# API Governance Experience API API Governance specification crate update modify profiles, and query governance status - **Version:** 1.0.0 - **Category:** Platform - **OpenAPI Spec:** [api.yaml](https://dev-portal.mulesoft.com/apis/anypoint-api-governance/api.yaml) ## Servers - `https://anypoint.mulesoft.com/governance/xapi/api/v1` — Anypoint URL - `https://eu1.anypoint.mulesoft.com/governance/xapi/api/v1/` — Regional Anypoint URL - `https://{region}.platform.mulesoft.com/governance/xapi/api/v1/` — Regional Anypoint URL ## Operations (11) ### GET /report/summary **Operation ID:** `getReportSummary` Get validation report summary Returns the conformance/validation report for an API or asset. By default returns status for all rulesets applied to the asset; optionally filter to specific rulesets. **Parameters:** | `urn` | query | URN of the API or asset to check conformance for (URN format, e.g. urn:api:organizationId:assetId:version). | required | | `ruleset` | query | If set, only status for these rulesets is returned. Each value must be in format gav://groupId/assetId/version. Omit to fetch status for all rulesets. | optional | ### GET /stats/organization **Operation ID:** `getOrganizationSummary` Get organization summary Obtains the global statistics for the organization. **Parameters:** | `organization` | query | **Business group** GUID. API Governance scopes resources by Anypoint Business Group, which may be: - **`id`** — the organization returned by **getOrganizations** (GET `/organizations/{organizationId}`), or - **any element of `subOrganizationIds`** — a **child Business Group** under that org. The same UUID shape is used for root and sub-orgs. If none is sent, the users organization is used. | required | ### GET /stats/organization/profiles **Operation ID:** `getOrganizationProfileSummaries` Get organization summary by profile Returns the organization's summary by profile (paginated). In governance you create profiles to validate different sets of assets; a profile matches a filter criteria (what APIs to validate) with a set of rulesets. Each profile summary indicates the status of that profile—how many APIs are conformant, how many are non-conformant, and how many have failed to be validated. **Parameters:** | `organization` | query | **Business group** GUID. API Governance scopes resources by Anypoint Business Group, which may be: - **`id`** — the organization returned by **getOrganizations** (GET `/organizations/{organizationId}`), or - **any element of `subOrganizationIds`** — a **child Business Group** under that org. The same UUID shape is used for root and sub-orgs. If none is sent, the users organization is used. | required | ### GET /stats/organization/targets **Operation ID:** `getOrganizationTargetSummaries` Get organization summary by target Returns the organization's summary by target (paginated). One summary per API target—each API validated against the rulesets applied by profiles (conformant, non-conformant, or failed to validate). **Parameters:** | `organization` | query | **Business group** GUID. API Governance scopes resources by Anypoint Business Group, which may be: - **`id`** — the organization returned by **getOrganizations** (GET `/organizations/{organizationId}`), or - **any element of `subOrganizationIds`** — a **child Business Group** under that org. The same UUID shape is used for root and sub-orgs. If none is sent, the users organization is used. | required | ### GET /stats/profiles/{profileId} **Operation ID:** `getProfileSummary` Get profile summary Returns the summary for a single profile (conformant, non-conformant, and failed validation counts). **Parameters:** | `profileId` | query | **Profile** GUID. API Governance defines profiles to pair up rulesets and groups of APIs to be validated. The profileId returned by **listProfiles** (GET `/profiles?organization={organization}`) | required | | `organization` | query | **Business group** GUID. API Governance scopes resources by Anypoint Business Group, which may be: - **`id`** — the organization returned by **getOrganizations** (GET `/organizations/{organizationId}`), or - **any element of `subOrganizationIds`** — a **child Business Group** under that org. The same UUID shape is used for root and sub-orgs. If none is sent, the users organization is used. | required | ### GET /stats/profiles/{profileId}/targets **Operation ID:** `getProfileTargetSummaries` Get profile target summaries Returns the list of API targets (summaries) validated by the given profile. **Parameters:** | `profileId` | query | **Profile** GUID. API Governance defines profiles to pair up rulesets and groups of APIs to be validated. The profileId returned by **listProfiles** (GET `/profiles?organization={organization}`) | required | | `organization` | query | **Business group** GUID. API Governance scopes resources by Anypoint Business Group, which may be: - **`id`** — the organization returned by **getOrganizations** (GET `/organizations/{organizationId}`), or - **any element of `subOrganizationIds`** — a **child Business Group** under that org. The same UUID shape is used for root and sub-orgs. If none is sent, the users organization is used. | required | ### GET /stats/applied/rulesets/{group}/{assetId}/{assetVersion} **Operation ID:** `getAppliedRulesets` Get applied rulesets for asset Returns all rulesets applied to a specific asset (by group, assetId, and version) across profiles. You can filter by API type, organizations, and whether to include only assets created by the user. **Parameters:** | `group` | query | The group ID (e.g. organization or group UUID) for the asset. | required | | `assetId` | query | The asset ID. | required | | `assetVersion` | query | The asset version. | required | | `type` | query | Limit to one supported API type. | optional | | `orgs` | query | Filter by organization UUID(s); can check multiple organizations (e.g. comma-separated UUIDs) as long as you have access to the assets. | optional | | `myassets` | query | If true, only assets created by the user; otherwise all assets the user has read access to. | optional | ### GET /profiles **Operation ID:** `listProfiles` List profiles Lists the definition of profiles for the organization. Returns all profiles the user has access to, optionally filtered by organization. **Parameters:** | `organization` | query | **Business group** GUID. API Governance scopes resources by Anypoint Business Group, which may be: - **`id`** — the organization returned by **getOrganizations** (GET `/organizations/{organizationId}`), or - **any element of `subOrganizationIds`** — a **child Business Group** under that org. The same UUID shape is used for root and sub-orgs. If none is sent, the users organization is used. | required | ### POST /profiles **Operation ID:** `createProfile` Create profile Creates a new profile for the organization using the supplied definition. **Parameters:** | `organization` | query | **Business group** GUID. API Governance scopes resources by Anypoint Business Group, which may be: - **`id`** — the organization returned by **getOrganizations** (GET `/organizations/{organizationId}`), or - **any element of `subOrganizationIds`** — a **child Business Group** under that org. The same UUID shape is used for root and sub-orgs. If none is sent, the users organization is used. | required | ### GET /profiles/{profileId} **Operation ID:** `getProfile` Get profile Returns the definition of a single profile by its ID. Response includes Last-Modified (timestamp) and ETag (profile version UUID). Use the ETag value in the If-Match header when updating the profile with PUT. **Parameters:** | `profileId` | query | **Profile** GUID. API Governance defines profiles to pair up rulesets and groups of APIs to be validated. The profileId returned by **listProfiles** (GET `/profiles?organization={organization}`) | required | ### PUT /profiles/{profileId} **Operation ID:** `updateProfile` Update profile Updates an existing profile. The update is applied only if the If-Match header matches the current profile version (ETag). Request body uses ProfileCreation with rulesets as RulesetCreation; response is the same as GET (Profile with rulesets as Ruleset). **Parameters:** | `profileId` | query | **Profile** GUID. API Governance defines profiles to pair up rulesets and groups of APIs to be validated. The profileId returned by **listProfiles** (GET `/profiles?organization={organization}`) | required | | `If-Match` | query | Profile version (UUID). Must match the current profile ETag for the update to succeed. | required |