Beginner's Guide to Open APIs in Banking for Fintechs
November 15, 2022
What are open APIs in banking?
Open APIs (application programming interfaces) allow two or more programs to talk to each other. Public APIs are behind the scenes of almost everything you do online from social media apps to checking the weather and making a purchase. They’re what connect all of our mobile devices to the internet.
Open APIs in banking are used to transfer customer and transaction information between organizations. These organizations can include your company, the issuing bank, the payment processor, the card embosser, etc.
Let’s say your vision is to create a banking product that will change people’s lives. You could go about creating it in one of two ways:
You could create your own digital bank, apply for a bank charter, issue your own debit cards and set up a connection with a payments network like Visa or Mastercard.
You could plug into a platform that already has the relationships and connections to each of these.
Option No. 1 rarely happens because of the cost and time to get to market (although a few digital-only neobanks have taken the years’-long process of applying for a banking charter or acquiring a bank). A financial technology provider such as Galileo can help you get your idea off the ground faster and with less complexity by using open APIs.
The payment processor becomes the hub between you, the bank, the embosser and the payments network. And, information is shared in real-time across each platform through open APIs.
How do banking APIs work?
When it comes to banking, there are many platforms and players involved in the movement of funds, sharing of information, and transacting via POS and online. To communicate with each system, you can only use the API layers and services that the organizations have made openly available.
Open access to banking APIs and services is becoming more common as the world moves toward an open banking system. APIs play a critical role in creating a seamless user experience while at the same time keeping information safe and secure.
Each request to communicate with an external system is done via an endpoint, which simply means a point of contact for you to submit your inputs, i.e., data. With each endpoint, there is a protocol about what inputs are required and what result you’ll get in return. If you don’t supply the correct inputs, your request will get rejected.
APIs typically have documentation explaining how to communicate effectively with the endpoints.
What is an example of an open API in banking?
To dig deeper into what an open API in banking is, let’s consider a real-world example outside of banking. Think back to the last time you sat down in a restaurant and ordered food. Did you enter the restaurant, walk to the back kitchen and tell the cook what you were in the mood for? Most likely not.
You probably sat down at a table and waited for a server to ask you what you would like to order. But you didn’t come to the restaurant to talk to the server. The cook is the person you want to communicate with, but you don’t have access to the internal operations of the restaurant. Here’s a simplified process of how ordering food looks.
You tell the server (the endpoint) what you would like
The server writes down your order following a specific protocol that will determine the outcome
The order information is then taken to the kitchen and given to the cook
The cook accepts the order and prepares it
Once the order is complete, the server takes the order from the cook
Finally, the order is delivered back to you for your consumption
In this example, the server is the API. The cook has the skills and capabilities to deliver something that you want, and the server is the one that communicates and delivers between both parties.
Now let’s look at an example in the banking world. In this example, we’ll use three parties; the issuing bank, the payment processor API, and the customer’s app.
Your customer opens your app to view their account history
The payment processor receives a request to display transaction history and account balance
The information is requested from the issuing bank and the payment processor acts as the system of record
The bank receives the request and the transaction history and balance are sent to the payment processor
The information is then made available from the payment processor via an API and displayed on your app.
Lastly, the customer can view their account history and go about their day. This process happens in the blink of an eye.
Each time a customer opens their app or makes a purchase, there are a lot of things happening behind the scenes. The example above is a simplified view that only scratches the surface of everything that takes place each time someone logs into your app, but you can see how critical the passing of information is across different organizations. Open APIs in banking can be used in many different ways and scenarios.
What can banking APIs do?
Here are a few examples of what APIs can do in the banking industry.
APIs that handle core banking can create accounts, open checking and savings accounts, and check balances and transaction history, etc.
As the name implies, APIs that enable card issuance allows you to set up credit, debit, prepaid or virtual cards, activate cards, reset pins and reissue cards.
Using APIs that facilitate KYC (Know Your Customer) tasks, you can verify information about your customers such as Social Security or driver’s license number, depending on what your program is required to support.
What are Galileo’s APIs?
Galileo’s Program API enables clients to add, modify and request customer (i.e., cardholder) account data on the Galileo platform. Examples include opening/closing an account, checking an account balance, paying a bill and freezing a card.
Clients submit an API call to Galileo, e.g., to create an account. Galileo generates a response to the call that communicates to the client whether the call was successful, and returns the requested data elements, e.g., the account balance.
When a customer completes an action in a client's app (e.g., signing up for an account), a Program API call is sent to Galileo. This results in an update to the customer's account on Galileo's platform.
Galileo’s Events API alerts clients that an action was taken on a customer's account, such as an address change or the posting of an adjustment.
Clients have the option to use the Events API as a trigger to notify the customer that the action was taken on their account.
By default, Galileo applies advanced logic to authorize customers' transactions on behalf of clients. However, clients can also choose to use the Authorization Controller API (or Auth API) to actively participate in their customers' transaction approvals and declines.
With this API, during the authorization request process, Galileo can send a notification to the client with information about the authorization request. The client can then respond with a decision to approve or decline that request.
Galileo’s External Transactions API allows clients to participate in the decisioning for:
• Approving/denying bill payments
• Approving/denying ACH debits
The External Trans API process is similar to that of the Auth API, but for bill pay and ACH debits.
The Dispute API is a cloud-based, conversational API that creates and submits disputes to Galileo's dispute platform.
Learn more about Galileo’s API Stack.
Are open APIs secure?
Whether or not the API is secure depends on where it originated. At Galileo, we take extra steps to ensure our APIs are secure.
“Everything we do is designed to be secure by default,” notes Galileo’s Chief Technology Officer Jeff Currier. “That means all data and information flowing to and from our platform is encrypted, both in transit as well as at rest. We also conduct regular and frequent reviews with our information security team to ensure we meet the security standards and compliance obligations we have as an API service provider.”
Who can use open APIs for banking?
This is sort of a trick question. While open APIs are available for anyone to use, the design of the API also ensures that only authorized individuals can access individual customer data. However, not everyone will want access to them. A better question may be, who uses open APIs for banking?
89% of banks leverage APIs to collaborate with fintech firms as part of their business strategy according to the Capgemini World FinTech Report. But APIs are not just for banks, credit unions and neobanks. Here are a few other organizations that may use open APIs for banking purposes:
Why are open APIs important for banking and fintechs?
If APIs didn’t exist, entrepreneurs would have to build everything in-house to get their fintech off the ground, which is a near-impossible task. Having the ability to plug into other platforms and systems via APIs increases speed to market and scalability.
Working with APIs opens up an entire world of possibilities by lowering costs and saving time. APIs are what enable countries and the world to move toward an open banking system.
What is the difference between open banking and open APIs?
Open banking is not the same thing as open APIs in banking. Even though they both involve the sharing of information with a third party, they refer to different things.
Open banking describes the process of banks and other financial institutions opening up data for regulated providers to access, use and share. The underlying terminology and infrastructure that make open banking possible are APIs, Banking as a Service (BaaS) and fintech platforms. Each of these enables the world to move toward an open banking system.
APIs are a component of open banking.
What are the benefits of API banking?
Now that you have a better understanding of what API banking is, what are the major benefits of using APIs in the fintech industry?
They make transactions faster and more secure for all customers and partners
They speed up development time and help access multiple applications
They facilitate a personalized user experience
They enhance connectivity between various financial and transactional accounts
They create a cohesive ecosystem by providing real-time access to customers for all their applications and transactions
They lower costs of entry for entrepreneurs and innovators
They save significant time by eliminating the need to develop the applications in-house
How does Galileo power digital banking?
Open APIs are reshaping the future of the financial services industry. Banks, financial institutions and other enterprises that understand and tap into their power will be the leaders in innovation now and in the future.
Galileo enables the digital banking experiences on which cardholders rely for essential services such as direct deposit, bill payments and transfers.
Enjoy our Insights?
Why Customer-Centricity Is a Must in B2B Embedded Finance
Embedded finance can fulfill booming business demand for consumer-like offerings. What can you do to get started with your B2B company?
Meet Bobby: Guiding Galileo's Architecture and Mentoring Others with a Client-First Mentality
Meet Bobby Ball: Principal Software Engineer at Galileo. With a passion for our client-first culture.
Anti-Fraud Playbook: 6 Tips to Jumpstart Payment Fraud Prevention
Your business can no longer afford to lose to fraudsters. Here are 6 tips to help you jumpstart your fraud prevention framework and get ahead of fraud losses.
Beginner's Guide to Open APIs in Banking for Fintechs
Learn how open banking APIs are reshaping the financial services industry and how Galileo's banking APIs allow you to quickly create payment card programs.
What Are the Business Benefits of Using Fleet Cards?
Learn more about how companies with vehicles or equipment can leverage fleet cards to streamline purchases, better manage spending and glean actionable data for further savings.
Why Core Modernization and Cloud Migration Matters For Banks
Customers–both consumers and business users alike–are more exacting than ever when it comes to digital banking–and many of their demands are going largely unmet.