---
published: true
layout: post
title: Where Do You Start With API Governance?
tags:
  - Governance
  - Getting Started
  - Strategy
image: >-
  https://kinlane-productions2.s3.amazonaws.com/algorotoscope-master/oakland-california-docks-oakland-4.jpeg
---
I have two customers at mainstream companies asking the same question right now--where do you start with API governance? It is an important question, as well as a very difficult one to answer simply. API governance is something you have to do at a strategic level, but you have to begin somewhere with significant tactical investment—-then repeat, until you get somewhere. When answering this question I tend to go to the highest level, most strategic, and robust approach, which can be just as, or more overwhelming than actually doing API governance. I work hard to soften my answers to this question, but if you are someone in a position of having to ask this question, you are going to have to get used to being overwhelmed, and rolling up your sleeves to start making sense of things.

When it comes to doing API governance I focus on eleven areas that you will have to invest in from the beginning, albeit in small doses until you get some traction with mapping the API landscape and talking to teams who are producing and consuming APIs.

- **Strategy** - What is the overall reasons for doing APIs--start documenting what is most important to your business when it comes to applications, integrations, and operations.
- **Standards** - What are fundamental building blocks for APIs being developed based upon Internet and industry standards, but also the standards already defined and in use across teams.
- **Landscape** - Where are the APIs, as well as the teams who are producing, but also consuming APIs, and what are the business and technical details of the APIs they have in motion.
- **Solutions** - What are the main pain points when it comes to obtaining, producing, and evolving the digital resources and capabilities your business is needing.
- **Rules** - What are the rules needed to identify, apply, and enforce governance during the design, development, and deployment of APIs across all stages of lifecycle.
- **Platform** - What infrastructure is in place to define, design, develop, deploy, and sustain your APIs, understanding the underlying factory floor for all your APIs.
- **Policies** - What are the business reasons behind governing APIs, and how do the rules you are defining map to your API strategy and realize the solutions you need.
- **Guidance** - What is the education, training, and help that teams will need when producing and consuming APIs, and is this API guidance available when teams need it.
- **Lifecycle** - In what order should policies and rules be applied, ensuring that teams are doing what they need in the order it needs to happen, across all your teams.
- **Reviews** - The application of governance policies and rules to individual APIs in a self-service or in-person meeting, evolving APIs, but also the policies and rules.
- **Evangelism** - Spreading the word across teams about APIs and why they matter to business, helping bring API governance guidance to where teams are working.

Quite a list huh? Where do you start? Well the answer is you have to touch on all of these areas. If you only invest in governance rules, you are likely to anger teams producing APIs with too many things wrong. If you don’t have a strategy and work from a common API lifecycle, you will never be able to head in the direction you desire. If you aren’t using standards and establishing policies your business and engineering groups will be out of alignment, and you will be out of sync with the business sector you operate in. All of these areas matter when you are getting started, and you have to do what you can across each of these areas—-as it makes sense to your enterprise API governance efforts.

You don’t have to boil the ocean when getting started with API governance, just open up a Word or Google Doc or maybe a page in your notebook, take these eleven areas and get to work outlining what matters most in each area. I recommend digging deeper into mapping the landscape of APIs and teams, identifying what solutions would matter the most and get to work on the linting rules that will help start automating your API governance-—then get talking to teams as part of API reviews and evangelism. Repeat, update your strategy, learn, and increase while diversifying your investment in API governance across these eleven areas. At any point in your API governance journey feel free to email me and reach out with questions—-I am happy to help answer ad hoc questions, [or join you in a more formal API governance relationship](https://apievangelist.com/services/), and do the work across all of these areas right alongside you, adding the API governance experience you need to your team.