With the massive amount of digitization over last decade, API has been one of the most sought-after technologies across industries. Right from modernizing the tech architecture to digitizing customer experience, APIs are everywhere. While discussing about API, we have observed over last couple of years that organizations are taking API first approach with a focus on API led architecture as the primary steps liberated from any user interfaces. This approach has helped the tech leaders accelerate the development life cycle of every large and complex transformation programs. With the advent of API first strategy, even non-developers are equally owning up the progress of transformation by accessing the APIs from multiple service layers. In this article, I will highlight some of the key technology elements for API-first approach in BFSI and the principles that organizations can follow.
Key technology elements for API-First architecture in BFSI
API Management Layer
In this world of collaboration and strategic alliance, organizations need to build external ecosystem by externalizing their APIs. Components like API Gateway, publisher are the key enablers for democratizing APIs in a secured and controlled channel; in this layer API versioning, management, policies are taken care of.
API Presentation Layer
This is the layer where external/internal users explore the APIs. In API-first architecture, platforms like API developer portal and API analytics manager are the key components of the presentation layer. API end users are mostly developers or digital journey managers, for them API discovery is very critical for mapping the correct APIs with the journey. Also, once the discovery is done developers need to be onboard in the API gateway with subscription and credentials. Both these API discovery and onboarding are done via API developer portal. With the introduction of API-First approach, onboarding of API consumers has become seamless and frictionless.
API Enablement Layer
Through this layer design, definition and governance of API products are ensured. In API-first architecture modern tools like Swagger/RAML editors, Auto code generators, API Orchestrator etc. have been introduced to reduce the development timeline. Over the last couple of years number of APIs have been multiplied and that demands governance around uses and risk metrics of APIs. API-First led approach evolves an API Governance policy to manage the lifecycle, versioning, and regulatory nuances of any API product.
The virtue of API-First architecture is it does not expose the csore applications, all the necessary orchestration and business logics are built over middle layer and then expose via API gateway. This makes the core banking system less vulnerable to changes and modification.
Top 6 principles while designing an API Product in API-First architecture
|Click to enlarge|
Standardize practice to create and expose any API is important. Organizations are adopting this approach to create API conformance metrics for validating rules, policies before developing any API. In BFSI, Open API standard is already deployed to maintain a commonality in API definitions and contracts resulting to build a collaborative ecosystem.
Managing incremental growth in workload and managing new changes are the two basic approaches adopted in API-First design which API architects are using cache to cut redundant API responses and obtain the maximum performance of the processor application. Similarly, to handle new changes backward, compatibility and deprecations are introduced. This is affecting usability, availability, and vulnerability of the entire API paradigm of the organization.
The ever-increasing demand of availing financial services digitally has increased the need of a stable API ecosystem. Circuit Breaker, Rate limiting, and Back Pressure are the methods being used to increase the reliability of the APIs and manage overuse from any inadvertent sources. A significant drop in the number of Time out exceptions been observed post the adoption of API-First approach.
API-First approach ensures a well-maintained API catalog be available with all the necessary versioning of APIs. This reduces the propensity of having Zombie APIs inside ecosystem.
It is important to assure that the access and usage of the APIs are legitimate. In an API-First led ecosystem, the authorization, authentication and Data screening are done with multiple layers of security protocol. Most of the API gateways are equipped with features like advanced threat protection, customer’s API usage behavior tracking, DDOS prediction etc. Tokenized authentication is one of the widely adopted method of extending access over APIs.
Success metrics of any API led program is measured by the performance and health check monitoring of the entire API ecosystem. It ensures reduced revenue risks and capturing customer behavior for further analysis. Health check monitoring provides visibility into performance, resource availability and functional readiness.
Way forward: Rethinking BFSI with API-first Strategy
To conclude, introduction of API-first strategy ensures a healthy growth of BFSI sector by empowering a well scripted digital transformation program. By adopting this approach, organizations are reducing the stress and effort to drive any transformation program. It also provides a governance framework to maintain and develop any API products. With the advent of API-first strategy, banks have started productizing their APIs and the same is attracting new channels for incremental revenue. In last few years the significant growth in digital transactions from internal and external ecosystem indicates the value proposition of API-first approach in BFSI sector.
About the author
Abhijit Dey is currently the Vice President – Product Head API Banking at Axis Bank. He is an experienced Product Head with a demonstrated history of working in the BFSI sector. Abhijit is skilled in API management and API monetization and has created Open API framework for banks.
The opinions and insights shared in this article by Abhijit Dey are solely his own and are not representative of his employer on the concerned topic.