Skip to content
A Sustainable Foundation for API Integration for Financial firms
Financial firms already know that APIs play a critical role in enabling improved customer experience and in establishing partnerships in the digital ecosystem. Many have ventured into API development to integrate with distribution partners, though they tend take the route of point-to-point integrations rather than establishing a foundation for API maturity. This traditional approach of building APIs for specific partners does achieve short-term business goals. However, jumping into individual integrations without a long-term strategy for the architecture plan, inevitably, contributes to technical complexity that extends timelines, increases cost, and impedes speed to market.
For those looking to build a digital ecosystem and integrate with a variety of partners—either now or into the future, there are two key questions to answer:
  • What are the critical capabilities of a sustainable API foundation?
  • How can I balance meeting immediate needs with a long-term plan to keep up with growth?
Drawing on our experience of helping Banks and lending institutions expand their digital ecosystem, this blog examines the critical capabilities to establish an API foundation that will meet both immediate and long-term business needs.

Critical Capabilities for an API Foundation

The financial ecosystem is changing. These days, you need to reach your customers on the channels they’re active on, or they simply won’t engage with you—or even know you exist. Distribution channels available to financial firms now include embedded finance, marketplaces, aggregators, Fintech players etc.
Regardless of which partner channel an firm is pursuing, and the functional capabilities involved, the technical capabilities needed to make the integration work are the same. These six technical capabilities constitute the API foundation and include:

API Gateway: An API gateway is central to the foundation for partner integration. It plays the vital role of gatekeeper and protects the flow of data between internal systems and external partners. Positioned between the client and the Service Registry, the gateway provides encryption and access control to ensure the carrier’s data is secured. It also enforces data security policies, which becomes even more critical as the ecosystem of partner grows.

API Management: As APIs are created to support partner integration, API management will be necessary to manage the full lifecycle of APIs in a secure, reliable, and scalable environment. This includes the steps of creating, versioning, documenting, testing, validating, securing, decommissioning, and controlling the APIs. Having API management will also facilitate access to the APIs published to support partner channel activities. For firms investing in growing revenue through distribution channels, API management helps speed up partner onboarding and scaling the distribution partner strategy.

Security: When opening up internal systems to external partners, security is paramount and must be baked into the system right from the start to protect the company’s data. Having layers of security will help encrypt data, verify authentication, and authorize access—safeguarding APIs from attacks. Firms can employ several methods of security, depending on the use case. All the methods can be enforced via an API Gateway.

API Service Registry: With the integration of each partner, the number of APIs created will grow. Having a place to track what APIs are created, how they are used and by whom, and how they are performing will help firms maximize the value of their effort. An API service registry stores all pertinent information on each API service, including host, port, node name, and any relevant metadata. It monitors performance and usage patterns of all services to ensure compliance with internal standards and best practices, as well as regulatory mandates. That allows internal teams to focus on innovation and optimization rather than on day-to-day governance issues.

Partner Access Management: Before integrating with a partner, it is good to clearly define the kind of access each partner would need to support the business functions. Partner access should be planned out from the point of onboarding so that API developers can build out the necessary capability and functionality. This includes enrolling the partners as users, granting permissions, viewing and managing transactions, and providing API keys to invoke an API securely. Partner access management is essential to help streamline the onboarding process so that carriers can quickly start leveraging the new partner channel to drive revenue.

Microservices Platform: For faster development of APIs, easy deployment, and flexibility in scaling API usage, a microservices platform is key. A microservices platform offers an infrastructure in which enterprise applications deploy features or functionalities as a collection of small, individual, well-defined services/APIs instead of drawing on large components used in monolithic application architecture. This technological freedom helps accelerate time-to-market for delivering on the services that support the partner channel.

Setting up these six technical capabilities help ensure a consistent way of deploying, exposing, securing, and managing APIs across internal and external partners.
While this may not seem critical when the partner strategy includes one or two partners, it becomes vital to the success of the company’s business growth when the ecosystem of partners expands. Having these foundational capabilities will establish a method to drive success to your partner strategy, not just for now, but well into the future.

Tips to Build an API Foundation of the Future

Most firms have already taken steps to build at least some of these technical capabilities but still fall short on utilizing the full potential of API platforms. Unfortunately, there’s no straight way to build the API foundation. To set it up successfully, firms need an apporach to building this foundation as well as a combination of toolsets based on the organization’s API maturity.
From our work helping Banking and Lending firms deliver on their distribution strategy, we’ve found that a framework to establish a strong API foundation includes three key elements:
  • An API management tool to make it easier for the team to design, build, manage and monitor APIs
  • Automation baked into the entire process to avoid any manual work required to expose the APIs
  • Monitoring of all activity to ensure there is no security breach
Focusing on these three elements will help you establish the operations needed to support the APIs that are being exposed, comply with required security measures, and integrate effectively with partners to successfully drive your distribution partner strategy.
OwlFinancial is devoted to helping financial firms achieve their API goals in the most efficient and sustainable way possible. We draw on our deep domain knowledge and technical expertise to enable organization to integrate with various digital channels, including third-party vendors, to set the stage for a well-architected platform aligned to support the rapidly changing demands for financial firms.

Recommended Posts

Join Us at the CUNA Operations & Member Experience Council and CUNA Technology Council Conference 2023!
ELFA Operations & Technology Conference and Exhibition
Press Release first article
Journey to Data Platform Modernization in Financial firms