Developer guidelines

API rate limits

Rate limiting is applied to the Nationwide Platforms APIs to ensure a high quality service is delivered for all users, and to protect client applications from unexpected loops. If you have any issues with rate limiting please contact your account manager.

Data resources

Data is mostly returned as JSON documents. Our APIs are versioned and the request/response structure will not change from what we have defined in our API specification pages.

Application security

The API can only be accessed over Transport Layer Security (TLS). We recommend using TLS 1.2.

Subscription Key security

It is important to keep your Subscription Keys secure. This will prevent them from being discovered, your account from being compromised and changes being made to your account.

Do not embed Subscription Keys in your code

Storing keys in your application code increases the risk that they will be discovered, particularly if any of your source code is made public or it can be viewed by people who should not have access to the key. Instead, you should consider storing them inside environment variables or configuration and have a process in place for maintaining the keys.

Do not store Subscription Key in your source tree

If you store Subscription Keys in files, for example, configuration or environment files, do not store them inside the application source tree. If all or part of the source is made public, the key may be compromised.

Regenerate your Subscription Key

Regenerate your API keys regularly, including with each application release, to reduce the chance that a key will be discovered.

Delete Subscription Key when no longer required

Remove unused keys from your registered applications page to limit the number of entry points into your account.

Useful links