Over 60 people from central and local government attended the latest API Community of Practice meet-up at GDS. The event included:
- strategic talks on API platforms and strategies
- presentations on accessibility, mobile, security and data sharing
- practical sessions, like how to approach API development as a product manager
Here’s a recap of what we learned during the day.
1. A worldwide view on API strategies
Richard Pope, a Senior Fellow at the Harvard Kennedy School of Government, spoke about government platforms around the world. He helped us understand the different strategies governments are taking to create shared components, set data standards and map data sets.
There’s a big difference in how governments are approaching APIs worldwide, he explained. Governments differ when it comes to:
- the API standards they set
- how much they involve the private sector
- how much the centre drives strategy
- the pace and scale of API development
- the types of policy that support rollout, for example, US government information must now be machine-readable by default
- the safeguards in place
Richard also talked about whether the API strategy is being implemented bottom up. For example, departments in Argentina build APIs and then service teams build on top of them, whereas in the US APIs are being used to weave different components together.
2. Canada is developing a cross-government API store
Closely related was a presentation from Canada’s Office of the Chief Information Officer presenting on their cross-government API Store. They first described their data exchange programme of work more widely, aimed at providing the backbone of their Government as a Platform strategy.
The Canadian API Store will be a catalogue of government APIs to increase findability. The store is a collaborative effort across government and will go live with 15 APIs. Users will be able to discover services or data via the API Store, which helps to enable their ‘tell us once' programme of work.
We’ve been talking to the Canadians as we further explore how we can increase the findability of UK government’s APIs.
3. Lessons from the Food Hygiene Ratings API
The Food Standards Agency’s data architect Adam Locker and data innovation lead, Sid Kalita, discussed what they have learned from building and delivering the Food Hygiene Ratings API.
Key questions they have considered pre- and post-delivery include how much data they deliver in response to API calls and how much historical data is retained. They also discussed wanting to improve the traceability of food data, becoming more involved in design patterns and trying to resolve issues around and quality and data standards.
4. Hackney’s API Platform is one to watch
Rashmi Shetty, the API Platform Owner at the London Borough of Hackney, discussed the council’s development of an API platform, enabled by the HackIT manifesto.
Hackney recently moved its APIs into the cloud, delivering via the ‘API Factory Project’, following the Hackney API Standards. This is part of a wider move to increase the digital services they offer citizens through creating more opportunities for data reuse and connections. The strategy will also potentially allow third party apps to connect to Hackney’s data to provide more third party services.
5. Tips on delivering APIs as a product manager
Rob Chambers, Product Manager for the Office for National Statistics website and API, discussed his experiences as someone new to building on APIs and where things seem to differ from his experience working on user interface and web products.
Rob discussed a number of challenges he experienced in product management and how these were overcome. One of the more interesting challenges was how to do user research on APIs.
6. The security pitfalls to using APIs
Common API security pitfalls was a topic presented by Richard D, a penetration tester at the National Cyber Security Centre. Security attacks usually get more sophisticated as technologies mature and Richard named 4 common security pitfalls found in APIs today as:
- CORS misconfiguration
- cross-site request forgery
- client certificate authentication misconfiguration
- insufficient data validation and access control.
Richard gave attendees a toolkit for mitigating some of these pitfalls. If you work for the government, you can email email@example.com for more information on this subject.
7. How HMRC is making its APIs accessible to all
HMRC provides APIs for the software industry as part of its goal to make tax digital. The aim is to provide citizens and businesses with a range of software with which to share information with HMRC.
Sarah Turner and Melanie Evans from the Digital Relationship Management Services team at HMRC discussed how they are making the APIs more accessible to developers who are building the software for third party integrators.
HMRC is keen to make sure that accessibility is built into every part of the software development. Sarah and Melanie explained that HMRC is not accrediting products in terms of accessibility. But the department does make it clear to suppliers that accessibility should be a priority.
8. DVSA has increased staff morale by improving mobile working
DVSA Tech Leads, Howard Rees and Alex Le Peltier, presented on how they have deployed cloud-based APIs. These APIs provide mobile staff with the information they need when checking if vehicles are roadworthy.
They discussed how DVSA has shifted to a micro-service architecture, REST APIs and Java, and how they had seen an increase in staff morale because of the new technology. Howard and Alex also discussed their security strategy that accompanied their new architecture.
9. The importance of information sharing agreements and documentation
The Department for Digital, Culture, Media & Sport Data Policy and Governance team has been working with colleagues across government and the wider public sector to encourage uptake of the information sharing provisions within Part 5 of the Digital Economy Act (DEA).
An important aspect of this work is working with the Information Commissioner’s Office to provide support and guidance for practitioners on developing and finalising information sharing agreements (ISAs) under the relevant powers. Lee Pope gave attendees a walkthrough of the guidance and referred to the Register of Information Sharing Agreements under the Digital Economy Act powers.
Finally Jon Glassman, a Technical Writer at GDS, gave an update on the proposal to the Open Standards Board recommending government departments use the OpenAPI 3 API specification for REST APIs. He covered both the benefits and limitations of the specification.
10. There are many data challenges we need to solve
We also held lots of unconference sessions where people pitched ideas for further discussion. The big theme of the unconference sessions was data. Specifically, how we can:
- better map data
- give users more control over their data
- figure out what APIs the government needs but does not have access to
- what kind of data standards need to exist to help ease data sharing and traceability
Sign up for our next event on 25 June
We’re organising our next event for the API Community of Practice on the 25 June in Leeds. If you’re interested in coming along, please feel free to sign up to the Eventbrite page.
We’d also like to hear from anyone in the public sector working on data standards so please email firstname.lastname@example.org.