API Business Models

Open Insurance & Smart Contracts


Blockchain is a distributed ledger shared by all participants. It’s replicated decentralized. It’s an append-only mechanism that provides a distributed transaction in a way that can be validated, reaching consensus, as well as being verified. In that way, nobody can delete or update or amend these transactions. So it makes it a very secure mechanism. In a blockchain, the future block is a fingerprint of the previous block. So it follows the whole provenance or history of that blockchain transaction. But in terms of what Blockchain promises, it increases trust in the value of exchange by reducing third parties in a relationship. You can trust the data; you don’t have to trust the parties there. It is decentralized in that many computers are busy validating these. So there’s no single point of failure. It has an increased security mechanism through its cryptography, is very efficient, and also faster and cheaper than relying on a long chain of intermediaries. When we speak about financial services and Insurance Services, we think of many parties involved and lots of paperwork. So this is a perfect technology for that. But most importantly, this leads towards programable money or programable Blockchain.

Smart Contracts

As an example, Netflix was around for quite some time. It only took off once the cost of data storage came down and bandwidth increased in terms of internet connection. So even though smart contracts have been around since the 1990s, they needed to wait for this catalytic technology known as Blockchain to debut themselves in this prime time. Wei Dei was the initial thought leader in smart contracts. He created an anonymous loan scheme with redeemable bonds and lump-sum taxes to be collected at maturity or automatically. We also saw Nick Szabo perfect Wei Dei’s model, where he proposed using cryptographic mechanisms to enhance security. This is where Blockchain fits in. If you think of a smart contract, you could think of a computer program running on top of a Blockchain or Blockchain nodes distributed among untrusted or anonymous parties without the involvement of a third party. You can trust in the technology to validate and execute itself.

In terms of the first successful implementation, we did see that with Bitcoin and Bitcoin script. Initially, it was a simple form, a pay-to-public-key-hash, and a pay-to-script-hash. But we have evolved since bitcoin’s inception in 2008-2009. We’ve seen other more complex contractual functionalities come to the forefront through Ethereum. And that’s Ethereum’s virtual machine. But we can also see that this technology is still in its infancy, and there is a long way to go before it is fully adopted in every business across the world. But I think from the Harvard Law School, the best way to put a smart contract is “Code is law.” If you want to deep dive into this topic, smart contracts and Blockchain have enabled a new form of governance, a new form of an organizational structure called a DAO, a Decentralized Autonomous Organization.

Why do we need smart contracts? 

Because they’re running on a blockchain, it shows an immutable record of the data. The underlying technology, Blockchain, then mitigates a single source of failure; it enables autonomous functions. With Tesla, we see self-driving vehicles, robotics, and AI – all of these Fourth Industrial Revolution technologies following an autonomous approach. If you look at smart contracts, they help automate administrative functions and things that require validation by many parties in the value chain. Think of it as a smart contract that automatically triggers under certain conditions. That’s known as a parametric or parameter-based smart contract for certain outcomes.

Traditional paper contracts rely on intermediaries and third parties, which is what smart contracts can do. But in terms of smart contracts, there are two types, you get public smart contracts, and you get permissioned smart contracts.

This is not the Pangea of everything; there is a caveat, there are challenges that still exist in smart contract adoption because the code can have bugs that can be exploited. We need to have code verification. There also needs to be a compliance aspect with mandatory regulation, which requires programmers and lawyers to collaborate and work together or be one of the same. That requires changes to legacy laws and regulations and updates to the underlying Blockchain, which is a source of risk.

Public and permissioned smart contracts

Public smart contracts are like your Ethereum-based Blockchain. It’s an open ledger for all to view; anybody can interact with it and create a smart contract on top of Ethereum. To prevent spamming, you must pay a certain amount called gas. So gas is needed to run on a blockchain or utilize the Ethereum virtual machine or world computer. In terms of its applications, you can create decentralized applications which are censorship-resistant and have zero downtime. You can create other applications such as identity management. The German government has also explored this. Synthetics are tokenized or real-world assets that are converted into digital form. They’re tradable in a frictionless and cost-effective manner on a blockchain.

Permissioned smart contracts, on the other hand, are used by larger, more sensitive business use cases. Consortium collaborations use a hyper ledger or a quorum to facilitate that. That would look at banking, insurance, voting, provenance, and supply chain.

Open Finance

Now that we understand Blockchain, we understand smart contracts; we understand the value that it adds. Open finance is a superset and is made of open banking and insurance. These regulations came into effect under the second Payment Service directive to make banks open up the APIs so that businesses can create new use cases. Customers can also decide how and where they provide their data. This creates a broader range of financial services and products around savings and investments.

DeFi is decentralized finance. These are investment tools running with smart contracts on top of a Blockchain. These are referred to as Web 3.0. CeFi is centralized finance which is the traditional sector, and that’s Web 2.0.

We can see that there’s been a convergence across the ecosystem between CeFi and DeFi, where we are then moving from information to value. Opening your APIs allows dApps to create new dApps, which are decentralized applications to create new financial products, for example, banking as a service, insurance stock or pensions, products, and credit scoring aggregations. That’s where the convergence of DeFi and CeFi happens.

Open Insurance

Open insurance is still in its early stages, but the movement is growing, but it is not yet mandated.

This would follow open bank projects or open banking frameworks around the second payments services directive. Open insurance companies would allow customers to access and share their data with other insurance or third parties in a safe, agile, accurate, and convenient way. 

It speaks a lot about how the insurance sector opens these APIs up in an interoperable way? How do they integrate that? How do they place the customer at the heart of the process and the business, and how do they create new use cases that would not be possible currently because the data is siloed. Parametric insurance is probably one of the most exciting areas to delve into, which uses parameters and then self executes.

Another nice one is “insurance as a service” products can be created, such as micro-insurance. A good example would be a cyclist, who can tap into his life insurance policy such that every time he is on the road, he has a cover. So, you pay insurance only when needed.

Some nations are pursuing this through public consultations. Brazil has published guidelines and standards for open insurance. Italy is also exploring an open insurance initiative. Interestingly by 2025, 67% of insurance businesses will change their business model. 

We shouldn’t take this lightly, as change is disruptive and exponential. 

For example, we can look at IoT devices being used in tandem with insurance policies. If you are healthier, exercise, and wear your Apple iWatch, or your Samsung watch, that data is provided to ensure you’ll get lower premiums because they are getting the data that tells them that you’re less of a risk in this case.

Blockchain use-cases

We see smart contracts around mortgages or home loans in banking, where customers could save $960 per loan. According to Capgemini reports, banks have cut between $3 billion and $11 billion of annual costs just on administration. That money can then be diverted to more productive uses, green technologies, employee wellness programs, etc.

Another big use case around this would be looking at customer requirements, anti-money laundering, and open-banking APIs that will allow Web 3.0 to create new digital services and products that are not currently available. That enables a frictionless digital service.

The insurance sector is a perfect use case for smart contracts and Blockchain. But it’s all around removing areas of vulnerability and areas that have errors around administrative processes. In terms of smart contracts, APIs, and decentralized applications, the two most important aspects are –

  • Data input function. 
  • Data validation or security function.

The data input function is where the data gets inserted into the blocks on the Blockchain through trusted data articles. This is via APIs through API gateways. 

Data security is around cryptography, but the smart contract exploit can occur if one of these two is compromised.


API3 has the mission to make APIs compatible with web 3.0 fully. This is so that dApps and smart contracts can consume data in a way that is trusted in a first-party nature, eliminating third parties. We’ve seen business models such as Uber, eBay, and Airbnb, all powered by APIs completely. APIs and the flow of data connect infrastructures and companies. Web3.0 must be able to access any kinds of services that the web is currently offering to interact with the real world and fight for smart contracts or parametric products to know what the data input function is. This will allow new digital agreements, expanding markets with decentralized networks, and new products. 

We’ve termed it API3 because this is the third iteration of the API for Web 3.0. Since 2018 we have worked on connecting APIs to Web 3.0. We saw that limitations drove us to innovate and create novel solutions that benefit API data providers and those that consume the data on the demand side, which are decentralized apps and smart contracts. With API 3, we created a product called the Anode, which is EVM Ethereum virtual machine smart contract compatible. We are also Blockchain agnostic, meaning that we see the Anode as an open-source infrastructure service that will then be able to connect to other Blockchains. You will be able to connect your APIs to all the Blockchains.

The current issue that API3 is solving is the smart contract and decentralized app API connectivity problem. So blockchains have their own consensus mechanism. They cannot connect directly with Web 2.0 APIs. You need a type of infrastructure that allows you to connect in that way. There are third-party data solutions out there. But you’re entrusting a third party to relay the information. Whereas if you could just run the infrastructure yourself, you can ensure that the data is correct in the first place. So with any third party, trust is minimized. This decreases cost efficiency. 

So, we’ve created an enterprise-ready, government-state-ready API gateway that is open source called the Anode. The Anode is a simple serverless function that allows an API to connect to Blockchains without active management and third-party use. So it’s maintenance-free. You can connect it to any cloud provider. If you’re using AWS, it’s a simple lambda function, and you remain in full control of your data. So it is GDPR compliant.

We have built the Anode from the ground up. If you think of this data article, it has privacy by design ingrained into it. It has built-in control features that allow any API data provider that wants to monetize the data to Web 3.0 to control certain parameters and control the infrastructure at the end of the day.

Benefits –

  • Quick to set up – can be deployed as a part of the existing API infrastructure in less than a day.
  • Set and forget – Requires no specific know-how to deploy and operate.
  • Maintenance-free – Requires no operator management due to fully managed serverless technology.
  • Stateless – Extremely resilient against any problem requiring operator intervention.
  • Built on pay-as-you-go services – You can deploy this for free. It is an open-source infrastructure. It also has a cryptocurrency-free option.
  • Sole Arbiter / API Key Control – 
    • Terms of use and access controlled.
    • Safelisting / Denylisting
    • KYC features embedded.
Giovanni Lesna

Giovanni Lesna

Head of Enterprise & Partnerships at API3
Giovanni Lesna is Head of Enterprise and Partnerships at API3.

APIdays | Events | News | Intelligence

Attend APIdays conferences

The Worlds leading API Conferences:

Singapore, Zurich, Helsinki, Amsterdam, San Francisco, Sydney, Barcelona, London, Paris.

Get the API Landscape

The essential 1,000+ companies

Get the API Landscape
Industry Reports

Download our free reports

The State Of Api Documentation: 2017 Edition
  • State of API Documentation
  • The State of Banking APIs
  • GraphQL: all your queries answered
  • APIE Serverless Architecture