API lifecycle management

From the API governance perspective, we should make sure the APIs on our API platform be secure and qualified. So we’d like to introduce some reviews before the APIs can be consumed by the consumers. The managed service should provide the capability to customize the API lifecycle.
1.kong can be customized API life cycle?
2.Whether it can be used directly(out-of-box)?
3.If not, can you provide a reliable implementation?
Looking forward to your reply and help?