Governance
Governance is Apiway’s workflow engine for change control. Every significant action — creating an API, deploying to production, requesting a subscription — can trigger a configurable approval flow.
Why Governance?
Section titled “Why Governance?”APIs are contracts. Changing a contract without oversight creates risk:
- Breaking consumers who depend on specific behaviour
- Deploying APIs that don’t meet security or compliance standards
- Granting access without proper authorisation
Apiway’s governance engine ensures every change is reviewed by the right people, with full audit trails.
How It Works
Section titled “How It Works”-
Trigger — An action triggers a governance flow. Apiway selects the appropriate template based on the action type, API exposure level, and organisational rules.
-
Review — Approvers receive notifications and review the submission. They see the specification, compliance scores, recommendations, and governance history.
-
Decision — Reviewers choose an outcome:
| Outcome | Effect |
|---|---|
| Approved | The action proceeds (deployment, subscription, etc.) |
| Rejected | The action is blocked. Feedback is provided. |
| Amendment Required | The API is locked for changes. The submitter addresses feedback and resubmits. |
- Completion — The governance flow records the full decision history — who reviewed, when, what they decided, and any comments. This audit trail is permanently attached to the API.
Governance Triggers
Section titled “Governance Triggers”Apiway’s governance engine responds to 21 different initiator events:
| Category | Examples |
|---|---|
| Lifecycle | New API created, API updated, version deprecated |
| Deployment | Deploy to environment, activate revision |
| Subscription | New subscription requested, SLA tier change |
| Budget | Consumer budget threshold reached, budget exhausted |
| SLA | SLA upgrade recommended based on usage patterns |
Templates
Section titled “Templates”Templates define the structure of an approval flow — who reviews, in what order, and what conditions apply. Apiway ships with production-ready templates:
- API Full Template — Comprehensive review for new APIs
- Comprehensive Template — Multi-stage review with parallel approvers
- Lightweight templates for lower-risk changes
Templates are configurable per organisation. You can define custom templates with specific reviewer roles, approval thresholds, and escalation paths.
In This Section
Section titled “In This Section”- Approval Flows — How flows execute and how reviewers interact
- Amendment Reviews — The iterative review cycle