Need help with your APIs? I offer API discovery, governance & evangelism services. Explore services →
API Evangelist API Evangelist
Learnings
Guidance
Toolbox
Alignment
API Evangelist LLC

Provenance

Failing to understand your API history increases the risk of repeating past mistakes in future API development. Establishing provenance for each API helps track changes over time and ensures new owners and stakeholders can quickly get up to speed. Architectural decision records for API operations provide stability and a shared understanding among teams, supporting both the creation of new APIs and the maintenance of legacy APIs. In the age of artificial intelligence, API provenance is becoming even more critical for governing enterprise operations. Maintaining clear records of which APIs models have been trained on, which APIs can be used within each model, and which models are accessed via APIs will be essential for meeting future regulatory and compliance requirements. Without proper API provenance, the cost and complexity of delivering APIs are likely to increase significantly.

Policies

Dependency SBOM Maintained

Require that every API maintain a current software bill of materials enumerating the libraries, services, and versions it depends on. I want a machine-readable SBOM and dependency manifest kept in ...

Compliance Mapping (Governance)

Require that every API in production maps its endpoints, data, and controls to the specific regulatory and compliance obligations it falls under, whether that is GDPR, HIPAA, PCI DSS, SOC 2, or an ...

Dependency Management (Governance)

Require that every API declares the upstream services, libraries, and other APIs it depends on, and keeps that list current as part of its governance record. I care about this because APIs never st...

Maintainers

Require that every API names its maintainers, the real people or team accountable for its design, operation, and support, and records them where the contract lives. I care about this from the very ...

Strategies

API Dependencies Have an SBOM

I want a software bill of materials for the APIs and services we depend on, so that we always know what is actually in the systems we ship. Every external API we consume is a dependency, and if we ...

API Provenance Is Maintained and Auditable

All API contracts must maintain a clear record of their provenance including reviews, certifications, pull requests, and change history, ensuring that the evolution of each API is traceable, audita...

APIs Are Transparent and Accountable

I want our APIs to be transparent about how they handle data and accountable for the promises we make around it. That means the consent and data processing agreements that govern an integration are...