API Basics

What are API standards?

What are API standards?

API is an abbreviation for Application Programming Interface. As organizations around the world are opening up to partners and embracing data sharing via APIs, they’re finding that it is extremely useful to have a common technical language. API standards help streamline the exchange of information so that organizations can communicate at the speed of business.

In some cases, groups have worked to collectively set API standards; in others, large companies set a standard or several organizations join together to make their own industry standards.

And of course, there are governments around the world that mandate a set of standards, whether it’s to strengthen individual data ownership, modernize processes, improve privacy and consumer protections, or encourage competition.

So, let’s take a look at what APIs are and how they work to get a better understanding of what’s driving API standardization efforts.

What are APIs?

APIs are sets of tools that developers and programmers use to create software. An API essentially helps two different platforms talk to each other in an integrated way – without the need to manually go fetch information every time you need it.

With APIs, project teams don’t have to hand construct an integration using files, EDI documents, or other types of exchanges. A key differentiator is the self-serve nature of API: developers should be able to explore available APIs, browsing and learning about the parameters and usage patterns in a marketplace (either internal or public).

For example, when you buy a ticket online, you input your credit card information and details. APIs send the information to the company to transform the data into the final ticket. They interact in a fluid and rapid manner. Credit card companies have published APIs, and new payment services can use those APIs to create payment transactions without the need to build a custom integration. Importantly, the API sender must provide credentials for the API to be processed and a payment initiated or completed.

The ability to easily share user credentials and access rights between platforms is a key difference. Instead of sharing a static certificate to validate access, APIs allow us to share credentials across platforms.

In this example of buying a ticket, the online ticket agency might ask you if you want to use your Google or Facebook identity to login. If you say yes to Google, then Google asks you to confirm, and you don’t have to create new user ID for the ticketing application. APIs make integrations easier and they enable decisions in real-time – not coded into a static process.

We go into much more depth about what an API is and how they work, as well as real-life examples, here.

Building a more level playing field with API standards

Over the past decade, government bodies have begun focusing on how to facilitate interoperability through API standards. In Europe, the European Commission implemented API requirements for the Banking and Financial sectors, called Payment Services Directive 2 (PSD2). This is a set of rules that banks must adhere to in the use of APIs which aimed to create a more cohesive payments market and level the playing field between banks and fintechs.

Updated directives went live in 2019, intended to compel payment service companies to strengthen client authentication methods while also introducing new regulations around third-party engagement. These directives were designed for data protection.

In the United States, the 21st Century Cures act, signed into law in 2016, mandated new rules to open up healthcare. CMS published the first interoperability rule in May 2020 to require the use of Open APIs to access patient healthcare information. Since that time, additional regulations such as the Transparency in Coverage (price transparency) and the No Surprises Act added requirements to open up electronic access to pricing for healthcare services and to provide an estimate of the cost in advance.

These regulations have been embraced by many industry groups looking to accelerate FHIR® adoption, such as SMART on FHIR, the DaVinci Project, CAQH, and WEDI. These groups know that APIs hold the keys to transforming patient experience, from planning surgeries to follow up care to facilitating claims and payments. Today, many health plans and hospital systems have stood up the Patient Access API and are using OpenID Connect and FHIR APIs to comply with the Interoperability Rule.

With the multiplication of web and mobile apps being offered by health providers and other companies in the healthcare industry – not to mention the rise of IoT health devices, such as wearables that monitor heart rate or blood glucose – it is becoming necessary to standardize how this information is exchanged and protected.

It’s a process that is still ongoing – there is no single API standard for IoT, for example, but the FDA does regulate how data is exchanged with the government agency through its openFDA API. OpenFDA is an Elasticsearch-based API that serves public FDA data about drugs, devices, foods, and more.

Healthcare providers can use APIs to engage with patients to deliver vital information, improve patient support services, mitigate social determinants of health and work intelligently with partner providers, insurance companies, and government agencies. And banks and credit unions are finding innovative ways to serve their customers, while individuals gain new control over their personal financial data and wider access to fintechs. In short, many are using their data resources in new ways thanks to APIs.

API standards in different industries

Different industries require different sets of standards. Not all APIs are a one-size-fits-all model. What’s suitable for an insurance app may not cross over into a hospital’s patient portal.

Healthcare providers often need the same set of data (think of having to fill out the same forms each time you sit in a doctor’s waiting room), so it is especially useful to package up that data in a way that’s easily deciphered by other providers’ systems, such as when records are transferred.

This “one size does not fit all” approach to APIs is prompting the continued development of unique API standards for different industries. Let’s review a few of them.

Banking APIs

When it comes to the banking and fintech industry, the most important thing for consumers and the industry itself is security. API industry standards in this area revolve around the 2018 Revised Payment Service Directive (PSD2). This opened up the financial services market to developers, who could now use a bank’s open APIs to securely access a customer’s information with their permission.

There are a variety of technical API standards in use throughout European countries to comply with PSD2 directives, although a few major players include The Berlin Group and Open Banking UK.

In North America, API standards in the banking sector have been more market-driven with limited government regulation, and organizations such as the Financial Data Exchange (FDX) have stepped in to take on the challenge of creating a common API standard.

Today, the FDX API is used to share over 32 million consumer records across the North American financial ecosystem, and their membership includes most major US banks and fintechs.

In the Asia-Pacific region, we see a combination of market-led API adoption (such as in Singapore), soft open banking standards (such as in Japan), or government-driven, in Hong Kong for example.

Meanwhile, Australia has taken a slightly different route, centering its open banking standardization and regulation on the individual with its Consumer Data Right. The format and process for sharing CDR data is defined by the Data Standards Body (DSB), and while the law started out with standardizing banking and financial data, it plans to extend to other industries such as the energy sector next.

Again, the aim with all these standards is to provide interoperability for financial data sharing. Future and existing standards will likely evolve as time goes by and API adoption increases. In Europe, for example, there is already discussion around the next iteration, PSD3.

Read more about Open Banking, Open APIs, and PSD2.

Healthcare APIs

In healthcare, quick and easy access to information is critical. It can mean life or death, and it also make a big difference for patients who want more of a say in their care. If there’s a breach or a breakdown somewhere, the results could be serious.

Healthcare partners also have the added responsibility of HIPAA compliance: protecting and securing electronic records that are collected and reported around a patient’s health data. This very personal information (called PHI, Protected Health Information) has routinely been shared only between covered entities – meaning, those organizations responsible for administrative and clinical actions that are ‘covered’ by the HIPAA Privacy and Security Rule.

When patients asked for copies of their health records, they were only given paper documents or sometimes a thumb drive. Some healthcare organizations even charged patients for their own records.

After the introduction of the Interoperability Rule and Information Blocking portion of the 21st Century Cures Act, patients have the right to receive electronic copies of their health records. Importantly, patients can direct that their records are shared with a third-party application via Open FHIR® APIs.

FHIR® (Fast Healthcare Interoperability Resources) is an API-focused standard used to represent and exchange health information, and it is maintained by HL7® (Health Level 7), a standards development organization.

Industry giants such as Apple have adopted HL7’s FHIR® API standard to enable secure access to personal health information on iPhones, and major hospital systems and insurers have also put their weight behind it, making the standard widely-adopted and a necessity to comply with upcoming government regulation.

This API standard in healthcare opens the industry to data sharing and innovation while giving consumers more power to take charge of their health. API standards help to ensure that the information being shared is easily used by others (standardized data elements), secured with OpenID Connect and OAuth 2.0 identity and access controls, and with a standard definition for the API itself.

For example, the Patient Access API is well defined both in the standard and in implementation guides such as ones authored by the DaVinci group (also referenced in the CMS link).

APIs can help patients share data more easily with physicians for second opinions. The Transparency in Coverage rule and the No Surprises Act require practices, hospitals, and health plans to provide their patients with the prices of common services and even to provide an estimate of the cost of a procedure when requested.

These new regulations are truly transformative for patients in the United States – helping to protect them from unexpected, uncontrolled out-of-network charges and enabling more thoughtful care decisions.

Automotive APIs

The global automotive industry undoubtedly runs on EDI: the core of its supply chain is still based on asynchronous file transfers of structured messages, mainly between car manufacturers (OEMs), suppliers, and logistics service providers. In fact, many of the top players in this industry rely on the Axway B2B Integration platform to do so.

At the same time, it’s becoming clear that a bridge between APIs and the classic EDI world is necessary to respond to modern demands. Seeking greater supply chain transparency and agility, many automotive vendors started implementing ad-hoc API-based solutions.

Major OEMs and first tier suppliers quickly realized they needed a common standard as incompatibility issues arose. This API standard is still in the process of development, but these major actors asked the automotive standardization body, ODETTE, to develop a pilot recommendation using OpenAPI to specify the process interactions between different supply chain participants.

The resulting recommendation enhances existing EDI standards with new API-driven status messages, using APIs to create an adjacent visibility platform for all of the relevant supply chain transactions. We can expect more to come as the standards body and industry players work together.

Automotive manufacturers are already using APIs to deliver innovative cabin experiences and to interact with digital services. A wide variety of new cars and trucks now offer ‘Wifi hotspots’ to enable passengers to work and play with digital devices, and there are many more opportunities to deliver new experiences in automobiles, from maintenance to movies.

Why are API standards necessary?

API industry standards set the benchmark for best practices, conventions that developers should follow, and all-around standards that should be adhered to with APIs. Having API industry standards in place is beneficial as a guide for all users.  Standards enable partners to quickly and easily consume APIs. Standards accelerate ecosystem development.  With industry standards organizations can quickly capitalize on success – build one connection and reuse many times.

In order for an API to deliver and reach an audience, it needs to be available externally – in a format that makes sense outside of the organization. And the more a company can drive their API’s adoption, the better they’ll be able to monetize it and grow revenue.

Whether it’s industry-driven or regulatory-driven, organizations around the world have adopted certain common API standards, which will likely continue to evolve with the needs of the business. Companies will adopt new standards at their own pace, but having them in place sets a roadmap for others to follow.

Axway is an experienced guide

If you’re having trouble keeping up with the ever-changing landscape of the IT world, let Axway help. Whether you need support building your FHIR API program to reach U.S. interoperability goals or are looking to comply with PSD2 regulations to open up to new fintechs, Axway has been there.

The top 3 pharma companies, 9 of the top 20 of Fortune’s largest U.S. healthcare companies, and 60% of the world’s largest banks trust Axway. And Axway is actively involved in helping to set standards and shape the future of open banking APIs.

The open approach of our Amplify Platform for universal API management means you can support any API standard – like Brazil Open Banking, FHIR®, or FDX – while ensuring that APIs are developed in compliance with your overall governance and security policies.  Most importantly, API consumption accelerates innovation and reduces development costs.

Axway believes securely opening up data via APIs can dramatically improve the patient experience, give consumers greater financial control in their own lives, enable smoother global supply chains, and improve customer experiences in ways we have yet to discover.

From consulting services, training, and certifications to the transformative API expertise of our elite team of Catalysts, let us offer industry-specific experience to help you get the most value out of your APIs.

Read more about the importance of openness and interoperability in getting the most out of your integration platform.