BBVA API Market
One of the approaches adopted by the banks that are best positioned in this race to innovation is ‘open banking’, through which they open their platforms and application development interfaces to other companies that launch and exploit products with the data of customers who provide their authorization previously. This process completely alters the European banking business.
There is now no better instrument to implement open banking than the development of APIs for third parties through an open platform design.
Banks have the financial data of customers who have relied on their services and third party companies – startups, independent developers or other companies – can access these by launching APIs to provide alternative services to these same customers.
At BBVA, this access is channeled through the BBVA API_Market, within a test or sandbox environment and, finally, by the subscription to an API service. The fact that APIs are premium services does not prevent them from being open and available.
In the new ecosystem established by the PSD2, the European single payment market not only requires the entry of other players in the financial framework, but also requires a protocol standardization process.
If the opening up of banking institutions has to be organized through APIs, operating a single market will also require that application development interfaces be standardized: in other words, the same resources for developers and startups, regardless of which banks provide access to the data of customers who have provided their authorization through open platforms.
In this regard, a leading role is played by the decisions not imposed by the EBA or taken into consideration by the PSD2 and that are being made by the community of developers and, specifically, among financial sector professionals. Not only does this refer to APIs as vehicles to materialize PSD2 mandates, but also to the technical requirements of the APIs designed for this task.
The nomenclature, access and authentication protocols of bank APIs must be similar in all cases. Standardization provides an environment that can streamline change and value creation.
The entire standardization process of banking APIs appears to be founded essentially on two pillars: first, the design of REST APIs as the most efficient alternative, and second, establishing OAuth as the security protocol, where tokens are used for the authentication and access process.
REST APIs share truly simple definitions and nomenclatures, while obtaining data and using them to generate services through HTTP requests (POST – create -, GET read and query, PUT – edit – and DELETE – eliminate -) and in all the possible formats, whether XML or JSON.
OAuth is a framework for creating protocols used by companies such as Google, Facebook, Microsoft and Twitter that instead of working with an API code based on a username and password, uses an access token that is unique for each customer, allows them to interact with the API and is revoked instantly when it is violated without affecting the rest of the users of the same service. This is not possible with an access common to all.
If we go to ProgrammableWeb, the largest repository of APIs we will find that it currently holds more than 21,000 application development interfaces, many of which are directly or indirectly associated with the financial sector.
ProgrammableWeb has more of 2,500 financial APIs, more than 2,400 payment-related APIs, more than 700 APIs associated with bitcoins, approximately another 700 related to authentication processes, more than 500 related to credit cards, another 500 associated with banking as well as transactions, nearly another 400 intended for payment accounts, etc. Although it is true that several APIs coincide in the first two categories, this gives us an idea of the large volume of interfaces generated by the banking sector and ‘fintech’ and the real possibilities of business openings made available by an open model.
Open Future World is born with a clear vocation: to become a rallying point and meeting place for all players in the open banking ecosystem.
A new edition of the Secure Payments & ID Congress was held on November 17, an event dedicated to analyzing the current state of collection and payment services, authentication and identification processes, and fraud security and prevention.
Collaboration between BigTech and banking and financial industries has a long way to go, and what's more: it's one of the keys to the future that both sectors are heading for.