Need help with your APIs? I offer API discovery, governance & evangelism services. Explore services →
API Evangelist API Evangelist
Learnings
Guidance
Toolbox
Alignment
API Evangelist LLC

API Provenance Is Maintained and Auditable

All API contracts must maintain a clear record of their provenance including reviews, certifications, pull requests, and change history, ensuring that the evolution of each API is traceable, auditable, and supports compliance and quality assurance efforts.

Policies

Provenance

Helping curate the provenance of each API contract as it evolves over time, documenting change, and cataloging the reviews, validation, certification, and conversation that occurs as each API moves...

Issues

Provide the provenance of an API contract using Git issues.

Pull Requests

Provide the provenance of an API contract using Git pull requests.

Reviews

Provide the provenance of an API contract using API governance reviews.

Certifications

Provide the provenance of an API contract using regular certifications

Issues

Leveraging issues as a way to communicate API change and feedback.

Pull Requests

Using pull requests to submit changes to business or technical artifacts.

README

Require that each API contract repository has a dedicated README.

Teams

Require that API contract management is controlled using Git teams.

Logging (Operations)

Require that every API produces structured, correlated logs for each request, so I want a consistent log schema, a correlation or trace identifier carried through, and clear rules about what gets c...

Experiences

Provenance

Failing to understand your API history increases the risk of repeating past mistakes in future API development. Establishing provenance for each API helps track changes over time and ensures new ow...

Quality

The quality of HTTP APIs powering an enterprise tends to decline as the number of ungoverned APIs grows across internal, partner, and public landscapes. Low-quality APIs lead to poor downstream exp...

Trust

Establish trust with API consumers will evolve and build over time, and is something that can be lost in a very short period of time. Trust will depend on other experiences like quality and reliabi...

Compliance

Compliance is the experience of meeting the legal, regulatory, and internal obligations that come with operating an API. For many teams it feels like a burden bolted on at the end, but the reality ...

Governance

Governance is the experience of keeping API operations consistent and aligned as they scale across teams and time. It is the discipline that connects strategy at the top to the rules being enforced...