SlideShare ist ein Scribd-Unternehmen logo

API Governance

Sunil Kuchipudi
Sunil Kuchipudi

Strategy and Considerations for Organizations looking to implement an API Governance Policy.

Technologie
1 von 13
Downloaden Sie, um offline zu lesen
API Governance Risk and Control Consideration “Governance should make it easy for people to do the things the right way and hard for people to do things the wrong way.”
2 Lifecycle Management 1. API Organization a. Guiding Principles b. Business Road-mapping & Inventory c. Funding Model & Monetization d. Operating Model e. Roles & Responsibilities f. Decision Rights g. Syndication Model h. API Ownership & Accountability i. Define metrics j. Lifecycle Management API Governance Framework 2. Policies, Procedures & Standards a. Operating Model b. Roles & Responsibilities c. API Ownership & Accountability d. Best Practices e. API Development Guidelines f. Cataloging & Classification g. API Ontology 4. Technology & Platforms a. Services Gateway b. Services Registry & Catalogue c. Information Model d. Development Model (Int. & Ext.) e. Best Practices f. Reference Architecture Blueprint i. Conceptual & Logical Layers g. Sustainment h. Containerization Vision & Strategy 6. Change Management a. Business Impact & Readiness b. IT Operations c. Stakeholder Management d. Communication & Training e. API Market Place Updates 5. Vendor Management a. 3rd Party API Vendor Relationships b. Data Ownership & Privacy c. Legal Implications Foundational Infrastructure Services Platform Services Layer API Consumers API Providers Discovery Catalogue Versioning Authentication Entitlements Discovery API Ownership Data Standards Data Ownership API Lineage Controls Risk Ownership Deviation Process 3. Risk Controls a. Regulatory Compliance b. Information Security Controls c. Risk Adjudication d. API Controls Frameworks e. Controls Automation CI/CD f. Continuous Controls Monitoring Business Process Architecture Provides a governance framework (ring fence) where each team can operate in an agile manner and deliver solutions in line with the organizational Risk Appetite.
3 API Governance Operating Model Notional Functional Organization to enable the success of the API strategy. API Organization Team Policies, Procedures, & Standards Risk Control & Security Stakeholders & Executing Steering Committee Technology & Platforms Vendor Management Change Management Set Vision & Strategy 1 API Lifecycle2 3 4 5 6 Guiding Principles, Roadmaps, Lifecycle Management Technology Enablement & Foundational Services Operating Model Governance, Controls, 1st Line of Defense Platform and Runtime Vendor Relationships Business Impact, Change & Communications
4 Notional API User Community User Community Interactions. API Governance needs to account for the different types of interaction scenarios and related to controls in each scenario and interaction point. API Developer. Other API Developers will incorporate API into their Code base. (Partners & Trusted Developer) Mobile Platform Users who consume and incorporate API data into their App Development API Consumer 3rd Party Consumer API Eco-system API Producers API Consumers Internal 3rd Party API that Systems and App will consume 3rd Party APIs • Internal Developers • Partner Developers • External Developers
5 API Power Plant Analogy – Vision of what we need to build and govern… APIs provide a simplified standard interface for users to access the power of Citi through foundational architecture and processes. Simple Standard Interface Abstracts Complexity for the User Monetization Metering Elasticity Controls Security
6 API and Business Process Context There is a risk that organizations incorrectly treat APIs as independent entities; APIs should be identified and created within the context of a business process. APIs help the business process of the organization
7 1.0 API Organization An API organization is needed to address the following: a. Guiding Principles: The guiding principles guide the development of an API organization to measure the effectiveness of APIs. Questions related to “what quantifiable business value, pricing model?” Guiding API producers to assess regulatory & reputational impact, reusability, naming convention, information model, standards based. Enable users to understand the business process to be enabled. Define common traits so that teams are not re-inventing the wheel repeatedly. b. Business Road Mapping & Inventory: Creates a multi-year roadmap with quarterly goals and update. Create execution plan with checkpoints to align with roadmap. Incorporate input from Stakeholders and Steering Committee. Identify Assets that really matter both from a Business Value perspective and Risk perspective c. Funding Model & Monetization: Translate Roadmap to funding model and monetization model for internal and external consumers. Do we have a model to capture the end to end lifecycle of the APIs? APIs provide a single end point and a splintered funding model can risk the success of APIs strategy. d. Functional Team Operating Model: Create and manage the Citi API Functional Team model and interactions (Slide # 3). Update functional changes and ensure communications and updates between groups. e. Roles & Responsibilities: Clearly outline and help manage the roles and responsibilities of Citi API ecosystem. f. Decision Rights: Formalized decision-ing rights as to who or what group that decides on make or break call. g. Syndication Model: Model for teams to pool resources, funding and shared model to API management - e.g. APIs can aggregate data from multiple distributed systems and data; this will bring to light support and issue ownership implications. h. API Ownership & Accountability: Translate/personalize the change to the impacts within their function/LOB. They are also the advocate - the go-to person within their function/LOB to understand the changes. i. KPI and Metrics Definition: Create KPIs to quantify business value and metrics that organizations can use measure progress. j. Lifecycle Management: In reference to Slide #3, own the “dashboard” around the management, care and feed of the end of the end lifecycle of the APIs.
8 2.0 Policies, Procedures & Standards Responsible for Policy Creation, Procedure Documentation, and Standardization…. a. Operating Model : Do we have a set of questions that will guide the development of APIs and measure the effectiveness of APIs? For e.g. what is the business value and does it provide measurable business value? What is the regulatory impact, reputational impact? Develop naming conventions, informational model & standards. Which business processes do they enable? b. Roles & Responsibilities : Assign and identify roles and responsibilities within the API ecosystems within the context of the operating model. c. Best Practices : Translate Roadmap to funding model and monetization model for internal and external consumers. Do we have a model to capture the end-to-end lifecycle of the APIs? APIs provide a single end point and a splintered funding model can risk the success of APIs strategy. d. API Development Guidelines & Cookbooks.: Create API Development guidelines for the Business (Product Owners) and Development teams to build API using a standard Reference Architecture. Cookbooks outline step-by- step details on how to build APIs in a consistent model and ensure multiple teams can be leveraged to source and build APIs. e. Cataloguing & Classification: Similar to a book library, create the process to catalogue and classify the different types of APIs (business, infrastructure, partner etc.) based on a standard taxonomy. Ensure meta-data exists for ease of discovery and re-use. f. API Ontology Model: Building upon taxonomy we have a need to create an Ontological Model for APIs and their semantic relationships and dependencies.
9 3.0 Risk Controls The 1st line of defense to help drive compliance and assure that necessary controls are in place… a. Regulatory Compliance: Understand the regulation implications of creating APIs. This is especially important when we start exposing APIs as public or partner end-points. b. Security Controls : Information Security guidelines and standards to ensure secured, auditable and hardened APIs in line with the Security Standards. c. Risk Adjudication: As multiple teams and groups build APIs, act as the arbitrator and adjudication agent to assign Risk from an enterprise perspective in line with organizational risk appetite. d. API Controls Framework: Develop Controls Framework that is based on the API architecture. e. Risk Controls Automation CI/CD: Build time injection of Compliance controls within the CI/CD process during the API build process. f. Continuous Controls Monitoring: Operational Monitoring of APIs during run-time: metrics gathering, analytics, monetization and value measurement.
10 4.0 Technology & Platforms Foundational Technology Platforms that and architecture to enable the organization to realize API a. Technical Stack: Provide Technical Reference Architecture and stack to jump-start API development. b. Lifecycle Management: Foundational technology to enable Lifecycle management as outlined through the API Organization functional stream. c. Service Gateway: Gateway infrastructure to create secure API end points for managing consumers and producers. d. Service Registry & Catalogue: Registry for API and cataloguing method, naming conventions, policy management e. Information Model : Determine and publish a industry based Information Model that is line with Citi Data Standards. f. Development Model (Internal & External): Create environment for development and publishing of APIs, keeping in mind the different interaction paradigms. Manage a developer community to ensure API adoption and contribution. g. Technology Best Practices: Knowledge base of best practices to capture best practices and lessons learned. How do we build effective APIs? h. Reference Architecture Blueprint: Layered Reference Architecture that illustrates a multi-tier architecture e.g. Process Layer, Conceptual Layer, Logical Layer, Services, Platforms etc. i. Sustainment: Determine the process for sustainment of APIs based on SLAs. Sustainment should take into account a distributed support model (e.g. when an API aggregates data from other APIs or data sources). j. Containerization : Modular packaging of APIs and platform agnostic implementation (e.g. Docker)
11 5.0 Vendor Management a. 3rd Party Vendor Relationships: a. API Vendors b. Technology Vendors c. Data Vendors b. Data Ownership & Privacy : Who owns the data? In a distributed data model, APIs could aggregate or translated data from various systems or perhaps consumed in various mobile apps. What happens when someone uses am API to build a mission-critical app and the API breaks ? a. Cross border movement of data: what are the implications of an API consumer from Europe using an API that has data from the US? Privacy Laws are relative to the geography you are in. c. Legal Implications : What are legal implications when APIs are consumed or produced in the API economy? How do things work in a partnership model? What are the legalities around using APIs from the social media or open source APIs? Vendor Management for APIs create new interaction points with partners, development teams and internal stakeholders….
12 a. Business Impact of Change & Readiness: CM Process and impact on business, controls… b. IT Operations: Change Process centered around IT operations that support APIs. c. Stakeholder Management: Managed changes to API Consumers, Vendors, Steering Committee, Business Owners, Developer Community, Integrations. d. Communication & Training: Communication Plan and forum for changes being made, sunset APIs, data quality and training. Developer Training, API Community Support, market to deliver and create API eco-systems and build co- brand and brand recognition. e. API Market Places: API Content Management, Developer Communication, Partner Integration. 6.0 Change Management Address API Changes and Business Impact… *Source : IBM API Reference Architecture
13 https://developer.ibm.com/apiconnect/documentation/api-101/ibm-reference-architecture-api-management/

Empfohlen

API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the EnterpriseApigee | Google Cloud
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyWSO2
 
APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...apidays
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API StrategyMatt McLarty
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
What do you mean by “API as a Product”?
What do you mean by “API as a Product”?What do you mean by “API as a Product”?
What do you mean by “API as a Product”?Nordic APIs
 

Empfohlen

API Governance in the Enterprise
API Governance in the EnterpriseAPI Governance in the Enterprise
API Governance in the EnterpriseApigee | Google Cloud
 
Architecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyArchitecting an Enterprise API Management Strategy
Architecting an Enterprise API Management StrategyWSO2
 
APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...APIdays London 2019 - Selecting the best API Governance for your organisation...
APIdays London 2019 - Selecting the best API Governance for your organisation...apidays
 
Definitive Guide to API Management
Definitive Guide to API ManagementDefinitive Guide to API Management
Definitive Guide to API ManagementApigee | Google Cloud
 
API Strategy Presentation
API Strategy PresentationAPI Strategy Presentation
API Strategy PresentationLawrence Coburn
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API StrategyMatt McLarty
 
API Strategy Introduction
API Strategy IntroductionAPI Strategy Introduction
API Strategy IntroductionDoug Gregory
 
What do you mean by “API as a Product”?
What do you mean by “API as a Product”?What do you mean by “API as a Product”?
What do you mean by “API as a Product”?Nordic APIs
 
API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Effective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntEffective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntPronovix
 
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101Akana
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first StrategyKellton Tech Solutions Ltd
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 Rob Akershoek
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connectKellton Tech Solutions Ltd
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product DemoApigee | Google Cloud
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesApigee | Google Cloud
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee | Google Cloud
 
API Management
API ManagementAPI Management
API ManagementProlifics
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product StrategyRavi Kumar
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee | Google Cloud
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API StrategyMatt McLarty
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?Apigee | Google Cloud
 
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...John Musser
 
apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...
apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...
apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...apidays
 
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplace
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplaceWso2 building-an-api-strategy-using-an-enterprise-api-marketplace
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplaceTanjina Prema
 

Weitere ähnliche Inhalte

Was ist angesagt?

API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture Nadeesha Gamage
 
Effective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntEffective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntPronovix
 
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)Sumanth Donthi
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101Akana
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 Rob Akershoek
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentationsflynn073
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital TransformationAditya Thatte
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesApigee | Google Cloud
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management ArchitecturesNordic APIs
 
API Management
API ManagementAPI Management
API ManagementProlifics
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product StrategyRavi Kumar
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API StrategyMatt McLarty
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternVMware Tanzu
 
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...John Musser
 

Was ist angesagt? (20)

API Management Within a Microservices Architecture
API Management Within a Microservices Architecture API Management Within a Microservices Architecture
API Management Within a Microservices Architecture
 
Effective API Governance: Lessons Learnt
Effective API Governance: Lessons LearntEffective API Governance: Lessons Learnt
Effective API Governance: Lessons Learnt
 
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
API Governance and GitOps in Hybrid Integration Platform (MuleSoft)
 
API Frenzy: API Strategy 101
API Frenzy: API Strategy 101API Frenzy: API Strategy 101
API Frenzy: API Strategy 101
 
Guide to an API-first Strategy
Guide to an API-first StrategyGuide to an API-first Strategy
Guide to an API-first Strategy
 
IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022 IT4IT / DevOps Tooling Landscape 2022
IT4IT / DevOps Tooling Landscape 2022
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
 
Apigee Edge Product Demo
Apigee Edge Product DemoApigee Edge Product Demo
Apigee Edge Product Demo
 
API Management architect presentation
API Management architect presentationAPI Management architect presentation
API Management architect presentation
 
API Management in Digital Transformation
API Management in Digital TransformationAPI Management in Digital Transformation
API Management in Digital Transformation
 
Mapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slidesMapping out your API Strategy - 4.20.11 Webinar slides
Mapping out your API Strategy - 4.20.11 Webinar slides
 
Overview of API Management Architectures
Overview of API Management ArchitecturesOverview of API Management Architectures
Overview of API Management Architectures
 
Apigee Demo: API Platform Overview
Apigee Demo: API Platform OverviewApigee Demo: API Platform Overview
Apigee Demo: API Platform Overview
 
API Management
API ManagementAPI Management
API Management
 
APIs as a Product Strategy
APIs as a Product StrategyAPIs as a Product Strategy
APIs as a Product Strategy
 
Apigee Edge Overview and Roadmap
Apigee Edge Overview and RoadmapApigee Edge Overview and Roadmap
Apigee Edge Overview and Roadmap
 
How to Execute a Successful API Strategy
How to Execute a Successful API StrategyHow to Execute a Successful API Strategy
How to Execute a Successful API Strategy
 
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway PatternAPI Gateway How-To: The Many Ways to Apply the Gateway Pattern
API Gateway How-To: The Many Ways to Apply the Gateway Pattern
 
How Secure Are Your APIs?
How Secure Are Your APIs?How Secure Are Your APIs?
How Secure Are Your APIs?
 
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
KPIs for APIs (and how API Calls are the new Web Hits, and you may be measuri...
 

Ähnlich wie API Governance

apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...
apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...
apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...apidays
 
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplace
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplaceWso2 building-an-api-strategy-using-an-enterprise-api-marketplace
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplaceTanjina Prema
 
Growth Hacking APIs (Nordic APIs conference 2014)
Growth Hacking APIs (Nordic APIs conference 2014)Growth Hacking APIs (Nordic APIs conference 2014)
Growth Hacking APIs (Nordic APIs conference 2014)vameyer
 
API: Extracting Value
API: Extracting ValueAPI: Extracting Value
API: Extracting ValueTrustRobin
 
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoicaapidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoicaapidays
 
apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...
apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...
apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...apidays
 
RubiX ID - API management - Pim Gaemers
RubiX ID - API management - Pim GaemersRubiX ID - API management - Pim Gaemers
RubiX ID - API management - Pim GaemersRubiX BV
 
APIOps Cycles - build business and tech together
APIOps Cycles - build business and tech togetherAPIOps Cycles - build business and tech together
APIOps Cycles - build business and tech togetherMarjukka Niinioja
 
Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516
Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516
Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516Tanjina Prema
 
apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...
apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...
apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...apidays
 
API Monetization
API MonetizationAPI Monetization
API MonetizationCapgemini
 
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...Techwave Consulting
 
I am sorry Developer, your API just became a Product.pdf
I am sorry Developer, your API just became a Product.pdfI am sorry Developer, your API just became a Product.pdf
I am sorry Developer, your API just became a Product.pdfFrancisco Picolini
 
Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28floridawusergroup
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)3scale
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18Vinay Kumar
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business valueWSO2
 

Ähnlich wie API Governance (20)

apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...
apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...
apidays Australia 2023 - API Strategy In The Era Of Generative AI,Shreshta Sh...
 
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplace
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplaceWso2 building-an-api-strategy-using-an-enterprise-api-marketplace
Wso2 building-an-api-strategy-using-an-enterprise-api-marketplace
 
Growth Hacking APIs (Nordic APIs conference 2014)
Growth Hacking APIs (Nordic APIs conference 2014)Growth Hacking APIs (Nordic APIs conference 2014)
Growth Hacking APIs (Nordic APIs conference 2014)
 
Smartone v1.0
Smartone v1.0Smartone v1.0
Smartone v1.0
 
API: Extracting Value
API: Extracting ValueAPI: Extracting Value
API: Extracting Value
 
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoicaapidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
apidays LIVE LONDON - API Standards and Governance Platform by Nicoleta Stoica
 
API Strategy in Cloud
API Strategy in CloudAPI Strategy in Cloud
API Strategy in Cloud
 
apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...
apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...
apidays Helsinki & North 2023 - Business-oriented API products with APIOps Cy...
 
RubiX ID - API management - Pim Gaemers
RubiX ID - API management - Pim GaemersRubiX ID - API management - Pim Gaemers
RubiX ID - API management - Pim Gaemers
 
APIOps Cycles - build business and tech together
APIOps Cycles - build business and tech togetherAPIOps Cycles - build business and tech together
APIOps Cycles - build business and tech together
 
Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516
Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516
Hybrid cloud-cloud-services-white-paper-external-apw12358usen-20180516
 
apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...
apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...
apidays LIVE Singapore 2021 - What financial services can learn from Marketpl...
 
API Monetization
API MonetizationAPI Monetization
API Monetization
 
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
Navigating-the-API-Ecosystem-Strategies-for-Effective-Management-in-the-Banki...
 
I am sorry Developer, your API just became a Product.pdf
I am sorry Developer, your API just became a Product.pdfI am sorry Developer, your API just became a Product.pdf
I am sorry Developer, your API just became a Product.pdf
 
5 pillars of API Management
5 pillars of API Management5 pillars of API Management
5 pillars of API Management
 
Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28Api management introduction and product overview v1.0 2014.08.28
Api management introduction and product overview v1.0 2014.08.28
 
API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)API Management Workshop (at Startupbootcamp Berlin)
API Management Workshop (at Startupbootcamp Berlin)
 
Extend soa with api management Sangam18
Extend soa with api management Sangam18Extend soa with api management Sangam18
Extend soa with api management Sangam18
 
API Management Building Blocks and Business value
API Management Building Blocks and Business valueAPI Management Building Blocks and Business value
API Management Building Blocks and Business value
 

Kürzlich hochgeladen

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

API Governance

  • 1. API Governance Risk and Control Consideration “Governance should make it easy for people to do the things the right way and hard for people to do things the wrong way.”
  • 2. 2 Lifecycle Management 1. API Organization a. Guiding Principles b. Business Road-mapping & Inventory c. Funding Model & Monetization d. Operating Model e. Roles & Responsibilities f. Decision Rights g. Syndication Model h. API Ownership & Accountability i. Define metrics j. Lifecycle Management API Governance Framework 2. Policies, Procedures & Standards a. Operating Model b. Roles & Responsibilities c. API Ownership & Accountability d. Best Practices e. API Development Guidelines f. Cataloging & Classification g. API Ontology 4. Technology & Platforms a. Services Gateway b. Services Registry & Catalogue c. Information Model d. Development Model (Int. & Ext.) e. Best Practices f. Reference Architecture Blueprint i. Conceptual & Logical Layers g. Sustainment h. Containerization Vision & Strategy 6. Change Management a. Business Impact & Readiness b. IT Operations c. Stakeholder Management d. Communication & Training e. API Market Place Updates 5. Vendor Management a. 3rd Party API Vendor Relationships b. Data Ownership & Privacy c. Legal Implications Foundational Infrastructure Services Platform Services Layer API Consumers API Providers Discovery Catalogue Versioning Authentication Entitlements Discovery API Ownership Data Standards Data Ownership API Lineage Controls Risk Ownership Deviation Process 3. Risk Controls a. Regulatory Compliance b. Information Security Controls c. Risk Adjudication d. API Controls Frameworks e. Controls Automation CI/CD f. Continuous Controls Monitoring Business Process Architecture Provides a governance framework (ring fence) where each team can operate in an agile manner and deliver solutions in line with the organizational Risk Appetite.
  • 3. 3 API Governance Operating Model Notional Functional Organization to enable the success of the API strategy. API Organization Team Policies, Procedures, & Standards Risk Control & Security Stakeholders & Executing Steering Committee Technology & Platforms Vendor Management Change Management Set Vision & Strategy 1 API Lifecycle2 3 4 5 6 Guiding Principles, Roadmaps, Lifecycle Management Technology Enablement & Foundational Services Operating Model Governance, Controls, 1st Line of Defense Platform and Runtime Vendor Relationships Business Impact, Change & Communications
  • 4. 4 Notional API User Community User Community Interactions. API Governance needs to account for the different types of interaction scenarios and related to controls in each scenario and interaction point. API Developer. Other API Developers will incorporate API into their Code base. (Partners & Trusted Developer) Mobile Platform Users who consume and incorporate API data into their App Development API Consumer 3rd Party Consumer API Eco-system API Producers API Consumers Internal 3rd Party API that Systems and App will consume 3rd Party APIs • Internal Developers • Partner Developers • External Developers
  • 5. 5 API Power Plant Analogy – Vision of what we need to build and govern… APIs provide a simplified standard interface for users to access the power of Citi through foundational architecture and processes. Simple Standard Interface Abstracts Complexity for the User Monetization Metering Elasticity Controls Security
  • 6. 6 API and Business Process Context There is a risk that organizations incorrectly treat APIs as independent entities; APIs should be identified and created within the context of a business process. APIs help the business process of the organization
  • 7. 7 1.0 API Organization An API organization is needed to address the following: a. Guiding Principles: The guiding principles guide the development of an API organization to measure the effectiveness of APIs. Questions related to “what quantifiable business value, pricing model?” Guiding API producers to assess regulatory & reputational impact, reusability, naming convention, information model, standards based. Enable users to understand the business process to be enabled. Define common traits so that teams are not re-inventing the wheel repeatedly. b. Business Road Mapping & Inventory: Creates a multi-year roadmap with quarterly goals and update. Create execution plan with checkpoints to align with roadmap. Incorporate input from Stakeholders and Steering Committee. Identify Assets that really matter both from a Business Value perspective and Risk perspective c. Funding Model & Monetization: Translate Roadmap to funding model and monetization model for internal and external consumers. Do we have a model to capture the end to end lifecycle of the APIs? APIs provide a single end point and a splintered funding model can risk the success of APIs strategy. d. Functional Team Operating Model: Create and manage the Citi API Functional Team model and interactions (Slide # 3). Update functional changes and ensure communications and updates between groups. e. Roles & Responsibilities: Clearly outline and help manage the roles and responsibilities of Citi API ecosystem. f. Decision Rights: Formalized decision-ing rights as to who or what group that decides on make or break call. g. Syndication Model: Model for teams to pool resources, funding and shared model to API management - e.g. APIs can aggregate data from multiple distributed systems and data; this will bring to light support and issue ownership implications. h. API Ownership & Accountability: Translate/personalize the change to the impacts within their function/LOB. They are also the advocate - the go-to person within their function/LOB to understand the changes. i. KPI and Metrics Definition: Create KPIs to quantify business value and metrics that organizations can use measure progress. j. Lifecycle Management: In reference to Slide #3, own the “dashboard” around the management, care and feed of the end of the end lifecycle of the APIs.
  • 8. 8 2.0 Policies, Procedures & Standards Responsible for Policy Creation, Procedure Documentation, and Standardization…. a. Operating Model : Do we have a set of questions that will guide the development of APIs and measure the effectiveness of APIs? For e.g. what is the business value and does it provide measurable business value? What is the regulatory impact, reputational impact? Develop naming conventions, informational model & standards. Which business processes do they enable? b. Roles & Responsibilities : Assign and identify roles and responsibilities within the API ecosystems within the context of the operating model. c. Best Practices : Translate Roadmap to funding model and monetization model for internal and external consumers. Do we have a model to capture the end-to-end lifecycle of the APIs? APIs provide a single end point and a splintered funding model can risk the success of APIs strategy. d. API Development Guidelines & Cookbooks.: Create API Development guidelines for the Business (Product Owners) and Development teams to build API using a standard Reference Architecture. Cookbooks outline step-by- step details on how to build APIs in a consistent model and ensure multiple teams can be leveraged to source and build APIs. e. Cataloguing & Classification: Similar to a book library, create the process to catalogue and classify the different types of APIs (business, infrastructure, partner etc.) based on a standard taxonomy. Ensure meta-data exists for ease of discovery and re-use. f. API Ontology Model: Building upon taxonomy we have a need to create an Ontological Model for APIs and their semantic relationships and dependencies.
  • 9. 9 3.0 Risk Controls The 1st line of defense to help drive compliance and assure that necessary controls are in place… a. Regulatory Compliance: Understand the regulation implications of creating APIs. This is especially important when we start exposing APIs as public or partner end-points. b. Security Controls : Information Security guidelines and standards to ensure secured, auditable and hardened APIs in line with the Security Standards. c. Risk Adjudication: As multiple teams and groups build APIs, act as the arbitrator and adjudication agent to assign Risk from an enterprise perspective in line with organizational risk appetite. d. API Controls Framework: Develop Controls Framework that is based on the API architecture. e. Risk Controls Automation CI/CD: Build time injection of Compliance controls within the CI/CD process during the API build process. f. Continuous Controls Monitoring: Operational Monitoring of APIs during run-time: metrics gathering, analytics, monetization and value measurement.
  • 10. 10 4.0 Technology & Platforms Foundational Technology Platforms that and architecture to enable the organization to realize API a. Technical Stack: Provide Technical Reference Architecture and stack to jump-start API development. b. Lifecycle Management: Foundational technology to enable Lifecycle management as outlined through the API Organization functional stream. c. Service Gateway: Gateway infrastructure to create secure API end points for managing consumers and producers. d. Service Registry & Catalogue: Registry for API and cataloguing method, naming conventions, policy management e. Information Model : Determine and publish a industry based Information Model that is line with Citi Data Standards. f. Development Model (Internal & External): Create environment for development and publishing of APIs, keeping in mind the different interaction paradigms. Manage a developer community to ensure API adoption and contribution. g. Technology Best Practices: Knowledge base of best practices to capture best practices and lessons learned. How do we build effective APIs? h. Reference Architecture Blueprint: Layered Reference Architecture that illustrates a multi-tier architecture e.g. Process Layer, Conceptual Layer, Logical Layer, Services, Platforms etc. i. Sustainment: Determine the process for sustainment of APIs based on SLAs. Sustainment should take into account a distributed support model (e.g. when an API aggregates data from other APIs or data sources). j. Containerization : Modular packaging of APIs and platform agnostic implementation (e.g. Docker)
  • 11. 11 5.0 Vendor Management a. 3rd Party Vendor Relationships: a. API Vendors b. Technology Vendors c. Data Vendors b. Data Ownership & Privacy : Who owns the data? In a distributed data model, APIs could aggregate or translated data from various systems or perhaps consumed in various mobile apps. What happens when someone uses am API to build a mission-critical app and the API breaks ? a. Cross border movement of data: what are the implications of an API consumer from Europe using an API that has data from the US? Privacy Laws are relative to the geography you are in. c. Legal Implications : What are legal implications when APIs are consumed or produced in the API economy? How do things work in a partnership model? What are the legalities around using APIs from the social media or open source APIs? Vendor Management for APIs create new interaction points with partners, development teams and internal stakeholders….
  • 12. 12 a. Business Impact of Change & Readiness: CM Process and impact on business, controls… b. IT Operations: Change Process centered around IT operations that support APIs. c. Stakeholder Management: Managed changes to API Consumers, Vendors, Steering Committee, Business Owners, Developer Community, Integrations. d. Communication & Training: Communication Plan and forum for changes being made, sunset APIs, data quality and training. Developer Training, API Community Support, market to deliver and create API eco-systems and build co- brand and brand recognition. e. API Market Places: API Content Management, Developer Communication, Partner Integration. 6.0 Change Management Address API Changes and Business Impact… *Source : IBM API Reference Architecture