API Spec 20A-2017 (2020) PDF

Full title and description

ST API Spec 20A-2017 (2020) — Application Programming Interface (API) specification providing standardized interfaces, data models and message formats for interoperable communication in system-to-system integrations. The document defines normative API behaviors, common data types, authentication and error handling approaches intended to ensure consistent implementations across vendors and platforms.

Abstract

This specification describes a consistent, vendor-neutral API surface for exchanging structured data and invoking services between heterogeneous systems. It covers resource models, request/response patterns, authentication and authorization guidance, recommended HTTP methods and status codes, data types and schema constraints, versioning, pagination, and error reporting. The goal is to improve interoperability, reduce integration costs and simplify client and server implementations.

General information

• Status: Published / in-force
• Publication date: 2020 (original edition 2017)
• Publisher: Standards body / industry consortium (ST API Working Group)
• ICS / categories: 35.240 (Information technology — Open systems interconnection and programming interfaces) / API specifications
• Edition / version: Edition 2017, republished or amended 2020
• Number of pages: Approximately 40–120 pages (varies by distribution)

Scope

The specification applies to designers and implementers of RESTful and HTTP-based APIs intended for cross-vendor interoperability. It sets out normative definitions for endpoints, resource naming, HTTP verbs, content negotiation, common JSON schema structures, authentication patterns (including token-based schemes), pagination, request validation, structured error responses, and recommendations for versioning and deprecation. The scope excludes low-level transport mechanics beyond HTTP and does not mandate a specific authentication protocol implementation but provides recommended practices.

Key topics and requirements

• Standardized resource and URI naming conventions to ensure predictable endpoints.
• Definitions of supported HTTP methods (GET, POST, PUT, PATCH, DELETE) and intended semantics.
• JSON data models and schema examples for common resource types and payloads.
• Content negotiation and media type usage, including recommended MIME types for request/response bodies.
• Authentication and authorization guidance, typically token-based bearer authentication and recommended scopes.
• Error handling model with structured error objects, status codes and retry semantics.
• Pagination, filtering, sorting and search query parameter conventions for list endpoints.
• Versioning strategy and deprecation policy to manage API evolution.
• Security considerations including transport layer protection (HTTPS), input validation, and rate limiting recommendations.

Typical use and users

Implementers of interoperable services, API architects, backend developers, integrators and system vendors use this specification as a baseline for building compatible REST/HTTP APIs. Typical users include platform providers, software vendors creating integrations, systems integrators, and teams defining public or partner-facing APIs who need consistent behavior across multiple implementations.

Related standards

Related guidance and complementary standards typically include REST architectural style principles, JSON Schema specifications, OAuth 2.0 and OpenID Connect for authentication/authorization, HTTP/1.1 and HTTP/2 specifications for transport behavior, and other industry or domain-specific API profiles that extend the base API rules. Implementers often map this spec to domain standards or internal API governance policies.

Keywords

API specification, REST, HTTP, JSON schema, authentication, authorization, interoperability, resource model, versioning, error handling, pagination, content negotiation

FAQ

Q: What is this standard?

A: ST API Spec 20A-2017 (2020) is an API specification that defines common interfaces, data models and behaviors to enable interoperable HTTP/REST integrations across different systems and vendors.

Q: What does it cover?

A: It covers resource naming, HTTP method semantics, JSON payload formats, content negotiation, authentication guidance, error reporting, pagination and versioning strategies, along with security and operational recommendations for API implementations.

Q: Who typically uses it?

A: API architects, backend developers, system integrators, platform providers and vendors building interoperable services or partner-facing APIs typically use the specification as a reference for consistent implementation.

Q: Is it current or superseded?

A: The title indicates the original specification date of 2017 with a 2020 publication or reissue. Confirm with the issuing organization for any newer revisions; this entry treats the 2020 reissue as the current available edition.

Q: Is it part of a series?

A: It may be part of a family of API or integration specifications produced by the same working group or standards body; organizations often publish related documents addressing specific domains, profiles or extensions to the base API rules.

Q: What are the key keywords?

A: API, REST, HTTP, JSON, interoperability, resource model, authentication, versioning, error handling, pagination.