Every time we open a banking app to make transactions or payments, Application Programming Interfaces or APIs come into play to connect to the bank servers. Though APIs function in the background, they directly impact how the apps or websites work, and are crucial to provide safe, secure and desirable banking services for the customers.
With a limited customer base, but more banks in the fray than there were a decade ago, banks are actively competing with each other in innovating ways to lure customers and offer their products in various packages to the end consumers. The relationship between banks and the consumer retail industry is growing stronger as banks start looking at and targeting prospects beyond direct banking interests.
As a direct consequence, banks have opened up their banking operations to various industries. Open source approach is now heralding a sea of change in the finance industry through Open APIs, revolutionizing products and services quicker than ever before. Open APIs enable fin tech companies to access bank data and functionality, bringing a great change in the digital banking ecosystem.
Banks are going digital, and digital banking services are going the social way. Today, third party applications can do banking transactions as either a co-branded or masked offerings or through effective partnerships that results in competitive offerings to satisfy customers, especially the millennials.
This revolution has been fruitful for the banks who embraced Open APIs and Open architecture in building their services. However, by opening up their APIs, banks face several issues, especially in terms of security, as nothing should possibly go wrong when banks open their APIs up.
Banks convert their services to API and expose them outside their secured networks. Any developer can register into the developer portal and view the exposed APIs, their standards, patterns etc. They can even play around with stubbed data, and do sandbox testing. They can build their applications or services for partners using these APIs.
Digital developers are becoming faster at building integrations with banks using Open APIs, but they lack knowledge on business and regulatory compliance. On the other hand, banks still need to take full accountability of all the security and compliance issues that are likely to arise.
Banks that are keen on being fintech friendly, have to invest in technology in a fast pace. They do so by rushing on to the bandwagon, which is opening several issues up. Exposing thousands of APIs by opening them up without rigorous quality checks is a huge risk.
Quality in the exposed APIs needs to be built in various phases, starting from the exposure mechanisms, the contract documentations, all the way to the integrity of the sandbox environments.
Unlike conventional testing, Open API Testing needs to take care of much more than just functional or system tests. This kind of testing is an emerging area, with little industry standards, and has several risks for the banking partner as well as the fintech companies/banks.
Testing and verification of Open APIs takes a much higher quantum of effort compared to development of these APIs. With the Open APIs having multiple customers, testing cuts across various dimensions as briefly represented below:
Some challenges in Open API testing:
a) Understanding of or lack of technical documentation to derive test cases
b) Exception / Error handling need be tested at all layers
c) API Testing can become tedious if requests are dependent on prior responses
d) Testers require additional knowledge and skills to do API testing
e) High volumes of test data are required for effective API testing
f) A deep business, functional and technical knowledge is vital to ensure the API is good for purpose
Once the challenges of Open API testing are overcome, the power of API or services testing in conventional areas can also be explored.
As more and more enterprises are using heterogeneous technologies for different applications and, therefore, growing more dependent on external operations providers, APIs provide a clear solution to these integrations. API Testing can help organisations to integrate testing early in the life cycle rather than waiting for UI to be ready. This also helps in reducing integration related bugs during SIT (System Integration Testing) phase. Same APIs can be used across development life cycles from developers to testers to production in the following functions: functional testing, automation testing, performance testing, DevOps team, and even used for production monitoring.
Some of the major advantages of API Testing are as below:
a) Changes in requirements will have less impact on rework.
b) Automation is faster in API than in UI and even rework
c) Helps in reducing integration related defects if the endpoint is tested early using API Testing
d) Predominantly JSON or XML are used widely – Less learning curves once well versed in both languages
e) Helps in faster Test Data creations for other types of Test (Less UI navigation Time)
f) API Scripts can be reused for Automation & Performance in Tools like Soap UI
g) Helps in improved Test Coverage
h) Helps in reduced Testing Cycles
i) Reduction in Testing Cost – Both Manual and Automation
Open APIs that have seen a tremendous growth in recent years have ushered in a Golden Age of APIs and API testing. With the right test strategy, banks have a great future that is opening up.