The Ruler of API Governance
The Ruler of API Governance
How can you be true to yourself while attending to the desires of the business?
Governance is the best way to align an API with the goals of the business that runs it. And, by alignment, I mean making sure the API provides results that drive the business closer to its goals. While governance itself can't be an orphaned function, it should be embraced across different layers of an organization. However, someone needs to steer it in the right direction. That's the ruler of API governance.
This article is brought to you with the help of our supporter: Speakeasy.
Speakeasy provides you with the tools to craft truly developer-friendly integration experiences for your APIs: idiomatic, strongly typed, lightweight & customizable SDKs in 8+ languages, Terraform providers & always-in-sync docs. Increase API user adoption with friction-free integrations.
What exactly is API governance? The generally accepted definition says it's about ensuring the consistency of the API lifecycle across all APIs inside an organization. Most people, however, focus on the design aspect because that's what can yield success faster. It's easier to start by consolidating the way people design APIs than it is to cover all the facets of API governance.
Kin Lane says API governance is about limiting the speed at which any API lifecycle process operates. By slowing down what churns out of each stage of the API lifecycle you ensure people pay more attention to the quality of its output. In Lane's own words, API governance "is really just about slowing down and being thoughtful about the design of your API."
But API governance can't be just the slowing down of the work. Slowing down is positive when you have the right processes in place to enable consistency across the API lifecycle. While design is one of the most important parts of the API lifecycle there are many other elements to nurture. The API lifecycle as a whole needs to be subjected to governance. Otherwise, you'd only be able to reap the benefits of consistency in some of its stages.
So, things like API versioning, authentication and authorization, monitoring, analytics, and compliance need to follow what governance dictates. And I'm just naming a few elements of relative importance. Depending on your business objectives you'll find some aspects are more worthy of being governed than others. If left ungoverned, some API-related elements can even damage your business.
Take, for instance, the recent security-related episode where Mercedes-Benz, a popular automobile manufacturer, exposed a private key. Whoever had access to that private key could easily access some of the company's internal APIs, among other confidential assets. What's interesting to me about this episode is not how the private key was leaked. Instead, my immediate focus was on understanding how someone with that private key could easily access internal APIs.
The damage this incident provoked is unclear to the public. However, internally there had to be an investigation. Time and money had to be spent on understanding what went wrong in this episode and how the company could prevent a similar event from occurring. This is one of the jobs of the ruler of API governance. In fact, the ruler of API governance is accountable for all the successes and failures related to an organization's APIs.
By governing the processes behind the lifecycle, the ruler of API governance ensures that situations that can damage the business have a low probability of happening. This is not necessarily a straightforward duty, as sometimes the business leadership isn't aware of what can harm the organization. There's a natural conflict that arises from what the ruler believes should happen and what the business thinks is a priority.
This conflict the ruler has between being genuine and following business decisions is aggravated by the dependency on a financial outcome. I like the way Seth Godin sees this antagonism as tension. Unlike a conflict, which you can see as something that depletes energy, tension is something you can draw energy from.
There's a tension, the gap between what the work wants and what the person paying for it wants. Dancing in that gap is the work of creating our art.—Seth Godin, The Practice
The ruler of API governance needs to learn the dance. Otherwise governing APIs becomes an act of following orders. The tune of the dance has more than one player. Like in a jazz duet, the notes of the song are a dialog between the business propositions and the authenticity of the ruler. The louder the tune gets the more people it pulls. The art of the ruler is then to find an audience and keep it entertained by the escalating song.
A great ruler of API governance needs to be knowledgeable of the practice—the API lifecycle—while having the wisdom to navigate the complexity of the business desiderata. I see the concept of Philosopher-King (or Queen), explored by Plato, as a good way to describe the qualities of the ruler. Governing comes first from a desire to make something better and only then, to concede to the preferences of the business.
The ruler has to be a thinker, first and foremost. Many of the activities of API governance require a deep understanding of how the organization manages the API lifecycle. Without a sense of deep thinking the ruler won't be able to translate the reality into something digestible by all the involved parties. But the ruler also needs to have a strong hand while ensuring the processes are designed in the best interest of the business. Being the ruler of API governance isn't easy and isn't something for everyone. I'd say it's probably the API-related role that generates the most tension inside any organization.
How you see yourself affects how attracted you are to being the ruler of API governance. Are you a natural-born dancer able to set the pace and have others following you? Or, are you one of those people who would rather sit and watch others dance? Do you enjoy playing an instrument and setting the tune, or are you more of a listener? Are you a writer or do you prefer reading other people's thoughts? In essence, are you a ruler, or a follower?