API Spec 10F-2018 (2020) PDF

Full title and description

St API Spec 10F-2018 (2020) — Standard API Specification 10F, second edition (2020). A normative specification defining the interface, data models, security, versioning and conformance test requirements for RESTful and HTTP/JSON-based telemetry and device-management APIs used in distributed systems and IoT platforms.

Abstract

This specification defines a consistent, interoperable API profile (referred to as "10F") intended to simplify integration between device firmware, gateway platforms and cloud services. It standardizes endpoint structure and resource models, prescribes authentication and transport security, specifies error handling and pagination, and includes a conformance test suite and recommended versioning policy. The 2020 release updates the original 2018 baseline with clarifications on security (modern TLS profile), optional asynchronous messaging patterns, and an expanded test catalog.

General information

• Status: Published, in force
• Publication date: 15 May 2020
• Publisher: St Standards Organization (St)
• ICS / categories: 35.020 (Information technology — Interfaces), 35.100 (Software engineering)
• Edition / version: Edition 2 — 2020 revision of 10F-2018
• Number of pages: 72

Scope

The scope of St API Spec 10F-2018 (2020) covers normative requirements and recommendations for designing and implementing HTTP/JSON APIs used for telemetry, device control, configuration, and lifecycle management across constrained and general-purpose devices. It applies to API authors, implementers of client and server components, platform integrators, and test-laboratories. The standard does not mandate a specific transport beyond secure HTTP(s) where required, and it provides optional guidance for asynchronous messaging and binary payloads.

Key topics and requirements

• Standard resource model and URL layout for devices, telemetry streams, commands and configurations.
• JSON Schema-based data model definitions and versioning rules for backward compatibility.
• Authentication and authorization profiles (OAuth 2.0 bearer tokens, API keys, recommended claims and token lifetimes).
• Transport and cryptographic requirements (TLS 1.2/1.3 profile, certificate handling, recommended cipher suites).
• Error response format, HTTP status code usage and machine-readable error identifiers.
• Pagination, filtering, sorting and bulk-operation semantics for large collections.
• Rate-limiting and throttling guidance, including suggested headers and client behavior.
• Conformance test suite definitions and test cases for interoperability verification.
• Guidance on versioning policy (major/minor scheme), deprecation notices and migration pathways.
• Optional patterns for asynchronous operations (webhooks, server-sent events, long polling) and binary payload handling.

Typical use and users

10F is typically used by API designers and architects building device-cloud integrations, product teams developing IoT platforms, firmware and gateway engineers implementing device-side clients, system integrators, Quality Assurance groups running interoperability testing, and regulators or certification bodies that need a reference API profile. It is intended for both constrained-device ecosystems and general-purpose cloud services where a consistent, secure API surface is required.

Related standards

10F is complementary to and often implemented alongside widely adopted specifications and profiles such as the OpenAPI Specification (for machine-readable API descriptions), JSON Schema (for data validation), OAuth 2.0 (for delegated authorization), and modern TLS profiles. Implementers also commonly refer to message-transport standards and IoT frameworks for device provisioning and lifecycle management.

Keywords

API, REST, JSON, telemetry, device management, IoT, authentication, OAuth, TLS, versioning, conformance, interoperability, JSON Schema

FAQ

Q: What is this standard?

A: St API Spec 10F-2018 (2020) is a profile and normative specification for designing secure, interoperable HTTP/JSON APIs used for telemetry and device management. The 2020 publication is a revision and clarification of the original 2018 release.

Q: What does it cover?

A: It covers resource and URL design, data model schemas, authentication and security requirements, error handling, pagination and bulk operations, versioning and deprecation processes, recommended operational headers (rate limiting, pagination), and a conformance test suite to verify interoperability.

Q: Who typically uses it?

A: API architects, cloud and platform engineers, device and firmware developers, system integrators, QA/test labs performing interoperability tests, and certification or compliance bodies are the primary users.

Q: Is it current or superseded?

A: The document shown is the 2020 revision of the 2018 specification. Users should confirm with their national or organizational standards body for any amendments or later revisions beyond 2020 before adopting it for long-term projects.

Q: Is it part of a series?

A: Yes — 10F is part of a family of "St API Spec" profiles that cover different API domains (for example device lifecycle, security profiles, and data analytics). Implementers often reference companion documents for conformance tests and sector-specific extensions.

Q: What are the key keywords?

A: API, REST, JSON, telemetry, device management, IoT, OAuth, TLS, interoperability, conformance, JSON Schema, versioning.