Apigee's Top API Editorials of 2018

Apigee experts published dozens of editorials in 2018 to help developers, IT architects, and business leaders understand how to maximize the value of APIs and keep pace with constant technological change.

With literally quadrillions of daily API calls connecting apps, data, and systems throughout the world, 2018 saw APIs reassert their position at the center of almost every digital use case. Though APIs are not a new concept, the ways in which organizations leverage them continue to expand, from APIs used within the enterprise to manage microservices and enable faster and more agile development methodologies to monetized APIs used to open new business models and expand an enterprise’s digital capabilities to new partners.

Here are some of our top articles from 2018, organized by some of the year’s biggest themes. Thank you to all of our readers, and stay tuned for more in 2019!


APIs are crucial to the automated connecting of data, applications, and systems—and when companies make automation easier for partners and customers, they often inadvertently make it easier for bad actors, too. Several organizations and their customers suffered through high-profile data breaches in 2018 thanks to API security lapses—which is why we dedicated several articles to helping enterprises make their APIs more secure. Some of our top security articles include:

Managing APIs as products

2018 saw more enterprise leaders recognize that APIs are not just an integration technology but also software products that help developers to more quickly and easily leverage and reuse digital assets. Enterprises should apply full lifecycle management and a customer-centric mindset to their API efforts. Some of the articles we wrote to help include:

Digital transformation, IT modernization, and digital ecosystem best practices

The digital economy moves faster than many legacy businesses are used to—and the constant change has meant that to compete, enterprises that lack API expertise have had to get up to speed quickly. From exploring why both external-facing and internal-facing APIs should be managed as products to detailing how to plan effective ecosystem participation and API monetization, we looked at many aspects of the digital transformation puzzle:


Because of the speed, scale, and agility they promise, microservices-based architectures continued in 2018 to be one of enterprise IT’s hottest topics. But despite the enthusiasm, microservices remain complicated to manage. To understand why APIs are an important part of the mix, check out Demystifying Microservices by Ruth Gantly in APIs and Digital Transformation.

APIs and banking

With new open banking requirements unrolling across many regions and fintech startups gaining traction around the world, 2018 was a disruptive year for bankers. From satisfying regulations to innovating faster and adding new ecosystem partners, APIs play vital roles in helping financial institutions to debut and iterate new services and helping legacy banks to compete in an increasingly fast-moving market. Some of our top banking articles from 2018 include:

Allied Irish Bank: Building Digital Foundations with APIs

Allied Irish Bank (AIB) is a leader among European banks in meeting requirements of the new EU open banking regulations, thanks in large part to its visionary API team. We spoke with AIB’s Niall Buckley, Head of Digital Ecosystems, Ivan Jennings, Program Delivery Manager, and John Daly, Digital Development Manager, about how they’re using APIs to lay the digital foundation for current and future bank products and services.

How do your roles at AIB relate to APIs and the Apigee platform?

Niall: As Head of Digital Ecosystems for AIB I have business ownership for our new API channel, and within that everything that’s going on in the regulatory space in terms of open banking. So, I'm responsible for keeping us compliant from a regulatory perspective, and the strategic direction in establishing an ecosystem with digital partners and using our API channel as the tool to do that.

John: As the Digital Development Manager for AIB, I look after the Apigee API management platform and am also responsible for the development of microservices and digital strategy. I’m very much involved in the technical design and development of the APIs and the microservices behind them.

Ivan: As the API Delivery Manager I oversee the delivery of programs leveraging digital technologies like APIs and microservices. I work very closely with John's engineering team to build out those programs.

How does AIB use Apigee?

John: The EU’s open banking regulatory deadline required us to expose APIs by January 2017, so that really drove our initial adoption of Apigee. Now we’re using it for developer app onboarding so that third parties who are regulated entities can register themselves and their apps. We also use Apigee to do authentication and authorization of those apps. The third parties use the developer portal to view our API documentation and to self-register and then they communicate to AIB through Apigee. We're using Apigee in the cloud, but all the service calls get routed into on-premises software where we host the microservices that effectively service the APIs.

What kinds of microservices are we talking about?

John: The initial batch is around account information services, like showing balances, viewing transactions, viewing standing orders, viewing direct debits of particular accounts that you may have as a customer with the bank. You can also grant access to third-party applications to view these. We also offer the opportunity to initiate payments from your accounts. Both of these arose from European-wide regulation that banks had to expose candid information and payments services to third parties. So that's what we started with, and that's what we have live at the moment.

How do the EU open banking regulatory requirements figure into your API strategy?

John: Before we had to consider the deadline for meeting the open banking requirements, we had a digital strategy in place that was API-led and embraced a sort of outside-in thinking. Our goal was to make it simpler and easier to consume our own services in-house. Of course, our initial strategy had one eye on the regulation, but we always viewed it as a strategic opportunity to move into the API world rather than a burden. So, we've focused on the regulation because that's the program that has the resources, but there's a lot we already wanted to do in the API space. Our current focus is on changing our own channels so that we can consume APIs via Apigee—using our own APIs as customers as well as providing them to third parties.

Niall: AIB Group has four different brands; AIB bank and the Educational Building Society in Ireland, First Trust Bank in Northern Ireland, and AIB GB which is a boutique business bank in Great Britain. We've only opened the API channel in the UK since the open banking legislation regulation effectively became active there in January. We have 15 third parties that have all connected to our API channel in the UK and we're very shortly going to open our API channel in Ireland as well.

What’s been the reaction from the AIB ecosystem to interacting with AIB’s Apigee platform?

Ivan: The reaction internally to the platform has been really positive because it’s quite easy to use. We made an effort with the user interface and tried to ensure that the content is relevant, so it was nice to get some positive feedback. The primary use cases up until now have been regulatory, but we are starting to see more and more use cases coming from across the bank for commercial propositions seeking to leverage the platform.

What lies ahead for your API program?

John: We’re looking at some other types of information that we may be able to productize. For example, we may be able to have an identity-as-a-service type functionality where we offer customers a login with an ID for third-party financial services. There are several things that banks can't offer customers that may be useful to certain third parties. It’s also important to note that the open banking rules don’t allow charging the third parties or the customer for using the APIs.

We're looking at whether we have information that customers would benefit from being allowed to easily share with a third party, but also the third party would benefit from not having to do themselves. For example, compliance with the Criminal Justice Act and those sorts of things that can be a pinch point for customers, but once it's done perhaps, we could attest to that sort of thing. We are looking at other ways that we could potentially provide a service that a third party would be willing to pay for.

I guess that the nice thing about what we've done so far is that we have the API rails now that we have Apigee in place. We have the patterns defined and we have the means to get APIs delivered quickly, which we didn't have this time last year.

Does Apigee’s monetization feature figure in AIB’s strategy?

Niall: Yes and no. I suppose the reality right now is that this is early days for banking across Europe in terms of how banks go about monetizing API capabilities. There are a lot of options as to how we could approach things. We’re taking the view that we want to focus on productization rather than monetization to promote usage. Maybe we offer APIs for free, but we can work with potential partners on what I call future credit opportunities. As a bank we rely heavily on interest income and we do want to expand and diversify our income beyond that. We’re looking at propositions where we could provide API capabilities that allow us to extend our credit product placement into other marketplaces where we might not be present at the moment. That actually could be the commercial angle on it.

In terms of the monetization capabilities with Apigee, the benefit to us is the fact that it has this flexibility that helps ensure whatever business model we come up with - making API products, turning them into packages, having rate plans against them – we can feel confident, especially given all the flexibility and variability that we can then implement and configure services. As we make our journey and try new things, I know that we have the base capability and the products to allow us to do what we want.

AIB is a financial services group operating predominantly in the Republic of Ireland and the UK, providing a comprehensive range of services to personal, business, and corporate customers.


Afinis: Advancing Financial Services Through API Standardization

Editor’s note: Today we hear from George Throckmorton, managing director, Advanced Payment Solutions at NACHA, who's responsible for leading Afinis Interoperable Standards. Under the NACHA umbrella, Afinis is a membership-based standards organization that brings together diverse collaborators to develop implementable, interoperable, and portable standards across operating environments and platforms. Learn how Afinis uses Apigee to help it produce standardized APIs for the financial services industry.

In the spring of 2017, NACHA (formerly the National Automated Clearing House Association) launched the Payments Innovation Alliance API Standardization Industry Group, which sought to create APIs and educate the financial services industry on the importance of API standardization. What we quickly realized was that in order to be effective and move the needle on standardization, we needed a more formal structure that would enable consensus-led governance, intelligent innovation, and international collaboration. Hence, Afinis was born and launched in September 2018.  

Although we were aware of other efforts to do something similar, typically they're driven by a single party with the viewpoint of, “Well, we've created the standard. Now everybody come and use our standard.” That’s completely opposite to what we know works. For the industry to embrace and to adopt standards, they have to feel like they have a voice. And so Afinis is very much an organization where all our members have a say about which APIs will be created, what the governance and lifecycle of the APIs will be, and what the other specifications should look like.

Supporting collaboration

To help ensure members are heard and to support collaboration, the group recognized the need for a platform to facilitate this and support hosting and promotion of the APIs. The Apigee platform was an ideal fit. Its connection with Google provided credibility, value, and consistency, as many API efforts leverage the Apigee software providing a consistent experience for our members who may leverage other similar platforms. And with the platform, we had the capability of hosting and testing the APIs to support the ultimate goal of standardization.  

Setting industry standards

At the heart of the Afinis story is the standardization of APIs. Most companies today can develop and use APIs., but when it came to the standardization effort, there was no true leader in this space. We decided to take on the challenge and focus on efficiency, safety, and security for users of APIs–from developers down to end user clients who might not even be aware that they're on the other end of an API call. By focusing on efficiency, safety, and security, we can pave the way for industry costs savings, new innovations, and scalability.

Take, for instance, the benefit of scalability. Think about a business-to-consumer company that has written an API specification and is doing something great with that API. To implement that with many different partner companies, each with different processes and programs, is overwhelming. It’s essentially a new and unique implementation with each partner company. That’s not efficient. And this is where standardization really comes in to play, and that's what we're trying to tackle.

Democratizing innovation

When we create an API product like the Afinis Account Validation API, it’s not only available to our membership, it's available to the world. Our APIs are free to use, with the idea being that in creating the standard we offer something that developers have enough confidence in that they will want to build with it. We offer documentation and testing capabilities through the Apigee platform, and this is where we want our developer community to come and discover these APIs.

We have a prioritization process at Afinis that enables us to gain a clear understanding of what the demand is among our members and the industry at large. If there's not a high level of demand and commitment from the industry to test or implement APIs, they won’t be adopted. What we look for are organizations that say, "If you create a standard that solves this particular issue, then we are willing to adopt it, or at least test it."

The API focus

Our prioritization process leverages the agile development method, and program increment (PI) planning sessions are used to determine API priorities. We share these with the entire Afinis membership to ensure a level of consensus and viability of adoption. Detailed feedback and input from members and the industry at large showed us that we should be focusing on corporate APIs.

We started looking at how corporations interface with their banks and what types of APIs can facilitate that. From this, we developed an API standard for account validation, one of the API products currently available for public testing. This API is valuable to all kinds of entities that need to validate accounts quickly for payments.

Another API we're working on is payment origination. Typically, when companies initiate a payment with their bank it goes into a batch process. In this model, a company will accrue payments during business hours and then send them all together to the bank at the end of the day. At that point the bank will confirm receipt and process the payments.

But what we’ve found is that as the industry is modernizing, and payments are getting faster, an API can provide this same functionality in real time. In the API model, the bank is always listening, and taking payment instructions as they come in during the day. This is a win-win, as there are no new processes to implement for companies, but their customers are gaining the benefit real-time payments. And since the API will be a standard, it doesn’t matter if a company banks with one institution or five–the APIs work with all of them.

Keeping up momentum

In Q4 2018, we will be working to launch the payment origination API, as well as two other business-to-business-focused APIs. We expect to keep creating and releasing new APIs to serve the needs of our members and the payments industry at large—and being able to do so through the Apigee platform. We’re pleased with the relationship we’ve built with Apigee—not just as a vendor but as a partner. With the continued support we get from Apigee and Google, we expect to continue to support the industry with standardized APIs, which ultimately will result in better experiences for everyone.

Pakistan’s JS Bank Chooses Apigee for Digital Banking

An important part of our mission at JS Bank is to provide a wide range of innovative and high-quality banking products and services to our customers. We aim to deliver these products and services through a variety of channels, and, to do so, we believe that JS Bank must engage with the financial services developer community and become a digital bank.

That’s why we’re pleased to announce that Apigee will provide the API management platform to enable this transformation.

Apigee is a proven cutting-edge platform, which will enable us to offer banking APIs in a very agile environment to keep up with the pace of fintech development globally, and especially in Pakistan. This initiative will certainly accelerate our fintech collaboration strategy and enable us to engage with the developer community for the first time.

We’d also like to thank Abacus Consulting, the Apigee partner that will help implement the solution at JS Bank. Read more about Apigee, JS Bank, and Abacus in this press release

Khurram Shaikh is chief digital officer of JS Bank, which is based in Sindh, Pakistan. JS Bank operates 323 branches in 161 cities, and one international branch.


What Bankers Can Learn From AI Assistants

Why a series of mobile experience projects doesn't constitute a digital strategy

As PSD2 is set to open data sharing between banks and third parties, banking and fintech professionals should heed this warning: Don’t confuse digitization with digital strategy. You need to build mobile apps and digital experiences for your customers. They expect it, so you should deliver. But a series of mobile experience projects doesn’t constitute a digital strategy.

To appreciate the difference, we’ll look at a topic outside of banking and fintech—AI (artificial intelligence) assistants.

It’s easy to assume that most of us have experience with a major AI assistant, such as Siri, Alexa, or Google Assistant. It’s increasingly difficult to guess which devices any of us use to interact with these assistants, however, given that they’ve spread from smartphones, tablets, and computers to a growing array of traditionally “dumb,” unconnected devices, such as speakers and televisions.

The variety doesn’t stop there. Even within a single device, many assistants integrate with a wide range of both first and third-party apps, causing the assistants to function less as one-off resources than as guides in a cohesive ecosystem. For bankers, this diversity and extensibility of apps and devices is a salient point.

The virtuous platform cycle

Putting an AI assistant into just a speaker or any single product is analogous to a single great banking app: it’s valuable, but may not be a digital strategy in and of itself. Rather, the digital strategy is baked into the service and its overall business model, which is then distributed by the ecosystems built around these assistants—ecosystems that leverage APIs to expand assistants’ capabilities and integrate them into new products and services.

And these assistants are just the newest iteration of this virtuous platform cycle. Decades ago, Microsoft Windows enabled developers to build applications that made computers more useful. This triggered a virtuous cycle in which more computers ran Windows, more developers built applications for the Windows installed base, better and cheaper computers hit the market as the installed base grew, economies of scale improved, and so on.

Apple’s iOS and Google’s Android represent similar virtuous cycles between developers and platforms. Ditto for Facebook, which brokers users’ interests and attention with advertisers. Or Google Maps, which enables thousands of mapping applications, or Uber, which creates a new ecosystem around delivery and logistics, or Nike+ for fitness tracking. The examples go on.

What do all of these virtuous platform cycles have in common beyond their shared platform mentality? They’ve executed their platforms in part by by opening their systems via APIs and enabling developers to build new and interesting experiences that rapidly expand the user base into many niches they might otherwise not have acquired.

They’ve set up a business for third parties, giving them ways to differentiate or monetize. They’ve used those third-party applications to make the platform more valuable by reinvesting data from user interactions or simply expanding the depth of functionality attached to their services.

For bankers who follow this model, it may well be the difference between providing decent online experiences that customers intermittently use and building an omnipresent model that not only integrates into customers’ daily routines, but does so intelligently with real-time data analysis.

The banking platform model

So the big question is, what is the digital banking platform model? Which bank or fintech can successfully execute a platform strategy? Will an established aggregator evolve its model to fully become the BankOS for retail customers? Or will a “new challenger bank” revolutionize the experience and data access?

These questions should be intensely important to bank executives, as platforms that achieve the virtuous cycle can end up being “nuclear weapons” for competitors in their markets, with all but two or three competitors squeezed out over time.

I don’t know all the answers but history and intuition tell me the companies who find the right recipe will likely follow these steps:

  • Build digital experiences with APIs. Development teams should expose their data and functionality through APIs.  Make those APIs externalizable and self-service from the start, even if you don’t think you’ll ever expose them to third parties.  
  • Identify your most valuable systems. Identify the systems that define you as a company (and likely define your industry). Prioritize building APIs for these systems and start shopping them to partners. The APIs can be invitation-only but the process of productizing those APIs and taking them to market with partners can be hugely educational for your company. There is no way to learn to swim by standing on the shore. You have to get wet.  
  • Understand that business leaders should be involved in the productization of APIs from the beginning. This is not an IT-only effort.  You may need to reorganize some teams, and you’ll likely need a different funding model for this than the other twenty IT projects you are currently running.  

Don’t become a cautionary tale

It wasn’t too long ago that Netflix, Amazon, Uber, AirBnb, and many others were seen as too small to challenge industry incumbents. Modern AI assistants hit the scene only a few years ago, and they are already in a virtuous cycle as voice controls for not only mobile devices but also, increasingly, the connected home.

This could very well become the story for tiny fintechs and upstart banks that might look too small to compete right now. Its quite easy for a bank executive to dismiss all the “noise” about platforms and APIs because there have traditionally been very wide moats around banks. That mentality could be a mistake.

Image: Flickr Creative Commons/Ofer Deshe

To Branch or Not to Branch? That Is the (Wrong) Question

For years, financial services analysts have wondered whether branch banks are wheezing their dying breaths.

It’s easy to see why. Industry services have expanded beyond physical branches since the 1960s, when ATMs kicked off a trend toward increased automation. The advent of online and mobile banking accelerated this trend dramatically.

As the industry’s transactional aspects shift to more automated channels, the cost of servicing customers drops fast. Thanks to this efficiency, many financial service leaders pose this question: Do branches remain necessary, let alone relevant?

In the U.S., for example, approximately 5 percent of branches have shuttered over the past few years. In the U.K., more than 600 branches have closed in the past year alone. Now we even see the rise of mobile-only institutions such as Starling Bank (where the only way to access accounts is via a mobile app).

With the ubiquity of mobile phones in virtually every pocket, and mobile’s superior cost economics, it would seem the days of the neighborhood branch are numbered.

But are they? 

To learn more, read the full article in BAI Banking Strategies.

Image: The Noun Project / Aha-Soft

ABN AMRO: Banking with Golden Building Blocks

Golden building blocks.

It’s hardly a label one would expect a banker to apply to a regulatory compliance solution.

But it’s how Koen Adolfs, ABN AMRO’s API banking product owner, describes APIs.

The Netherlands-based bank, like other financial institutions in Europe, must comply by January 2018 with PSD2, which mandates that banks provide open access to customer, transaction, and payment information via APIs.

”PSD2 was the trigger,” Adolfs said during a conversation at our recent Adapt or Die World Tour stop in London. “But then quite soon after that we looked at the opportunity beyond PSD2 compliance and found that we could improve customer interactions and gain new business models because of open APIs.”

APIs help the bank simplify interactions with its legacy systems, making it easier for internal and external developer alike to use ABN AMRO’s data to build new customer experiences. In fact, the bank has been using APIs for 15 years—but not necessarily for opening up its services to external innovation.

“We came from the branches and went to digital with internet and mobile, but all those are based on quite some old systems,” Adolfs said. “We need to speed up to compete with the big tech and the fintechs, or cooperate with them.”

ABN AMRO has already seen some success with a service it has exposed via APIs, called Gradefix. Introduced as a pilot program in November, it uses transaction data to analyze and assess risk for clients.

Looking ahead, Adolfs sees three opportunities that open up with an API platform: the creation of new customer experiences, easier innovation and interaction with fintechs, and the creation of new business models.

“We are at the start of a journey with APIs.”

How PSD2 Changes the Banking Game

Turning disruption into competitive advantage

It's not every day that regulatory change presents an opportunity to change the game on your competitors.

PSD2, the European Commission’s directive on payment services that requires financial institutions to provide third-party access to account information via APIs, can be seen as yet another of the many compliance hurdles that banks have to clear, raising costs even more.

With that mindset, it could certainly be tempting to relegate PSD2 to the compliance officer and treat it as regulatory risk. What a huge mistake.

No "dumb pipes" at Nationwide

As Nationwide chief technology officer Simon Hamilton said during our PSD2 & Open Banking Summit in London last week, it’s time to accept that banks will have less control over how customer account information is accessed.

“This will be game-changing,” Hamilton said. There’s a natural concern that banks will become “the dumb pipes,” he said, but there’s a way to embrace PSD2 as a catalyst for innovation: by creating a compelling digital banking experience, Hamilton said.

From regulatory disruption to new business models

In other industries, disruption on the regulatory front has generated winning patterns at some enterprises.

At the height of electric power deregulation, for example, the most dynamic energy companies held weekly executive scrums with their business development “A Teams,” which were well-funded and tasked with experimenting with different models and pilot programs.

The singular focus was on finding courses of action that would create competitive advantage, while also modeling potential downsides and developing hedging strategies.

In many cases, this approach resulted in entirely new lines of business for such enterprises, while those that stayed with the status quo ended up arguing over shrinking slices of the pie for another decade.

Implementation isn’t transformation

As Javier Santamaria, chairman of the European Payments Council, said during our Open Banking summit, simply implementing an API will not transform a bank. It takes much more.

“It’s attitude … it’s whether you are exploring new businesses and new models; whether you are creating new value for customers; whether you are producing new services to old and new customers,” said Santamaria, who is also a senior vice president at Banco Santander, the largest bank in Europe. “That’s not because you just implemented the API, not just that you complied … it’s a mindset shift that you need to carry out."

During the summit, consultant and author Paul Rohan posited that it’s critical for banks to appoint a permanent team tasked with moving the institution into the API economy, and evangelizing the importance of APIs as a business strategy—not just a new compliance mandate or technology change.

With PSD2 on the near horizon, it’s time for banks to do their own testing, quickly pop up some APIs, run hackathons, and engage with partners, fintechs, and customers to plot and test some business scenarios, to tweak what worked and throw away what didn't.

Someone will find new value and figure out savvy ways to monetize it. It might as well be you.

Sign up for a free, 60-day trial of Apigee Open Banking APIx, which offers pre-built banking APIs, an open banking developer portal, and security tools.

Eight Ways the Digital Financial Services Market Will Shift in 2016

Webcast replay

Eight major digital shifts will rock the financial services industry in 2016 and APIs will be front and center. It’s a critical time for financial services enterprises to get insight into what lies ahead, in terms of their customers’ expectations and the competition.

Forrester's Peter Wannemacher and Apigee's Brian Pagano discussed:

  • how APIs open new business opportunities
  • how digital financial services will evolve in 2016
  • how digital teams can prepare to meet new challenges


Health and Wellness: The Next Digital Frontier?

Smartphones and apps are changing how we stay healthy

If there isn’t “an app for that”—whatever “that” might be—there probably will be soon.

This is one way to sum up the implications of our third-annual Digital Impact Survey of smartphone-owning adults in the U.S.

Since 2013, the number of people overall who own these devices has increased, climbing from 55 percent to 68 percent of the adult population: 171 million people own smartphones. If we focus on the the key age range of 18-29, the centrality of digital to work, play, and commerce becomes even more clear: according to the Pew Research Center, 86% now own a smartphone.

Our latest Digital Impact Survey, detailed and analyzed in the new report “Digital is Destiny,” strongly supports the notion that digital technology has transformed how we bank and how we shop, even more deeply and broadly than before.

But what’s next? Our research uncovered data that suggests how we manage our health and wellness will soon be transformed by smartphones and apps.

Since our first survey in 2013, more than 42 million additional Americans now report that smartphones and apps have changed the way they manage their health and wellness. This represents a 70% increase in adoption.

Consumers are telling us that they have embraced “digital as their destiny” as shoppers, savers, decision-makers, and, increasingly, healthy and fit individuals. Our report offers insight into how and why “Digital is Destiny” for every company who wants to win their business and loyalty.

Download the new Apigee Institute report, and check out the short video summing up the findings: