API Standards

Standards Criteria#

Your API will need to meet the following standards for it to be accepted into service:

  1. There is clear evidence of user need - the API provides the data needed to power one or more digital services.

  2. Publish your code in the open and use open source code to improve transparency, flexibility and accountability. When re-using code ensure that we benefit from the community that support it.

  3. The service meets security guidelines, minimises data collection and reuses existing data to avoid duplication of datasets.

    • You have permission to use the data for this purpose and the approach to access management is consistent with that permission.
  4. You have identified the capacity, resources and technical flexibility to iterate and improve the service frequently.

  5. Work out what success looks like for your service and identify metrics that will tell you what’s working and what can be improved, combined with user research (uptake, calls per hour, availability).

  6. Optimise for performance, minimise service downtime and have a plan to deal with it when it does happen.

  7. Your API is clearly documented, meets our API design principles and naming conventions and has a named Product Owner.

  8. You have identical staging and production APIs.

  9. You have a clear and secure method of managing access, keys, authentication, users and versioning.

  10. The API is developed to the principles in the Playbook and any exceptions have been agreed in advance.