Open API: WHATs, WHYs, and HOWs of API deployment

PSD2, a new banking directive, will undermine the old banking system to bring a new competitive and more transparent market to life. Banks struggle to soften some negative ramifications of the shift and leverage API, their new weapon, to retain the clients and take banking services to a new level.

PSD2 brought up much havoc into the banking business. The new directive obligates the banks to provide third parties (account-information service providers and payment initiation service providers) with access to customer transaction accounts. Today, as such data becomes available subject to certain restrictions, qualified third parties are enabled to provide financial services at a scale comparable to that of established banking institutions. In the EU’s view, this is done to create a single integrated market for payment services by standardizing the regulations for the banks and for the new payment service providers (Nexus).

Along with a more transparent and secure financial market, PSD2 will induce some unfavorable ramifications for the industry players as it also promotes a higher competition. Increased pressure on pricing and margins is a top concern for bank executives as they plan for the implementation of PSD2, McKinsey reports. Unexpectedly, in their pursuit of new revenue streams banks are well assisted by fintechs and software industry players. Once competing leagues are now allies in the face of a broad digital transformation of the banking sector.

What is an API and why banks need it

It wasn’t until PSD2 that the history of banking started mentioning APIs. Under the new directive, European banks must have an adequate interface allowing access to the account information for third parties. At this point API kicks in.

What is an API? It is a software intermediary that allows two applications to talk to each other (MuleSoft). In technical terms, API is a code – a set of routines, protocols, and tools – that governs the access point(s) for the server (Medium). It is a password that grants access through the server straight to the databases. In plain language, it is a key to the door behind which a database is hidden. Without the bank’s API, a third-party wouldn’t access the client’s account data. As a result, a client won’t be able to pay his/her utility bills otherwise but via a banking system. This is just a single example out of dozens of transactions that non-banks will be eligible to do under the new directive. All in the name of the transparent and competitive market.

Opportunity, not a danger

Mandatory APIs sharing, strange as it may seem, will be a well-anticipated spiral turn for many financial market players. According to the mentioned above report by McKinsey, many executives report that they view PSD2 compliance as part of a broad digital transformation. Instead of perceiving the forthcoming transformation as a knockdown, PSD2 will be a gentle push. This is what the industry gasped for a long time to build new processes, acquire new skill sets, and realign the organizational structure around data collection and analysis.

Service improvement

API deployment allows banks to extend and improve their products and services. Open API enables easy integration of other market players with the strategic partnerships lying in the core of many successful endeavors. Banks may lack internal resources, expertise or funds which are required to launch an app to hook in millennials, X and Z-generations. However, backed by fintech startups, in exchange for banking data and infrastructure they can get a top-notch product that sells out.

Customers’ engagement

Open API reinforces client engagement and brings new ones. In liaison with the fintech companies, banks instantly adapt to ever-shifting clients’ needs. Picture a scene where Bank A boasts a super convenient and user-friendly P2P money transfer system. Bank B easily adopts the best practices of Bank A using its Open API. As a result, Bank B boosts its revenues and engagement rates by leveraging the system that was refined by the previous owner.

New revenue streams

Banking data and infrastructure cost a lot. Now, as we have API bank can grant a qualified party secure and regulated access to its system to the extent that is necessary for such party to make use of bank’s data/services. Thus, new revenue channels are created which the bank would not have otherwise.

Tips and tricks for successful implementation

What does a bank need to leverage the benefits of API implementation? Expertise from a third party will do. “How do I know I’m offered the right thing for my business?” – a CEO can rightfully ask him/herself. With this in mind, we’ve made up a cheat sheet for a bank willing to unleash the power of API implementation involving assistance from a service provider.

The road map along with API features below are tailored based on the experience we obtained elaborating Open API for Standfore, banking platform by Qulix Systems.

For a good start, draft out a project road map. This may not be an all-inclusive one but should cover strategic imperatives for your API.

Think of a flexible system for roles and access management. Banks have to protect Clients’ data by implementing security frameworks and layering access to information each partner is eligible to use.
Make a draft of the External user management system (Fin-Tech providers and partners). An internal portal to administer the developers qualifying to use the API (logging and activity monitoring) is a must for a bank. Transparency and security mechanisms should be enacted to track and prevent data misuse or tampering.
Pay special efforts to design SDK and Documentation adaptive to the required access level. Open API and relevant docs must be designed so that nothing threatens the integrity of users’ finances and data.

Bank-specific features of Open API must include:

A banking-specific developer portal with API docs and tools
Pre-configured proxies for banking APIs
Workflows for working with payments (PISP) and accounts (AISP)
An integrated OAuth2 security framework with various access models
Single authentication system for the bank and partners
Secure XS2A (access to the account) end-user authentication for 3rd party providers
Single integration point with banking core (middle layer)
Intuitive interface for interaction with bank’s services

Technology stacks may vary, although we recommend using OracleDB/PostgreSQL, Hibernate, Spring, Swagger, REST services, and React JS.

The approach of our team implies strict compliance with PSD2 requirements as well as implementing OAuth2.0 authentication.

A standard schedule for Open API implementation based on our experience can be drafted as follows:

Whether you’re a bank in search of a technical collaborator or a technical collaborator itself, beware of the integration peculiarities. No bank’s system is identical to the other, with every bank having its typical processes and procedures. Nevertheless, a win-win outcome centers on the flexibility and adaptability of both parties involved. Needless to say, technical assistance and consulting should be provided to the bank throughout the whole process of Open API delivery.

When done right, Open API has the potential to become a game-changer for banks. Leverage the transformative power of a new age in banking the way top industry disruptors do and see the results soon.