How to capitalise on the API banking revolution

2 February 2016

Here at Icon we always look to the future on how Banks can improve their service offering. The following  informs you of the criteria that the API platform needs to meet in order to capitalise on this revolution in Banking.

API Banking is a distinctive area within the digital space, energetically debated by business people, IT manager and developers alike. APIs as business network enablers are not new. Banks have built payment infrastructures and clearing houses based on well-defined APIs for decades. Modern APIs, however, are built explicitly for an open ecosystems (internal or external), not for closed private networks.

However, the evolution of modern APIs in technology or social industries may not necessarily driven by the same requirements as Financial Institutions. For example, Apple, Amazon and Facebook expose APIs to increase their business reach and to create new revenue streams for their business. For Banks, this may not always be the case – for example, the ‘PSD2 – XS2A’ regulation mandates that Banks must provide services free of charge to third-parties. The primary objective for this regulation is to increase competition and to promote innovation within third-parties and Fintech style start-ups.

So, it is vital for the Banks to design APIs effectively; not only to be PSD2 compliant but also to manage and govern the APIs that expose the business asset externally and to secure the access pattern. An API is simply a proxy to the existing business services and it is exposed securely over an API Gateway, which manages, authenticates and authorise the access to business assets.

There are key criteria need to be considered while creating and managing APIs.

API Creation And Management

APIs are controlled (proxy) views of the data and capabilities of a domain, optimized for the needs of API consumers.

API Design

  • Create APIs that humans can understand.Define the API interface.
  • Identify the business service end-point that will provide the data or function required for the implementation of the API.
  • Most modern APIs are RESTful, which are resource based. The URL structure allows a consumer to navigate the object graph embodied by the API.
  • API should be designed for omnichannel experience.
  • API version should be maintained wisely, create a new version only when an update isn’t backward compatible.

API Infrastructure

  • The API hosting platform should be operated securely and robustly.
  • The API authentication and authorization model are defined and implemented efficiently.
  • The API traffic should be optimized and prioritized according to business needs.

API Business Owner

  • Business owners are responsible for creating API plan, policies and terms and conditions under which the API can be consumed.
  • Monitor the success factor of the API usage and API business model.

API Governance

  • Make sure the API design and hosting criteria are followed each time a new API is exposed externally.
  • Create roadmap for the API platform and monitor the platform usage and analyse the tipping point of the platform.
  • Create API Management strategy to define the need of new departments, skill-set, infrastructure and also how to evolve the BAU approach

The following diagram depicts the API Reference model to show various moving parts in integrating an organisation’s API capability with internal and external IT and social ecosystems.

api-reference-model-1-w700

API Integration

A piece of middleware that hosts APIs and enforces API policies is commonly called an API Gateway. API Management Platforms are not just about runtime; they need development time capabilities as well. Ideally, APIs are defined by configuration rather than coding. Defining the API by configuration preserves the lightweight nature of the API proxy and supports fast turnaround for new and changed APIs.

APIs have policy-driven business and IT controls ranging from authentication to traffic controls and business terms and conditions under which API may be consumed (the API plan).

The above mentioned API capabilities cannot be implemented by an organisation’s existing middleware (e.g., an ESB), hence API Management platform is a key infrastructure in realisation of these API capabilities.

The following diagram depicts how an API Management Platform fits in a typical SOA infrastructure.

api-reference-architecture-1-w700

The key architectural challenge is to expose Banks and Financial Institutes’ business services and assets to the external world securely and coherently, by making minimal disruption to the existing IT infrastructure. The API Management platform is pivotal in achieving that effectively and dynamically by supporting the fast turnaround for new and changed APIs. APIs create a proxy layer for organisation’s business assets and need to be hosted on a platform which is lightning-fast, completely secure, robust and highly scalable.

It is crucial for the Banks and Financial institutes to invest their time and effort on a strong API platform which fulfils all the criteria discussed here, and to build the skill-set for creating and designing APIs to respond quickly to the business needs.

Cindy Heidebluth

BACK TO BLOGS