Realistic sandboxes with rich behaviour, to cut maintenance and support overhead for bank IT teams
Banks – API sandboxes
The rise of APIs in banking
Adoption of APIs is growing in the banking space. This is in part because of global changes in software technology, affecting all industries. But there are also drivers that are particular to bank payments. One such driver is regulatory. The European directive, PSD2, mandates that banks make some payments-related services available via APIs, so that Fintech can more easily embed access to these services into their solutions. In the UK, there is a similar regulatory initiative, termed Open Banking UK.
A second driver is market competition. Banks look to improve the payments services that they deliver to the market by adopting an ‘open banking’ strategy. An ‘open bank’ strategy involves opening APIs to Fintech, and collaborating with Fintech to deliver innovative payments services to clients. There is also growing interest in the use of APIs between banks. For example, in the US, NACHA ASIG (API Special Interest Group) has been defining APIs to allow a bank to validate details of an account held at another bank.
The challenge for banks is to support these new partners, Fintech as well as other banks, as they implement technical solutions based on their APIs.
Delivering API Sandboxes to Fintech and TPPs
Fintech and TPPs (Third Party Payment Service Processors in PSD2 lingo) need easy-to-use, test tools when they are integrating a bank’s API to their applications. An API Sandbox is a test tool where you can issue API requests and receive simulated responses. In the case of PSD2, banks are mandated to provide testing tools to TPPs, covering access to account and payment initiation as well SCA (secure customer authentication).
XMLdation provides an API Sandbox solution. The XMLdation sandboxes emulate bank systems including authentication flows, segregate data per client, include a simple mechanism for data population, and can be integrated to the bank’s API Platform.
Banks can provide these API Sandboxes to Fintech and TPPs, allowing these third parties to test against bank APIs in a self-serve fashion.
Synthetic Data for API Sandboxes
API sandboxes are most useful as a test tool if they contain realistic and up-to-date data. This is a challenge for banks because they cannot re-use customer data in these types of test environments. One approach to this problem is to mask the real data, but the approach has inherent risks with the growing power of data analytics to merge data sets and detect personally identifiable information.
XMLdation provides a solution for populating sandboxes with synthetic data, based on its Test Data Creator tool. With the Data Creator, it is easy to create realistic data like account histories. The data is then used to populate the sandbox. The data can be recreated on demand with up-to-date timestamps, and the sandbox refreshed.
With the XMLdation Test Data Creator tool, banks can populate API Sandboxes with 100% synthetic test data.
Value for Fintech and TPPs
Easy access to good testing tools allow Fintech and TPPs to deliver applications to the marketplace quickly.
Value for Banks
European banks must put API sandboxes in place in order to comply with requirements around testing in the PSD2 Directive.
The XMLdation API Sandboxes are feature rich, fast to build and easy to maintain. When banks use the productised XMLdation Sandboxes, they save on internal effort and get to market faster.
For banks that follow an open banking strategy, it is critical that they deliver excellent supports to their Fintech partners, because that is what allow Fintech to deliver innovative solutions to the marketplace.
Value for Payments Infrastructure Operators
There is increasing interest in using APIs for sharing information between banks. These APIs are often defined and managed by member-driven industry organisations involved in governance and operation of Payments Infrastructure.
XMLdation API Sandbox solution allows Payments Infrastructure Operators to support members testing activities as they adopt API-based services.