API Security Guidelines — Part B (NZ Digital Government 2022)

Status: ✅ Approved    Version: 1.0

Field	Value
ID	GUARD-API-002
Category	API
Subcategory	security
Type	guideline
Owner	API Security & Architecture Team
Approved by	—
Approved date	—
Review due	—

Description

Comprehensive reference architecture and technical implementation guidance for securing RESTful and modern APIs (GraphQL, AsyncAPI, gRPC). Covers authentication, authorization, identity management, threat protection, and Zero Trust principles for government API deployments.

Source document

API guidelines — Part B: API security 2022 | NZ Digital government

Last fetched: 2026-04-02

Related guardrails

• GUARD-API-001 — API Guidelines — Part A: API Concepts and Management 2022
• GUARD-SEC-001 — New Zealand Information Security Manual (NZISM) v3.9
• GUARD-GOV-005 — Privacy Principles Quick Tour — NZ Privacy Act 2020

Change history

Version	Date	Author	Summary
1.0	2026-04-02	auto-generated	Initial ingestion of NZ Digital Government API Security Guidelines Part B covering authentication, authorization, identity management, and Zero Trust principles for API deployments.