API Governance Models in the Public and Private Sectors: Part 8
API Governance Models in the Public and Private Sectors: Part 8
Join us as the API Evangelist, Kin Lane, shares a detailed report concerning the U.S. Department of Veteran Affairs and its wish to understand API governance.
Join the DZone community and get the full member experience.Join For Free
Discover how you can get APIs and microservices to work at true enterprise scale.
This is the final part (you can find part seven here) of an eight-part series on the Department of Veterans Affairs microconsulting project, “Governance Models in Public and Private Sector.” Providing an overview of API governance to help the VA, “understand, with the intention to adopt, best practices from the private and public sector, specifically for prioritizing APIs to build, standards to which to build APIs, and making the APIs usable by external consumers.” Pulling together several years of research conducted by industry analyst API Evangelist, as well as phone interviews with API practitioners from large enterprise organizations who are implementing API governance on the ground across the public and private sector, conducted by Skylight Digital.
We’ve assembled this report to reflect the interview conversations we had with leaders from the space, helping provide a walkthrough of the types of roles and software architecture being employed to implement governance at large organizations. Then, we walk through governance as it pertains to identifying possible APIs, developing standards around the delivery of APIs, how organizations are moving APIs into production, as well as presenting them to their consumers. Wrapping up with an overview of formal API governance details, as well as an acknowledgment that most API governance is rarely ever a fully formed initiative at this point in time. Providing a narrative for API governance, with a wealth of bulleted elements that can be considered, and assembled in the service of helping govern the API efforts across any large enterprise.
The Road to API Governance
There has been a significant uptick in the number of companies, organizations, institutions, and government agencies doing APIs since 2010, to meet the demands of web, mobile, and device applications. A very small percentage of these entities have any sort of formal governance strategy in motion to address how APIs will be delivered across their organizations. Most API providers are living in the moment, realizing they need to be addressing governance, but struggling to overcome a handful of common roadblocks.
- People — A lack of awareness, training, and communication amongst stakeholders is the biggest challenge API governance efforts face. Do not underestimate the people when crafting a technology-focused effort, otherwise, the people variable will be what brings it down.
- Culture — Plan for how the governance will address the culture within an organization. This is where the studies, outreach, workshops, and planning will come into play. Plan for everything taking 5 to 10 times longer than you anticipate because of the thickness and resistance of organizational culture.
- Problems — Count on problems coming up everywhere. Dedicate a significant amount of time and resources to identifying, thinking through, and addressing problems that come up. Do not let problems fester or go ignored.
- Existing — Map API governance efforts to the existing realities. Yes, the objective is to move the delivery of APIs to a specific destination, but the strategy needs to be rooted in what is existing, building a bridge to where we want to be.
Not all organizations will be ready for capital “G” governance, and many will have to accept inline, ongoing, lower case “g” governance. Doing what they can with what resources they have, evangelizing, building community, and consensus along the way. While an organized, centralized, well-funded governance program is ideal and can achieve a lot, a significant amount can be done with a scrappier approach until more traction and resources are achieved.
This report pulls together several years of research, combined with a handful of interviews with API professionals who are pushing forward the API governance conversation at their enterprise organizations. It acknowledges that the discipline of API governance is more discussion than it is a formal discipline as of 2018. There are many ways in which API providers are governing their APIs, but few that have a formalized API governance strategy and program, and even fewer that are sharing their strategy, or lack of one in a public manner.
The objective with this report is to pull together as much information regarding how organizations are governing their APIs, and assemble the findings in the following logical order, reflecting how an organization might approach governance on the ground:
- Roles Within An Organization — Who is needed to make this happen?
- Design Software Architecture — Laying the foundation for governance.
- Identifying Potential APIs — Defining the right resources to expose.
- Defining Data Models and Standards — working to standardize how things are done.
- Development to Production — Moving from idea to reality in a standard way.
- Making APIs Available to Consumers — Exposing resources properly to consumers.
- Realizing API Governance — Moving towards a structured vision of governance.
- The Road To API Governance — Acknowledging governance is more vision than reality.
Not every detail in this report will apply to the VA or any other enterprise organization looking to establish a wider API governance strategy. It is meant to be educational, enlightening, and show the scope of how enterprise groups are addressing governance. Allowing enterprise API efforts to learn from each other, and hopefully even share more stories regarding the challenges they face, and the success they are finding — no matter how small.
Hopefully, this report reflects a patchwork of things that should be considered rather than a complete list of what has to be done. There is no such thing as the perfect governance strategy for any API program. There are, however, plenty of things that can be done when you have the right team, the right amount of enthusiasm, and a positive outlook on what governance means. Addressing early on some of the negative perceptions that will exist out there about governance, and how it is something that comes from the top, and how it has the potential to not give regular people on the front lines a voice in the process — this is a myth, it doesn’t have to be the reality.
A definition of governance from the Oxford English Dictionary is, “the way in which an organization is managed at the highest level, and the systems for doing this.” Don’t mistake the highest level being about the highest levels of management, and let it be more about the highest levels of strategy across the organization. It is the system for governing a complex machine of API driven gears that make systems and applications work across the enterprise. It is the governance of a machine that has the potential to allow every individual within the enterprise to play an important role in influencing, allowing everyone to contribute, even if they do not work in a technical capacity within the enterprise machine.
Opinions expressed by DZone contributors are their own.