API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
API gateway to the world
An API gateway is like the front of the airport, where all the operations and activity happen before you go through security. As you enter the airport, you are faced with several options:
- Walk around, browsing through shops (those landside – open to the public) and looking at timetables. This is much like looking at a catalogue of APIs available and their capabilities.
- Access services and support to change your flight, purchase extra services such as checked luggage – comparable to getting an understanding of how to use the API services that are on offer.
- Checking the weight of your luggage and wrapping it in plastic – like playing in a sandbox, preparing to use the API. Or, you can check-in to get your flight, just like you register to use an API.
- Check-in on smartphone before you arrive at the airport – similar to how you can provide trusted third-party provider access to services via Open APIs, so everything is ready to use.
- Collect your luggage when disembarking or catching a connecting flight – this is like a trusted third-party provider getting the permissioned information and relaying it to the customer for aggregated account views in a fintech app, for example.
As you pass through security at an airport, you’ll typically encounter a security officer who will check your boarding pass and passport for validity. However, even if you pass these two rudimentary checks, you are not yet ‘airside’ in the secure zone of the airport. Typically, this is where an API gateway stops protecting your business. You can move forward or are rejected – there is no check if you are allowed to fly, or if what you are carrying is appropriate.
The role of the API Manager
It is this transfer into the secure zone that API Managers (including those provided by ACI) offer a bank. At passport control, your identity is checked much more thoroughly than during the initial boarding pass check. The border control team checks who you are against your registered credentials, checks whether your ID ever been compromised, whether you are on a watch list and if you should be flying. This experience, though it can be arduous, is a critical part of the security process – knowing who is flying and who is leaving the country.
An API Manager enforces the same controls — checking in detail the identification of any individual or third party using a particular API that has been published. Is the usage known? Is it allowed? Is it expected? Can the airline (the third party) offer this ticket (API) to this customer?
Finally, once within the secure zone you have further options. You could transit from one flight to another and catch a connecting flight. API Managers assist in a similar model for APIs. They enable orchestration of API usage across systems, allowing data to be aggregated and managing the sharing of credentials and consent as required, removing the burden from a financial institution’s systems.
Airside, having navigated security and passport control, you can go to your gate, load up on duty-free, grab a coffee… any of the number of things that you have permission and authority to do. Just as an API Manager continues orchestrating payments or collecting data across systems for a customer.
When it comes to an organization’s use of APIs (just as with a bustling airport), an efficient and engaging front of house needs to be partnered with a secure and controlled security zone – this is critical for effective, safe and controlled operations. The gateway is the front of house for services, making APIs visible and increasing use and awareness, while an API Manager protects the organization and its customers, making sure every use is secure, appropriate, authorized and controlled.
ACI Worldwide’s API Manager capabilities support financial institutions’ open banking strategies and respond to growing API demands. Part of ACI’s Universal Payments (UP) Framework, API Manager capabilities are available throughout ACI’s UP portfolio of on-premise and cloud-based solutions.
ACI’s API Manager was recently awarded 1st Runner Up at the Florin Asia Innovation Awards 2018, selected by an expert panel judging more than 60 entries from leading banking and fintech organizations. Meet with our team at Sibos 2018 in Sydney, Australia to learn more about APIs.
Related Blog Posts
Regulating for Real-Time: The Role of Government in Payments Modernization
Dr. Leo Lipis and Craig Ramsey, Head of Real-Time Payments for ACI Worldwide, continue their discussion on real-time payments and the findings of the new white paper, Get More from Real-Time.
Issuing and Acquiring in a Real-Time and Open Payments Ecosystem – The Global Picture
Dr Leo Lipis and Craig Ramsey, Head of Real-Time Payments for ACI Worldwide, continue their discussion on real-time payments, stemming from the findings of the new white paper, Get More from Real-Time. See part one.
Four Questions to Drive Your Retail Banking Payments Strategy in 2019
I keep hearing that it’s “an exciting time to be in payments,” and I certainly agree that there is a lot of noise. However, when I look below the surface, I’d argue that the interesting activity is not with the payment itself, but with all the related events and steps in the value chain.
What Can the Re-Regulation of Other Industries Tell Us About Open Banking One Year On?
UK Open Banking just reached its first birthday milestone (on January 13 to be precise) and given my own commentary – including in the ACI blog – on this topic, the first anniversary of Open Banking in the UK certainly won’t pass without a debrief on the progress that’s been made and what challenges lie ahead.
Instant Payments in Italy – And Beyond: Lessons from Il Salone dei Pagamenti
ACI was invited back to Il Salone dei Pagamenti – Italy’s premier payments event organized by the Italian Banking Association (ABI) – to participate in a panel, “SEPA Inst – the Future.” As expected, the session was packed with stats and advice for a more efficient roll out of instant payments – in Italy and beyond.
To Regulate Or Not To Regulate – Is That Thy Question?
Debates are healthy, and as someone who spent a little time during my college years dabbling around the edges of the speech and debate team, I can tell you it’s something that I personally relish. A chance to really talk through the pros and cons of an argument and lay out the bare facts… and then be judged based not only on those facts, but on the presentation and power of persuasion—sign me up!
Request for Pay – What Does It Mean For Financial Institutions?
What do banks – one with $60B+ in assets, one a mid-size regional bank, and one, a small innovative credit union – have in common with payment networks and the ‘Big 4’ consulting firms? They were all part of the first ACI #PaymentsForBreakfast event in North America! The theme was real-time payments, but the focus was more specifically on Request for Pay.
Why Open Banking Might Need to Rely on a Magic Illusion of 24x7 Availability
The adage “the more things change, the more they stay the same” appears to ring true when applied to the early phases of the evolution of open banking (or open payments). Especially when you contrast it with the early days of ATM withdrawals; particularly those made in the dead of night so you could pay cash for your after-party greasy feast.
Sibos Preview: The Five Trends Transforming Real-Time Payments
Real-time is now a reality, with more than 30 schemes live around the world. And real-time is in the spotlight as banks and financial service providers make their way to Sydney for Sibos 2018. What better time to look ahead at the key trends that are going to shape the ongoing development of real-time payments.
Winners and Losers in the Regulation Vs Competition Debate? How About New Business Models?
As Summer has abruptly turned to Fall, I have found myself daydreaming of a European vacation (and yes, I realize it’s Fall there too… or rather, Autumn). Maybe it’s the Instagram feed full of friends on a summer sojourn to Italy, France, or Germany, or the constant barrage of Premier League kickoff commercials on the NBC Networks (Let’s Go Gunners!), but yesterday it was something else entirely that had me drifting off into a memory-induced Nutella-crepe state of euphoria.