1. Open Banking & Open Insurance
Keith Chan
Solutions Architect, PCCW Solutions
Sebastien Linsolas
Solutions Architect, Amazon Web Services
2. Agenda
• What is Open Banking/Insurance?
• Why Open API?
• The API Economy Landscape
• Anatomy of an API
• The Technology Challenges
• Case Study
3. An Example in Life
How do you manage your household budget?
4. What is Open
Banking/Insurance?
A system that provides a user with a network of
financial institutions’ data through the use of
application programming interfaces, better known
as APIs.
Source: Investopedia
6. The ”API Economy” Landscape
Remark: Illustrative. Does include none AWS clients
7. Anatomy of an Open API
Open API
openapi: 3.0.0
info:
title: Sample API
description: Optional multiline or single-line description
servers:
- url: "http://api.example.com/v1"
description: "Optional server description, e.g. Main (production) server"
paths:
/users:
get:
summary: Returns a list of users.
description: Optional extended description in CommonMark or HTML.
responses:
"200": # status code
description: A JSON array of user names
content:
"application/json":
schema:
type: array
items:
type: string
Core System Micro-
Service
Data Store
Software Modules
(application, librairies)
Mobile & Web Applications
Third-party developers
9. An API Architecture
AWS
Any other publicly
accessible
endpoint
Internet
Mobile
Apps
Websites
Services
Content
Delivery
Network
/accounts
GET
/retrieveAccounts
GET
POST
/credit-card
GET
/payCard
GET
POST
Amazon
CloudWatch
Monitoring
API Gateway
Cache
retrieveAccounts
payCard
requestCard
Amazon
API Gateway
11. Preparation for API Implementation
• What is your objective in API development?
• Would bespoke development or with product help?
• What are the key elements for successful API Implementations?
• What does a Full Lifecycle of API Management require?
• What are the trends and considerations for API?
• How can Amazon Web Service & PCCW Solutions help?
12. What is your objective in API development?
Product &
Service
Information
New applications
for Product /
Service
Account
Information
Transactions
13. What is your objective in API development?
Private
internal APIs
Protected
Open-to-Authorized-Partners
only
Public,
Open-to-All
14. Would bespoke Development or Product
help?
• Develop API
– Create new API, Import existing APIs, or Discover
APIs, specify security & API behaviour, Support
different API Versions
• Create API Policy
– Create Policy Plan, add resources, choose rate limits,
stage it in a runtime environment, test API resource,
version Plans
15. Would bespoke Development or Product
help?
• Invite Developer Organizations
– use your APIs & communicate with them
• Publish APIs
– Plan to select developer organizations, manage
subscriptions
• Analyze
– API usage
16. Would bespoke Development or Product help?
C
a
c
h
e
Analytics
Traffic Policy
Authentication
Policy
Transformation
Transformation
API Management Console
APIs
Http/
Https
17. Key To Successful API Implementations
• Most common protocol for API:
– HTTP(s)
– RESTful
– JSON (preferred), XML (supported)
– Specification Driven (Swagger, RAML, WADL, API Blueprint)
18. Key To Successful API Implementations
• Flexibility and Support Different Needs
– Supporting data paging
– Support data filtering
– Support data by criteria
– Support single version for different clients
• API Discovery
– API Portal with login or without login
– Access control for APIs
19. Key To Successful API Implementations
• API Review and Publishing
– Support API testing while
production is running
– Support full review of API and
documentations during the review
stage
– Support different approval process
before API Publishing
20. Key To Successful API Implementations
• API Trial Run
– API testing using web interface
– API testing using selected tools or client
applications
• Enterprise Features
– High Performance
– Scalability
– Load Balancing
– Failover
21. Key To Successful API Implementations
• API Security
– API Key or simple username/password
– Oauth2
– API communication using HTTPS
– Protect Json content using Json Web Token
– Protection for DDOS and fine grain policies
– Validations for OWASP Vulnerabilities
– Proper error handling
– Auditing
22. A Full Lifecycle of API Management
Requires
• A clear plan, strategy, and prototype for what the data will look like to consumers
• Building the APIs and microservices that will expose the enterprise data, quickly and
efficiently
• Testing the new services and deploying them to the platform
• Securing these APIs and the apps that will use them from threats and vulnerabilities
• Orchestrating and managing APIs at runtime
• Helping developers discover, onboard and consume the APIs as easily and securely as
possible
• Providing insights in the form of monitoring and analytics to both API providers and
23. How can Amazon Web Services & PCCW Solutions help?
• Leverage our expertise and experience to deliver an
highly customizable, scalable solution for our clients
• Provide bespoke end-to-end development and cloud
infrastructure to support projects of any size
• Become your complete IT solutions partner across Asia
Pacific.
Cloud Hosting
API Management