The secret code to open banking success: API management

The secret code to open banking success: API management

Paul Dignan

Systems Engineering Manager at F5 Networks

Views 823

The secret code to open banking success: API management

11.05.2020 06:45 pm

Last year was rife withhype and speculation about open banking’s disruptive credentials, and it is easy to see why.

Open banking is essentially the practice of sharing financial information electronically, securely, and only under conditions that customers approve of.

Chatter about open banking persists because it is can be a significant innovation catalyst, enabling better user experiences, streamlining lending, automating accounting, and pioneering new payment options.

Asia is already enthusiastically embracing the concept, buoyed by a slew of countries digitalising in real-time, a large base of tech-savvy consumers and digital payment platform ubiquity.

Europeans are slightly more circumspect. The biggest hurdle to date is consumer sentiment. There is still a reluctance to share personal information, which is partly a cultural mindset but also a reaction to the prevalence of data breaches.

Awareness is another pressing concern. According to a Splendid Unlimited study on the state of open banking, a mere 22% know what it is. Open banking services were used by just 9% of survey participants.

Ernst & Young’s Open Banking Opportunity Indexpredicts it will take around three to five years to really get going. That can change fast, however. Recently, the Open Banking Implementation Entity (OBIE) – the body set up by the Competition and Markets Authority (CMA) to deliver Open Banking in the UK – said the number of users has doubled in the past six months. More than one million customers have made use of open banking technology in the two years since the tool came into effect.

Meanwhile, regulations continue to drive the pace of open banking rollout. In Europe, the European Union’s Second Payment Services Directive (PSD2) will continue to resonate. In effect since 14 September 2019, the directive aims to promote innovation, help banking services integrate new technologies, and ensure payments are secure. The UK’s Open Banking Directive is effectively the country’s implementation of PSD2, though timeframes for full implementation have recently been extended.

Importantly, PSD2 includes new requirements for multi-factor authenticationwhen executing bank operations. The value of EU consumers’ data is further elevated by the EU General Data Protection Regulation (GDPR) that came into effect in May 2018. Markets such as Australia, Canada, New Zealand, Mexico, Argentina, Nigeria, Hong Kong, Japan and Taiwan are all monitoring the situation closely and poised for regulatory shifts.

Yet, while regulations clearly play an important role, open banking will only be sustainable if it makes a genuine difference to customers. It is their demands for greater agility and improved user experiences that push service providers to compete and innovate at pace.


Improving transparency with API management

This is where Application Program Interfaces (API) come in.

In simple terms, an API is a set of routines, protocols, and tools for building software applications. An API basically specifies how software components should interact. 

In the banking realm, the use of open APIs enables third-party developers to build foundational technologies for applications and websites that provide greater financial transparency options, ranging from open data to private data, for the financial institution's account holders.

Notably, Open Banking Europe – operated by European Banking Subsidiary Clearing subsidiary Preta – published a directory in late 2018 that intends to list all publicly available bank APIs in the EU. The PSD2 Transparency Directory meets the need of third-party providers (TPPs) and account-servicing payment service providers (ASPSPs) for a repository storing all key information on bank APIs in a single place. It currently contains information on over 1,500 bank-related developer portals. Input is expected from additional banks and financial institutions in the coming months.

The onus is now well and truly on infrastructure, operations, and DevOps teams to define, publish, secure, monitor, and analyse APIs.

API management solutions enable authors to publish APIs to various environments such as production, test, or staging. This ensures consistency for each environment and prevents misconfigurations. Key examples include:

  • API gateways. API gateways secure and mediate traffic between backend API consumers. API gateway functionality includes authenticating API calls, routing requests to appropriate backends, and applying rate limits to prevent system overloads. It can also mitigate DDoS attacks, handling errors, and exceptions, and offload SSL/TLS traffic to improve performance.
  • Microgateways. Traditional API gatewaysmay be inefficient when handling traffic in distributed environments (for example, microservices or handling IoT traffic to support real‑time analysis).An additional software component – a microgateway – is required to process API calls in these types of scenarios.Microgateways are still API gateways butare more lightweight and suited to microservice architectures.
  • Analytics. Today’s solutions can provide deep visibility into operational metrics on a per‑API basis, enabling new levels of troubleshooting and performance optimisation.
  • Security. There are no shortcuts here. API infrastructuresecurity should encompass authentication, authorisation, role-based access control (RBAC), and rate limiting (imposing a limit on the number of requests a caller can make during a defined period).
  • Developer portals. A well‑designed developer portal is pivotal to the success of any API program. It should facilitate the rapid onboarding of consumers and include a catalogue of external APIs, comprehensive documentation, and sample code. Some solutions also provide a mechanism for developer interaction.


Development and deployment demands are more pressurised than ever, especially as DevOps methodologies start to permeate mainstream operational processes. Despite some relative regional sluggishness, open APIs are definitively the future. They are now virtually impossible for anyone with open banking aspirations to ignore. In order to harness their true power, DevOps operatives need to make use of API gateways, analyse their APIs’ traffic, and secure them using up-to-date cybersecurity methodologies. Watch this space.

Latest blogs

Stephan Wolf the Global LEI Foundation

Digital ID Management: Why the World Needs the LEI

It is the only open, standardized and regulatory-endorsed system capable of establishing digitized trust between all legal entities, everywhere. There is a fundamental principle which often hinders development in the digital economy: trust. How Read more »

Dmytro Volkov CEX.IO

Security Basics: 5 Signs of Phishing

A recent WatchGuard Technologies survey showed that 86% of UK companies expect an increase in cyberattacks in the next 12 months. One big threat in particular is phishing attacks linked to COVID-19, which have recently been gaining Read more »

Keith McGill Equifax UK

COVID-19 Is Shining Spotlight on Fraud and Identity Threats

The current pandemic has forced rapid and wholesale changes to our lifestyles and opened the digital doorway for opportunistic fraudsters, escalating threat levels to new highs. This in turn has accelerated the pace of digital transformation for Read more »

Ian Johnson Marqeta

Why Fraud Doesn’t Have to Be a Fact of Online Life

We are going through very unusual times, with most of the country having lived under state-imposed lockdown in the last few months. Against this backdrop, fraudsters are unfortunately thriving, and we have seen numerous warnings and scams being Read more »

Mario Mantrisi Kneip

PRIIPS: EU stalemate

Last week, the troika of European Supervisory Authorities sent a letter to the European Commission.  The Packaged retail investment and insurance products (PRIIPS) regulation is a piece of EU legislation with troubled origins. Last Read more »

Related Blogs

Paul Dignan F5 Networks

The secret code to open banking success: API management

Last year was rife with hype and speculation about open banking’s disruptive credentials, and it is easy to see why. Open banking is essentially the practice of sharing financial information electronically, securely, and only under conditions that Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel