API Management: The Reason Digital Open Banking Can Fly
When it comes to thinking about the different roles that an API Manager can play for an organization, I personally think that an airport provides the perfect analogy. The customer is the passenger, the third-party organizations using a bank’s APIs are the airlines and the airport itself is the bank. I also think this analogy helps to visualize the variety of API management capabilities – including the role of an API gateway.
API gateway to the world
An API gateway is like the front of the airport, where all the operations and activity happen before you go through security. As you enter the airport, you are faced with several options:
- Walk around, browsing through shops (those landside – open to the public) and looking at timetables. This is much like looking at a catalogue of APIs available and their capabilities.
- Access services and support to change your flight, purchase extra services such as checked luggage – comparable to getting an understanding of how to use the API services that are on offer.
- Checking the weight of your luggage and wrapping it in plastic – like playing in a sandbox, preparing to use the API. Or, you can check-in to get your flight, just like you register to use an API.
- Check-in on smartphone before you arrive at the airport – similar to how you can provide trusted third-party provider access to services via Open APIs, so everything is ready to use.
- Collect your luggage when disembarking or catching a connecting flight – this is like a trusted third-party provider getting the permissioned information and relaying it to the customer for aggregated account views in a fintech app, for example.
As you pass through security at an airport, you’ll typically encounter a security officer who will check your boarding pass and passport for validity. However, even if you pass these two rudimentary checks, you are not yet ‘airside’ in the secure zone of the airport. Typically, this is where an API gateway stops protecting your business. You can move forward or are rejected – there is no check if you are allowed to fly, or if what you are carrying is appropriate.
The role of the API Manager
It is this transfer into the secure zone that API Managers (including those provided by ACI) offer a bank. At passport control, your identity is checked much more thoroughly than during the initial boarding pass check. The border control team checks who you are against your registered credentials, checks whether your ID ever been compromised, whether you are on a watch list and if you should be flying. This experience, though it can be arduous, is a critical part of the security process – knowing who is flying and who is leaving the country.
An API Manager enforces the same controls — checking in detail the identification of any individual or third party using a particular API that has been published. Is the usage known? Is it allowed? Is it expected? Can the airline (the third party) offer this ticket (API) to this customer?
Finally, once within the secure zone you have further options. You could transit from one flight to another and catch a connecting flight. API Managers assist in a similar model for APIs. They enable orchestration of API usage across systems, allowing data to be aggregated and managing the sharing of credentials and consent as required, removing the burden from a financial institution’s systems.
Airside, having navigated security and passport control, you can go to your gate, load up on duty-free, grab a coffee… any of the number of things that you have permission and authority to do. Just as an API Manager continues orchestrating payments or collecting data across systems for a customer.
When it comes to an organization’s use of APIs (just as with a bustling airport), an efficient and engaging front of house needs to be partnered with a secure and controlled security zone – this is critical for effective, safe and controlled operations. The gateway is the front of house for services, making APIs visible and increasing use and awareness, while an API Manager protects the organization and its customers, making sure every use is secure, appropriate, authorized and controlled.
ACI Worldwide’s API Manager capabilities support financial institutions’ open banking strategies and respond to growing API demands. Part of ACI’s Universal Payments (UP) Framework, API Manager capabilities are available throughout ACI’s UP portfolio of on-premise and cloud-based solutions.
ACI’s API Manager was recently awarded 1st Runner Up at the Florin Asia Innovation Awards 2018, selected by an expert panel judging more than 60 entries from leading banking and fintech organizations. Meet with our team at Sibos 2018 in Sydney, Australia to learn more about APIs.
Related Blog Posts
Request for Payment and Other Real-Time Payments Trends That Will Shape 2020
In 2020, the conversation around real-time payments will increasingly be about what banks can do with real-time, as they move beyond setting up to support real-time payments schemes. New use cases will emerge – but there are a few main trends that are likely to shape the direction of real-time in the year ahead.
2020: The Year of (Near) Cashless Transactions?
Happy belated New Year and raise your hand if you make and/or follow New Year’s resolutions. I used to and then realized they were exercises in futility. But, over this past holiday, I thought I’d give the resolution game one more shot. This one was more a realistic goal than it was a resolution, but who can really tell the difference anyway!?! I decided to go cashless over the holidays, which can still be somewhat challenging for many in the US (though my friends in other countries are probably ridiculing me right now). I was traveling (to NYC and Florida) and wanted to pack as little as possible (in both my luggage and my wallet). I’m all about loyalty card points these days, hence the 2 back-to-back trips.
Three Merchant Payment Trends to Watch in 2020
In 2019, merchants everywhere were challenged by pressure from new entrants, the continued breakdown of traditional industry boundaries and growing customer preference for a digitally-led or digitally-influenced purchasing experience.
The Invisibility Cloak of Payments: What Are the Consequences?
If you could pick any superpower, what would you pick? Children often pick "invisibility.” Oh, the possibilities of being invisible! What fun! You can walk into a candy store and take all the candy you want, you can stay downstairs late with your parents and listen to what they’re saying, you can sneak out without anybody noticing… But when you think about it, there are also disadvantages that come with this superpower.
Looking Back at Money20/20 USA: Where Do We Go From Here?
Now that the dust has settled on another successful Money20/20 USA in Las Vegas, it allows for a moment of reflection on what some of the announcements and trends mean for the ever-changing financial industry. Discussions spanned a variety of topics, including the future of international and digital expansion of PSPs, how organizations developing cryptocurrency wallets plan to enter the payments space, and how challenger banks plan to revolutionize the banking experience. Inclusivity was a recurring theme throughout – and nowhere was this more evident than in the Rise Up program.
2020 Fraud Predictions: What to Expect Across the Globe as Cybercrime Evolves
Our payment experts take stock of the trends that shaped 2019 and make their predictions for where they see the industry heading in 2020.
I sat down with our own fraud experts, Marc Trepanier, principal fraud consultant for North America, and Giselle Lindley, principal fraud consultant for APAC, to get their thoughts on what we can expect in the year ahead around payments fraud.
Real-Time Payments Hits Its Stride in the U.S.
The recent announcement of FedNow in the U.S., the launch of cross-border services like SWIFT gpi, and multiple real-time payment systems including The Clearing House’s (TCH) RTP system and Zelle underline the fact that real-time payments are here to stay. The need to deliver real-time payment services to customers has never been more pressing for banks, credit unions, processors, acquirers and fintechs. However, the U.S. payments ecosystem – and its infrastructure – must keep pace with global markets to remain competitive, and interoperability between real-time payment systems will be key.
Deep Dive: Latin American Fintech Market (Part 2)
To support fintechs’ development and create a more inclusive financial system, governments across the Latin American region should adopt different regulations. Some good practices implemented in other countries, like the U.K. or Singapore, could also be adopted in Latin America, such as temporary exemptions on fintech authorizations on behalf of regulating entities, or the creation of temporary regulation sandboxes in which fintechs can operate, evaluate their business models and offer their innovative products in supervised environments.
Women in Payments: “Make Failure Your Fuel”
ACI’s Darcy Locke, new business development principal, was recently appointed Chair of the American Financial Services Association (AFSA), Business Partner Board. During her two-year term, Darcy will preside over the AFSA Business Partner Board meetings, and concurrently serve as a member of the AFSA Board of Directors and Chair of the AFSA Business Partner Task Force.