Authentication and authorisation of clients is performed when clients call network APIs that facilitate access to data not authorised for release into the public domain and are accessible over the internet.
Topic
Network application programming interfaces
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Mar 2025
Authentication and authorisation of clients is performed when clients call network APIs that facilitate access to data not authorised for release into the public domain and are accessible over the internet.
The existing control recommending that authentication and authorisation of clients is performed when clients call web APIs that facilitate access to data not authorised for release into the public domain was amended to refer to network APIs that are accessible over the internet.
Mar 2023
Authentication and authorisation of clients is performed when clients call web APIs that facilitate access to data not authorised for release into the public domain.
An existing control relating to authentication of clients calling web application programming interfaces (APIs) that facilitate access to data not authorised for release into the public domain was amended to also include authorisation.
Dec 2022
Clients are authenticated when calling web APIs that facilitate access to data not authorised for release into the public domain.
A new control was added to ensure clients are authenticated when calling web application programming interfaces that facilitate access to data not authorised for release into the public domain.