The basics of banking APIs

Table of Contents

• Introduction
• What is an API in banking?
• What is an API in open banking?
• How does open banking work?
• How to use an API in banking
• How to connect to a bank using an API
• Open banking API use cases
• Data privacy & open banking
• How can businesses balance open banking capabilities and protecting customer data
• 5 API trends for banks in 2024

Introduction

“You’ve got to start with the customer experience and work backwards to the technology.” Steve Jobs’ comment captures the transformation being heralded by banking APIs. Banks are competing to gain customer attention by offering superior experiences, and the growth of neobanks has turned APIs into a banking buzzword. 

What is an API in banking?

An application programming interface (API) is a set of routines, protocols and tools to connect software applications. With APIs in finance and banking, developers construct a more open architecture in two ways: offering a bank’s services to third-party companies; and improving a bank’s internal operations.

Consider searching for flights on a travel aggregator’s website. Each time the search button is pressed, the aggregator uses APIs to connect with multiple airline companies and retrieve the required data. Similarly, by using APIs in banking, financial institutions can develop a system that interacts directly with external applications.

What is an API in open banking? 

APIs let third-party providers, such as a fintech company providing payment initiation or account aggregation services, access consumer-permissioned financial data held by other parties. By acting as a bridge between financial institutions and approved third-party providers, APIs let customers securely share account data for greater control over their finances through customized products and services.

How does open banking work? 

Personal financial management (PFM) apps are a helpful example to explain how open banking works. They provide the user a consolidated view of their finances in one place to track spending, investments and credit scores. The aggregation of financial data is made possible by open banking APIs, which allow the secure and seamless exchange of information between financial institutions and third-party providers.

Open banking APIs can be divided into two categories:

• Read APIs offer read-only access to account information, balances and transaction history while enabling third parties to list financial products, rates and conditions on comparison websites.
• Write APIs enable fund transfers for payment initiation services, which may be automated if desired.

How to use an API in banking

Using an API in banking involves integration with a financial institution's proprietary systems to enable streamlined access to its suite of products, services and information. A typical approach would include:

• Following API documentation on topics such as endpoints, authentication methods, request and response formats and rate limits
• User authentication
• API integration between banks and third parties
• Handling responses returned by the API
• Testing and security checks 
• Regulatory compliance
• Scalability for futureproofing and efficiencies
• Customer support

How to connect to a bank using an API

In addition to private APIs for internal use, there are two main options:

1. Partner API (one-to-one)
   These are direct connections between banks and third-party providers that require authorization for access. Partner APIs generally offer solutions to the customers of one bank rather than the overall public. 
2. Open API (many-to-many)
   Open APIs can be accessed by the public, regardless of whether they are customers of the API provider. They enable a fintech service to connect with multiple financial institutions and offer customers various options.

Open banking API use cases

Open banking APIs support various use cases, which may include among others:

1. Account-to-account payments

• Peer-to-merchant (P2M) payments such as recurring payments, loan repayments and QR code payments.
• B2C transactions such as refunds for online transactions.
• Peer-to-peer (P2P) payments between individuals.
• Establishing mandates for direct debits, such as for an investment plan.

2. Personal financial management (PFM)

• Helping users set and track goals, monitor their spending habits, split bills, manage subscriptions and budget.
• Account aggregation for a consolidated view of all accounts in one place.

3. Account opening and onboarding
   Open banking APIs facilitate know-your customer (KYC) verifications to streamline account opening and reduce abandonment rates. Open banking permits faster flow of customer-permissioned bank data, which may include personally identifiable information and credit history.
4. Underwriting and verification for lending
   Open banking APIs allow financial institutions to quickly approve credit applications by offering an applicant’s credit history in addition to any credit bureau data. Prior to open banking, credit applications involved the cumbersome manual retrieval of various documents. 

Data privacy & open banking

As with any digital technology, open banking requires stringent security, risk and compliance measures to protect consumers and businesses. Regulations differ across regions and additional restrictions may also apply to how open banking data can be used. These can sometimes go beyond the normal data protection laws. Credential-free APIs can help in the management of the data by giving banks greater control and enable them to share only the necessary data. They are more secure than screen scraping, which involves a customer providing credentials to a third party to log in on their behalf and retrieve data.

How can businesses balance open banking capabilities and protecting customer data? 

It is important to ensure open banking data is only used when permitted by law. This means considering any regional privacy laws and where applicable, open banking laws.

Both the data provider and the data recipient must ensure robust security measures, such as:

• Authorizing third-party data access only where there is a clear legal ground for doing so, such as through clear and well-informed consumer consent.
• Compliance with data protection laws by all parties accessing personal information.
• Ensuring consumers understand their right to request the deletion of their personally identifiable information (“right to be forgotten”). 
• Implementing other measures like multi-factor authentication, data encryption, API security access controls, regular security assessments and third-party risk management.

5 API trends for banks in 2024

Trend 1: Regulation of open banking

The US is joining the growing list of countries with regulation to support open banking through the Consumer Financial Protection Bureau’s proposed rule to implement section 1033 of the Dodd-Frank Act in 2024.

Trend 2: Hyper personalization through open banking

Open banking APIs enable consumers to securely share their financial data with third-party providers for hyper-personalized products and services.

Trend 3: Blockchain integration

Smart contracts, which self-execute agreements on a blockchain between parties, powered by APIs can automate and streamline financial transactions.

Trend 4: Biometric authentication

Banking APIs can facilitate the use of biometric identifiers, such as fingerprints or facial scans, to authenticate user identities during transactions or when accessing accounts for enhanced security and customer experiences.

Trend 5: Cross-industry collaboration

Banking APIs can enable cross-industry collaboration, such as a healthcare platform and a fintech application letting users seamlessly manage their medical expenses and associated financial transactions.

Learn more about open banking in the United States, Europe and Latin America.