API gateway to the world
An API gateway is like the front of the airport, where all the operations and activity happen before you go through security. As you enter the airport, you are faced with several options:
- Walk around, browsing through shops (those landside – open to the public) and looking at timetables. This is much like looking at a catalogue of APIs available and their capabilities.
- Access services and support to change your flight, purchase extra services such as checked luggage – comparable to getting an understanding of how to use the API services that are on offer.
- Checking the weight of your luggage and wrapping it in plastic – like playing in a sandbox, preparing to use the API. Or, you can check-in to get your flight, just like you register to use an API.
- Check-in on smartphone before you arrive at the airport – similar to how you can provide trusted third-party provider access to services via Open APIs, so everything is ready to use.
- Collect your luggage when disembarking or catching a connecting flight – this is like a trusted third-party provider getting the permissioned information and relaying it to the customer for aggregated account views in a fintech app, for example.
As you pass through security at an airport, you’ll typically encounter a security officer who will check your boarding pass and passport for validity. However, even if you pass these two rudimentary checks, you are not yet ‘airside’ in the secure zone of the airport. Typically, this is where an API gateway stops protecting your business. You can move forward or are rejected – there is no check if you are allowed to fly, or if what you are carrying is appropriate.
The role of the API Manager
It is this transfer into the secure zone that API Managers (including those provided by ACI) offer a bank. At passport control, your identity is checked much more thoroughly than during the initial boarding pass check. The border control team checks who you are against your registered credentials, checks whether your ID ever been compromised, whether you are on a watch list and if you should be flying. This experience, though it can be arduous, is a critical part of the security process – knowing who is flying and who is leaving the country.
An API Manager enforces the same controls — checking in detail the identification of any individual or third party using a particular API that has been published. Is the usage known? Is it allowed? Is it expected? Can the airline (the third party) offer this ticket (API) to this customer?
Finally, once within the secure zone you have further options. You could transit from one flight to another and catch a connecting flight. API Managers assist in a similar model for APIs. They enable orchestration of API usage across systems, allowing data to be aggregated and managing the sharing of credentials and consent as required, removing the burden from a financial institution’s systems.
Airside, having navigated security and passport control, you can go to your gate, load up on duty-free, grab a coffee… any of the number of things that you have permission and authority to do. Just as an API Manager continues orchestrating payments or collecting data across systems for a customer.
When it comes to an organization’s use of APIs (just as with a bustling airport), an efficient and engaging front of house needs to be partnered with a secure and controlled security zone – this is critical for effective, safe and controlled operations. The gateway is the front of house for services, making APIs visible and increasing use and awareness, while an API Manager protects the organization and its customers, making sure every use is secure, appropriate, authorized and controlled.
ACI Worldwide’s API Manager capabilities support financial institutions’ open banking strategies and respond to growing API demands. Part of ACI’s Universal Payments (UP) Framework, API Manager capabilities are available throughout ACI’s UP portfolio of on-premise and cloud-based solutions.
ACI’s API Manager was recently awarded 1st Runner Up at the Florin Asia Innovation Awards 2018, selected by an expert panel judging more than 60 entries from leading banking and fintech organizations. Meet with our team at Sibos 2018 in Sydney, Australia to learn more about APIs.