API design in FinTech is constantly evolving but fraught with unique challenges and opportunities. We’ll review the modern history of FinTech APIs and key trends and offer some tips for building them, especially if you’re looking ahead to next-generation systems. We’ll also touch on what it means to integrate with various FinTech APIs.
Background and Evolution:
FinTech APIs have come a long way, but before we discuss the present and future, let’s take a quick look back. Some of you might remember the days of EDI (Electronic Data Interchange). EDI predates the internet and modern APIs and was an early attempt at standardizing how financial institutions could exchange data. Although it was groundbreaking for its time, it was far from easy to work with. EDI was clunky, inefficient, and a nightmare for developers.
Fast forward to the more recent past, we’ve seen solutions that were equally painful. A notable example is site scraping, which, while creative, was unreliable and insecure. One of the best-known examples of this was Mint, a personal finance app that allowed users to track their budgets by connecting to banks and brokerages. However, to achieve this, Mint asked for your bank credentials to scrape your data from the website—an incredibly risky approach.
Regulatory Push for APIs:
The financial institutions were reluctant to open up their data. They wanted full control, preferring to hoard rather than share. That all began to change with new regulations like Open Banking in the U.S. and PSD2 (Payment Services Directive 2) in Europe, which mandated that banks must provide consumers access to their own data. These regulations didn’t explicitly call for APIs, but APIs quickly became the best way to comply with these new rules. Now, instead of site scraping, developers can access banking data more securely through OAuth and APIs.
This regulatory shift opened the floodgates for FinTech innovation. Startups could now build more reliable and secure products that interacted with banks, brokerages, and other financial institutions. OAuth also improved security by removing the need for third-party FinTech companies to store sensitive user credentials.
The Rise of FinTech API Leaders:
Alongside this regulatory shift, we’ve seen new technology companies in FinTech emerge as leaders in the API space. Stripe is often regarded as the gold standard for APIs. Stripe not only built incredible developer experiences, but it also pioneered design elements, like the now-standard three-column documentation for API references. In fact, Stripe has become the model for high-quality API design, setting the bar for other FinTech companies to meet.
Expectations for New APIs in FinTech:
As more companies move into FinTech, the bar for high-quality APIs has risen. Developer experience (DX) is paramount. APIs must not only be functional but easy to use, well-documented, and consistent across the board. However, while high standards are expected, benchmarks like those from Stripe offer guidance.
One way to ensure consistency and ease of use is by aligning API designs with industry standards. Unfortunately, when it comes to modern APIs in FinTech, there’s a notable gap in established standards. APIs related to credit card processing, for instance, often rely on legacy standards like ISO 8583. However, for REST or GraphQL APIs, there is little to no standardization, leaving developers to rely on guidelines rather than rules.
Patterns and Best Practices for FinTech APIs:
Although there isn’t a universal standard for FinTech APIs, there are some emerging patterns that you can adopt to ensure your APIs are robust and future-proof:
- Consistent Data Types: When it comes to handling currencies, most FinTech companies are using integers instead of floats to ensure precision and reliability. This is a small but critical decision that can have a huge impact on data integrity, particularly for financial applications where rounding errors can’t be tolerated.
- Idempotency: Idempotency is another crucial feature, particularly in FinTech. You don’t want duplicate transactions occurring because a request was accidentally sent twice. Providing an idempotency key as part of your API requests ensures that even if the same operation is called multiple times, the system will only execute it once.
- Authentication and Authorization: OAuth has become the standard for client-to-server authentication, particularly when users are interacting directly with your API. However, for server-to-server interactions, basic authentication is still quite common. Understanding the appropriate use case for each method is key to building secure and reliable APIs.Additionally, scope management is critical, especially in FinTech, where PCI compliance mandates that access to sensitive data like cardholder information be restricted to those who need it. Establishing fine-grained scopes for administrative vs. user-level permissions is an important aspect of API security.
- Sandbox Environments: Given the nature of financial transactions, it’s imperative that developers have access to a sandbox environment for testing their applications without risking real money or data. Many FinTech companies provide sandbox accounts, and it’s becoming an industry expectation.
Incentivizing API Consistency:
While regulation has helped to push financial institutions to adopt APIs, consistency remains a challenge. There are some companies that are leading the charge to enforce better API standards. For instance, Plaid, through its Plaid Exchange, has incentivized financial institutions to build their own APIs to meet Plaid’s integration requirements. This has encouraged consistency across financial APIs, at least for those integrating into Plaid.
We hope to see more initiatives like this that push financial institutions toward adopting consistent API standards, as it will lead to easier integrations, less friction, and a better developer experience.
Conclusion:
The FinTech landscape is evolving rapidly, and APIs are playing an increasingly critical role in that transformation. While regulatory frameworks have pushed financial institutions to open up, the bar has been raised for companies looking to build their own APIs. Consistency, security, and a top-tier developer experience are now table stakes.
At the same time, a gap in industry standards still needs to be addressed. By aligning your API designs with the emerging best practices we’ve discussed today—such as using consistent data types, implementing idempotency, managing scopes and permissions effectively, and offering robust sandbox environments—you can build APIs that meet the needs of today’s FinTech ecosystem.
As we look ahead, there’s a growing hope that more companies like Plaid will push the industry toward greater API standardization. Until then, it’s up to us as developers and innovators to build with consistency and interoperability in mind. Keep setting the bar high for FinTech APIs, and we’ll all benefit from a more interconnected, innovative financial ecosystem.