Open API Applications for Smart Government
"Smart Government 2.0" for the implementation of service-oriented policy promotions in Taiwan.
In order to follow the global trend of digital service transformation and strengthen the competitiveness of the country, the Taiwanese government is pushing its "Service-Oriented Smart Government Promotion Plan" which includes three major projects: the "New eID" digital ID card, "T-Road" data exchange network infrastructure, and "MyData" digital service personalization. With the application of microservices, an API management platform, and blockchain technology, P2P government data services among various agencies can be connected. This optimizes decision-making processes, sets the stage for a public-to-private governance collaboration model, and brings to life the vision of a people-oriented digital government. Local governments have established API management platforms for the public sector, including the Taipei City Government in 2018, for which TPIsoftware is expected to introduce 169 more API services within the next three years. The National Development Council also established two large-scale API-related construction projects in 2020 for the exchange of government data (T-Road), construction outsourcing services, and personalized digital services (MyData).
Digital ID Card
New eID
Data Exchange Network Infrastructure
T-Road
Digital Service Personalization
MyData
Local governments have established API management platforms for the public sector, including the Taipei City Government in 2018, for which TPIsoftware is expected to introduce 169 more API services within the next three years. The National Development Council also established two large-scale API-related construction projects in 2020 for the exchange of government data (T-Road), construction outsourcing services, and personalized digital services (MyData).
API Lifecycle Management and 5-Stage Implementation
Applications and usage processes for platform users of each unit implementing the API platform:
API Lifecycle Management and 5-Stage Implementation
Stage 1
API development evaluation:
Open APIs for private value-added innovative applications and the convenience of service use feasibility.
1
Stage 2
Unit applications for platform service usage:
Application procedures to use the API platform and acquire platform manager authorization for the application system of development units.
2
API Lifecycle Management and 5-Stage Implementation
API Lifecycle Management and 5-Stage Implementation
Stage 3
API creation, publishing & removal:
API creation, publishing, and removal procedures (including API technical documents) for development units.
3
Stage 4
API client applications for API usage:
API users publishing API lists on external API service platforms and applying for their usage online.
4
API Lifecycle Management and 5-Stage Implementation
Stage 5
API application review for unit managers:
API list of users applying for online usage for all business units to view, conduct online review operations, and authorize usage after passing review.
5
digiRunner - a facilitator to a smart government
API platforms must meet both current and future business development needs, provide convenient and flexible development, have a user-friendly interface, meet operation management needs, and ensure data security and confidentiality.
API Data Exchange Standards
API Data Exchange Standards
API Data Exchange Standards
  • Compliant with Common API Specifications of Taiwanese National Development Council
  • Compliant with OpenAPI Specification (OAS) standards of the International Open API Initiative to define RESTful APIs
API Data Exchange Standards
API Security
API Security
API Security
  • Supports OAuth, API KEY, and Public API authorization methods
  • Supports SSL/MTLS data security mechanisms
  • Provides special API services designed for different user groups to access source IP, user ID, API service usage, usage period, service time and other conditions
  • Ensures transaction information is not tampered with (completeness)
  • Smart data encryption and masking
  • SSO integration for agencies
  • Malicious behavior protection which identifies code injection, cross-site scripting attacks, SQL attack syntax and XML/JSON structure syntax threats - can be used with antivirus software to detect viruses
API Security
API Management
API Management
API Management
  • Set access rights or access rights management according to organizational hierarchy
  • API version control and version release management
  • API call flow control function API activity tracking - limit source IP and provide black/whitelisting mechanisms based on quota authorization and IP filtering
  • Quick and convenient development of management interface with various protocol connection (DB, FTP, and support for various format conversions such as JSON, XML, and SOAP) in visual process
API Management
API Monitoring, Alarms & Path Analysis
API Monitoring, Alarms & Path Analysis
API Monitoring, Alarms & Path Analysis
  • Monitor API transaction integrity and record API call details
  • API alarms and alarm thresholds such as platform and API abnormalities (unauthorized calls, unauthorized IPs, abnormal traffic, etc.)
  • API path analysis, such as API usage traffic, response time statistics, and API user traffic, as well as raw data exporting for advanced analysis
API Monitoring, Alarms & Path Analysis
API External Service Portal
API External Service Portal
API External Service Portal
  • API query service, including API catalog and technical documents
  • Supports user self-registration and login
  • Allows API providers and users to self-generate API keys
  • Supports API user application for API usage authorization from providers
  • Supports user ID customization and grouping according to organization for API providers
API External Service Portal