What role does API governance play in digital transformation?

Aaren Quiambao  |  March 16, 2021


API governance doesn’t have to hinder innovation. In fact, Capital One’s Matthew Reinbold says it could even improve digital transformation strategies and implementation in an organization.

One of the most important resources for digital transformation are APIs. According to API Evangelist Kin Lane, APIs are what let organizations better define what they do, and allows them to become more agile and transparent.

As more organizations try to build their own digital transformation strategies with APIs at the core, API governance is becoming more relevant as well, and its strategic importance should not be undervalued.

While most would think of regulations and enforcement when talking about API governance, Capital One API and Event Streaming Platform Services Director Matthew Reinbold views it a little differently.

"For me, governance is how do we design the systems? How do we design the networks so that we get the most people travelling to the most number of places in the safest way possible? Yes, that might mean rules – but rules are a tactic. It might be an education. It might mean a variety of other different things." he says in an interview for Coding Over Cocktails.

Aside from the rules and education, Reinbold adds that governance should also put into view the need for better accessibility and how everything connects together.

API governance ensures that APIs are discoverable, standard-compliant, and secure. And while these are important, Reinbold says that governance should really start at knowing whose responsibility it is to move the organization forward.

"Who decides what the rules are? How do we communicate those things out? How do we create virtuous feedback cycles so that the people that are adhering to these statements can feedback into the system and we can co-evolve these things over time and make sure that we are staying true to what we need to be delivering?"

Is governance a form of restriction?

On the other hand, governance is still governance. And once enforcement is set, one may think it could restrict how organizations innovate and potentially obstruct a successful digital transformation.

Reinbold argues this is not so. "The governance that is applied is not a gate, but it's an aspect of how they empower people to do things better."

Governance can ensure that APIs are consistent and standardized, thus giving organizations a competitive advantage.

However, Reinbold says that achieving perfection is not the goal.

"Perfection is the opposite of being done. And so, if our goal is to have the perfect set of rules for all time, we are going to fail. It's not possible." he explains.

He adds that the focus of governance should be on creating a repeatable and safe process in order to evolve and continually improve it, rather than creating a "perfect API style guide."

"That should also be how we think about governance. We take this first step, we look and see what the ramifications of that step were. We look and see whether it's achieving the goals, and then we take another step, and another step, and another step."

Reinbold says that identifying these rules and processes is important in order to properly set up the enforcement needed to implement governance.

"Once you get those rules in place, then you get to management and enforcement."

Undergoing tremendous change through governance

As Reinbold says, API governance shouldn’t come in between an organization and a successful digital transformation. As such, governance should be able to allow people in the organization to work more efficiently and change behaviors as well.

"Your API governance needs to be as versed in how to do organizational transformation – how to do organizational behavior change – as it is with the bits and bolts of API nuance."

However, behavior change isn’t as easy as it sounds. This poses a significant challenge for organizations attempting digital transformation as most people are resistant to change.

"It's not enough to simply do what we did yesterday using new tools. It's about changing how we behave when given certain problems or certain opportunities. Behavior change for people is really, really hard," Reinbold says.

The first thing Reinbold advises organizations to do is to understand the landscape. Decision-making and incentive structures that people respond to vary per organization, and according to Reinbold, getting familiar with them is vital.

"Before you can tell people where to go, you have to understand where you are. And so that's why it's so difficult for people like consultants to be plopped into a company and expect them to have success because they're coming in with their own experiences, their own assumptions. And they may not understand the lay of the land."

People first

Reinbold says that the most successful governance programs he had encountered were led by people who understood the "human" elements of the organization.

The people who led organizations through these successful programs "...were well versed in things like negotiation, conflict resolution, even communication, as they are, the particular technology that they might have done five, ten years ago."

The second thing an organization must do is to build positive momentum by shrinking the changes needed to be accomplished.

Based on his experiences, Reinbold warns that extreme initiatives of trying to accomplish bigger changes are absolutely proportional to the pushback that could come with it. "It might be necessary, but in order to get traction, you have to build positive momentum. And the easiest way to do that is to shrink the change being asked for," he says.

Reinbold suggests that organizations start with the "uncontroversial stuff" and work their way up towards the bigger, more difficult things along the way.

"Once you get that decided, you will better be able to take on the bigger rocks, the harder things. If you start with those hard things while you're still trying to figure out what the relationships are and how to work with the people, it's not going to be pretty."

Finally, Reinbold emphasizes the importance of communication.

"Even when you think you've told it 1000 times and you're blue in the face and you are so sick of the message, I guarantee there's probably people that have not heard it yet and that are not on board, and they just have to hear it several times."

One approach they used at Capital One was Event Storming - a workshop-based technique that is interactive, rapid and lightweight. This technique helps blur silos within an organization by "forcing stakeholders in a room to come to an agreement," as Reinbold puts it.

"The worst thing that can happen during the course of API design is unsurfaced assumptions. Because that's when you get the API design that goes out the door and that client uses it the first time and says, ‘That doesn't do what I needed to do.’ And now you have a versioning problem."

Reinbold says that communication models and techniques play an integral role when it comes to API design and governance. This process helps an organization establish a "common language" and reduces miscommunication in the process.

"Regardless of the size of the effort, I guarantee what happens when you get these stakeholders in a room is you end up uncovering assumptions. You end up uncovering aspects of language that were taken for granted."

Listen to our discussion with Reinbold on API Governance and the importance of organizational communication in digital transformation in this episode of Coding Over Cocktails - a podcast by Toro Cloud.

Coding Over Cocktails is a podcast created by Toro Cloud, a company that offers a low-code, API centric platform for application development & integration.

This podcast series tackles issues faced by enterprises as they manage the process of digital transformation, application integration, low-code application development, data management, and business process automation. It’s available for streaming in most major podcast platforms, including Spotify, Apple, Google Podcasts, SoundCloud, and Stitcher.

true true

You might also like

Ex-Amazon IT manager shares how they migrated from a monolith to SOA

Lee Atchison talks about his time at Amazon, their migration from a monolith architecture to SOA and the lessons they’ve learned.

GitOps: Making Git your single source of truth

GitOps: Making Git your single source of truth

Adnan Rahic of Sematext.com gives us a quick low-down on Serverless computing and how leveraging it correctly can help organisations get the best out of it.

Are we ready for an event-driven future?

Are we ready for an event-driven future?

James Urquhart predicts the emergence of Flow and how the adoption of event-driven integration could help optimize the way organizations deliver solutions – but at what cost?

cta-left cta-right

Want a ringside seat to the action?

Book a demo to see how our fully integrated platform could revolutionise your organisation and help you wrangle your data for good!

Book demo