API technical and data standards (v2 – 2019)
Publish your APIs on the internet by default. Email firstname.lastname@example.org if you believe your APIs ought not to be published over public infrastructure.
Follow the Technology Code of Practice
Make sure your APIs match the requirements associated with Technology Code of Practice (TCoP) by making sure they:
stick to the Open Standards Principles of open access, consensus-based open process and licensing that is royalty-free
scale for them to maintain service level objectives and agreements when demand increases
are stable to enable them to maintain service level objectives and agreements when changed or dealing with unexpected events
are reusable where possible and so the government does not duplicate work
Follow the industry standard and where appropriate build APIs that are RESTful, which use HTTP verb requests to govern data.
When requests that are handling you should use HTTP verbs because of their specified purpose.
One of the advantages of REST is you a framework for communicating error states that it gives.
In certain full cases, it may not be applicable to build an escape API, for example, while you are building an API to stream data.
You should utilize HTTPS when designing APIs.
Adding HTTPS will secure connections to your API, preserve user privacy, ensure data integrity, and authenticate the server providing the API. (more…)