Blog related to MuleSoft product, where students can learn best API practices, in the world of the Integrations.

sr flag
sr flag

Како проактивно заштитити АПИ-је помоћу доступних алата МјулеСофт Говернанса

Организације данас имају стратегију управљања која се заснива на специфичној индустрији. Управљање АПИ-јима и микро процесима је комплексан подухват који укључује размену осетљивих података, стога се прописи обично примењују. Овај чланак ће објаснити како можемо проактивно заштитити АПИ-је помоћу доступних алата тзв. МјулеСофт Говернанса.

Stevan Popov

12/18/20232 мин читање

Application Program Interfaces (APIs) and microservices have become integral components of modern architecture and software development. Organizations today have a governance strategy that is based on the industry. Managing APIs and Microservices is a complex undertaking with exchanging sensitive data, therefore Regulations and Audits are usually enforced.

If you are managing large Integration teams, with hi volume of Integration interfaces in the Production environment, and you are asking yourself how to protect more and prepare for the Audit, suggestion is to start with 6 key action items:

  • Ensure that Cataloguing is in place for all APIs in use

  • Define Rule Sets (coding standards)

  • Expend Rule Sets to other IT teams who are coding APIs, as APIs must be 100% managed across organisation (not only your team/department (!)

  • Implement API Governance Modules in AnyPoint platform

  • Monitor APIs

  • Successfully pass the Audit

Organisation API Ecosystem in one place (Catalog), spread within Lower environments And Production environment:

Once that you ensured that API Cataloguing is into one place, it’s time to define rulesets, implement governance checks and ensure enforcing Policies when deploying API.

This is the Component of Anypoint Platform that enables Developers to manage, govern, and secure APIs. It provides an interface to configure the runtime capabilities:

Please note that there are limitations in the number of APIs to Govern. There is only 10 APIs to Govern and extension can be obtained by obtaining more AnyPoint licenses and this will be a subject to a agreement between organisation and MuleSoft.

Some of the rulesets defined:

  • Best Practises

  • Authentication

  • Required examples of HTTPS enforcement

Once rulesets are defined, the governance engine runs the rulesets against the filtered APIs and provides a dashboard where you can see your API conformance status. There is an option to select different profile with more detailed view of the violations (reminder notifications can also be set):