API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
API gateway to the world
An API gateway is like the front of the airport, where all the operations and activity happen before you go through security. As you enter the airport, you are faced with several options:
- Walk around, browsing through shops (those landside – open to the public) and looking at timetables. This is much like looking at a catalogue of APIs available and their capabilities.
- Access services and support to change your flight, purchase extra services such as checked luggage – comparable to getting an understanding of how to use the API services that are on offer.
- Checking the weight of your luggage and wrapping it in plastic – like playing in a sandbox, preparing to use the API. Or, you can check-in to get your flight, just like you register to use an API.
- Check-in on smartphone before you arrive at the airport – similar to how you can provide trusted third-party provider access to services via Open APIs, so everything is ready to use.
- Collect your luggage when disembarking or catching a connecting flight – this is like a trusted third-party provider getting the permissioned information and relaying it to the customer for aggregated account views in a fintech app, for example.
As you pass through security at an airport, you’ll typically encounter a security officer who will check your boarding pass and passport for validity. However, even if you pass these two rudimentary checks, you are not yet ‘airside’ in the secure zone of the airport. Typically, this is where an API gateway stops protecting your business. You can move forward or are rejected – there is no check if you are allowed to fly, or if what you are carrying is appropriate.
The role of the API Manager
It is this transfer into the secure zone that API Managers (including those provided by ACI) offer a bank. At passport control, your identity is checked much more thoroughly than during the initial boarding pass check. The border control team checks who you are against your registered credentials, checks whether your ID ever been compromised, whether you are on a watch list and if you should be flying. This experience, though it can be arduous, is a critical part of the security process – knowing who is flying and who is leaving the country.
An API Manager enforces the same controls — checking in detail the identification of any individual or third party using a particular API that has been published. Is the usage known? Is it allowed? Is it expected? Can the airline (the third party) offer this ticket (API) to this customer?
Finally, once within the secure zone you have further options. You could transit from one flight to another and catch a connecting flight. API Managers assist in a similar model for APIs. They enable orchestration of API usage across systems, allowing data to be aggregated and managing the sharing of credentials and consent as required, removing the burden from a financial institution’s systems.
Airside, having navigated security and passport control, you can go to your gate, load up on duty-free, grab a coffee… any of the number of things that you have permission and authority to do. Just as an API Manager continues orchestrating payments or collecting data across systems for a customer.
When it comes to an organization’s use of APIs (just as with a bustling airport), an efficient and engaging front of house needs to be partnered with a secure and controlled security zone – this is critical for effective, safe and controlled operations. The gateway is the front of house for services, making APIs visible and increasing use and awareness, while an API Manager protects the organization and its customers, making sure every use is secure, appropriate, authorized and controlled.
ACI Worldwide’s API Manager capabilities support financial institutions’ open banking strategies and respond to growing API demands. Part of ACI’s Universal Payments (UP) Framework, API Manager capabilities are available throughout ACI’s UP portfolio of on-premise and cloud-based solutions.
ACI’s API Manager was recently awarded 1st Runner Up at the Florin Asia Innovation Awards 2018, selected by an expert panel judging more than 60 entries from leading banking and fintech organizations. Meet with our team at Sibos 2018 in Sydney, Australia to learn more about APIs.
Related Blog Posts
Open Payments Systems for Merchants: Don't Close Down Your Options
Remember “Open Systems”?
It was a big industry nom du jour in the 80s and 90s. Every IT system had to be open and therefore flexible and future-proof. Nobody can argue with the logic behind this; making systems easy to integrate with other systems, ensuring vendors could cooperate with one another; creating agility to improve time to market and drive down costs.
Building Trust in Open Banking with Behavioral Biometrics and Machine Learning
Strategies for fraud prevention in payments are having to evolve quickly, as new technologies emerge and digitalization of the banking ecosystem continues at pace. I spoke with Giselle Lindley, Principal Financial Crime Consultant at ACI Worldwide and Tim Dalgleish, Head of Threat Analytics, Asia Pacific at BioCatch to understand how financial institutions can use payments intelligence to build trust in this challenging environment.
Why It’s Time for Women to Rise UP
As a senior software engineer at ACI Worldwide, Rawan Shawar helps to guide her team’s priorities and enhance processes at both the team and organizational level. Recently, Rawan was selected by the organizers of Money20/20 Asia to be part the Rise Up Class of 2019.
Can Digital Payments Be Kind?
There is no doubt that the era of less (or minimal) cash is truly upon us. According to the Access to Cash Review, cash could fall to just 10 percent of all payments in the UK within the next 15 years.
Other countries, such as Sweden, have already seen significant changes – cashless payments have grown so quickly that only 10 percent of the 20 SEB banks in Stockholm now hold cash. Beyond Europe, China is leading the way with USD$12.8 trillion in mobile payment transactions in 2018.
Knowing New Customers – And How Shared Data Helps in Fighting Fraud
As the eCommerce industry continues its rapid growth, the lines between physical and digital shopping are becoming increasingly blurred. These changes are creating a number of challenges for merchants, not least around customer visibility and fraud prevention.
Reducing Fraud and Improving Customer Experience with Machine Learning
Julie Conroy is research director for Aite Group’s Retail Banking practice and covers fraud, data security, anti-money laundering, and compliance issues. Recently, Julie teamed up with ACI’s Marc Trepanier for a webinar, Key Trends in Payments Intelligence – Machine Learning for Fraud Prevention. I sat down with Julie to get her take on the topic.
Why Non-Functional Requirements Should be a Few of Your Favorite Things
It’s not unusual for me to be questioned by retailers as to why some payment solutions are priced differently or more expensively than others – in fact, it would be unusual not to be asked those questions when dealing daily with procurement and finance teams of major multi-national multi-channel merchants!
Keeping Up With Fraudsters: A Month Isn’t Enough
As the Government of Canada campaigns for improved fraud prevention and awareness this month, I’d like to do my part as a fellow Canadian, and shed some light on why payments need to stay a step (or more) ahead of fraudsters, today more than ever.
Local Perspectives: Real-Time Realities Across Asia-Pacific in 2019
Money20/20 Asia returns to Singapore this week, attracting payments professionals from around the vast APAC region – and beyond. The real-time and open imperative is one of the reasons why all eyes are on Asia-Pacific when it comes to payments, so I caught up with ACI payments experts representing three of the key countries within the region, to take the pulse of real-time schemes that are in varying stages of maturity.
What it Takes to be an ‘Influential Woman in Payments’ [Q&A]
Coming off the back of International Women’s Day this past weekend, PaymentsSource has recognized the Most Influential Women in Payments, spanning multiple industries including financial services, retail, investment and technology. Among the honorees is ACI’s very own Carolyn Homberger, group president, global sales. Part of the executive leadership team at ACI, Carolyn leads a team of payments professionals operating across all global regions, and plays a critical role in setting business strategy. As an advocate for the leadership and growth of women in the payments industry, Carolyn is also responsible for launching ACI’s own Women’s Initiative.