API governance is the practice of applying common rules, relating to API standards and security policies to your APIs. The goal of API governance is to ensure proper standardization of your APIs. Among a lot of other capabilities, workflow support is another key feature provided by almost all the API Management platforms today to support API Governance.
The WSO2 API Manager provides a lot of capabilities for all the different user roles within the API Management ecosystem and it's best if some of these capabilities can be governed/ controlled by integrating an approval workflow on top of them.
Prior to the WSO2 API Manager 3.2.0 release, we had to integrate API Manager with the Business Process Server profile of the Enterprise Integrator product to provide the required workflow capabilities within the API Manager. With the release of the WSO2 API Manager 3.2.0 release, we can implement basic approval workflows very easily without having to integrate with any other products.
Below are the workflows provides by WSO API Manager 3.2.0:
- User Creation Approval workflow — this allows us to govern the new user creation/ user onboarding feature available in the Dev Portal. Dev Portal provides the self user sign-up capability allowing application developers to register on the fly. We can have an approval process by enabling this workflow.
- Application Creation Approval workflow — Dev Portal allows application developers to create new Applications when needed. This can go unmanaged very quickly if we don't have proper control over who/ when can create a new Application. This workflow helps us to govern the APplication creation requests.
- Subscription Creation Approval workflow — once we logged into the Dev Portal, we can subscribe to the available APIs. If we want to have control over who can subscribe to what APIs, this is the best way to achieve it.
- Subscription Update Approval workflow — API Manager 3.2.0 release provides a new capability — Subscription Update. This helps us to update (upgrade/ downgrade) the subscription without having to unsubscribe and subscribe again. If you want to have some control in place for this, then this is the way to achieve it.
- Application Registration Approval workflow — once we have an Application and subscribed to an API, the next step is to get a valid access token to invoke the API. This is referred to as application registration as this is where it registers the application within the key manager. If you want to have some control over the token generation, then we can enable this workflow.
- API State Change Approval workflow — APIs go through different stages in their journey and if we want to have some control in place for their lifecycle state management, then we can enable this workflow. With this workflow in place, we can control who/ when can an API move from one state to another in its lifecycle.
The process of enabling these workflows is super easy and can be done by an Administrator using the WSO2 Carbon Console and the new Admin Dashboard will provide the capability of approving/ rejecting the workflow requests.
If you want to know/ see how to configure Workflows in WSO2 API Manager in less than 10 minutes, check the below screencast.