A Rating System For Banking API

We are working with our partner APImetrics to develop a rating system for banking API in the UK, France, US, and beyond. We are working to map out the landscape of banks, documenting which have APIs, and are complying with regulation, or in the case of the United States, just taking the lead on providing high value banking APIs to the industry. While we are mapping out the industry, we are realizing it is going to be important to not just understand which banks have APIs, but also which banking APIs are supported, and meet a certain quality of service. Encouraging us to get to work on a rating system for banking API, so we can better understand the landscape.

As we’ve discussed before, we are beginning with the basics, setting the low bar for banks:

– Does a bank have a public API program?
– Is the public API program have its own dedicated subdomain?
– Is the public API program primarily published using a 3rd party service?

Then we are taking a snapshot of the overall presence a bank provides for their API program:

Documentation – Is there robust, interactive, up to date, and usable documentation available for the API?
Authentication – Does a provider go in to detail about how developers will securely authenticate with APIs?
Self-Service Registration / Login – Can API consumers register and login without speaking with a sales team?
Communication – Are there any communication channels available, such as a blog, Twitter account, or other approach?
Support – Does a bank provide the usual support mechanisms for an API, like an email, ticketing, or Github issues?
SDK / Libraries – Are there SDKs, code libraries or samples available for developers to put to use when integrating?
Terms of Service – The legal document guiding how the API can be used, defining the rules of the road for developers.
Privacy Policy – Is there a legal guide to how the platform will protect the privacy of developers as well as end users?

Once we’ve identified the banks that have an API, and it is something that is publicly documented we develop a machine readable set of blueprints for the surface area of the API and its operations:

– OpenAPI – A machine readable API definition for the surface area of the banks API using OpenAPI.
APIs.json – A machine readable API index of the APIs operation, including references to its components.

rating banking API Streamdata.ioWith these definitions in hand we are able to rank each banks presence, and begin to look at other aspects of how it delivers its APIs. Understanding design practices, maturity levels, and whether or not they follow industry level guidance regarding which APIs are made available. An important aspect of understanding the quality of service involved with each API involves our partners APImetrics, who help us monitor and visualize each bank’s APIs, providing us with an essential score for use in our banking API rating system:

Cloud API Service Consistency (CASC) – An easy and transparent way of measuring whether an API is meeting its Service Level Agreement

We will be giving a ranking to each bank based upon their overall presence. It really matters whether or not they have documentation, support, and other common building blocks. We’ll be ranking them based upon the consistency, maturity, and comprehensiveness of their APIs, based upon our profiling. Then we’ll be augmenting this ranking with the APImetrics CASC score, to provide a more complete look at the banking APIs landscape. Going well beyond whether or not banks have APIs, but whether or not you can actually integrate with, and depend upon a bank’s API platform while developing and operating a commercial application.

If you’d like to know more about our banking API ratings work, or talk with APImetrics about monitoring any banking APIs, feel free to connect. We are setting up a Github project to track our approach to rating banking API, and will be actively publishing the results of our finding. We feel this work will be critical to the overall health of the banking API landscape, and will significantly contribute to what has been set in motion by EU and UK regulatory groups. Helping us ensure that banks aren’t just doing APIs, but we are also making sure they do banking APIs well.

**Original source: blog