API governance can have something of a poor reputation when looked at through the lens of developer creativity. However, well-implemented governance can actually support creativity and agility for both API producers and consumers who build on those APIs. We explored this topic in depth at the LEAP 2.0 API governance conference and can now share key insights below. Read on to discover:
- How governance can underpin all levels of the API hierarchy of needs
- The value of reliability in boosting developer creativity
- How automation can enhance developer autonomy
- Why it’s essential to balance ‘mandatory’ and ‘optional’ when it comes to API governance
Governance within the API hierarchy of needs
Let’s consider the balance of governance versus creativity by looking at the API hierarchy of needs:
Clearly, governance can help drive improvements in reliability, functionality and usability. However, does it become a constraint as we head towards the top of the pyramid, holding back creativity? It’s a challenge that often comes up when implementing governance – how you can introduce constraints, normalization, standardization and stasis while still empowering creative, innovative teams that can think outside the box and take calculated risks.
As you move up the hierarchy, your level of control as an API producer reduces. At the top, you have developers producing your APIs who need to be creative, but also those consuming it, who need to work with it creatively.
Governance can help you support both groups by making your API building more agile. Let’s say you’re an API producer and want to introduce change – to innovate and be creative. With the right governance tools and processes in place, you can introduce that change without fear of breaking things for your consumers, meaning governance has a positive impact on creativity.
On the consumer side, governance supports reliability that means you can experiment with Apis and build new things freely with them. You can’t do that with APIs that are always crashing or that produce strange results from time to time. So again, the reliability that governance delivers is supporting creativity. Consumers can build creatively on the API and experiment without breaking things.
How to balance API governance with developer creativity
Balancing governance with developer creativity and agility involves looking at what governance can achieve in terms of automating and removing tasks that developers don’t want to think about. It’s also important to consider what enables creativity and agility in the first place.
Having a platform providing guardrails can help with providing this autonomy, but it’s essential to balance optional parts of the platform with mandatory parts. The mandatory element includes setting clear expectations that you can check things against (ideally automatically). Examples could include API security, with defined expectations around role-based access control or standardized field names, for example.
The optional part is about enabling developers to go off platform if they need to do so – although this introduces complications around validating against platform standards. Many organizations struggle with this concept, because they have a set of requirements that are non-negotiable – those mandatory expectations that can feel pretty dense, particularly in highly regulated businesses.
So, how optional can a platform be? Well, the key is to make sure you only validate and govern the things you must. But it’s also important to make it really easy for developers to find and use what they need within the platform. Ensuring the right thing to do is also the easiest thing to do is what governance should be pushing towards. When you make those mandatory elements as prevalent as air, so they just happen without developers having to think about them, the ease of those guardrails then enables flexibility and creativity within them.
Talk to Tyk about API governance
As technology evolves, the way we deploy governance is becoming more creative. From platforms with golden guardrails to Kubernetes pods that auto-deploy everything, with automated end-to-end GitOps, there are plenty of ways to approach API governance.
Why not talk to the Tyk team about what would work best for your organization?
