API sce­nario in bank­ing

A fo­cused in­ter­view with Mark O’Neill, An­a­lyst, Gart­ner:

Banking Frontiers - - Deep Insights -

Manoj Agrawal: How many magic quad­rants does Gart­ner pub­lish re­gard­ing APIs? Which was the last one added? Which is next in the pipe­line?

Mark O’Neill: The main one is a full lifecycle API man­age­ment. An­other one that is rel­e­vant is iPaaS. This is about us­ing APIs for in­te­gra­tion, par­tic­u­larly cloud in­te­gra­tion. An­other is Web Ap­pli­ca­tion & API Pro­tec­tion which looks at se­cu­rity ca­pa­bil­i­ties. Ini­tially, we fo­cused on SOA. The first on API was in 2016 - on API man­age­ment.

Does AI play a role in de­vel­op­ing or en­hanc­ing APIs?

It does in a number of ways. One is se­cu­rity. There is a need to un­der­stand good and bad uses of APIs. Bots try to use APIs for steal­ing data through APIs, eg ac­count data. ML helps in un­der­stand­ing the nor­mal and ab­nor­mal use of API, par­tic­u­larly around se­cu­rity.

Does API test­ing re­quire different tech­niques?

It is different. You are think­ing about re­sponse time. Web test­ing is sim­u­lat­ing hu­man ex­pe­ri­ence. With API, there is more au­toma­tion such as SLAs and re­sponse time. Test­ing can also in­volve us­abil­ity test­ing from de­vel­op­ers’ point of view. If a bank has a port­fo­lio of APIs, they will want to stan­dard­ize.

Can you name some of the lead­ing API companies and what kind of rev­enue they are mak­ing?

Twilo and Stripe. Twilio, worth over $3

bil­lion, com­petes with tra­di­tional tele­com companies. Its rev­enue is $82 mil­lion in a quar­ter. Stripe is a pri­vate com­pany val­ued at $9 bil­lion.

Are API play­ers adopt­ing bit­coin and cryp­tocur­ren­cies? Is there a dark web of APIs? If not, is it likely in the near fu­ture?

Even dark web companies have APIs. We have seen ser­vices like ac­cess to pri­vate data.

If a ser­vices is down for main­te­nance, how will var­i­ous APIs in­ter­act­ing with it re­spond?

The ‘I’ in API is in­ter­face. So, the de­sign has to en­sure that there is no sin­gle point of view.

Which coun­tries that have most API star­tups?

Europe & UK.

What are some of the main se­cu­rity de­vel­op­ments re­lated to APIs?

There are se­cu­rity stan­dards for API – OpenID Con­nect OAUTH - but they are com­plex. Se­cu­rity lev­els are going up as API us­age is going up. There have been some well pub­li­cized API breaches. It will get worse be­fore it gets better. EY, KPMG, etc do some se­cu­rity test­ing for APIs. It is im­por­tant to re­al­ize that 2 sim­i­lar func­tional APIs would have different se­cu­rity vul­ner­a­bil­i­ties.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.