API architecture refers to the IT software systems and network design that enable a business to share its capabilities and data through open APIs. When a business progresses toward an open API strategy, it must review its current stack of IT tools, legacy software, data servers, communication and transfer protocols, and security techniques. Understanding the building blocks of its systems architecture helps a company make technical decisions about how best to expose business assets via APIs for both internal and third-party use.
A digital financial services provider can take a variety of approaches when building open APIs on top of its legacy enterprise software architecture. The approach taken can affect the security, scalability, and robustness of its digital financial services IT architecture in addition to the business potential of its open APIs. Making good API architecture decisions can speed up new product development, reduce the cost of onboarding new partners, and ensure data is collected to measure an API product's influence and effectiveness.
As competition among providers in developing countries (existing players and new entrants) intensifies, third-party developers will be in a position to choose which companies to align with based on the range of APIs available and their ease of use. API architecture can be a key factor in determining how effectively and efficiently third-party developers are able to build products with a provider’s open APIs. This will impact whether a provider is able to position itself at the center of the emerging digital financial services ecosystem.
Adopting open APIs involves both a business and a technical approach. A business strategy helps define business goals and achieve organizational agreement on the business case of opening APIs. A technical roadmap is then necessary to put in place a robust, secure, flexible technical architecture that can facilitate API access.
CGAP’s work on open API architecture focuses on:
- Mapping existing enterprise software architecture
- Making API architecture decisions, including API specification format and architecture styles
- Implementing robust security policies and prioritizing additional security layers as required
- Selecting an API management provider
- Evaluating and selecting technical tools, including API lifecycle design tools