OpenAPI in Banking and Finance
Technology Trend OpenAPI
In the past, organizations and businesses, especially in the financial and banking sector, tended to have closed systems (no data sharing) for customer information safety, confidentiality, and system attack prevention. However, the emergence of financial technology (fintech) companies in recent years has created new playing fields, new business models and new players, opening up the closed ecosystems of traditional financial institutions.
Following this inevitable trend, banking and financial institutions are aware that fintech companies, payment and financial management service providers will be their partners to unlock the potential of the increasingly expanding market. Shifting from previously closed systems, i.e. no sharing and no linking to customer databases for data protection, banks are now changing to become as open as possible. Open Banking is emerging as a popular trend in Vietnam.
A large number of countries around the world now have specific strategies and policies to develop a legal framework system, which serves as a basis for the application of Open Banking and exploitation of its potential, as it’s an inevitable movement towards modern banking.
Globally, no less than 87% of countries have deployed various forms of Open Banking through Open Banking APIs. Europe alone sees at least 410 online service providers authorized to access Open Banking data.
In Asia, by the end of 2020, there were 77 Open Banking platforms, nearly 1,500 related products and services with an average annual growth rate of 228%. Korea, Hong Kong, Singapore, Japan have achieved spectacular growth in Open Banking services. Particularly, the Open Banking Hub platform implemented by the Korea Financial Telecommunications & Clearings Institute (KFTC) in Korea since 2020 has now reached more than 1 billion transactions/month.
In China, an example of Open Banking’s development is the integration between the digital bank WeBank and the application Wechat – a popular Chinese messaging, social media and mobile payment platform. Thanks to this integration, customers can schedule appointments, transfer money, and book taxis using a single platform, Wechat, instead of multiple different apps.
In Vietnam, following the workshop themed “Open API in Banking Sector of Vietnam – Situation and Recommendations” jointly held by the State Bank of Vietnam (SBV) and the Asian Development Bank (ADB) in Hanoi on March 29, 2021, which showed SBV’s interest and support for OpenAPI development in the banking industry, a number of leading banks in Vietnam, such as TPBank, BIDV, HDBank, have conducted research and implementation of OpenAPI.
What is OpenAPI?
OpenAPI is a technology that allows customers’ applications, software, and digital platforms to connect and exchange data with banking services effectively and securely. OpenAPI is considered a development trend of Open Banking, promoting the expansion of the digital ecosystem and enhancing customer experience in the digital space.
Having the ability to provide a definition of your API to companies you partner with or organizations whom you provide APIs to – is vital to doing business. The success of the API economy is predicated on doing this repeatedly, succinctly and deterministically, using a vernacular that is relevant to the API consumer.
API specification languages provide a standardized means to do this. Your APIs can be described in agnostic terms, decoupling them from any specific programming language. Consumers of your API specifications do not need to understand the guts of your application or try to learn Lisp or Haskell if that’s what you chose to write it in. They can understand exactly what they need from your API specifications, written in a simple and expressive language.
The OpenAPI Specification (OAS) enables exactly this transfer of knowledge from API provider to API consumer. It is an open standard for describing your APIs, allowing you to provide an API specification encoded in a JSON or YAML document. It provides a comprehensive dictionary of terms that reflects commonly-understood concepts in the world of APIs, embedding the fundamentals of HTTP and JSON. When teamed up with supporting tools, it can provide a rich experience based on a simple document.
Deploying OpenAPI obviously covers more than just you or your business publishing one or more APIs on the internet. Strict OpenAPI standards need to be met to deliver the APIs. The latest standards for OpenAPI is OpenAPI 3.1.0 published on February 15, 2021 (https://spec.openapis.org/oas/v3.1.0)
Following this trend, some giant technology companies including IBM, Google, Microsoft, have offered solutions and platforms to satisfy the needs of OpenAPI for customers like banks, large financial institutions and businesses.
OpenAPI Architecture
Every OpenAPI system contains three components: API Gateway, Developer Portal, and API Management
- API Gateway: a communication portal that allows integration between enterprise systems and external ones.
- API Routing: direct requests based on message content, headers, identity, and other factors. API routing also needs prioritizing requests based on SLAs agreed with API callers.
- Data transformation & authentication: requests must be authenticated against structure and support for data transformation should be provided
- The tool comes with several standard connectors, allowing the API to connect directly to email servers, databases, document management systems, etc.
- API Management: help administrators manage API lifecycle, record transaction logs from API Gateway, produce statistics on transactions going through the system, manage development configuration and administration for the entire OpenAPI system
- Developer Portal: a platform where developers can self-register and test APIs. Published developer portals allow developers to self-sign up and use API services provided by enterprises hassle-free, and empower them to utilized these APIs to create new applications for emerging demands.
In addition to the above components, to publish APIs, the OpenAPI system also needs to meet other standards:
- The OpenAPI Specification (OAS) defines a standard, programming language-agnostic interface description for HTTP APIs. This allows both humans and computers to discover and understand the capabilities of a service without requiring access to source code, additional documentation, or inspection of network traffic. When properly defined via OpenAPI, a consumer can understand and interact with the remote service with a minimal amount of implementation logic. Similar to what interface descriptions have done for lower-level programming, the OpenAPI Specification removes guesswork in calling a service. Message Format, Service Version, Document Structure, Data Type
- Security standards: SL/TLS communications, Digital Signature for XML/JSON payloads, Message Encryption/Decryption for XML/JSON payloads, JSON Web Token (JWT) is a compact, URL-safe way of representing claims, JSON Web Signature (JWS), JSON Web Encryption (JWE), OAuth 2.0, OpenID Connect
- Flexibility: APIs should be flexible for customization. API errors requires fast handling since they create impacts on both API provider and partner companies that use those APIs.
- Easy to deploy: APIs must come with a hassle-free deployment process without interruption in terms of time and performance, and with support for multiple API versions.
- High availability: due to the highly flexible use of APIs, their unavailability becomes difficult to manage. Therefore, APIs must ensure maximum availability, 24/7, in case of unpredictable problems.
- Scalability: since APIs are used by various third parties, their usage volume soars dramatically. APIs should support automatic adjustment (without downtime) of available resources based on load capacity
Difficulties & Challenges
Open API is a new field in terms of both technical and legal aspects, not only in Vietnam but also worldwide. The challenges and difficulties of Open API deployment lie in technology as well as changes in awareness and legal frameworks. Successful implementation of legal frameworks for Open API will enable the Fintech community to provide new innovative services, meeting evolving customer needs and keeping pace with worldwide developments in banking service delivery.
Besides the legal frameworks, the adoption of OpenAPI in a business requires considerable investment in technology infrastructure and human resources.
Conclusion
Being a neighbor of China, an e-commerce giant with mobile money, QR payment, etc., Vietnam sees the need for its organizations to quickly integrate, share, and expand APIs is more urgent than ever. Companies that isolate themselves from this trend will expect a predictable future. The trend creates a driving force for digital transformation in businesses, which in turn makes them powerful in the future. OpenAPI brings Vietnam hope for the opening up of new fields in the financial and banking industry such as Open Banking, Open Finance or in society, Open Data. Thanks to the Open API interface, the banking system can connect and provide services to all entities of the economy, from the fintech and financial industries to retail and logistics service companies, and to all people.
Exclusive article by FPT IS Technology Expert
Nguyen Huu Dung
Senior Expert
FPT Information System Company