“Consistency, security, and speed to market are valuable not only to external consumers but also to internal service consumers. Effective governance automates best practices and facilitates safe, rapid iterations.”
SkillsFuture Singapore (SSG) manages a complex ecosystem of internal, external, and partner-delivered APIs. To ensure this digital value chain remains efficient and secure, Sakura Sky delivered a versioned, adaptive governance framework designed to evolve with the organization’s technical maturity.
The Challenge
As a complex adaptive system with many intertwined silos, committees, and regulations, SSG required an approach that optimized IT effectiveness without creating approval bottlenecks. The goal was to achieve business agility while mitigating risks associated with system evolution and data access.
The Solution: A Unified Value Chain
Sakura Sky defined the boundaries of governance across the entire API Value Chain, separating the needs of Service Providers (API developers) and Service Subscribers (app developers) to cater to their disparate requirements.
Key components of the solution included:
- Lifecycle Stage-Gating: Implementation of a four-stage workflow - Inception, Build, Adoption, and Close - each with strict entry and exit criteria to ensure quality control at every milestone.
- Standardized Technical Patterns: Mandating REST architectural styles, Swagger/OpenAPI documentation, and JSON schema definitions to ensure all APIs are intuitive and interoperable.
- Defense-in-Depth Security: Integration of OWASP REST Security Cheat Sheet as a mandatory compliance standard for all API endpoints.
- Hybrid Operational Model: A transition from centralized management to distributed decision-making, allowing teams autonomy while upholding global standards for security and monitoring.
The Results: Metrics-Driven Maturity
The framework established a clear path for measuring success through execution, business, and adoption KPIs.
- Performance Accountability: Implementation of standardized SLAs and SLOs (Service Level Objectives) to provide measurable visibility into API performance, scalability, and availability.
- Automated Consistency: All APIs are now tested for conformance against established guidelines before publication, ensuring a high-quality developer experience.
- Continuous Improvement: Established a quarterly assessment schedule utilizing industry tools like Apigee Compass to measure program maturity comparative to global peers.
Contact our team to find out how our API governance specialists can help you orchestrate a secure, scalable, and standardized digital ecosystem.