08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
APIdays London 2019 - Selecting the best API Governance for your organisation with Jon Scheele, API Strategist
1. Selecting the best
API Governance
for your organisation
Jon Scheele
API Strategist & Organiser, APIdays Singapore
London, 13-14 November 2019
2. Governance: Definition
“Establishment of policies, and continuous monitoring of their proper
implementation, by the members of the governing body of
an organization. It includes the mechanisms required to balance the
powers of the members (with the associated accountability), and
their primary duty of enhancing the prosperity and viability of the
organization”.
2
Source: http://www.businessdictionary.com/definition/governance.html
3. What is Governance?
• Governance should make it easy for people to do the right thing,
but hard to do the wrong thing
– But what is the right thing, and who decides?
• Governance needs to help the organisation:
– Manage change
– Sustain on-going operations
3
4. Challenges
• Centralisation vs Decentralisation – who decides
• Pace of change: what is best practice today is obsolete tomorrow
4
Conway’s Law: "organizations which design systems ...
are constrained to produce designs which are copies of
the communication structures of these organizations."
5. The API Life Cycle
Publish
Realise
Maintain
Retire
Create
• Who gets to create?
• Who owns the API?
• Who gets to consume?
• Who monitors & maintains:
– Individual APIs
– System-wide
• Who decides to retire an API,
and how?
5Source: “Continuous API Management”, Mehdi Medjaoui, ErikWilde, Ronnie Mitra, MikeAmundsen
9. Governance definition revisited
“Establishment of policies,
and continuous monitoring of their
proper implementation,
by the members of the
governing body of an organization.
It includes the mechanisms required
to balance the powers of the
members (with the
associated accountability),
and their primary duty of enhancing
the prosperity and viability of the
organization”.
• What principles, policies, standards?
• How to monitor?
• Who is a member?
• Who has decision rights?
• How to align to organization’s
strategy?
9Source: http://www.businessdictionary.com/definition/governance.html
11. 11
Partner Onboarding Process
1
Partner
Self-Test
Register user account
Create app
Generate key
Prototype
Sandbox testing
Request access to
production
2
Business
Assessment
Business value
assessment
Partner background
& compliance checks
3
Technical
Readiness
Create test cases
White-listing onTest
Provision onTest
environment
Conduct E2E testing
Backend verification
Business Readiness
Testing
4
Commercial
Launch
Issue Production
API keys
White-list on
Production
Authorise partner to
add to store
12. Who decides – traditional enterprise example
Activity
ProductTeam
APITeam
Architecture
Marketing
Security
Risk/
Compliance
Finance
ITOperations
Outsource
Provider
Create API R/A C I I I
PublishAPI R/A C C I C C C
Realise - Launch R/A
Internal onboarding I R/A I I I C ?
Partner onboarding C R/A I C C C C ?
Maintain R/A C C C C ?
Retire R/A C C C C C C C ?
12
13. API Governance at Amadeus
• All Amadeus APIs are designed in the
same way (error structure, error codes,
request/response format, pagination,
query parameters, versioning)
• They have the
same documentation format, the same
type of materials (WSDl, XSD,
Swagger) and are ready for developers
to start coding.
• Valid materials: Understandable
documentation, release notes, valid
endpoint, valid configuration setup.
• Interoperability: Common Data
Dictionary across APIs.
13Source: Patrick Brosse, https://developers.amadeus.com/blog/api-governance
14. How to decide
• How does the organisation
work?
– Centralised <> Decentralised
– Waterfall <>Agile
– Manual <>Automated
• Engagement: Coach or Cop?
• Automation:
– Integrating toolchain,Testing,
Deployment
• What is the culture you have?
• What is the culture you want to
foster?
14
15. Jon Scheele
https://www.linkedin.com/in/scheelejon
London, 13-14 November 2019
Useful References:
Selecting the Best API Governance Framework
https://jonscheele.com/best-api-governance-framework/
Continuous API Management
Mehdi Medjaoui, ErikWilde, Ronnie Mitra, Mike Amundsen
Notas del editor
The goals of API governance are to:
Maximise the value of the partner ecosystem
Provide guidance to partners and staff on the firm’s priorities
State the degree of autonomy partners and staff have to innovate
Protect the firm’s customers and assets (digital, physical and financial) and sensitive information
Meet customer expectations for transparency, privacy and gaining consent before sharing information with third parties
Comply with laws and regulations
APIs offer the opportunity to forge new communication paths inside and outside the organisation. But this can only happen if the governance structures and processes adapt to guide the firm’s activities towards these goals, while protecting the firm’s operations, assets, their partners and customers.
In “Microservice vs Monolith: Which One to Choose?” https://dzone.com/articles/microservice-vs-monolith-which-one-to-choose
Shamik Mitra argues that, if your team members are experienced and multi-skilled, a microservice “you build it, you run it” approach can work well. If not, a monolithic/modular system may be more sustainable, enabling team members to gain proficiency in a narrower set of skills. Other factors to consider are how the firm’s infrastructure is organised, and the criticality of domain knowledge in a given function.