Or not as it seems to be the case in this thread :-)
I've been asked to think about some of this from our senior architect and I'm looking for some inspiration.
We are a large distributed organisation and so we need improve our API governance processes. I came across
Kin's blog post on this which is very inspiring.
Now we need to protect the $$$ so we could use a
big stick approach and rule by fear but that's not fun or practical. A recent introspection of product managers and developers highlighted some inhibitors around lack of governance and standards (we have some standards but nothing really official)
God punishes you by answering your prayers so we should get some GOVERNANCE. OK...now what?
Knowledge / areas I'm seeking:
- Metrics - whats useful to highlight exemplars and causes of concern?
- Whats the lightest touch way to start? I don't want a checklist of 500 things that people need to follow.
- People: how to you get people to care? Do you have API stewards from each domain / context? Do internal (fun) competition like badges awarded for being compliant work or piss everyone off?
- How do you incentivise teams? We all know when the delivery deadline creeps up that stuff like this gets dropped.
- How to roll it out iteratively? We want to avoid costly quality gates at the end of every week / month.
- Is it realistic to stop products being pushed to production because of not passing governance? We all have cases in our enterprise where we may have pushed something critical to production with a security vulnerability because "we'll come back to that later" *
- Tools for automation.....? We are not going to outsource it to Akana or apigee etc so whats out there that we could use.
* this is just a cynical example and not to be construed as a practice by our company.
Thanks and have a good weekend.