Governance
API Governance enables you to enforce consistent quality and security standards across your entire API landscape. The Control Plane uses Spectral, an open-source API linting tool, combined with configurable rule sets to automatically validate API specifications.
Every API specification is scored on two dimensions:
- Security score (0–100) — Evaluates the security posture of your API specification, scanning for potential vulnerabilities. For each error or warning detected, points are subtracted from the maximum score of 100.
- Quality score (0–100) — Assesses the technical standards of your API specification file, examining formatting, syntax compliance, and best practices.
These scores provide a clear, at-a-glance view of your API landscape's health and help teams prioritize improvements.
Key concepts
- Rule Set — A collection of Spectral rules applied to API specifications. The Control Plane includes two default rule sets: Spectral OpenAPI (general best practices) and Spectral OWASP (security rules). You can also upload custom rule sets in YAML or JSON format
- Linting — Automated analysis of API specs against active rule sets. Linting runs automatically when specs are uploaded and can also be triggered on demand
- Scoring — Numerical quality and security scores (0–100) assigned to APIs based on linting results
- Governance Graph — An overview of API compliance across your landscape, showing how APIs score against governance standards
Related guides
- Rule Sets — Create and manage governance rule sets
- Scoring & Linting — Score APIs and view linting results