Leveraging Open API using API Gateway and Developer Portal

products versions - {API Gateway version: 10.11 and above, Developer Portal version: 10.11 and above}

Contents

Open API has been adopted by multiple banks worldwide with different drivers (either regulator or market), different maturity levels, different market take-ups, and different functionalities covered. Open API is however reshaping and providing transformative effect on the overall financial services. Open API has moved beyond compliance-only requirements and as well now addressing specific customer segment’s needs.

As its contribution toward worldwide Open API initiatives, Central Bank of Indonesia, as a sample country, has launched SNAP (Standar Nasional API Pembayaran) program in 2022 as a guidance to all banks operated inside the country. This is very much inline with the country’s emerging API adoption in which is very much regulatory-driven and the country banking ecosystem which is dominated by payment services and account-keeping solutions. The high-level business process guidance is packaged inside SNAP Developer site https://apidevportal.bi.go.id/snap/ for baseline practicality in API adoption by the banks.

The published SNAP guidance however is not on the implementable form, and will mandate each bank to improve accordingly by themselves to their specific business convention and their current core banking and API management layer. This may lead not only to the considerable time-to-market, but as well the dependency between specific banks using attributes that are not covered inside the baseline. Herewith is few samples of payments API proposed by Software AG Indonesia which has better granularity and more practical to be adopted by the banking customers using Software API Management platforms.

It is baselined with the general Design of Open API for payment comprises of Overview, Basics, Security & Access Controls, and Normative References.

Overview part describes the design principles that are common across all proposed APIs. Basics part explains the actors involved in the payment ecosystems including all structure conventions between them including Resource Path, Headers, Common Payload, HTTP Status Code, Idempotency, Message Signing. Security & Access Controls parts explains the security baseline adopted by the APIs including policy scopes and grant types, Resource owned and Consent authorization, Access token and refresh token. Normative References look at the standards underlying the APIs, including both Financial Services industry API standards i.e. Open Banking, ISO20022, Financial-grade API, as well as API technology standards i.e. HTTP, JSON, Swagger, OAuth 2.0, OpenID Connect, JWT.

It is elaborated further in the Specification of Open API for Payment according to four main APIs profiles i,e, (1) Confirmation of Funds, (2) Account and Transaction, (3) Payment Initiation, (4) Domestic Payment. The implementation properties each of profiles is then detailed including API Consents, API Endpoints, API Requests and Responses, including data dictionaries as well of each Requests and Response, how to filter the API bulk Requests or Response, and how to authorize, authenticate, re-authenticate the API consents.

Those API specifications are inline and realized with the actual API definition that are published to the adopter communities in the Developer Portal.

This samples of Open Payment API Design and Open Payment API Specification are not specific to Indonesian use case, but as well can be adopted in any banking customer around the world that using Software AG Integration Platform, API Gateway, and Developer Portal products. The customer can directly use the available API assets and neither necessarily develop everything from the scratch, which then might become a bias for uniformity, nor being worried about the security of the APIs as it is adopting the necessary measurement from Open Banking standards and has been designed as financial grade APIs (FAPI).

Attached are the design, specification, and screenshots of the Developer Portal. Any questions, suggestions, and improvements can be addressed further to Aryell.hutagalung@softwareag.com and Akhmad.makki@softwareag.com

Relevant resources

Developer_Portal_Screenshots_v1.pdf (1.1 MB)
(read) Open API Design proposed v1.pdf (770.1 KB)
(read) Open API Spec proposed v1.pdf (596.7 KB)

1 Like