Governing APIs at Scale

Jan 24, 20220 likes18 views

How can we help API platform teams ensure that their organizations make and use secure, reliable, and easy-to-use APIs? This is a question that we’ve been asking on my team at Google, and in September I shared some conclusions that we were drawing from research and interviews of teams that were working to improve the quality and security of the APIs in their large organizations. The presentation, Governing APIs at Scale, walked through twelve requirements for an API governance platform, i.e. the software tools that these teams would use to be more productive.

Governing APIs at Scale
How can we help API platform teams ensure
that their organizations make and use
secure, reliable, and easy-to-use APIs?
Tim Burks / timburks@google.com / @timburks

About suffering they were never wrong,
The old masters: how well they understood
Its human position: how it takes place
While someone else is eating or opening a window
or just walking dully along;
How, when the aged are reverently, passionately waiting
For the miraculous birth, there always must be
Children who did not specially want it to happen, skating
On a pond at the edge of the wood: They never forgot
That even the dreadful martyrdom must run its course
Anyhow in a corner, some untidy spot
Where the dogs go on with their doggy life
and the torturer's horse
Scratches its innocent behind on a tree.
Landscape with the Fall of Icarus
Pieter Bruegel the Elder c. 1650
In Breughel's Icarus, for instance: how everything turns away
Quite leisurely from the disaster; the ploughman may
Have heard the splash, the forsaken cry,
But for him it was not an important failure; the sun shone
As it had to on the white legs disappearing into the green
Water, and the expensive delicate ship that must have seen
Something amazing, a boy falling out of the sky,
Had somewhere to get to and sailed calmly on.
Musee des Beaux Arts - W. H. Auden (1907-1973)

Governing helps people work together
1 2 3
Quality Consistency Productivity

12 Requirements for an
API Governance Platform

1. Inclusion
McNamara Fallacy
We have a tendency to make
the measurable important
rather than the important
measurable

2. Shared
Language
API Speciﬁcations
API Versions
Version 1 …
Spec 1
APIs
API 1 API 2 API n
…
API Deployments
Deployment 1 …
…

3. Revision Histories
Deployment 1@m Deployment 1@n …
Spec 1@i Spec 1@j Spec 1@k
…
…

4. Metadata (Labels and Artifacts)
Artifacts
1 2
n
…
…

7. Style Guides
name: google-aip
display_name: Google API Improvement Proposals
mime_types:
- application/x.protobuf
guidelines:
- name: aip126
display_name: Enumerations
description: This guideline governs enum objects in proto files.
rules:
- name: upperSnakeCaseEnumValues
description: All enum values must use UPPER_SNAKE_CASE.
linter: api-linter
linter_rulename: upper-snake-values
severity: ERROR
- name: unspecifiedEnumSuffix
description: >
The first value of the enum should be the name of the enum itself
followed by the suffix _UNSPECIFIED.
linter: api-linter
linter_rulename: unspecified
severity: WARNING
…
linters:
- name: api-linter
uri: https://github.com/googleapis/api-linter

9. Policies and Controls
name: "test-manifest"
generated_resources:
- pattern: apis/-/versions/-/specs/-/artifacts/complexity
dependencies:
- pattern: $resource.spec
filter: "mime_type.contains('openapi')"
action: "registry compute complexity $resource.spec"

1. Inclusion
2. Shared Language
3. Revision Histories
4. Metadata
5. Lifecycle Model
6. Search
12 Requirements for an API Governance Platform
7. Style Guides
8. Scoring
9. Policies and Controls
10. Integrations
11. Open Source
12. Enterprise-Readiness

The solution space for professional media producers is fundamentally changing, as well as the requirements induced by the market. Media have to be available on any device, by non-linear distribution and preferably in high-definition. These requirements translate to the back-office that has to become more agile and to scale out, while improving in terms of performance and stability. Since it is not probable that conventional IT nor media technology suppliers will be able to take this hurdle - because they can't manage the complexity or because they are not allowed to do so by their shareholders, there is an opportunity for newcomers able to provide a solution.

248649330-Animatronics-Technical-Seminar-Report-by-Aswin-Sarang.pdfkushkruthik555

The document discusses the design and development of an animatronic Spinosaurus for the movie Jurassic Park III. It begins with an overview of the animatronic design process, including sculpting, mold making, armature fabrication, costuming and programming. It then provides statistics for the Spinosaurus animatronic, noting it is the largest ever built at 43.5 feet long and weighing 24,000 pounds. The document concludes with details on building a life-size sculpted model of the Spinosaurus and the animatronic's programming to bring it to life.

248649330-Animatronics-Technical-Seminar-Report-by-Aswin-Sarang.pdfkushkruthik555

The document discusses the design and development of an animatronic Spinosaurus for the movie Jurassic Park III. It begins with an overview of the animatronic design process, from sculpting to programming. It then provides statistics for the Spinosaurus animatronic, which at 43.5 feet long and 24,000 pounds is the largest animatronic ever built by Jurassic Machines. The document concludes with details of the animatronic's design, including drawings, sculptures, molding, and programming to create a life-size, functioning Spinosaurus animatronic.

Digital Media ProductionMaarten Verwaest

The document discusses digital media production at VRT Medialab. It provides three case studies: 1) Media Asset Management - How to effectively reuse large amounts of unstructured content. 2) Non-linear Distribution - Using digital broadcasting and streaming to distribute radio online and on-demand. 3) Computer Integrated Manufacturing - Using CAD/CAM tools to integrate the production process for drama.

ACI Creativity and Design Day 4R. Sosa

This chapter discusses robotic systems and focuses on the design of highly mobile robots. It explains that highly mobile robots are needed for applications like urban search and rescue in hazardous environments with difficult access. The chapter then evaluates design requirements for scenarios like searching collapsed mines or rubble after natural disasters. It identifies needs like negotiating debris, mud, rocks, and vertical obstacles. Concepts for mobility enhancers like articulated legs, tracks, and folding mechanisms are presented. A potential prototype design is also shown.

Dell CIO Rally 2015Darwin Gosal

This document provides information about an innovative liberal arts college, including its establishment in 2011, intake of 1,000 students and 100 staff since 2012, and motto of being "a community of learning, founded by two great universities, in Asia, for the world." It also discusses technology topics like exoskeletons, education ecosystems, cloud computing price reductions, homomorphic encryption, optical computing, server and storage hardware, open networking, open source lessons from Linux, virtualization, software-defined data centers, orchestration, and upcoming software-defined networking. Scientific computing topics covered include high performance, throughput and scalable computing.

Denver Technology Transfer (Rev 1 B)dmmprs

The document discusses various types of failures including aircraft failures, spacecraft failures, submarine failures, business failures, and intelligence failures. It provides examples for each type of failure such as the Challenger space shuttle disaster, the Kursk submarine sinking, and the collapse of Lehman Brothers. The document also discusses the benefits of failure for learning and improving. It advocates for failing fast and recovering quickly from failures.

Logos ethos-pathos-acme-gizmotronicsApril_Walters

Why Rust? by Edd Barrett (codeHarbour December 2019)Alex Cachia

Applying principles of chaos engineering to serverless (ServerlessCPH)Yan Cui

Chaos engineering is a discipline that focuses on improving system resilience through experiments that expose the inherent chaos and failure modes in our system, in a controlled fashion, before these failure modes manifest themselves like a wildfire in production and impact our users. Netflix is undoubtedly the leader in this field, but much of the publicised tools and articles focus on killing EC2 instances, and the efforts in the serverless community has been largely limited to moving those tools into AWS Lambda functions. But how can we apply the same principles of chaos to a serverless architecture built around AWS Lambda functions? These serverless architectures have more inherent chaos and complexity than their serverful counterparts, and, we have less control over their runtime behaviour. In short, there are far more unknown unknowns with these systems. Can we adapt existing practices to expose the inherent chaos in these systems? What are the limitations and new challenges that we need to consider? Join us in this talk as Yan Cui shares his thought experiments, and actual experiments, in his pursuit to understand how we can apply the principles of chaos to a serverless architecture. A word of warning though, you’re guaranteed to walk away with more questions than answers!

Applying principles of chaos engineering to ServerlessYan Cui

ReDesigning Eros - Love All Beings 2aAcademia de Permacultura Integral

This document discusses the design of eco-technologies and covers several topics: - It begins by dedicating the module to Dana Meadows and Howard Odum, pioneers of systems thinking. - It explores the basic science behind space elevators, pathogens, mechanics, and vectors to better design water systems, compost toilets, and structures. - It discusses space elevators as an example of a difficult but potentially cheap technology for space travel once built, and compares them to kangaroos as a metaphor. It also discusses how nature already has examples of "space elevator principles."

THE FUTURE OF AI SPACIAL PROJECTIONZ.docxIT Industry

Erlang sucks. EUC 2012Dmitrii Dimandt

The document discusses the author's experience covering Erlang news for 5 years and moving to Sweden just to program in Erlang after previously being a web programmer using other languages. It then covers various topics about Erlang such as package management, available libraries compared to other languages, and domains it can be used for compared to other languages. The moral of the story is that Erlang is not mainstream but can be useful for backend services and medium-sized projects.

Artificial Intelligence for UndergradsJose Berengueres

Artificial Intelligence for Undergrads is a textbook by J. Berengueres that introduces key concepts in artificial intelligence. It covers topics like spell checking algorithms, machine translation, game playing, and Monte Carlo tree search. The book also discusses early pioneers in AI like Marco Dorigo and his work on ant colony optimization algorithms. It aims to explain complex AI concepts in a simple way for undergraduate students new to the field.

NATURAL OBJECT ORIENTED PROGRAMMING USING ELICANIKHIL NAWATHE

The document discusses the evolution of the Logo programming language and introduces Elica, a dialect of Logo that supports natural object-oriented programming (NOOP). It describes some key concepts of NOOP like classes, instances, fields, methods, and inheritance. It provides an example comparing how object creation and identification are implemented in traditional OOP vs NOOP. Finally, it lists some applications that have been developed using the Elica programming language.

API Security: Assume Possible InterferenceJulie Tsai

The document discusses security best practices for APIs and containers. It recommends establishing guardrails for authentication, data lifecycle, integration, deployment, changes, and testing. Guidelines should allow flexibility in tools and methods while ensuring consistency. Security must be integrated throughout the development process, and anomalies should be monitored to detect issues. While new technologies enable agility, responsibility is needed to ensure security is not compromised.

Usable APIs at ScaleTim Burks

This half-day tutorial introduces Protocol Buffers, gRPC, and the open source tools that Google uses to publish and support some of the world's biggest APIs. We'll show how the Protocol Buffer language allows APIs to be described, reviewed, and implemented in a programming-language independent way, how gRPC enables high-performance streaming APIs, and how \ a few simple conventions can enable related tools to serve robust REST APIs and generate production-quality client libraries in seven popular programming languages. This is API publishing the Google way, but large teams aren't required. With shared open-source tooling, even the smallest developer can build scalable, usable APIs that delight. https://apistrat18.sched.com/event/FTR3/usable-apis-at-scale-with-protocol-buffers-and-grpc-tim-burks-andrew-gunsch-google

Build your next REST API with gRPCTim Burks

Implementing OpenAPI and GraphQL services with gRPCTim Burks

Behind every API there's code. REST and GraphQL are powerful interface abstractions but are not so great for writing code (we’re still looking for the programming language where every command is a GET, POST, PUT, or DELETE). When programmers work, they are usually making function calls, and an RPC framework like gRPC allows those functions to be written in a mixture of languages and distributed among many servers. This means that gRPC can be a great way to implement REST and GraphQL APIs at scale. We’ll share open source projects from Google that can be used to implement OpenAPI and GraphQL services with gRPC and give you hands-on experience with both. Presented at the 2019 API Specifications Conference. https://asc2019.sched.com/event/T6u9/workshop-implementing-openapi-and-graphql-services-with-grpc-tim-burks-google

Creating Great REST and gRPC API Experiences (in Swift)Tim Burks

Protocol Buffers are a language-neutral, platform-neutral mechanism for serializing structured data. They can be used to define interfaces for APIs and exchange data between systems. Protocol Buffers include a data definition language to define message types, a serialization format to encode structured data in a compact binary form, and code generation plugins to generate data access code in multiple languages. Protocol Buffers provide a flexible and efficient method for serializing structured data for storage or network transmission.

Networked APIs with swiftTim Burks

The document provides an overview of using Swift to connect to networked APIs. It defines what a networked API is and describes two common API styles: RPC and REST. It then discusses REST APIs in more detail, covering the Richardson Maturity Model, HATEOAS, and Fielding's requirements for REST. The document demonstrates making HTTP requests in Swift, including preparing URLs and requests, performing requests, and handling authorization. It also briefly discusses Protocol Buffers and building gRPC services in Swift.

Enforcing API Design Rules for High Quality Code GenerationTim Burks

[Co-presented with Mike Kistler, Architect for SDK Generation for the Watson Client Libraries] The OpenAPI Specification is emerging as the leading standard for describing REST APIs. A key factor in the popularity of OpenAPI is the broad array of open source tools that it enables that create, manipulate, and publish documentation and code from OpenAPI descriptions. In this talk, we describe a configurable and extensible open source linter for OpenAPI that we are using to solve API code generation problems at IBM and Google. Our linter is based on Gnostic, an open source framework for working with API descriptions that was developed at Google and is available on GitHub. OpenAPI itself is language-agnostic and is being used to generate code in a large set of popular programming languages. This generated code includes both server-side "stubs" and client libraries that are sometimes called software development kits (SDKs). IBM has begun to employ code generation for the Watson Developer Cloud SDKs and other companies are doing similar things, including Google, which generates client libraries from Google-specific API description formats. These teams have found that the quality of SDKs generated from API descriptions depends heavily on the quality of the descriptions. This goes far beyond mere syntactic compliance with a specification -- it involves proper API design, naming, and adherence to organization-wide design patterns. To address this, many companies have created API design guides. Some companies, such as Google and Microsoft, have published their API design guides externally, while others like IBM have kept theirs as internal documents. But to this point, verifying compliance with an API design guide has largely been a manual task. What is needed, we believe, is a configurable and extensible linter to check OpenAPI descriptions for conformance with rules derived from API design guides.

Taming Cloud APIs with SwiftTim Burks

This document summarizes a presentation on using Swift to call cloud APIs. It discusses: 1. Using protocol buffers to define data structures and interfaces for APIs in a language-neutral way. Code can then be generated to handle serialization. 2. An example echo API defined with protocol buffers and a Swift client calling the different endpoint types (unary, streaming, etc). 3. Authorization methods for API calls from Swift, including using credentials from Google Cloud or OAuth2 flows. 4. Future directions like idiomatic Swift clients for Google APIs like Cloud Datastore.

OpenAPI and gRPC Side by-SideTim Burks

Spend some time working with OpenAPI and gRPC and you’ll notice that these two technologies have a lot in common. Both are open source efforts, both describe APIs, and both promise better experiences for API producers and consumers. So why do we need both? If we do, what value does each provide? What can each project learn from the other? We’ll bring the two together for a side-by-side comparison and pose answers to these and other questions about two API methodologies that will do much to influence the future of networked APIs.

Fast and Reliable Swift APIs with gRPCTim Burks

The document discusses using gRPC and Protocol Buffers to build fast and reliable APIs, describing how gRPC uses Protocol Buffers to define service interfaces and handle serialization, and allows building clients and servers in various languages that can communicate over the network through language-independent services. It provides examples of using gRPC to define and call both unary and streaming RPC services from Swift clients and servers.

Build Great Networked APIs with Swift, OpenAPI, and gRPCTim Burks

This document discusses building APIs with Swift, OpenAPI, and gRPC. It introduces protocol buffers for defining data structures, and gRPC for building APIs. It recommends using the gnostic tool to convert OpenAPI descriptions to protocol buffers for use with gRPC plugins. This allows building high-quality code generators in different languages by separating the generator from the API description parsing. The document provides examples of building gRPC APIs and clients in Swift.

What I learned about APIs in my first year at GoogleTim Burks

CocoaConf: The Language of Mobile Software is APIsTim Burks

We’re all excited about using the same language to write our mobile apps and cloud services, but as we do, we’ll still need to work with a few things that aren’t written with Swift. Fortunately, there are some great patterns that we can use for doing that. In this session we’ll talk about two technologies that you can use to make your app speak with APIs written in any language: OpenAPI and Protocol Buffers, and then we’ll see how to use them from clients and servers that are written in Swift. Presented Friday November 4, 2016 in San Jose.

More Related Content

Similar to Governing APIs at Scale (10)

Logos ethos-pathos-acme-gizmotronicsApril_Walters

Why Rust? by Edd Barrett (codeHarbour December 2019)Alex Cachia

Applying principles of chaos engineering to serverless (ServerlessCPH)Yan Cui

Applying principles of chaos engineering to ServerlessYan Cui

ReDesigning Eros - Love All Beings 2aAcademia de Permacultura Integral

THE FUTURE OF AI SPACIAL PROJECTIONZ.docxIT Industry

Erlang sucks. EUC 2012Dmitrii Dimandt

Artificial Intelligence for UndergradsJose Berengueres

NATURAL OBJECT ORIENTED PROGRAMMING USING ELICANIKHIL NAWATHE

API Security: Assume Possible InterferenceJulie Tsai

Logos ethos-pathos-acme-gizmotronicsApril_Walters

Why Rust? by Edd Barrett (codeHarbour December 2019)Alex Cachia

Applying principles of chaos engineering to serverless (ServerlessCPH)Yan Cui

Applying principles of chaos engineering to ServerlessYan Cui

ReDesigning Eros - Love All Beings 2aAcademia de Permacultura Integral

THE FUTURE OF AI SPACIAL PROJECTIONZ.docxIT Industry

Erlang sucks. EUC 2012Dmitrii Dimandt

Artificial Intelligence for UndergradsJose Berengueres

NATURAL OBJECT ORIENTED PROGRAMMING USING ELICANIKHIL NAWATHE

API Security: Assume Possible InterferenceJulie Tsai

More from Tim Burks (15)

Usable APIs at ScaleTim Burks

Build your next REST API with gRPCTim Burks

Implementing OpenAPI and GraphQL services with gRPCTim Burks

Creating Great REST and gRPC API Experiences (in Swift)Tim Burks

Networked APIs with swiftTim Burks

Enforcing API Design Rules for High Quality Code GenerationTim Burks

Taming Cloud APIs with SwiftTim Burks

OpenAPI and gRPC Side by-SideTim Burks

Fast and Reliable Swift APIs with gRPCTim Burks

Build Great Networked APIs with Swift, OpenAPI, and gRPCTim Burks

What I learned about APIs in my first year at GoogleTim Burks

CocoaConf: The Language of Mobile Software is APIsTim Burks

Interpreting Objective CTim Burks

Deep Geek Diving into the iPhone OS and FrameworksTim Burks

Building Open RadarTim Burks

Open Radar is a community radar detector built on Google AppEngine that allows over 500 radars to be reported daily and viewed by 100 users, mostly developers. The benefits of using AppEngine include super-fast start up, an easy admin interface, and not having to maintain the system. However, there are also downsides like quota limits, lack of aggregation functions, poor search support, and issues hosting naked domains.

Usable APIs at ScaleTim Burks

Build your next REST API with gRPCTim Burks

Implementing OpenAPI and GraphQL services with gRPCTim Burks

Creating Great REST and gRPC API Experiences (in Swift)Tim Burks

Networked APIs with swiftTim Burks

Enforcing API Design Rules for High Quality Code GenerationTim Burks

Taming Cloud APIs with SwiftTim Burks

OpenAPI and gRPC Side by-SideTim Burks

Fast and Reliable Swift APIs with gRPCTim Burks

Build Great Networked APIs with Swift, OpenAPI, and gRPCTim Burks

What I learned about APIs in my first year at GoogleTim Burks

CocoaConf: The Language of Mobile Software is APIsTim Burks

Interpreting Objective CTim Burks

Deep Geek Diving into the iPhone OS and FrameworksTim Burks

Building Open RadarTim Burks

Recently uploaded (20)

How analogue intelligence complements AIPaul Rowe

Artificial Intelligence is providing benefits in many areas of work within the heritage sector, from image analysis, to ideas generation, and new research tools. However, it is more critical than ever for people, with analogue intelligence, to ensure the integrity and ethical use of AI. Including real people can improve the use of AI by identifying potential biases, cross-checking results, refining workflows, and providing contextual relevance to AI-driven results. News about the impact of AI often paints a rosy picture. In practice, there are many potential pitfalls. This presentation discusses these issues and looks at the role of analogue intelligence and analogue interfaces in providing the best results to our audiences. How do we deal with factually incorrect results? How do we get content generated that better reflects the diversity of our communities? What roles are there for physical, in-person experiences in the digital world?

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxJustin Reock

Building 10x Organizations with Modern Productivity Metrics 10x developers may be a myth, but 10x organizations are very real, as proven by the influential study performed in the 1980s, ‘The Coding War Games.’ Right now, here in early 2025, we seem to be experiencing YAPP (Yet Another Productivity Philosophy), and that philosophy is converging on developer experience. It seems that with every new method we invent for the delivery of products, whether physical or virtual, we reinvent productivity philosophies to go alongside them. But which of these approaches actually work? DORA? SPACE? DevEx? What should we invest in and create urgency behind today, so that we don’t find ourselves having the same discussion again in a decade?

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

The MCP (Model Context Protocol) is a framework designed to manage context and interaction within complex systems. This SlideShare presentation will provide a detailed overview of the MCP Model, its applications, and how it plays a crucial role in improving communication and decision-making in distributed systems. We will explore the key concepts behind the protocol, including the importance of context, data management, and how this model enhances system adaptability and responsiveness. Ideal for software developers, system architects, and IT professionals, this presentation will offer valuable insights into how the MCP Model can streamline workflows, improve efficiency, and create more intuitive systems for a wide range of use cases.

Dev Dives: Automate and orchestrate your processes with UiPath MaestroUiPathCommunity

This session is designed to equip developers with the skills needed to build mission-critical, end-to-end processes that seamlessly orchestrate agents, people, and robots. 📕 Here's what you can expect: - Modeling: Build end-to-end processes using BPMN. - Implementing: Integrate agentic tasks, RPA, APIs, and advanced decisioning into processes. - Operating: Control process instances with rewind, replay, pause, and stop functions. - Monitoring: Use dashboards and embedded analytics for real-time insights into process instances. This webinar is a must-attend for developers looking to enhance their agentic automation skills and orchestrate robust, mission-critical processes. 👨‍🏫 Speaker: Andrei Vintila, Principal Product Manager @UiPath This session streamed live on April 29, 2025, 16:00 CET. Check out all our upcoming Dev Dives sessions at https://community.uipath.com/dev-dives-automation-developer-2025/.

Role of Data Annotation Services in AI-Powered ManufacturingAndrew Leo

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

Heap, Types of Heap, Insertion and DeletionJaydeep Kale

Splunk Security Update | Public Sector Summit Germany 2025Splunk

Procurement Insights Cost To Value Guide.pptxJon Hansen

Generative Artificial Intelligence (GenAI) in BusinessDr. Tathagat Varma

IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...organizerofv

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Toradex brings robust Linux support to SMARC (Smart Mobility Architecture), ensuring high performance and long-term reliability for embedded applications. Here’s how: • Optimized Torizon OS & Yocto Support – Toradex provides Torizon OS, a Debian-based easy-to-use platform, and Yocto BSPs for customized Linux images on SMARC modules. • Seamless Integration with i.MX 8M Plus and i.MX 95 – Toradex SMARC solutions leverage NXP’s i.MX 8 M Plus and i.MX 95 SoCs, delivering power efficiency and AI-ready performance. • Secure and Reliable – With Secure Boot, over-the-air (OTA) updates, and LTS kernel support, Toradex ensures industrial-grade security and longevity. • Containerized Workflows for AI & IoT – Support for Docker, ROS, and real-time Linux enables scalable AI, ML, and IoT applications. • Strong Ecosystem & Developer Support – Toradex offers comprehensive documentation, developer tools, and dedicated support, accelerating time-to-market. With Toradex’s Linux support for SMARC, developers get a scalable, secure, and high-performance solution for industrial, medical, and AI-driven applications. Do you have a specific project or application in mind where you're considering SMARC? We can help with Free Compatibility Check and help you with quick time-to-market For more information: https://www.toradex.com/computer-on-modules/smarc-arm-family

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

Book industry standards are evolving rapidly. In the first part of this session, we’ll share an overview of key developments from 2024 and the early months of 2025. Then, BookNet’s resident standards expert, Tom Richardson, and CEO, Lauren Stewart, have a forward-looking conversation about what’s next. Link to recording, presentation slides, and accompanying resource: https://bnctechforum.ca/sessions/standardsgoals-for-2025-standards-certification-roundup/ Presented by BookNet Canada on May 6, 2025 with support from the Department of Canadian Heritage.

tecnologias de las primeras civilizaciones.pdffjgm517

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Most consumers believe they’re making informed decisions about their personal data—adjusting privacy settings, blocking trackers, and opting out where they can. However, our new research reveals that while awareness is high, taking meaningful action is still lacking. On the corporate side, many organizations report strong policies for managing third-party data and consumer consent yet fall short when it comes to consistency, accountability and transparency. This session will explore the research findings from TrustArc’s Privacy Pulse Survey, examining consumer attitudes toward personal data collection and practical suggestions for corporate practices around purchasing third-party data. Attendees will learn: - Consumer awareness around data brokers and what consumers are doing to limit data collection - How businesses assess third-party vendors and their consent management operations - Where business preparedness needs improvement - What these trends mean for the future of privacy governance and public trust This discussion is essential for privacy, risk, and compliance professionals who want to ground their strategies in current data and prepare for what’s next in the privacy landscape.

How analogue intelligence complements AIPaul Rowe

Into The Box Conference Keynote Day 1 (ITB2025)Ortus Solutions, Corp

DevOpsDays Atlanta 2025 - Building 10x Development Organizations.pptxJustin Reock

What is Model Context Protocol(MCP) - The new technology for communication bw...Vishnu Singh Chundawat

Dev Dives: Automate and orchestrate your processes with UiPath MaestroUiPathCommunity

Role of Data Annotation Services in AI-Powered ManufacturingAndrew Leo

The Evolution of Meme Coins A New Era for Digital Currency ppt.pdfAbi john

Semantic Cultivators : The Critical Future Role to Enable AIartmondano

Enhancing ICU Intelligence: How Our Functional Testing Enabled a Healthcare I...Impelsys Inc.

Electronic_Mail_Attacks-1-35.pdf by xploitniftliyevhuseyn

Greenhouse_Monitoring_Presentation.pptx.hpbmnnxrvb

Heap, Types of Heap, Insertion and DeletionJaydeep Kale

Splunk Security Update | Public Sector Summit Germany 2025Splunk

Procurement Insights Cost To Value Guide.pptxJon Hansen

Generative Artificial Intelligence (GenAI) in BusinessDr. Tathagat Varma

IEDM 2024 Tutorial2_Advances in CMOS Technologies and Future Directions for C...organizerofv

Linux Support for SMARC: How Toradex Empowers Embedded DevelopersToradex

Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...BookNet Canada

tecnologias de las primeras civilizaciones.pdffjgm517

TrustArc Webinar: Consumer Expectations vs Corporate Realities on Data Broker...TrustArc

Governing APIs at Scale

1. Governing APIs at Scale How can we help API platform teams ensure that their organizations make and use secure, reliable, and easy-to-use APIs? Tim Burks / [email protected] / @timburks

3. About suffering they were never wrong, The old masters: how well they understood Its human position: how it takes place While someone else is eating or opening a window or just walking dully along; How, when the aged are reverently, passionately waiting For the miraculous birth, there always must be Children who did not specially want it to happen, skating On a pond at the edge of the wood: They never forgot That even the dreadful martyrdom must run its course Anyhow in a corner, some untidy spot Where the dogs go on with their doggy life and the torturer's horse Scratches its innocent behind on a tree. Landscape with the Fall of Icarus Pieter Bruegel the Elder c. 1650 In Breughel's Icarus, for instance: how everything turns away Quite leisurely from the disaster; the ploughman may Have heard the splash, the forsaken cry, But for him it was not an important failure; the sun shone As it had to on the white legs disappearing into the green Water, and the expensive delicate ship that must have seen Something amazing, a boy falling out of the sky, Had somewhere to get to and sailed calmly on. Musee des Beaux Arts - W. H. Auden (1907-1973)

6. Governing helps people work together 1 2 3 Quality Consistency Productivity

7. 12 Requirements for an API Governance Platform

8. 1. Inclusion McNamara Fallacy We have a tendency to make the measurable important rather than the important measurable

9. 2. Shared Language API Speciﬁcations API Versions Version 1 … Spec 1 APIs API 1 API 2 API n … API Deployments Deployment 1 … …

10. 3. Revision Histories Deployment 1@m Deployment 1@n … Spec 1@i Spec 1@j Spec 1@k … …

11. 4. Metadata (Labels and Artifacts) Artifacts 1 2 n … …

12. 5. Lifecycle Model

13. 6. Search

14. 7. Style Guides name: google-aip display_name: Google API Improvement Proposals mime_types: - application/x.protobuf guidelines: - name: aip126 display_name: Enumerations description: This guideline governs enum objects in proto files. rules: - name: upperSnakeCaseEnumValues description: All enum values must use UPPER_SNAKE_CASE. linter: api-linter linter_rulename: upper-snake-values severity: ERROR - name: unspecifiedEnumSuffix description: > The first value of the enum should be the name of the enum itself followed by the suffix _UNSPECIFIED. linter: api-linter linter_rulename: unspecified severity: WARNING … linters: - name: api-linter uri: https://github.com/googleapis/api-linter

15. 8. Scoring

16. 9. Policies and Controls name: "test-manifest" generated_resources: - pattern: apis/-/versions/-/specs/-/artifacts/complexity dependencies: - pattern: $resource.spec filter: "mime_type.contains('openapi')" action: "registry compute complexity $resource.spec"

17. 10. Integrations

18. 11. Open Source

19. 12. Enterprise-Readiness

20. 1. Inclusion 2. Shared Language 3. Revision Histories 4. Metadata 5. Lifecycle Model 6. Search 12 Requirements for an API Governance Platform 7. Style Guides 8. Scoring 9. Policies and Controls 10. Integrations 11. Open Source 12. Enterprise-Readiness

21. github.com/apigee/registry

Governing APIs at Scale

Recommended

More Related Content

Similar to Governing APIs at Scale (10)

More from Tim Burks (15)

Recently uploaded (20)

Governing APIs at Scale