INTERFACE by apidays - Automating API Governance by John Phenix
•
0 gostou•3,453 visualizações
INTERFACE by apidays Automating API Governance John Phenix, Chief API Architect at HSBC
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Semelhante a INTERFACE by apidays - Automating API Governance by John Phenix
Semelhante a INTERFACE by apidays - Automating API Governance by John Phenix (20)
Mais de apidays
Mais de apidays (20)
Último
Último (20)
INTERFACE by apidays - Automating API Governance by John Phenix
- 1. Date: June 2020 Prepared by: John Phenix Chief API Architect, HSBC Commercial Bank Automating API Governance PUBLIC
- 2. 1 1 HSBC - The World’s Leading International Bank 39million customers 3,900 offices 65 countries & territories Present in Reported Revenue $53.8bn 254PB of data Data Centres in 21 countries 96,600+ Servers $1.5 Trillion Daily payments processed 235,000 people around the world 46,000 IT Professionals $2.5bn Run / $3.3bn Change (cash) PUBLIC
- 3. 2 Challenge PUBLIC How to make API governance an accelerator instead of a brake?
- 4. 3 Apple’s iOS Standards and Governance platform produces a consistent, market leading App experience Why HSBC needs API Standards and Governance – an example from Apple PUBLIC
- 5. 4 HSBC’s API Standards and Governance platform will produce a consistent, market leading API developer experience Why HSBC needs API Standards and Governance Governance PUBLIC Governance
- 6. 5 Tip 1: What to Govern? PUBLIC Security Operations Reputation As little as possible!The minimum needed to deliver value and manage risks Tip 1: Focus governance on real risks rather than personal preferences
- 7. 6 Comprehensive Tip 2: What does good look like? PUBLIC Scalable Consistent Evidenced Tip 2: Good governance scales to meet delivery cadence
- 8. 7 Visibility Tip 3: Where to invest effort PUBLIC Tools Training Automation Tip 3: Shift left – make it easier to fall into success
- 9. 8 Tip 4a: Pick your style - Centralised Small team(s) of API SMEs who manually review APIs. You can duplicate the ARB (API Review Board) in different geographies. Scalable Consistent Comprehensive Evidenced PUBLIC
- 10. 9 Tip 4b: Pick your style - Federated API Champions from every region and major project to enforce standards locally and escalate non-compliance. Scalable Consistent Comprehensive Evidenced PUBLIC
- 11. 10 Tip 4c: Pick your style - Automated Speed and safety at scale requires an automated approach. Scalable Consistent Comprehensive Evidenced PUBLIC
- 12. 11 Tip 4c: Pick your style -– Hybrid Focus manual reviews on exceptions and qualitative analysis. Scalable Consistent Comprehensive Evidenced PUBLIC Tip 4: Move from “Are we building APIs right?” to “Are we building the right APIs?”
- 13. 12 Tip 5: How to automate Audit Trail API Engineers Governance Engineers Batch Rules Setup CI/CD Pipeline CAGE UI Repository Rules Lead Architects Certification Dashboard CAGE PUBLIC
- 14. 13 Peer Reviews Tip 5: How to automate PUBLIC Building APIs Right Building the Right APIs Training Tip 5: Automate as much as you can, but you still need people
- 15. 14 5 Governance Tips Q1: What to govern Q2: What does good look like Q3: Where to invest effort Q4: How to pick your style Q5: How to automate PUBLIC Tip 1: Focus governance on real risks rather than personal preferences Tip 2: Good governance scales to meet delivery cadence Tip 3: Shift left – make it easier to fall into success Tip 4: Move from “Are we building APIs right?” to “Are we building the right APIs?” Tip 5: Automate as much as possible, but you still need people
- 16. 15 Example Rules Security: • Sensitive info in query parameters • Standard headers • Security policies Operations: • Naming standard • Published to API Repository • Versioning • Check for duplicate APIs • Health endpoint Style: • camelCase, PascalCase and snake-case • Always return 2xx, 4xx and 5xx • Misuse of HTTP verbs • Plural nouns for resource collections • Example request and response schemas PUBLIC
- 17. 16 PUBLIC