API technical and data standards (v2 – 2019)
Publish your APIs on the internet by default. Email firstname.lastname@example.org if you believe your APIs should not be published over public infrastructure.
Stick to the Technology Code of Practice
Make fully sure your APIs fulfill the requirements associated with Technology Code of Practice (TCoP) by simply making sure they:
stick to the Open Standards Principles of open access, consensus-based open process and licensing that is royalty-free
scale so that they can maintain service level objectives and agreements when demand increases
are stable to allow them to maintain service level objectives and agreements when changed or dealing with unexpected events
Are reusable where possible so the national government does not duplicate work
Follow the industry standard and where build that is appropriate that are RESTful, which use HTTP verb requests to manipulate data.
When handling requests, you should use HTTP verbs because of their specified purpose.
One of several advantages of REST is you a framework for communicating error states that it gives.
In some cases, it may not be applicable to create an escape API, for example, if you are building an API to stream data.
You should utilize HTTPS when designing APIs.
Adding HTTPS will secure connections to your API, preserve user privacy, ensure data integrity, and authenticate the server supplying the API. The Service Manual provides more guidance on HTTPS.