APIs meet internal and external standards

API Audit

Validate that APIs meet business, design, and operational standards before publishing and exposure.

Why this station exists?

APIs are long-lived products and must meet expectations for quality, consistency, and compliance. The audit connects design decisions, implementation, and operational readiness to defined standards, reducing risk before exposure.

This is what success looks like

Establish a consistent audit process that evaluates API readiness across lifecycle stages using defined criteria, evidence, and standards. Ensure gaps are identified early and resolved before publishing.

Starting signals (Entry criteria)

The chosen API architecture and platform patterns have been validated with the relevant architecture, security, and platform stakeholders.
The API design and exposed capabilities clearly trace back to business value and user needs.
The API and its exposed capabilities are described clearly enough for review, audit, and onboarding.
The API design follows our shared API product and design conventions.
The API contract is tested and meets functional and non-functional requirements.

Done well when (Exit criteria)

The API passes compliance, security, and audit checks.
Audit findings and remediation decisions are shared with the relevant stakeholders.
The API is ready to be deployed and exposed through the intended gateways and environments.
Consumer-facing API documentation is complete enough for publishing and onboarding.

How it works

Step

Step1/3

API Audit Checklist

A lifecycle-based checklist to verify API readiness across design, delivery, publishing, and compliance using defined audit criteria and evidence.

Conduct audits to ensure APIs meet organizational, technical, and legal standards before publishing.

Checklist

Open API Audit Checklist

See example