---
published: true
layout: post
title: API Governance Rules from the Netherlands
date: 2025-05-05T09:00:00.000Z
tags:
  - Governance
  - Government
  - Rules
  - OAuth
  - OpenID
  - Security
image: https://kinlane-productions2.s3.amazonaws.com/algorotoscope-master/uncle-sam-amsterdam-water.jpg
---
It helps to have positive examples of how to do API governance. In my experience most people, teams, and enterprises tend to just emulate the vendors and other players that they are already tuned into when it comes to their API operations. I can talk until I am blue in the face about many of these things, but until you find an example of doing APIs well that people will look up to, it really doesn’t matter. So it helps to have leaders in the space like the Netherlands—yes, [the country of Netherlands who has published key aspects of their API guidance including a robust set of API design rules](https://developer.overheid.nl/blog/2025/04/02/update-api-design-rules).

- [**OAuth 2.0 Profile**](https://www.forumstandaardisatie.nl/open-standaarden/nl-gov-assurance-profile-oauth-20)
- [**OpenID Connect Profile](https://www.forumstandaardisatie.nl/open-standaarden/nl-gov-assurance-profile-oidc)
- [**API Design Rules](https://www.forumstandaardisatie.nl/open-standaarden/rest-api-design-rules)


Everything is in Dutch, but well worth the translation work. The API governance rules they have published is the most sophisticated set of rules combined with guidance I have come across, and in an age where these rules, rulesets, and style guides published by leading enterprises are often being taken down, what the government in the Netherlands has published is pretty foundational. I would strongly suggest your API governance teams spend some time in there looking around and evaluating their individual rules, but also their overall approach including OpenID and OAuth 2.0, you will learn a lot about how to do API governance at scale.