What is a Banking API and How Does It Work?
Banking sphere is one of the most rapidly developing spheres nowadays and the one that is undergoing digital transformation and technological changes. The COVID-19 pandemic pushed banks to accelerate their digital transformations. In order to meet the ever growing customer demands and overcome the competitors, banks have to implement the latest technologies and speed up the app development time while integrating with 3d party fintech providers to offer digital services and solutions to its customers.
This type of integration becomes possible due to API or Application Programming Interface. It connects fintechs and banks directly with each other so that they can provide better customer service.
Though there can be several types of communication via API, in this article we focus on REST API as it is a golden standard in communication between internet nodes nowadays. Check out what a banking API is, what benefits it provides and how it works.
What Is a Banking API?
Banking API is an interface that helps to communicate with a remote banking system (BaaS) over the protected internet channels. Through API BaaS provides its services behind their powerful infrastructure to other fintech providers who need to embed banking services into their applications.
While using banking API, fintech providers enable its customers to perform a great number of operations like issuing cards, checking account balances, money transfers, FX operations, etc. Here is a common list of operations:
- customer onboarding;
- KYC process;
- account management;
- payment cards issuing & management;
- money transfers;
- FX operations;
- transaction history;
- incoming profile, account changes registration;
- incoming transaction or transaction status changes registration;
- fees management and validation.
Types of Banking API
There are various types of APIs provided by banks:
- Private APIs: internal banking APIs used only to enhance internal processes.
- Open/public APIs: these APIs are fully available to any third parties, allowing them to utilise bank services or offer the same services to their own customers.
Although the number of public banking APIs is proportionately small, McKinsey research found that 75 percent of the top 100 banks globally have made public APIs available.
Benefits of API in Banking
In 2021, 47% of banks and credit unions (CUs) have invested in or developed APIs, up from 35% in 2019. Another 25% plan to invest in this technology by the end of 2022. So what makes banking API so attractive?
APIs play an important role and bring significant benefits to banks further development and innovation. While banks can concentrate on their core banking system development and enhancement, various fintech start ups and providers can build tools and applications on top of the core system and provide them to banks through APIs allowing to create whole ecosystems around banks. For instance, banks can get data on their customer behaviour through such apps and create more customer-tailored marketing campaigns. Customer voice systems allow banks to get customer feedback, indicating exactly which offerings they like and dislike. By embedding PFM systems, banking apps can offer engaging experiences such as spendings planning and tracking, savings goal settlement and achievement, etc.
Not only banks can benefit from open APis but the fintech companies can develop apps based on the data they can obtain from banks. The use of APIs in open banking allows such payment service providers as Apple Pay, Stripe, Square, PayPal and Amazon to smoothly connect with customers’ bank accounts.
FinTech startups and companies develop Buy Now, Pay Later (BNPL) solutions that allow customers to get a mini-loan in just a few minutes. The use of APIs enables lenders to accelerate loan application processes and achieve greater customer satisfaction.
A digital wallet uses a banking API to link your payment details to your connected bank account.
Such digital personal assistants like Alexa or Siri can be integrated through an open API to make shopping and money transfers convenient.
How Does API in Banking Platforms Work?
Using banking API the whole lifecycle of accounts and transactions can be speeded up by the automation that allows to perform thousands of operations daily, millions of operations monthly. Without no human intervention.
While there is a range of API calls that a consumer performs, the latter should have implemented some API endpoints that face externally. They are serving for events registration coming from the banking provider, via web-hooks.
Using such communication techniques as REST API, JSON format, TLS protection, tokens for authentication and web-hooks allow to increase the so-called “bus factor” of your team. Making it possible to replace key team players in case of emergency.
The technologies listed above are the common “language” the majority of software engineers in the market understand now. It’s a widely-used standard that makes the creation of integrations as quickly as possible. That in its turn affects the final cost of the product.
The application-consumer usually has a module (usually called connector or API Gateway) that is responsible for communication with a banking platform.
The actual communication goes using API token/key, specially issued by your provider. This is a secret that is kept in safety. When each API call is executed, a token is placed into the header of each HTTP request. Example:
Bearer API_TOKEN
The API call is executed over the protected channels. Usually SSL/TLS protection is established. If there is no such possibility another security method is used, for example: asymmetric encryption.
When a call is executed a banking platform returns a response. Usually in JSON format that contains all details about the operation. HTTP response code reflects the overall result status as well.
The application, API-consumer, has its own set of ID’s (user, account, transaction). The same goes for the remote banking system. That’s why the caller should store the mapping between the local and remote ID of each object. This is necessary to operate objects’ data and status in the future, so the banking platform could recognize objects by their own generated ID’s.
The banking provider usually has support for idempotency. That means it will stop processing the operation if it’s a duplicate call. In this case the provider returns the 409 HTTP status code.
When remote objects status changes (for example: user is blocked, account is activated) or a new transaction is registered, a banking system notifies the subscriber using web-hooks. The remote caller executes the API endpoint previously specified by the application-consumer using the presetup IP address. It delivers changes initiated outside of the consuming service.
Here are several examples of API endpoints:
# Endpoint for creation of customer/user:
POST /api/v1/user
# Endpoint for checking the status of user KYC with alternatives:
GET /api/v1/user/12345/kyc/status
GET /api/v1/kyc/status?user=12345
# Endpoint for providing new document for a user KYC:
POST /api/v1/user/12345/kyc/document
# Endpoint for validation of a transaction belonging to the account ID 12345 with alternatives:
POST /api/v1/account/12345/transaction/validate
POST /api/v1/transaction/validate
# Endpoint for check the status of a transaction with ID 54321 with alternatives:
GET /api/v1/account/12345/transaction/54321
GET /api/v1/transaction/54321
GET /api/v1/transaction?ID=54321
How to Prepare Your Application for the Integration via API
Before the implementation start please ask your banking service provider important questions:
- What is the API rate limit?
- How many calls BaaS can perform per second?
- What is SLO for response latency?
- What is a policy of web-hooks delivery by the producer if your application does not respond?
Prepare your API token provided by the banking service. Keep it safe. Please note that several tokens can be presented regarding how many environments you would have. Usually it’s a sandbox and a production environment.
Make sure that your system has unique hashed identifiers. Usually it’s a sequence of latin letters and digits. The length varies from 16 to 40 characters. Make sure that your ID’s format and length is compatible with the requirements of the remote system.
Prepare a banking provider API gateway that stands for communication purpose only. That will allow you to be protected, to balance a communication load, to keep the functionality segregated.
Make sure your platform has a fixed IP address for external calls. Ask your partner to whitelist your IP from their side. This is a bad trigger if a banking provider does not support a whitelisting. Whitelist the IP address of the BaaS web-hooks producing server.
When planning the implementation please make sure to process all HTTP codes that the remote server can return. Including the key ones: 200, 201, 301, 308, 401, 403, 404, 408, 409, 429, 500, 503, 504.
Prepare that a certification of your communication can be held by the banking provider. Usually it’s a short session of acceptance tests, how your application uses API and reacts to the different events sent by the banking platform.
Сonclusion
The access to open banking API eliminates barriers between fintech businesses and banks helping in general the financial industry to grow, along with improving the quality of services provided to the customers.
APIs help create banking ecosystems while integrating 3d party applications and tools, resulting in better customer service and increased customer engagement. Third parties can also use banks’ financial information to build innovative applications and enlarge their customer base while increasing revenue and market presence.
Overall, API banking services are only expected to get more popular in the near future. If you are looking for banking software development services or need to create an app with access to banking API, feel free to get in touch with our expert team.