Govern my existing APIs

You already have APIs running. You want governance around them — design standards, approval flows, compliance — without rebuilding anything.

What you need

Register your APIs

Upload each OpenAPI spec to create a governed record. No redeployment required — this registers the contract, not the runtime.
- Platform API
- CLI / MCP
Terminal window
curl -X POST https://core.api.apiway.net/v1/programmes \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "name": "Orders API", "specification": "<base64-encoded OAS>" }'
“Register my Orders API spec in Apiway for governance”
Review the compliance score

The platform analyses your spec against your organisation’s design standards and returns a compliance report:
Terminal window
```
curl https://core.api.apiway.net/v1/programmes/{id}/compliance \
  -H "Authorization: Bearer $TOKEN"
```
Common findings: missing descriptions, inconsistent naming, no security definitions, missing versioning headers.
Accept or dismiss recommendations

The platform suggests improvements — accept the ones that matter, dismiss the rest. Your spec is updated automatically.
Configure approval workflows

Set who approves API changes for your organisation:
- By team, by environment, or by API classification
- Auto-approve for non-breaking changes
- Require manual review for breaking changes or new APIs
See Approval Flows for configuration details.
Enable drift detection

Once governed, the platform compares your live implementation against the registered spec. Drift is flagged automatically — shadow endpoints, mismatched types, undocumented responses.

Ship a new API to production — use the full automated pipeline for new APIs
Add governance to your CI/CD — check compliance on every pull request
Manage external APIs too — govern the APIs you consume alongside the ones you produce