The governance process that ensures APIs are designed, developed, tested, and protected in compliance with an organization's security process. API governance refers to the comprehensive set of standards, policies and practices that direct how an organization develops, deploys and uses its APIs
API management refers to the process of designing, deploying, and maintaining APIs while ensuring they remain secure, scalable, and reliable. In contrast, API governance is the practice of defining policies and procedures that dictate how APIs are managed.
- OAS : https://spec.openapis.org/oas/v3.1.0.html
- OWASP : https://owasp.org/API-Security/editions/2023/en/0x11-t10/
- Rules - sets: Governance rulesets are collections of rules, or guidelines, that can be applied over the metadata extracted from APIs.