Open banking is a natural evolution in the API economy. By laying the foundation for web platform and mobile developers to build third-party products and services using any number of public (open) APIs, banks, financial services and insurance companies are ushering in next-generation customer experiences that are more frictionless and personalized.
In order to realize the full promise of open banking, many developers, quality engineers, and SREs feel pressured to set a much higher bar on SLAs for API uptime, functionality, and performance. If anything breaks in highly complex API flows (from issues with business or application logic to data integration patterns and API side-effects), an open banking app or service may go live with bugs that make customers abandon the app—or go live with vulnerabilities that may be exploited by hackers. Consider:
Gartner predicts that APIs will become the most frequent attack vector in 2022
“By 2025, less than 50% of enterprise APIs will be managed, as explosive growth in APIs surpasses the capabilities of API management tools” (Source: Gartner)
The somewhat frightening API future painted by Gartner is offset by two sophisticated trends: first, more enterprises are finally taking API testing and API security testing as seriously as testing the frontend UI, and secondly, API testing has undergone major evolutionary leaps. Cloud technologies and easier collaboration and highly scalable automation have transformed API testing to handle a new reality of high API complexity. While it may be easy to add more APIs (integrations), even adding one integration can exponentially increase test case complexity in order to accurately validate the constantly changing UI and data layers of a multistep API flow.
For this reason, open banking brings both added urgency and added complexity to the realm of API testing. It’s only by generating the right test cases and executing them efficiently that open banking development teams can gain the insights they need across the software development lifecycle to deliver on the promises of open banking.
In this post, we unpack what open banking means for API testing and explain how to leverage secure, cloud-based API tests to meet the unique challenges that open banking introduces for developers.
Open banking is the use of open, publicly available APIs to enable seamless integrations between applications in the financial services industry. With open banking, developers can easily build applications that pull users’ financial data from multiple institutions to deliver a convenient banking experience for customers.
Since the origins of open banking initiatives about five years ago, the open banking concept has become a global phenomenon that promises to upend some segments of the financial services industry. That is because financial services was traditionally a domain defined by siloed data and siloed customer experiences. Until recently, the idea that a customer could use a single app to manage bank accounts at multiple institutions, or seamlessly use money held by one bank to pay obligations at another, was foreign. But open banking promises to make these types of experiences commonplace.
While much of the momentum behind open banking comes from private companies that have voluntarily embraced it, the importance of building reliable APIs to drive open banking stems from more than just business interests. It’s a regulatory requirement in some locations.
There are two key regulations at play here:
These two frameworks vary somewhat in their specifics. But at a high level, their purpose is to require financial institutions to provide open APIs with which third-party developers can easily and securely access certain customer banking information.
Thus, for financial services companies in most of Europe, providing secure, reliable APIs to drive open banking isn’t just a way to please customers or gain a competitive edge. It’s a compliance requirement.
And this isn’t just a requirement for companies in Europe, by the way. Although open banking regulations originated there, they have since spread to other jurisdictions, including Austrailia and Hong Kong. The United States doesn’t have open banking laws yet, but they’re not out of the question.
As more and more businesses in the financial services industry face compliance rules that require secure and reliable APIs for open banking, API testing will increasingly become about more than just guaranteeing a great customer experience. It will be a legal requirement.
What makes API tests for open banking particularly challenging, however, is that open banking apps tend to evolve continuously. As a result, developers can’t just test their APIs once and call them done. They need to perform continuous tests to ensure that APIs continue to meet performance requirements as API contracts, endpoints, flows, and integrations change along with the application.
Ideally, developers should also be able to identify API performance issues as early as possible in the software development lifecycle. If you wait until just before a new deployment to test your APIs, you may detect a problem that requires you to go back to the development stage, which delays your release and wastes resources. By running API tests at all stages of the development lifecycle, developers can detect and resolve performance issues as early as possible.
Given the scale and complexity of running continuous API tests to support open banking development, it’s often not practical to try to run tests in local environments or execute them manually.
Instead, developers who need to perform API tests continuously and at scale should leverage cloud-based API testing, which allows them to run as many tests as they need, as quickly as they need, and modify test cases easily.
Of course, the major objection that developers tend to have to cloud-based testing is that it may not be secure. That’s a particular concern in the context of open banking, which comes with very steep security requirements.
It’s true that, in general, API testing tools that support cloud-based tests do not provide secure tunnels for running those tests. The good news is that there’s an exception: Sauce Labs’s Sauce Connect tunnels, along with Sauce Labs’s general commitment to security and compliance, provide secure connections when running API (and other) tests in the cloud.
For developers, the open banking revolution presents something of a conundrum: on the one hand, they need to support more test cases than ever. On the other, they need ultra-secure API testing.
Sauce Labs squares this circle by making it possible to run cloud-based API tests that are both highly secure and highly scalable. You don’t need to settle for local testing environments that are tedious to manage and difficult to scale or integrate. With Sauce Labs, you can have it all.