This policy outlines requirements for Commonwealth entities to ensure that reuse opportunities are identified, and that API solutions are sustainable and meet best practices.
Applicability
Digital investment proposals are assessed against this policy by the DTA through the Digital and ICT Investment Oversight Framework (IOF).
Commonwealth entities are encouraged to apply this policy to all digital investments.
Policy requirements
-
Utilise api.gov.au as a central resource
api.gov.au is maintained for whole-of-government API development and distribution. It includes templates and provides visibility of the new API releases. The site provides guidance on what is expected as the minimum standard for API development and maintains a repository on which APIs should be published where it is secure to do so.
-
Develop a comprehensive understanding of requirements
Analysis and assessment of specific needs, and determination of both functional and non-functional requirements for an API solution, ensures selected solutions are fit-for purpose as well as traceable in their coverage of entity needs.
-
Understand the evolving API technology environment
Maintain an awareness of current and emerging API development best practices to inform decision making on the development and design of API approaches.
-
Lower development and maintenance complexity
Use of a low-code/no-code development approach over customised APIs can provide numerous benefits, where it is an option to do so.
-
Determine an API release, fair use, and distribution strategy
API owners have discretion over how, and to whom, they release APIs that facilitate interfacing with their systems. A transparent approach should be taken regarding availability for release, conditions of use and the distribution mechanism.
-
Adhere to reuse principles
Entities must prioritise the reuse of existing APIs, patterns, or knowledge. Where it is necessary to design new solutions, entities must develop them with a focus on future reuse. Focus on continual improvement of processes, features, data, security, technology, skills, and cost, to maximise functionality, reduce risk, and minimise accumulation of technical debt.