Configuring API governance in the API Manager
How to add custom API governance rulesets to your API development process, to validate and enforce organizational governance policies and best practices in your provider organization.
Before you begin
Before you can create API governance rulesets, the API governance optional add-on must be enabled on your management subsystem by your system administrator. See Enabling API governance on Kubernetes, and Enabling API governance on VMware for more information. If API governance is enabled in your deployment, the API governance resource is displayed on the Resources page in the API Manager.
- Organization Administrator
- Owner
- Custom role with the
Settings: Manage
permission.
About this task
API governance is an optional add-on to IBM® API Connect that can be used to validate and enforce organizational governance policies and best practices in your API development process. You configure API governance by creating one or more custom rulesets that contain a collection of rules that can then be used to check Swagger, OpenAPI, and AsyncAPI documents.
- Provider organization rulesets - these are custom rulesets that contain the rules that are created in, and are specific to, your provider organization.
- Global rulesets - these are pre-configured IBM and Spectral rulesets that contain the rules that are shared with your provider organization, and cannot be edited. Note that the Spectral ruleset names are prefixed by spectral-, and that their version matches the version of that ruleset that's available in Spectral.
API governance in IBM API Connect is based on the open-source Spectral linter; for more information about Spectral, see https://docs.stoplight.io/docs/spectral/674b27b261c3c-overview.
- API governance in IBM API Connect only supports the creation of custom rulesets that contain rules that use the built-in Spectral core functions, as defined in https://docs.stoplight.io/docs/spectral/cb95cf0d26b83-core-functions. The use of custom functions, for example rules that use functions that you have created yourself in JavaScript files, is not supported.
- Some of the Spectral rules within the Global rulesets
contain the property
recommended: false
, which means that those rules are ignored during validation. However, if you create a new ruleset from one of these rulesets by using the Save as new ruleset option, therecommended
property isn't transferred to the new ruleset. Therefore all of the rules will be used in the validation, unless you delete those rules from the ruleset. The Spectral ruleset names are prefixed by spectral-. - You can also configure API governance rulesets in the Cloud Manager. For more information, see Configuring API governance in the Cloud Manager.
Procedure
Results
What to do next
You can validate the ruleset against an API by clicking Validate, selecting the rules that you want to validate, and one or more APIs, then clicking Validate. The results of the validation are displayed in a scorecard.
When you finish editing your ruleset, you can publish it to your provider organization. Click the
options menu icon either next to the ruleset that you want to publish, or from within the ruleset viewer.
Select Publish, and then click Publish again to
confirm. The status of your ruleset changes from Draft to
Published, and can now be used by API developers to validate their APIs. For
more information, see Validating an API document by using API
governance.
- After a ruleset is published, the ruleset information and rules can no longer be edited. If you
need to update this information, you must create a new version by clicking the options menu icon
either next to the ruleset that you want to edit, or from within the ruleset viewer, and selecting Save as new ruleset.