Validated: The API specification is not validated against governance rulesets.
Conformance status can be viewed in Exchange as follows:
-
A conformance badge is displayed for a selected version of an API.
-
In the Manage Versions page, a Conformance column shows conformance status for each version of the API.
-
A Conformance Status page appears for all REST APIs and AsyncAPIs. If a selected version of an API has been validated against governance rulesets, the conformance status page gives conformance information and gives options to fix nonconformant versions. The Conformance Status page also shows the filter criteria that resulted in the API being validated against the listed rulesets.
To view conformance status:
-
Select an API asset that is of a type supported by Anypoint API Governance.
-
Review the conformance badge.
-
To view conformance by version, click Manage Versions.
Review the Conformance column, which shows the governance conformance status for each version.
-
To view conformance details, select Conformance Status in the navigation bar. From the conformance status page, you can:
-
Select the version of the API that you want to view.
-
For validated APIs, view the lists of centralized governance rulesets and additional rulesets against which the APIs have been validated.
-
If there are more rulesets than are shown on the initial page, click the Show All link to show the full list.
-
Click the external link icon for a ruleset to view that ruleset’s page in Exchange.
-
-
For nonconformant APIs, click one of the following:
-
Fix in Design Center
After your API specification opens in Design Center, add the listed rulesets as dependencies and view the conformance messages in the Project Errors section to fix and republish your API specification.
If the asset is published directly on Exchange without an existing version in the Design Center, a read-only version of the project opens. To fix conformance issues, download the asset from Exchange, then import it to Design Center, and publish it to Exchange with the same ID and a new minor version. -
See instructions for Anypoint CLI
Follow the instructions on the page to copy, update, and run the Anypoint CLI commands to add the listed rulesets as dependencies and fix and republish your API specification.
-
-
View Governed APIs for a Ruleset
In a ruleset’s Governed APIs page, you can view the list of centrally-governed APIs to which the ruleset applies.
Developers can use the Governed APIs list as follows to help improve the quality of the rulesets and APIs that they develop:
-
When their APIs fail a ruleset, they can see which other APIs successfully conform to the ruleset so that they can fix their APIs.
-
When they search for available rulesets to use for their API, they can see which APIs are conformant to a specific ruleset to evaluate how helpful the ruleset is.
API consumers can use the Governed APIs list when they need to create an API service or application that is conformant to a certain set of standards or rules. They can:
-
Ensure there is a ruleset in Exchange that has the rules they need.
-
See which APIs pass the rules for a ruleset so that they can ensure their application is consuming only the conformant APIs.
Depending on the access you have to the APIs in Exchange, you might see only the APIs that are conformant to the ruleset. This ensures that vulnerabilities are not exposed to consumers who do not have proper access to the APIs. Organization administrators and contributors can see the conformant and non-conformant APIs for their organization.
To view the governed API list for a ruleset:
-
Select a ruleset asset that is used in an API Governance profile.
-
Select Governed APIs in the navigation bar to see whether each listed API version passes all the rules in the ruleset.
-
Select from the filter menus to refine the list of APIs. Default settings are:
-
All APIs
-
Your root organization
-
Any Ruleset Status
-
-
To view an API’s Conformance Status details, click the open external link icon ().