[Article] FinTech: Creating APIs to Support the Financial Industry

  • By Chamin Dias
  • 8 Aug, 2017

FinTech (Financial Technology) is one of the buzzwords we hear today. FinTech is rapidly changing the way that many businesses, especially in the financial sector, operate. FinTech firms take advantage of modern technology and assists financial service providers in offering more innovative services in a cost-effective manner.

Many businesses (mainly in the financial sector) can take advantage of FinTech to reach a wider community and expand its operations. In today’s world, it is clear that technology-enabled firms are more effective compared to those that follow traditional business models. Therefore, we need to identify a mechanism that fully leverages FinTech while integrating with modern technology-enabled business models.

Overview of FinTech

In simple terms, FinTech brings in a variety of technological interventions into personal and commercial finance. If we analyze the financial services industry, it can be observed that FinTech is an emerging financial services sector in the last decade. It has expanded its horizons in many sectors. Digital lending, payments, blockchain and digital wealth management are some of the examples.

Areas of FinTech

Figure 1: Areas of FinTech

Due to the revolution in mobile and Internet-based technology, FinTech has shown an exponential growth in the recent past. As a result, there were many innovations in how people transact business, from the invention of money to double-entry bookkeeping. Nowadays, because of online transactions such as bill payments, purchases, and real-time fund transfers, people hardly have a requirement to visit the bank. It can be observed that financial service providers are using new technology and innovation with available resources in order to compete in the marketplace of traditional financial institutions.

Benefits of using APIs for financial services

The financial industry is mainly based on contracts and service agreements between the service provider and consumer. In the past, these contracts were made face-to-face between the relevant parties. Today, many businesses have digitally transformed to expand their business reach while offering convenient customer service. As a result, consumers expect easy access to financial services as well.

Because of the rapid development of the Internet and its infrastructure people are more connected irrespective of the distance. Businesses need to adapt to address the challenges that arise from this technology boom. APIs help to overcome the complexities in today’s technology-driven business environments. Read this article to understand the importance of digital transformation and the role that APIs play in it.

APIs can be thought of as “digital contracts” that help carry out a business operation. Financial institutions also need to maintain contracts between themselves and their customers. Since “going digital” is the current business trend, managing a business relationship with the aid of technology has become one of the essential requirements.

There are many advantages of using APIs in the financial sector.

Exposing a service via an API enables customers to easily access that service. This helps expand your customer base and business operations across the globe since all your services can be made use of by anybody from anywhere.

With APIs you can even preserve the behavior of legacy systems while making it compatible with the modern technology stack. Usually, in the financial industry, there are legacy systems that cannot be modified due to certain rules and regulations. In those scenarios, the existing legacy system can be customized to be API accessible. By doing so, you can leverage its capabilities and utilize the latest technologies to formulate new solutions. Since APIs are capable of encapsulating complexities in the legacy system while exposing functionality to stakeholders, this won’t be a nightmare. At the same time, APIs will help to overcome the challenges (security, monetization, real-time analysis, scalability, etc.) in the existing legacy system by transforming outdated techniques to the latest, user-friendly technologies.

APIs also allow you to make strategic decisions based on real usage data. This helps service providers mitigate the impact of customer churning, offer personalized customer service and take proactive action at the correct time. It is undoubtedly clear that these are important for any business.

Even with all these benefits, security is still an important concern in any financial business. You need to make sure that only the authorized parties have access to sensitive information and digital assets. This essential requirement can be fulfilled by using a good API management solution that has the ability to secure APIs and other relevant digital resources.

Now that we know the benefits of using APIs in the financial sector, let’s explore how to support FinTech and financial services using an API management solution.

Creating APIs to support FinTech with WSO2 API Manager

The financial sector has a unique set of problems. Due to the nature of financial services, many regulations have been introduced. There is a need for those regulations but financial service business segments should also expand their boundaries in order to succeed in today's technology-driven environment. FinTech should be implemented in such a way that complies with the regulations of the financial industry.

The challenge arises when trying to bind the regulatory requirements of FinTech. To address this challenge, we need to support not only the regularity requirements but also the rapidly developing technology stack.

Exposing financial services via APIs to a wider customer base

Figure 2: Exposing financial services via APIs to a wider customer base

APIs allow internal developers to interact with banking functionality without having to interact directly with the organization’s back-end systems. This helps to modernize legacy infrastructure in financial businesses while reaping the benefits of modern technology interfaces.

Let us explore how we can achieve this requirement using a complete, enterprise-ready solution for managing APIs across the entire API lifecycle.

WSO2 API Manager is a 100% open source comprehensive API management solution used by many customers from industries ranging from telecommunication, transportation, eCommerce and of course finance. It has out-of-the-box features to support all stages of an API’s life cycle whether it be designing, creating, managing, testing or publishing. Additionally, WSO2 API Manager is developed in such a way that follows key API management best practices. To learn more about these best practices read this article.

WSO2 API Manager can be utilized to support FinTech in many ways.

Security and access control of digital assets

In financial businesses, security of digital assets is a mandatory requirement. This is the main reason for introducing many rules and regulations. These rules must be followed irrespective of any enhancements to the system. Therefore even if FinTech is used for business, service providers must ensure that security and access control of digital assets are upheld.

WSO2 API Manager helps you achieve this with its support for many security extensions when exposing APIs. With WSO2 API Manager service providers can make sure that only authorized parties have access to the respective services. API publishers i.e. financial service providers, need not worry about the security of their APIs because WSO2 API Manager has inbuilt support for API security mainly based on OAuth 2.0. Securing APIs can be done easily with the key manager component. WSO2 API Manager supports the four most common authorization grant types and you can also define additional types. The grant types are used to authorize access to protected resources in different ways, which will definitely assist you when implementing the required security standards.

Moreover, it is possible to extend the key manager in WSO2 API Manager using WSO2 Identity Server as the key manager. Configuring a third party key manager is also possible. Authenticating via Facebook and Google can also be done. In addition to that, it is possible to achieve fine-grained resource usage and access control related to API management. A scope enables fine-grained access control for each resource of the API based on specific consumer roles.

Compliance with existing systems

You also need to comply with existing systems because financial systems need to support legacy systems/backends that are vital for the business. This introduces a gap between the latest technologies and legacy backend systems.

Serve modern customers with an API accessible legacy systems

Figure 3: Serve modern customers with an API accessible legacy systems

Once you make the legacy backend systems API accessible, you can easily plug WSO2 API Manager to handle the rest. In this model, customers are accessing the services (online payments, mobile banking, etc) via an API interface and won’t see the complexities of the legacy system. This enables easy access to the services via an array of devices such as mobile phones, tablets, and desktops. The WSO2 API Gateway sits between the customers and legacy backend and acts as a proxy which serves API consumers effectively.

Including well structured SLAs

Service level agreements (SLA) are important in the financial sector and not something that can be ignored. That’s why you need to have a method that can implement well defined SLAs for your consumers.

With WSO2 API Manager, you can include SLA’s when exposing your financial services as APIs. It allows you to specify different types of rate limiting policies for APIs, applications, and users. Benefits of throttling include making an API, application or resource available to a consumer at different levels of service (usually for monetization purposes based on SLAs), protecting APIs from common types of security attacks and regulating traffic according to infrastructure availability. This makes sure that the service is protected and it has been used by consumers based on their usage plan. Moreover, specifying the limit that the back-end service can handle, enforcing throttling to an API, applying fair usage policy for an application and applying multi-layer throttling can be done easily with the WSO2 API Manager’s throttling mechanism. More details about the advanced throttling engine can be found here.

WSO2 API Manager supports API monetization as well. When defining throttling tiers (for SLAs), there is an option to specify a given billing plan for tiers. A tier is defined as either a free or paid tier. Depending on the tiers available for a given API, the API monetization categories (Free, Paid or Freemium) are displayed as labels in the store. This is a useful feature which can be used by API providers to earn an income based on the usage. More information about API monetization can be found in our official documentation and in this library article.

Making decisions proactively

Proactive decision-making is a key factor in successful financial businesses. And can be achieved by monitoring how the services are being used by your customers. If you’re using WSO2 API Manager this can be achieved easily by using its analytics component. The statistics/analytics model in WSO2 API Manager is mainly used for monitoring purposes. It provides a variety of options for both API developers and subscribers to monitor, gain accurate knowledge, and understand APIs and their usage. This will assist financial service providers to offer better customer experience while exposing their services in the most optimal manner.

WSO2 API Manager analytics model is powered by a real-time alerting mechanism as well. This helps to monitor abnormal activities and send alerts then and there. Since integrity is a necessity this is undoubtedly a very useful feature for financial service providers. At the same time, it prevents damage dealt from fraudulent activities.

In addition to that, analytics can be used to generate useful insights and offer better customer service. This will definitely help to mitigate the impact of customer churn and carry out business operations smoothly.

Segregation of duties

Sometimes you’ll need to get approval for certain operations (publishing a service, approving a new subscription to an existing service, registering a new user, etc.) from a supervisor to prevent fraud and to comply with auditing standards. In those scenarios, workflows can be integrated into the existing process. With this method, you can make sure that an action performed by a user has been reviewed and confirmed by another person who has the authority to approve or reject that action.

With WSO2 API Manager, enabling workflows is quite easy. Whenever there is a requirement to approve new user registration, the user signup workflow can be used. In addition to that, the API state change workflow can be used when publishing a service as an API. Moreover, if a user wants to consume a particular service (provided by the financial service provider, exposed via an API), the API subscription workflow can be integrated. More information about managing workflows can be found in the official documentation as well.

Scalability of the deployment

In most FinTech-based production environments, there are different deployment patterns. There might be situations where you need to expand the size of the deployment. In those scenarios, if finacial services are exposed using APIs, the API management solution should be scalable (the capacity needs to change in size or scale).

WSO2 API Manager provides a scalable and flexible deployment option with complete control over infrastructure and management of APIs. It overcomes the challenges of building cost-effective, future-proof infrastructure that satisfies an organization's budgets. WSO2 API Manager can be deployed on a single server or in a distributed environment. In addition to that, WSO2 API Manager supports private cloud based deployments, public cloud based deployments (WSO2 API Cloud) and docker-based deployments. Therefore, its deployment can be adjusted based on the size of the API-based FinTech firm. This makes it easier to handle the complex scenarios faced by the FinTech industry as it grows.

More details on scalable deployment patterns can be found in this article as well.


FinTech has been employed in many financial business segments in the recent past. It is changing the way that many financial sector businesses operate. This article focused on how APIs can be used to support FinTech and how WSO2 API Manager fits into FinTech-enabled financial services.

WSO2 API Manager can be used in API-driven, financial business models. It’s a complete, enterprise-ready solution for managing APIs across the entire API lifecycle. Financial service providers can use it to take competitive advantage and expand their FinTech-supported, API-driven financial businesses while using the latest trending technologies, such as cloud computing, API-based web services and more.