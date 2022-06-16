Most of the guidance is "recommended" except in areas of API security.

Credit: Rob O'Neill

The Department of Internal Affairs digital policy unit has released new guidance on the use and development of APIs in government.

Application programming interfaces (APIs) are used to integrate and exchange data among otherwise separate applications.

The new API guidelines provide agencies context for API standards, focused design and implementation guidance, and API best practices aimed to help agencies achieve a consistent and common approach to their development and delivery.

The guidance includes an API security reference architecture and technical details for implementing API security.

"The main reason for these guidelines is to give agencies and vendors some common, default guidance on API implementation to help accelerate the development of government APIs," an introductory note to the new guidance said.

Therefore, most of the specific technical guidance is marked as "recommended" rather than mandatory. Exceptions tended to be in areas of security, authorisation and referenced standards compliance.

"It is recognised that many sectors or industries will have existing APIs and associated standards, which may be established and governed outside an agency’s control," the note said. "In such cases, industry standards will prevail, but agencies are encouraged to review their existing use of APIs against these guidelines and consider whether any discrepancies reflect material business risks."

Agencies that have their own existing APIs would also need to balance the risk and cost of change against the benefits of conforming with the new guidelines, suggesting a phased approach was appropriate.

The target audience was primarily solution designers and API developers in agencies and organisations within the public service. However, compliance and assurance personnel could be interested in terms of assessing alignment with the standards and guidelines.

The guidelines could also be of interest to commercial entities, non-governmental organisations or other third parties who are developing, or planning to develop, applications that use government APIs.

