Open banking APIs explained

6 min read
APIs in open banking

The second payment services directive, also known as PSD2, opened up fresh opportunities thanks to open banking APIs. An API, or application programming interface, facilitates the sharing of financial data to make banking better and more accessible for all involved parties.

This guide will provide an explanation of open banking APIs, including what they are, how they work, the main types and answer questions such as the costs involved and the security of open banking APIs.

What is an open banking API?

An API is a set of codes and protocols that allow for software and applications to communicate with one another. One system can request data or “contact” another system using an API. Then, the necessary data can be exchanged between the two systems.

In the banking industry, API banking is used to connect licenced third-party providers to a bank in a standardised, efficient and secure manner.

Open banking uses APIs to allow for the flow of financial information, including but not limited to payment-related data, such as transactions. You can think of an API as a software bridge. It allows for the transfer of data between two parties.

The three types of APIs in banking

The three main types of APIs used in banking include

  • Private APIs. These are internal to each bank or financial institution and are only used within the same private system for the exchange of information.
  • Partner APIs. These APIs are made for the bank or financial institution’s business partners.
  • Open APIs. These APIs are available to third parties, who don’t need to be partners with the bank to use them. This is the type of API that allows kevin. to provide an innovative payment structure to merchants.

Why are open banking APIs important, and how are they transforming the financial sector?

APIs are highly important, having transformed the world of banking. With open banking APIs, a financial institution and a licensed third party can share financial data. This has allowed for the improvement of the more traditional banking systems, resulting in a more efficient form of banking for all involved parties.

Open banking APIs benefit the bank, the customer and businesses.

According to the World FinTech Report, 89% of banks leverage APIs as part of their business strategy. As a result, banks can provide a larger value chain to people and gain valuable, useful insights about their customers.

Customers enjoy having greater control over the data that third parties can access, and are allowed to compare different product offerings of providers to choose the one that suits them best.

Businesses benefit from open banking APIs due to having new services available to them. Bank transaction data is shared seamlessly, securely and efficiently.

Who can use open banking APIs?

Open banking APIs can only be used by an organisation authorised to do so, as kevin. is. Each country and region has their own regulatory bodies that govern the industry.

One of these authorised parties is referred to as payment initiation service providers, or PISPs. They act as an intermediary between a merchant and the bank when it comes to initiating payments. Through the PISP, direct money transfers between the consumer’s bank account and the merchant’s bank account can be made via the API. A PISP is unable to access a person’s personal financial data; they only enable the movement of money.

Another party that uses these APIs is called an account information service provider, or AISP. Not just any organisation can become an AISP. You need to be fully licenced, as kevin. is.

What are open banking API specifications?

Open Banking API Specifications are a list of recommendations about how banks create access endpoints for third-party providers. According to these specifications, third-party providers can use the bank’s read/write API in certain ways. It’s important to know, however, that third-party API providers are not required to adhere to these specifications by law.

Open banking API standards state how these third parties should use a bank’s API to ensure a high degree of security. European account providers meet PSD2 requirements by adhering to these standards, as kevin. does.

What is an API provider?

An API provider is a party that creates, manages and maintains an API. These providers include companies that give bank account access to third parties. Those who supply APIs include the banks themselves.

There is no single API; rather, organisations use APIs for open banking. Many companies engage third-party providers for their APIs. At kevin., however, we have our own API that integrates directly with banks – no third party involved.

It’s also worth considering that having a robust, trustworthy API includes the maintaining of certificates. Even after an API has been integrated with a bank, there is much work to do and responsibility involved. There are many bank account types that all require a different form of payment initiation, and each situation must be properly analyzed and have a technically accurate solution.

Each bank has its own developer portal where the API credentials must be properly registered in order to use that bank. The access of these credentials must also be managed.

API providers available in Europe

There are many API providers available in Europe, with the number having grown exponentially over recent years. The providers available will differ depending on the country or economic area and how broad a given company’s service area is. 

To choose the right API provider, you must consider what the goal is behind the integration strategy. For example, you may wish to acquire insights on your customers, or improve the overall customer experience. Since API providers have different offerings, it’s important to closely evaluate each to ensure they are a fit for your needs.

Are open banking APIs free of charge?

Yes, all open banking APIs are free of charge to use. The pricing can also include paid features, accessible through partner APIs, which can have some advantages. These advantages may include greater flexibility and more coverage.

Is it safe to use open banking APIs?

Yes, open banking is considered to be safe. If you compare it with screen scraping, which is unregulated, it is far more secure. Screen scraping involves a third party logging into a bank’s app or website on the customer’s behalf, retrieving information or initiating a payment.

The use of screen scraping has enabled data to be exposed, compromising the security of the user. Open banking APIs have no such risks involved. Banks and consumers therefore have more control over the data retrieved, sharing only what is necessary for the third-party service. Customers do not need to share their credentials with the third party.

Furthermore, open banking APIs are transparent when it comes to the consumer, enabling an individual to grant or revoke access to their data. The third-party provider does not need to receive access to the consumer’s login details when these APIs are used.

Consider the PSD2 directive, which made Strong Customer Authentication (SCA) a requirement. SCA means that payers in Europe must perform extra authentication steps when making purchases online, adding another layer of security.

Conclusion

In this guide, open banking APIs have been explained, including exploring their security, the various uses and applications and the benefits involved.

With the advent of open banking, innovation and competition have come to the forefront. The industry is constantly changing and evolving. Any business owner needs to know how to stay on top of these trends and technologies, using them to their full potential.

When a business chooses kevin. to cover their payment infrastructure needs, they have access to a banking API that integrates with a wide variety of banks. The result is a single API, which businesses can use to sell across Europe.

Choose a partner that thinks ahead

Grow your business with kevin.