The New Zealand has refreshed and expanded its guidelines for government agencies developing application programming interfaces to interact with their systems, replacing the standard issued in 2016.
With the new updated guidelines, the government seeks to provide common ground between vendors in developing systems that interact with each other.
Although most of the specific technical guidance is recommended accelerate delivery but not mandatory, security, authorisation and standards compliance are the exceptions to that approach.
The new standard is split into three parts for 2022, covering concepts and management, security and technical details for API development.
Part A sets out the government's view of what APIs can be used for, and the benefits they bring.
It also provides suggestions for developers on how to start with APIs, by using existing ones and and building basic capabilities such as portal tools and gateways.
For developers and organisations with the basics in place, the government sets out technical details for good API design, how to correctly use hyper text transfer protocol (HTTP) for communication, version control of software, and testing code.
On top of representational state transfer (REST) API, other types of programmatic system interaction include the Facebook-developed GraphQL query language, the open source AsyncAPI, and gRPC set of remote call procedures for creating distributed applications and services.
The security sections deals with preventing API abuses which analyst firm Gartner expects to be the most frequent attack vector this year.
Three key areas to secure REST APIs should be included, namely the domain of consideration outlining who, how and what users will interact with APIs; domain of control which define the components to be deployed, and securing them; and a holistic, identity-centric view that incorporates enterprise, mobile, application and API security.
A full set of APIs provided by the government's data.govt.nz site lists 20 currently.
