Skip to content

W-23392787 docs: add third-party provider governance experience topics#499

Open
luanamulesoft wants to merge 22 commits into
latestfrom
W-23392787-third-party-provider-governance-topics
Open

W-23392787 docs: add third-party provider governance experience topics#499
luanamulesoft wants to merge 22 commits into
latestfrom
W-23392787-third-party-provider-governance-topics

Conversation

@luanamulesoft

Copy link
Copy Markdown
Contributor

Add six new experience topics for third-party API provider governance:

  • exp-governance-setup-third-party-providers.adoc: Connect to Provider wizard with connection setup, scanner auto-creation, API discovery, and Akamai correlation policy auto-application

  • exp-governance-govern-third-party-apis.adoc: End-to-end workflow for connecting providers, verifying discovered APIs, creating governance strategies with Gateway/Provider filter, monitoring conformance, and exporting reports

  • exp-governance-policy-library-apply.adoc: Policy Library wizard with policy categories (Universal, Access and Security, Performance and Cost, Data Privacy and Integrity, Compliance and Observability) and targeted/supplemental application workflow

  • exp-governance-create-profiles-gateway-provider-filter.adoc: Gateway/Provider filter for governance scope, with provider selection and All Runtimes option

  • exp-governance-monitor-cross-gateway-conformance.adoc: Cross-gateway conformance monitoring with provider/gateway column filtering and Read-Only policy status indicator

  • exp-governance-cross-gateway-policy-audit-export.adoc: CSV export for SOC 2 / GDPR compliance audits with full schema including Organization ID, API ID, Gateway/Provider, Applied policies, Policy Application Status, Conformance status, and Timestamp

Add six new experience topics for third-party API provider governance:

- exp-governance-setup-third-party-providers.adoc: Connect to Provider wizard
  with connection setup, scanner auto-creation, API discovery, and Akamai
  correlation policy auto-application

- exp-governance-govern-third-party-apis.adoc: End-to-end workflow for
  connecting providers, verifying discovered APIs, creating governance strategies
  with Gateway/Provider filter, monitoring conformance, and exporting reports

- exp-governance-policy-library-apply.adoc: Policy Library wizard with policy
  categories (Universal, Access and Security, Performance and Cost, Data Privacy
  and Integrity, Compliance and Observability) and targeted/supplemental
  application workflow

- exp-governance-create-profiles-gateway-provider-filter.adoc: Gateway/Provider
  filter for governance scope, with provider selection and All Runtimes option

- exp-governance-monitor-cross-gateway-conformance.adoc: Cross-gateway
  conformance monitoring with provider/gateway column filtering and Read-Only
  policy status indicator

- exp-governance-cross-gateway-policy-audit-export.adoc: CSV export for SOC 2 /
  GDPR compliance audits with full schema including Organization ID, API ID,
  Gateway/Provider, Applied policies, Policy Application Status, Conformance
  status, and Timestamp

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@luanamulesoft luanamulesoft self-assigned this Jul 10, 2026
@luanamulesoft
luanamulesoft requested a review from a team as a code owner July 10, 2026 03:07
luanamulesoft and others added 19 commits July 10, 2026 00:32
Add exp-governance-third-party-policy-drift.adoc to document policy drift
detection and remediation for third-party API gateway instances (Kong, Apigee,
AWS API Gateway, and Akamai).

Content includes:
- What policy drift is and common causes (manual gateway changes, credential
  issues, policy application failures)
- How to detect drift via conformance dashboard with drift indicators (Missing
  Policy, Extra Policy, Configuration Mismatch)
- Remediation workflow using Policy Library to apply or update policies
- Updating scanner credentials to enable write access and programmatic policy
  application
- Monitoring policy drift over time with CSV exports and trend analysis
- Best practices to prevent drift (restrict gateway access, document
  governance-managed policies, use write-enabled credentials)

This topic provides the linkable target for docs-api-governance-documentation
repo's "Find Policy Drift on Third-Party API Instances" section.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Restructure the third-party provider governance topics so they match what
ships in the code and the Jul 16 Policy Read GA scope:

- Remove the policy-drift topic (not in code or PRD scope)
- Comment out policy-write (Aug 13) content behind flags: Policy Library
  apply, read-only/credential-update flows, Policy Application Status
- Fix conformance terminology (Conformant/Non-Conformant, not Compliant)
- Flag the Gateway/Provider filter topic for PM scope confirmation

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Neither the omni-app code nor the Jul 16 Policy Read PRD includes an
"Export to CSV" feature for governance strategies or conformance data.
The PRD's "conformance report" is an on-screen evaluation, not a
downloadable artifact.

- Delete the standalone Export Cross-Gateway Policy Audit Reports topic
- Remove the Export Reports step and Export Cross-Gateway Reports section
  from the govern topic, plus the dangling xref
- Remove the Export Conformance Reports section from the monitor topic,
  plus the dangling xref

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The "Gateway/Provider filter" as a strategy-scoping control isn't in the
code, and the Jul 16 PRD strikes through source_gateway (provider-level
scoping), scoping strategies by environment and applied_at_level instead.
The literal label "Gateway/Provider" doesn't exist in the product; the
real labels are "Provider" (column) and the provider view filter.

- Delete the gateway/provider filter topic and its xrefs
- Remove strategy-scoping-by-provider prose from the govern and monitor
  topics (including the incorrect "All Runtimes = all providers" claim)
- Relabel the real conformance-view column and filter to "Provider"

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- "Portfolio Overview" is a Home-page summary section, not a destination;
  discovered APIs with the Provider column live under Portfolio > APIs.
  Correct the three navigation references.
- Unbold the descriptive workflow step labels in the govern topic (they
  aren't UI elements) and trim the duplicated conformance-monitoring
  section that overlapped the dedicated monitor topic.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The Provider column only appears in the Portfolio > APIs list (table)
view; card view shows a provider badge and the API detail header shows a
labeled Provider field. Describe the provider as a label rather than a
column so the verification step is accurate across views.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Selecting a strategy opens the Configuration tab; conformance results
  live in the Governed Services tab. Correct the steps and describe the
  real Conformance / Identified Issues summaries and table columns.
- Remove the "Monitor Conformance Over Time" section: no Conformance
  History chart or conformance-over-time trend exists in the product
  (conformance is a point-in-time snapshot with a last-evaluated time
  and a Refresh action). It is not in Jul 16 or Aug 13 scope.
- Name the provider filter by its real resting label (Any provider);
  fix remaining "compliance" wording to "conformance."

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…gory)

The Policy Library has four categories (Access and Security, Performance
and Cost, Data Privacy and Integrity, Compliance and Observability).
"Universal" is not a fifth category — it's a badge marking policies that
apply to any service, including scanned and federated APIs. Correct the
category list in the commented-out Aug 13 content in both topics so it's
accurate when uncommented.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Retitle "Apply Policies via Policy Library" to "Browse the Policy
Library" and add an uncommented read/browse introduction describing what
the Policy Library is and what users can see (policy cards, search, the
four categories, and the Universal badge). The browse intro is gated
behind a "Jul 16 publish condition" note pending PM confirmation that the
Policy Library feature flag is on in browse mode for Jul 16.

The policy-application wizard remains commented behind the Aug 13 write
flag, to be folded into the topic when that release is documented. Update
the inbound xref label to match the new title.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ding

"What You Can See in the Policy Library" is a vague, question-like
lead-in. Use "Browse Policies by Category" — a concise imperative that
names what the section covers (search plus the four category filters)
and matches the topic title.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
MuleSoft docs use "See Also" for the cross-reference section. Rename the
"Related Topics" headings in the setup and monitor topics to match.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Scanner Auto-Creation, API Discovery, and Akamai Correlation Policy are
descriptive category lead-ins, not UI element labels, so they shouldn't
be bold. Rewrite the connection-results list as plain sentences.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Add the four PR 499 topics under Work with Governance Strategies in
workflow order: connect providers, govern third-party APIs, monitor
cross-gateway conformance, and browse the Policy Library.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Comment thread modules/ROOT/pages/exp-governance-govern-third-party-apis.adoc Outdated

. Create a xref:exp-governance-create-strategy.adoc[governance strategy] and select the control rules or automated policies to apply. The strategy evaluates conformance for all in-scope APIs, including those discovered from third-party providers.

. Track conformance status for provider-hosted APIs through the governance strategy dashboard. Use the *Provider* filter to focus on a subset of your cross-gateway environment.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add the whole path on how to get to the "Any Provider" filter.


== See Also

* xref:exp-governance-setup-third-party-providers.adoc[Connect to Third-Party API Providers]

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change the link here


Before monitoring cross-gateway conformance:

* xref:exp-governance-setup-third-party-providers.adoc[Connect to one or more third-party providers] to enable cross-gateway governance.

@luanamulesoft luanamulesoft Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change the link here


* A *Conformance* summary: the total number of governed services, broken down into *Conformant*, *Nonconformant*, and *Pending*.
* An *Identified Issues* summary: counts of violations, warnings, and info-level findings.
* A table of governed services with *Service*, *Type*, *Provider*, and *Conformance* columns. The *Provider* column shows which platform hosts each API, such as Anypoint Platform, Akamai, or other connected providers.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* A table of governed services with *Service*, *Type*, *Provider*, and *Conformance* columns. The *Provider* column shows which platform hosts each API, such as Anypoint Platform, Akamai, or other connected providers.
* A table of governed services with *Service*, *Type*, *Provider*, and *Conformance* columns. The *Provider* column shows which platform hosts each API.

== See Also

* xref:exp-governance-create-strategy.adoc[Create Governance Strategies]
* xref:exp-governance-setup-third-party-providers.adoc[Connect to Third-Party API Providers]

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change link here

== See Also

* xref:exp-governance-create-strategy.adoc[Create Governance Strategies]
* xref:exp-governance-setup-third-party-providers.adoc[Connect to Third-Party API Providers]

@luanamulesoft luanamulesoft Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Change the link here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants