Authentication and authorisation of clients is performed when clients call network APIs that facilitate modification of data and are accessible over the internet.
Topic
Network application programming interfaces
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Mar 2025
Authentication and authorisation of clients is performed when clients call network APIs that facilitate modification of data and are accessible over the internet.
The existing control recommending that authentication and authorisation of clients is performed when clients call web APIs that facilitate modification of data was amended to refer to network APIs that are accessible over the internet.
Mar 2023
Authentication and authorisation of clients is performed when clients call web APIs that facilitate modification of data.
An existing control relating to authentication of clients calling web APIs that facilitate modification of data was amended to also include authorisation.
Dec 2022
Clients are authenticated when calling web APIs that facilitate modification of data.
A new control was added to ensure clients are authenticated when calling web application programming interfaces that facilitate modification of data.