Mule Meetup Calgary- API Governance & Conformance.pdf

N
NithaJoseph4
API Governance & Conformance CALGARY MULESOFT MEETUP September 25, 2023
Safe Harbour Statement ● Both the speaker and the host are organizing their meet-up in individual capacity only. We are not representing our companies here. ● This presentation is strictly for learning purposes only. ● Organizer/Presenters do not hold any responsibility that the same solution will work for your business requirements. ● This presentation is not meant for any promotional activities.
Housekeeping ● A recording of this meetup will be uploaded to events page within 24 hours. ● Questions can be submitted/asked at any time in the Chat/Questions and Answers Tab. ● Give us your feedback! Rate this meetup session by filling feedback form at the end of the day. Hoping to see your feedbacks!!
Agenda ● Introductions ● Need for API Security & Best Practices ● Benefits of API Governance ● API Governance & Conformance ● Governance Console 1/2 ● Governance Console 2/2 ● Demo ● Quiz time ● Networking time
Speakers and host for today a Akash Parwal Manager, PwC MuleSoft Mentor | Toronto Meetup Leader Nitha Joseph Associate Consultant, PwC MuleSoft Mentor | Calgary Meetup Leader
Need for API Security & Best practices When working with a plethora of APIs across multiple teams and design tools, architects want to maintain standard quality and security while developers want to avoid overhead caused by conformance review cycles. There are two challenges that stand in the way of API security efforts: ● API Sprawl: A drastic increase in the number of APIs has resulted in less visibility of the APIs in your digital estate. The result is challenging to manage and dramatically increases bad actors' opportunities to take advantage. ● API Standardization: Standardizing APIs ensures all APIs within the digital estate adhere to the agreed and defined security standards. 5 Best Practices to secure your data: ● API Protection: Go beyond authentication by defining permissions and controlling how much access an individual has when they access an API. ● API Governance: IT teams must proactively approach API security through standardization. ● API Data Security: By controlling what data is accessible within an API, IT teams can employ an additional layer of protection by ensuring that the API does not release all data to every user that accesses it. ● API Discovery: Shadow APIs lurk just outside of sight, and IT teams can’t secure what you can’t find. ● API Security Testing: the ongoing testing to identify APIs vulnerabilities.
Benefits of API Governance API governance in MuleSoft offers several benefits, including: ● Consistency: It ensures that APIs follow consistent naming conventions, data formats, and security protocols, leading to a more uniform and predictable API landscape. ● Security: API governance enforces security measures like authentication, authorization, and encryption, reducing the risk of data breaches and ensuring compliance with regulations. ● Compliance: It helps organizations adhere to industry standards and regulatory requirements by defining and enforcing compliance policies and practices. ● Efficiency: API governance streamlines API development and management processes, reducing duplication of effort and improving resource allocation. ● Visibility and Monitoring: It provides tools and processes for monitoring API usage and performance, enabling proactive issue detection and resolution. These benefits collectively enhance an organization’s ability to manage and scale its API ecosystem effectively using MuleSoft.
API Governance & Conformance Anypoint API Governance is a component of the Anypoint Platform that enables you to apply governance rules to your APIs as part of the API lifecycle. With API Governance you can - ● Improve your organization’s API quality: Identify conformance issues in published API specifications and take steps to resolve them. ● Share governance best practices: Publish governance rulesets in Anypoint Exchange to share with other developers. ● Apply consistent rules at design time: Apply governance rulesets at design time in Anypoint API Designer. ● Enforce governance within your DevOps organization: Automate the application of standards to your API contract and specification within your CI/CD pipeline.
Governance Console – 1/2 ● The MuleSoft Governance Console is a powerful web-based tool that serves as the centralized control center for managing and enforcing API governance policies within the MuleSoft Anypoint Platform. ● As organizations adopt API-led connectivity to enable seamless integration and streamline digital transformation, the Governance Console becomes an essential component to ensure the consistency, security, and compliance of APIs. ● With the Governance Console, businesses gain a holistic view of their API landscape, providing administrators, developers, and stakeholders with a comprehensive dashboard to oversee the entire API lifecycle. ● From design and development to deployment and monitoring, the Governance Console empowers users to implement robust governance practices effectively.
Governance Console – 2/2 Key Features of the MuleSoft Governance Console: ● Policy Management: Administrators can define and configure a wide range of governance policies to meet their organization's specific needs. These policies include API rate limiting, authentication mechanisms, access control, and security protocols, ensuring that APIs adhere to predefined standards and best practices. ● API Lifecycle Management: The Governance Console enables seamless management of the complete API lifecycle, simplifying the process of versioning, transitioning between stages, and even retiring APIs when they are no longer needed. This centralized control streamlines collaboration and reduces the risk of inconsistencies across development teams. ● Security and Compliance: With a strong focus on security, the Governance Console allows organizations to implement industry-leading security measures, including OAuth 2.0, TLS, and HTTPS, to protect sensitive data and prevent unauthorized access. Compliance with regulatory requirements becomes more manageable through enforced policies. ● Analytics and Monitoring: Through the Governance Console's built-in analytics and monitoring capabilities, users can gain valuable insights into API usage, performance, and potential issues. Real-time data empowers stakeholders to make informed decisions, optimize API performance, and enhance end-user experiences. ● Governance Collaboration: The Governance Console fosters effective collaboration between development teams, administrators, and other stakeholders. Clear documentation and standardized governance policies ensure seamless communication and understanding of API implementations.
Governance Console MuleSoft Governance Console is a critical tool that empowers organizations to enforce API governance policies, maintain consistency, and enhance security in their API-led connectivity approach. By providing a centralized platform to manage the API lifecycle and monitor API performance, the Governance Console plays a pivotal role in driving successful API strategies and supporting digital transformation initiatives.
Demo
API Governance Profile Creation Post logging in to Anypoint Platform click to create a profile for API Governance
Governance OOTB Policies Select the Rulesets from pre- existing mule rule sets . Here we can filter it based on Rulesets provided by Mulesoft or can use our custom as well . Refer this link for custom rule set - https://docs.mulesoft.com/api- governance/create-custom-rulesets
Governance Dashboard Here in the dashboard we can make changes and see which rule-sets failed . In case of violation we can see an array of Warnings + Errors with description as to what went wrong . We can review and make adjustments in our RAML Design centre accordingly .
Governance Alerts We can set Alerts to be sent out to Admins or a group of people so that incase of any Non- Conformance an email alerts is sent out and the concerned team is notified. This helps in maintaining & notifying for Non conformance thereby enforce Conformance .
API Governance - Important Links ● Anypoint Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best- practices/minor/1.0/ ● Authentication Security Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5- 620025690913/authentication-security-best-practices/minor/1.0/ ● HTTPS Enforcement - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/https- enforcement/minor/1.0/ ● OpenAPI Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/openapi-best- practices/minor/1.0/ ● OWASP API Security Top 10 2019 Checklist - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5- 620025690913/owasp-api-security/minor/1.0/ ● Required Examples - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/required- examples/minor/1.0/ ● Custom Ruleset - https://docs.mulesoft.com/api-governance/create-custom-rulesets | https://docs.mulesoft.com/anypoint-cli/4.x/api- governance
Quiz time
Thank you for being a part of this meetup!!!
1 de 19

Mule Meetup Calgary- API Governance & Conformance.pdf

Descargar para leer sin conexión
Tecnología

API Governance to ensure API Conformance and Consistency with MuleSoft

N
NithaJoseph4

Recomendados

27th Hyderabad MuleSoft Meetup por
27th Hyderabad MuleSoft Meetup27th Hyderabad MuleSoft Meetup
27th Hyderabad MuleSoft MeetupMuleSoft Meetups
120 vistas38 diapositivas
API LifeCycle Management por
API LifeCycle ManagementAPI LifeCycle Management
API LifeCycle ManagementMuleSoft Meetups
174 vistas38 diapositivas
MuleSoft_Meetup__Official_August-2022.pptx por
MuleSoft_Meetup__Official_August-2022.pptxMuleSoft_Meetup__Official_August-2022.pptx
MuleSoft_Meetup__Official_August-2022.pptxSupriya Pawar
255 vistas18 diapositivas
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ... por
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...
apidays LIVE Hong Kong 2021 - Headless API Management by Snehal Chakraborty, ...apidays
1.2K vistas14 diapositivas
MuleSoft Surat Meetup#51 - API Monitoring - Through a New Lens por
MuleSoft Surat Meetup#51 - API Monitoring - Through a New LensMuleSoft Surat Meetup#51 - API Monitoring - Through a New Lens
MuleSoft Surat Meetup#51 - API Monitoring - Through a New LensJitendra Bafna
116 vistas20 diapositivas
What is APIGEE? What are the benefits of APIGEE? por
What is APIGEE? What are the benefits of APIGEE?What is APIGEE? What are the benefits of APIGEE?
What is APIGEE? What are the benefits of APIGEE?IQ Online Training
1.2K vistas9 diapositivas

Más contenido relacionado

Similar a Mule Meetup Calgary- API Governance & Conformance.pdf

Lessons in Transforming the Enterprise to an API Platform por
Lessons in Transforming the Enterprise to an API PlatformLessons in Transforming the Enterprise to an API Platform
Lessons in Transforming the Enterprise to an API PlatformLaunchAny
825 vistas37 diapositivas
Gravitee API Management - Ahmet AYDIN por
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDINkloia
346 vistas27 diapositivas
Uncover the Flex Gateway with a Demonstration (1).pdf por
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfPankaj Goyal
41 vistas26 diapositivas
Uncover the Flex Gateway with a Demonstration (1).pdf por
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdfPankajGoyal164048
53 vistas26 diapositivas
Session on API auto scaling, monitoring and Log management por
Session on API auto scaling, monitoring and Log managementSession on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log managementpqrs1234
688 vistas29 diapositivas
Madrid MuleSoft Meetup #11.pptx por
Madrid MuleSoft Meetup #11.pptxMadrid MuleSoft Meetup #11.pptx
Madrid MuleSoft Meetup #11.pptxjorgelebrato
323 vistas54 diapositivas

Similar a Mule Meetup Calgary- API Governance & Conformance.pdf(20)

Lessons in Transforming the Enterprise to an API Platform por LaunchAny
Lessons in Transforming the Enterprise to an API PlatformLessons in Transforming the Enterprise to an API Platform
Lessons in Transforming the Enterprise to an API Platform
LaunchAny825 vistas
Gravitee API Management - Ahmet AYDIN por kloia
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN
kloia346 vistas
Uncover the Flex Gateway with a Demonstration (1).pdf por Pankaj Goyal
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdf
Pankaj Goyal41 vistas
Uncover the Flex Gateway with a Demonstration (1).pdf por PankajGoyal164048
Uncover the Flex Gateway with a Demonstration (1).pdfUncover the Flex Gateway with a Demonstration (1).pdf
Uncover the Flex Gateway with a Demonstration (1).pdf
PankajGoyal16404853 vistas
Session on API auto scaling, monitoring and Log management por pqrs1234
Session on API auto scaling, monitoring and Log managementSession on API auto scaling, monitoring and Log management
Session on API auto scaling, monitoring and Log management
pqrs1234688 vistas
Madrid MuleSoft Meetup #11.pptx por jorgelebrato
Madrid MuleSoft Meetup #11.pptxMadrid MuleSoft Meetup #11.pptx
Madrid MuleSoft Meetup #11.pptx
jorgelebrato323 vistas
Effective practices for API Test Automation por Cigniti Technologies Ltd
Effective practices for API Test Automation Effective practices for API Test Automation
Effective practices for API Test Automation
Cigniti Technologies Ltd55 vistas
#APIOps- Agile API Development powered by API Connect por pramodvallanur
#APIOps- Agile API Development powered by API Connect#APIOps- Agile API Development powered by API Connect
#APIOps- Agile API Development powered by API Connect
pramodvallanur1.5K vistas
Melbourne Virtual MuleSoft Meetup June 2022 por Daniel Soffner
Melbourne Virtual MuleSoft Meetup June 2022Melbourne Virtual MuleSoft Meetup June 2022
Melbourne Virtual MuleSoft Meetup June 2022
Daniel Soffner449 vistas
Perth MeetUp June 2023 por Michael Price
Perth MeetUp June 2023Perth MeetUp June 2023
Perth MeetUp June 2023
Michael Price85 vistas
Microservices & anypoint service mesh calgary mule soft meetup por Jimmy Attia
Microservices & anypoint service mesh calgary mule soft meetupMicroservices & anypoint service mesh calgary mule soft meetup
Microservices & anypoint service mesh calgary mule soft meetup
Jimmy Attia428 vistas
Bangalore mulesoft meetup#10 por D.Rajesh Kumar
Bangalore mulesoft meetup#10Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10
D.Rajesh Kumar622 vistas
Manage your ap is securely and easily ibm apim 4.0 por sflynn073
Manage your ap is securely and easily ibm apim 4.0Manage your ap is securely and easily ibm apim 4.0
Manage your ap is securely and easily ibm apim 4.0
sflynn0731.4K vistas
Meetup 2022 - API Gateway landscape.pdf por Luca Mattia Ferrari
Meetup 2022 - API Gateway landscape.pdfMeetup 2022 - API Gateway landscape.pdf
Meetup 2022 - API Gateway landscape.pdf
Luca Mattia Ferrari46 vistas
MuleSoft Surat Virtual Meetup#4 - Anypoint Monitoring and MuleSoft dataloader.io por Jitendra Bafna
MuleSoft Surat Virtual Meetup#4 - Anypoint Monitoring and MuleSoft dataloader.ioMuleSoft Surat Virtual Meetup#4 - Anypoint Monitoring and MuleSoft dataloader.io
MuleSoft Surat Virtual Meetup#4 - Anypoint Monitoring and MuleSoft dataloader.io
Jitendra Bafna543 vistas
Raleigh MuleSoft Meetup - October por Savannah Cole
Raleigh MuleSoft Meetup - October Raleigh MuleSoft Meetup - October
Raleigh MuleSoft Meetup - October
Savannah Cole444 vistas
CA API Developer Portal por James Farley-Sutton
CA API Developer PortalCA API Developer Portal
CA API Developer Portal
James Farley-Sutton265 vistas
2.2.management center por Prakash Chakravarthi
2.2.management center2.2.management center
2.2.management center
Prakash Chakravarthi121 vistas
API Governance in the Enterprise por Apigee | Google Cloud
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the Enterprise
Apigee | Google Cloud18K vistas
API Governance and GitOps in Hybrid Integration Platform (MuleSoft) por Sumanth Donthi
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
Sumanth Donthi214 vistas

Último

Measuring User on the web with the core web vitals - by @theafolayan.pptx por
Measuring User on the web with the core web vitals - by @theafolayan.pptxMeasuring User on the web with the core web vitals - by @theafolayan.pptx
Measuring User on the web with the core web vitals - by @theafolayan.pptxOluwaseun Raphael Afolayan
14 vistas13 diapositivas
Choosing the Right Flutter App Development Company por
Choosing the Right Flutter App Development CompanyChoosing the Right Flutter App Development Company
Choosing the Right Flutter App Development CompanyFicode Technologies
13 vistas9 diapositivas
The Coming AI Tsunami.pptx por
The Coming AI Tsunami.pptxThe Coming AI Tsunami.pptx
The Coming AI Tsunami.pptxjohnhandby
13 vistas12 diapositivas
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... por
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...The Digital Insurer
91 vistas52 diapositivas
This talk was not generated with ChatGPT: how AI is changing science por
This talk was not generated with ChatGPT: how AI is changing scienceThis talk was not generated with ChatGPT: how AI is changing science
This talk was not generated with ChatGPT: how AI is changing scienceElena Simperl
32 vistas13 diapositivas
NTGapps NTG LowCode Platform por
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform Mustafa Kuğu
437 vistas30 diapositivas

Último(20)

Measuring User on the web with the core web vitals - by @theafolayan.pptx por Oluwaseun Raphael Afolayan
Measuring User on the web with the core web vitals - by @theafolayan.pptxMeasuring User on the web with the core web vitals - by @theafolayan.pptx
Measuring User on the web with the core web vitals - by @theafolayan.pptx
Oluwaseun Raphael Afolayan14 vistas
Choosing the Right Flutter App Development Company por Ficode Technologies
Choosing the Right Flutter App Development CompanyChoosing the Right Flutter App Development Company
Choosing the Right Flutter App Development Company
Ficode Technologies13 vistas
The Coming AI Tsunami.pptx por johnhandby
The Coming AI Tsunami.pptxThe Coming AI Tsunami.pptx
The Coming AI Tsunami.pptx
johnhandby13 vistas
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... por The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
The Digital Insurer91 vistas
This talk was not generated with ChatGPT: how AI is changing science por Elena Simperl
This talk was not generated with ChatGPT: how AI is changing scienceThis talk was not generated with ChatGPT: how AI is changing science
This talk was not generated with ChatGPT: how AI is changing science
Elena Simperl32 vistas
NTGapps NTG LowCode Platform por Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu437 vistas
Discover Aura Workshop (12.5.23).pdf por Neo4j
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdf
Neo4j15 vistas
"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell por Fwdays
"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell
"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell
Fwdays14 vistas
Cocktail of Environments. How to Mix Test and Development Environments and St... por Aleksandr Tarasov
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...
Aleksandr Tarasov23 vistas
Innovation & Entrepreneurship strategies in Dairy Industry por PervaizDar1
Innovation & Entrepreneurship strategies in Dairy IndustryInnovation & Entrepreneurship strategies in Dairy Industry
Innovation & Entrepreneurship strategies in Dairy Industry
PervaizDar135 vistas
AI + Memoori = AIM por Memoori
AI + Memoori = AIMAI + Memoori = AIM
AI + Memoori = AIM
Memoori14 vistas
Future of AR - Facebook Presentation por Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty65 vistas
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023 por BookNet Canada
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
BookNet Canada44 vistas
Generative AI: Shifting the AI Landscape por Deakin University
Generative AI: Shifting the AI LandscapeGenerative AI: Shifting the AI Landscape
Generative AI: Shifting the AI Landscape
Deakin University67 vistas
Deep Tech and the Amplified Organisation: Core Concepts por Holonomics
Deep Tech and the Amplified Organisation: Core ConceptsDeep Tech and the Amplified Organisation: Core Concepts
Deep Tech and the Amplified Organisation: Core Concepts
Holonomics17 vistas
"Package management in monorepos", Zoltan Kochan por Fwdays
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan Kochan
Fwdays34 vistas
Cencora Executive Symposium por marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21160 vistas
Business Analyst Series 2023 - Week 4 Session 7 por DianaGray10
Business Analyst Series 2023 - Week 4 Session 7Business Analyst Series 2023 - Week 4 Session 7
Business Analyst Series 2023 - Week 4 Session 7
DianaGray10146 vistas
"Surviving highload with Node.js", Andrii Shumada por Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays58 vistas
AIM102-S_Cognizant_CognizantCognitive por PhilipBasford
AIM102-S_Cognizant_CognizantCognitiveAIM102-S_Cognizant_CognizantCognitive
AIM102-S_Cognizant_CognizantCognitive
PhilipBasford21 vistas

Mule Meetup Calgary- API Governance & Conformance.pdf

  • 1. API Governance & Conformance CALGARY MULESOFT MEETUP September 25, 2023
  • 2. Safe Harbour Statement ● Both the speaker and the host are organizing their meet-up in individual capacity only. We are not representing our companies here. ● This presentation is strictly for learning purposes only. ● Organizer/Presenters do not hold any responsibility that the same solution will work for your business requirements. ● This presentation is not meant for any promotional activities.
  • 3. Housekeeping ● A recording of this meetup will be uploaded to events page within 24 hours. ● Questions can be submitted/asked at any time in the Chat/Questions and Answers Tab. ● Give us your feedback! Rate this meetup session by filling feedback form at the end of the day. Hoping to see your feedbacks!!
  • 4. Agenda ● Introductions ● Need for API Security & Best Practices ● Benefits of API Governance ● API Governance & Conformance ● Governance Console 1/2 ● Governance Console 2/2 ● Demo ● Quiz time ● Networking time
  • 5. Speakers and host for today a Akash Parwal Manager, PwC MuleSoft Mentor | Toronto Meetup Leader Nitha Joseph Associate Consultant, PwC MuleSoft Mentor | Calgary Meetup Leader
  • 6. Need for API Security & Best practices When working with a plethora of APIs across multiple teams and design tools, architects want to maintain standard quality and security while developers want to avoid overhead caused by conformance review cycles. There are two challenges that stand in the way of API security efforts: ● API Sprawl: A drastic increase in the number of APIs has resulted in less visibility of the APIs in your digital estate. The result is challenging to manage and dramatically increases bad actors' opportunities to take advantage. ● API Standardization: Standardizing APIs ensures all APIs within the digital estate adhere to the agreed and defined security standards. 5 Best Practices to secure your data: ● API Protection: Go beyond authentication by defining permissions and controlling how much access an individual has when they access an API. ● API Governance: IT teams must proactively approach API security through standardization. ● API Data Security: By controlling what data is accessible within an API, IT teams can employ an additional layer of protection by ensuring that the API does not release all data to every user that accesses it. ● API Discovery: Shadow APIs lurk just outside of sight, and IT teams can’t secure what you can’t find. ● API Security Testing: the ongoing testing to identify APIs vulnerabilities.
  • 7. Benefits of API Governance API governance in MuleSoft offers several benefits, including: ● Consistency: It ensures that APIs follow consistent naming conventions, data formats, and security protocols, leading to a more uniform and predictable API landscape. ● Security: API governance enforces security measures like authentication, authorization, and encryption, reducing the risk of data breaches and ensuring compliance with regulations. ● Compliance: It helps organizations adhere to industry standards and regulatory requirements by defining and enforcing compliance policies and practices. ● Efficiency: API governance streamlines API development and management processes, reducing duplication of effort and improving resource allocation. ● Visibility and Monitoring: It provides tools and processes for monitoring API usage and performance, enabling proactive issue detection and resolution. These benefits collectively enhance an organization’s ability to manage and scale its API ecosystem effectively using MuleSoft.
  • 8. API Governance & Conformance Anypoint API Governance is a component of the Anypoint Platform that enables you to apply governance rules to your APIs as part of the API lifecycle. With API Governance you can - ● Improve your organization’s API quality: Identify conformance issues in published API specifications and take steps to resolve them. ● Share governance best practices: Publish governance rulesets in Anypoint Exchange to share with other developers. ● Apply consistent rules at design time: Apply governance rulesets at design time in Anypoint API Designer. ● Enforce governance within your DevOps organization: Automate the application of standards to your API contract and specification within your CI/CD pipeline.
  • 9. Governance Console – 1/2 ● The MuleSoft Governance Console is a powerful web-based tool that serves as the centralized control center for managing and enforcing API governance policies within the MuleSoft Anypoint Platform. ● As organizations adopt API-led connectivity to enable seamless integration and streamline digital transformation, the Governance Console becomes an essential component to ensure the consistency, security, and compliance of APIs. ● With the Governance Console, businesses gain a holistic view of their API landscape, providing administrators, developers, and stakeholders with a comprehensive dashboard to oversee the entire API lifecycle. ● From design and development to deployment and monitoring, the Governance Console empowers users to implement robust governance practices effectively.
  • 10. Governance Console – 2/2 Key Features of the MuleSoft Governance Console: ● Policy Management: Administrators can define and configure a wide range of governance policies to meet their organization's specific needs. These policies include API rate limiting, authentication mechanisms, access control, and security protocols, ensuring that APIs adhere to predefined standards and best practices. ● API Lifecycle Management: The Governance Console enables seamless management of the complete API lifecycle, simplifying the process of versioning, transitioning between stages, and even retiring APIs when they are no longer needed. This centralized control streamlines collaboration and reduces the risk of inconsistencies across development teams. ● Security and Compliance: With a strong focus on security, the Governance Console allows organizations to implement industry-leading security measures, including OAuth 2.0, TLS, and HTTPS, to protect sensitive data and prevent unauthorized access. Compliance with regulatory requirements becomes more manageable through enforced policies. ● Analytics and Monitoring: Through the Governance Console's built-in analytics and monitoring capabilities, users can gain valuable insights into API usage, performance, and potential issues. Real-time data empowers stakeholders to make informed decisions, optimize API performance, and enhance end-user experiences. ● Governance Collaboration: The Governance Console fosters effective collaboration between development teams, administrators, and other stakeholders. Clear documentation and standardized governance policies ensure seamless communication and understanding of API implementations.
  • 11. Governance Console MuleSoft Governance Console is a critical tool that empowers organizations to enforce API governance policies, maintain consistency, and enhance security in their API-led connectivity approach. By providing a centralized platform to manage the API lifecycle and monitor API performance, the Governance Console plays a pivotal role in driving successful API strategies and supporting digital transformation initiatives.
  • 12. Demo
  • 13. API Governance Profile Creation Post logging in to Anypoint Platform click to create a profile for API Governance
  • 14. Governance OOTB Policies Select the Rulesets from pre- existing mule rule sets . Here we can filter it based on Rulesets provided by Mulesoft or can use our custom as well . Refer this link for custom rule set - https://docs.mulesoft.com/api- governance/create-custom-rulesets
  • 15. Governance Dashboard Here in the dashboard we can make changes and see which rule-sets failed . In case of violation we can see an array of Warnings + Errors with description as to what went wrong . We can review and make adjustments in our RAML Design centre accordingly .
  • 16. Governance Alerts We can set Alerts to be sent out to Admins or a group of people so that incase of any Non- Conformance an email alerts is sent out and the concerned team is notified. This helps in maintaining & notifying for Non conformance thereby enforce Conformance .
  • 17. API Governance - Important Links ● Anypoint Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best- practices/minor/1.0/ ● Authentication Security Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5- 620025690913/authentication-security-best-practices/minor/1.0/ ● HTTPS Enforcement - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/https- enforcement/minor/1.0/ ● OpenAPI Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/openapi-best- practices/minor/1.0/ ● OWASP API Security Top 10 2019 Checklist - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5- 620025690913/owasp-api-security/minor/1.0/ ● Required Examples - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/required- examples/minor/1.0/ ● Custom Ruleset - https://docs.mulesoft.com/api-governance/create-custom-rulesets | https://docs.mulesoft.com/anypoint-cli/4.x/api- governance
  • 19. Thank you for being a part of this meetup!!!