1. API Governance &
Conformance
CALGARY MULESOFT MEETUP
September 25, 2023

2. Safe Harbour Statement
● Both the speaker and the host are organizing their meet-up in individual capacity only. We are not
representing our companies here.
● This presentation is strictly for learning purposes only.
● Organizer/Presenters do not hold any responsibility that the same solution will work for your
business requirements.
● This presentation is not meant for any promotional activities.

3. Housekeeping
● A recording of this meetup will be uploaded to events page within 24 hours.
● Questions can be submitted/asked at any time in the Chat/Questions and Answers Tab.
● Give us your feedback! Rate this meetup session by filling feedback form at the end of the day.
Hoping to see your feedbacks!!

4. Agenda
● Introductions
● Need for API Security & Best Practices
● Benefits of API Governance
● API Governance & Conformance
● Governance Console 1/2
● Governance Console 2/2
● Demo
● Quiz time
● Networking time

5. Speakers and host for today
a
Akash Parwal
Manager, PwC
MuleSoft Mentor | Toronto
Meetup Leader
Nitha Joseph
Associate Consultant, PwC
MuleSoft Mentor | Calgary
Meetup Leader

6. Need for API Security & Best practices
When working with a plethora of APIs across multiple teams and design tools, architects want to maintain standard quality and
security while developers want to avoid overhead caused by conformance review cycles.
There are two challenges that stand in the way of API security efforts:
● API Sprawl: A drastic increase in the number of APIs has resulted in less visibility of the APIs in your digital estate.
The result is challenging to manage and dramatically increases bad actors' opportunities to take advantage.
● API Standardization: Standardizing APIs ensures all APIs within the digital estate adhere to the agreed and
defined security standards.
5 Best Practices to secure your data:
● API Protection: Go beyond authentication by defining permissions and controlling how much access an individual
has when they access an API.
● API Governance: IT teams must proactively approach API security through standardization.
● API Data Security: By controlling what data is accessible within an API, IT teams can employ an additional layer of
protection by ensuring that the API does not release all data to every user that accesses it.
● API Discovery: Shadow APIs lurk just outside of sight, and IT teams can’t secure what you can’t find.
● API Security Testing: the ongoing testing to identify APIs vulnerabilities.

7. Benefits of API Governance
API governance in MuleSoft offers several benefits, including:
● Consistency: It ensures that APIs follow consistent naming conventions, data formats, and security protocols, leading to
a more uniform and predictable API landscape.
● Security: API governance enforces security measures like authentication, authorization, and encryption, reducing the risk
of data breaches and ensuring compliance with regulations.
● Compliance: It helps organizations adhere to industry standards and regulatory requirements by defining and enforcing
compliance policies and practices.
● Efficiency: API governance streamlines API development and management processes, reducing duplication of effort and
improving resource allocation.
● Visibility and Monitoring: It provides tools and processes for monitoring API usage and performance, enabling proactive
issue detection and resolution.
These benefits collectively enhance an organization’s ability to manage and scale its API ecosystem effectively using MuleSoft.

8. API Governance & Conformance
Anypoint API Governance is a component of the Anypoint Platform that enables you to apply governance rules to your APIs as
part of the API lifecycle.
With API Governance you can -
● Improve your organization’s API quality: Identify conformance issues in published API specifications and take steps to
resolve them.
● Share governance best practices: Publish governance rulesets in Anypoint Exchange to share with other developers.
● Apply consistent rules at design time: Apply governance rulesets at design time in Anypoint API Designer.
● Enforce governance within your DevOps organization: Automate the application of standards to your API contract and
specification within your CI/CD pipeline.

9. Governance Console – 1/2
● The MuleSoft Governance Console is a powerful web-based tool that serves as the centralized control center for managing
and enforcing API governance policies within the MuleSoft Anypoint Platform.
● As organizations adopt API-led connectivity to enable seamless integration and streamline digital transformation, the
Governance Console becomes an essential component to ensure the consistency, security, and compliance of APIs.
● With the Governance Console, businesses gain a holistic view of their API landscape, providing administrators,
developers, and stakeholders with a comprehensive dashboard to oversee the entire API lifecycle.
● From design and development to deployment and monitoring, the Governance Console empowers users to implement robust
governance practices effectively.

10. Governance Console – 2/2
Key Features of the MuleSoft Governance Console:
● Policy Management: Administrators can define and configure a wide range of governance policies to meet their
organization's specific needs. These policies include API rate limiting, authentication mechanisms, access control, and security
protocols, ensuring that APIs adhere to predefined standards and best practices.
● API Lifecycle Management: The Governance Console enables seamless management of the complete API lifecycle, simplifying
the process of versioning, transitioning between stages, and even retiring APIs when they are no longer needed. This centralized
control streamlines collaboration and reduces the risk of inconsistencies across development teams.
● Security and Compliance: With a strong focus on security, the Governance Console allows organizations to implement
industry-leading security measures, including OAuth 2.0, TLS, and HTTPS, to protect sensitive data and prevent
unauthorized access. Compliance with regulatory requirements becomes more manageable through enforced policies.
● Analytics and Monitoring: Through the Governance Console's built-in analytics and monitoring capabilities, users can gain
valuable insights into API usage, performance, and potential issues. Real-time data empowers stakeholders to make
informed decisions, optimize API performance, and enhance end-user experiences.
● Governance Collaboration: The Governance Console fosters effective collaboration between development teams,
administrators, and other stakeholders. Clear documentation and standardized governance policies ensure seamless
communication and understanding of API implementations.

11. Governance Console
MuleSoft Governance Console is a
critical tool that empowers
organizations to enforce API
governance policies, maintain
consistency, and enhance
security in their API-led connectivity
approach. By providing a centralized
platform to manage the API
lifecycle and monitor API
performance, the Governance
Console plays a pivotal role in
driving successful API strategies and
supporting digital transformation
initiatives.

12. Demo

13. API Governance Profile Creation
Post logging in to Anypoint
Platform click to create a
profile for API Governance

14. Governance OOTB Policies
Select the Rulesets from pre-
existing mule rule sets . Here we
can filter it based on Rulesets
provided by Mulesoft or can use
our custom as well . Refer this link
for custom rule set -
https://docs.mulesoft.com/api-
governance/create-custom-rulesets

15. Governance Dashboard
Here in the dashboard we can make
changes and see which rule-sets
failed . In case of violation we can
see an array of Warnings + Errors
with description as to what went
wrong . We can review and make
adjustments in our RAML Design
centre accordingly .

16. Governance Alerts
We can set Alerts to be sent out to Admins or
a group of people so that incase of any Non-
Conformance an email alerts is sent out and
the concerned team is notified.
This helps in maintaining & notifying for Non
conformance thereby enforce Conformance .

17. API Governance - Important Links
● Anypoint Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/anypoint-best-
practices/minor/1.0/
● Authentication Security Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-
620025690913/authentication-security-best-practices/minor/1.0/
● HTTPS Enforcement - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/https-
enforcement/minor/1.0/
● OpenAPI Best Practices - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/openapi-best-
practices/minor/1.0/
● OWASP API Security Top 10 2019 Checklist - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-
620025690913/owasp-api-security/minor/1.0/
● Required Examples - https://anypoint.mulesoft.com/exchange/68ef9520-24e9-4cf2-b2f5-620025690913/required-
examples/minor/1.0/
● Custom Ruleset -
https://docs.mulesoft.com/api-governance/create-custom-rulesets | https://docs.mulesoft.com/anypoint-cli/4.x/api-
governance

18. Quiz time

19. Thank you for being a
part of this meetup!!!