The secret code to open banking success: API management

The secret code to open banking success: API management

Paul Dignan

Systems Engineering Manager at F5 Networks

Views 564

The secret code to open banking success: API management

21.04.2020 08:15 am

Last year was rife with hype and speculation about open banking’s disruptive credentials, and it is easy to see why.

Open banking is essentially the practice of sharing financial information electronically, securely, and only under conditions that customers approve of.

Chatter about open banking persists because it is can be a significant innovation catalyst, enabling better user experiences, streamlining lending, automating accounting, and pioneering new payment options.

Asia is already enthusiastically embracing the concept, buoyed by a slew of countries digitalising in real-time, a large base of tech-savvy consumers and digital payment platform ubiquity.

Europeans are slightly more circumspect. The biggest hurdle to date is consumer sentiment. There is still a reluctance to share personal information, which is partly a cultural mindset but also a reaction to the prevalence of data breaches.

Awareness is another pressing concern. According to a Splendid Unlimited study on the state of open banking, a mere 22% know what it is. Open banking services were used by just 9% of survey participants.

Ernst & Young’s Open Banking Opportunity Index predicts it will take around three to five years to really get going. That can change fast, however. Recently, the Open Banking Implementation Entity (OBIE) – the body set up by the Competition and Markets Authority (CMA) to deliver Open Banking in the UK – said the number of users has doubled in the past six months. More than one million customers have made use of open banking technology in the two years since the tool came into effect.

Meanwhile, regulations continue to drive the pace of open banking rollout. In Europe, the European Union’s Second Payment Services Directive (PSD2) will continue to resonate. In effect since 14 September 2019, the directive aims to promote innovation, help banking services integrate new technologies, and ensure payments are secure. The UK’s Open Banking Directive is effectively the country’s implementation of PSD2, though timeframes for full implementation have recently been extended.

Importantly, PSD2 includes new requirements for multi-factor authentication when executing bank operations. The value of EU consumers’ data is further elevated by the EU General Data Protection Regulation (GDPR) that came into effect in May 2018. Markets such as Australia, Canada, New Zealand, Mexico, Argentina, Nigeria, Hong Kong, Japan and Taiwan are all monitoring the situation closely and poised for regulatory shifts.

Yet, while regulations clearly play an important role, open banking will only be sustainable if it makes a genuine difference to customers. It is their demands for greater agility and improved user experiences that push service providers to compete and innovate at pace.

Improving transparency with API management

This is where Application Program Interfaces (API) come in.

In simple terms, an API is a set of routines, protocols, and tools for building software applications. An API basically specifies how software components should interact. 

In the banking realm, the use of open APIs enables third-party developers to build foundational technologies for applications and websites that provide greater financial transparency options, ranging from open data to private data, for the financial institution's account holders.

Notably, Open Banking Europe – operated by European Banking Subsidiary Clearing subsidiary Preta – published a directory in late 2018 that intends to list all publicly available bank APIs in the EU. The PSD2 Transparency Directory meets the need of third-party providers (TPPs) and account-servicing payment service providers (ASPSPs) for a repository storing all key information on bank APIs in a single place. It currently contains information on over 1,500 bank-related developer portals. Input is expected from additional banks and financial institutions in the coming months.

The onus is now well and truly on infrastructure, operations, and DevOps teams to define, publish, secure, monitor, and analyse APIs.

API management solutions enable authors to publish APIs to various environments such as production, test, or staging. This ensures consistency for each environment and prevents misconfigurations. Key examples include:

  • API gateways. API gateways secure and mediate traffic between backend API consumers. API gateway functionality includes authenticating API calls, routing requests to appropriate backends, and applying rate limits to prevent system overloads. It can also mitigate DDoS attacks, handling errors, and exceptions, and offload SSL/TLS traffic to improve performance.
  • Microgateways. Traditional API gateways may be inefficient when handling traffic in distributed environments (for example, microservices or handling IoT traffic to support real‑time analysis). An additional software component – a microgateway – is required to process API calls in these types of scenarios. Microgateways are still API gateways but are more lightweight and suited to microservice architectures.
  • Analytics. Today’s solutions can provide deep visibility into operational metrics on a per‑API basis, enabling new levels of troubleshooting and performance optimisation.
  • Security. There are no shortcuts here. API infrastructure security should encompass authentication, authorisation, role-based access control (RBAC), and rate limiting (imposing a limit on the number of requests a caller can make during a defined period).
  • Developer portals. A well‑designed developer portal is pivotal to the success of any API program. It should facilitate the rapid onboarding of consumers and include a catalogue of external APIs, comprehensive documentation, and sample code. Some solutions also provide a mechanism for developer interaction.

Development and deployment demands are more pressurised than ever, especially as DevOps methodologies start to permeate mainstream operational processes. Despite some relative regional sluggishness, open APIs are definitively the future. They are now virtually impossible for anyone with open banking aspirations to ignore. In order to harness their true power, DevOps operatives need to make use of API gateways, analyse their APIs’ traffic, and secure them using up-to-date cybersecurity methodologies. Watch this space.





Latest blogs

n/a n/a

How COVID-19 Is Ushering In a New Era of Cashless Technology

  Image source:   Cashless technology isn't a completely fresh concept. People have been using credit cards for decades, and the market for fintech services has been Read more »

Jean Shin tyntec

Using WhatsApp for 2FA is the Future of Banking

From user authentication and password resets to transaction verification, two-factor authentication (2FA) offers basic but useful protection for consumers. The 2FA process typically sends an SMS sent to the customer with a one-time password (OTP). Read more »

Amir Ghodrati App Annie

The Role of Fintech Apps in Navigating This Period of Financial Insecurity

Economic instability has been ricocheting throughout the stock market in the wake of the global coronavirus pandemic. Its effects have been felt across all industries, with winners and losers’ across different sectors. So, how has fintech Read more »

n/a n/a

How to Choose a VPN for Digital Privacy & Security

In a world where almost everything is connected, and where hackers and other malicious people are roaming the internet, it is always advisable that you take every precaution that you can to enhance your data security and privacy protections. Using a Read more »

Ben Slater Instaclustr

The Case for Adopting Open Source – Own Rather Than Rent the Foundations of Your Business

For some time open source was seen as something that only the biggest companies could use and play with. But with the modern, increasingly fast business environment, the use cases for open source are in everything and the technology is increasingly Read more »

Related Blogs

Paul Dignan F5 Networks

The secret code to open banking success: API management

Last year was rife withhype and speculation about open banking’s disruptive credentials, and it is easy to see why. Open banking is essentially the practice of sharing financial information electronically, securely, and only under conditions that Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel