Key Takeaways from AGAMA API Management platform:
- Cost optimization – due to using only stable open source tools.
- Full control – easy access to configuration and source code allows you to avoid the locking effect.
- Infinite flexibility – possibility to use the platform for both external and internal purposes.
- High performance – the solution architecture allows for both vertical and horizontal scalability.
What is Agama API?
Agama API is an API Management Platform for comprehensive management of services in your organization.
Significantly extending the idea of API Gateway, our platform was designed with a complete production process in mind, from development through monitoring how individual services are used to publication of the necessary documentation.
By combining the technological capacities of Agama API and the knowledge of our consultants, we successfully use our platform not only to ensure compliance with PSD2, but also to build new business value which you can monetize.
The solution’s module-based construction, enhancing its flexibility, ensures the necessary level of freedom for you to adapt the platform to your own needs and optimize the Total Cost of Ownership.
Security, flexibility, scalability and reliability of the solution, combined with our experience gained during production deployment are what definitely distinguishes our solution on the market.
New PSD2 and MIFID2 regulations seek a compromise between security and usage convenience.
Zbigniew Jagiełło, CEO PKO Bank Polski S.A.
Agama API and PSD2
Without a doubt, the new regulations will significantly influence the whole market of financial services, including banks and FinTech institutions, which is why your organization should prepare for changes both in business and in IT.
BlueSoft consultants, after a detailed analysis of PSD2 regulations and standards, prepared a solution addressing all formal needs and opening the opportunity for increasing the use of an organization’s potential by sharing and monetizing services.
In the context of PSD2 regulation, which accelerates the promotion of the Open API model, organizations are faced with strategic decisions which influence their ability to take advantage of opportunities and mitigate risks resulting from sharing API with third-party partners (integrators, fintech and other financial institutions). The reason for this is that changes introduced by PSD2 will significantly influence the model of distribution of communication between the financial institutions and the client. The core of the changes enabled by PSD2 will be an increase in popularity of universal financial platforms, independent of particular financial institutions, aggregating products and services from multiple entities.
Will market players limit themselves to fulfilling the regulation’s requirements and being API manufacturers?
Implementing Agama API provides an opportunity to significantly increase their market status and make themselves known as an active distributor on the Open API market by:
- Developing and sharing API that is enticing for partners,
- Monetizing the use of shared APIs?
- Using APIs shared by other institutions, aggregating data obtained by them in order to increase the attractiveness of own products and services?
- Establishing cooperation with partners (including ones from outside the banking sector) so as to expand their own offer by additional products/services?
- Building new products and services on the basis of own APIs and APIs available on the market.
Agama API in detail.
Agama API is an API Management Platform for comprehensive management of services and third-party partners using your organization’s services.
It was designed as a unique combination of our own solutions and Open Source components.
In order to ensure a minimum variety of technologies used in the platform, we decided to use Java, one of the most popular programming languages used in enterprise-class business systems. Most components use spring framework to ensure basic infrastructure for business functionalities.
The platform’s components were prepared as containers so that the most popular orchestrators can be used, such as AWS ECS, Open Shift or Kubernetes.
Integration between modules is based on the REST standard. Managing access to the application and services is performed in accordance with security standards (Oauth2), and user interfaces of the main components are additionally protected against CSRF attacks.
The core of the platform are two applications: API Manager and API Gateway. The first one is responsible for managing services and data of API consumers (service-triggering entities). API Gateway is in charge of sharing services. Triggers are cached to ensure high performance.
The other components add functionalities to the platform, such as managing access to application, presenting the specification of the shared services, registering service consumers, notifications or billing.
The platform’s high-level architecture along with its modules are presented in the diagram below:
Description of components included in Agama API platform:
1. API MANAGER
The API Manager application enables management of service consumers (such as TPP) and API services. Configuration of partners and services in API Manager is used when authorizing service triggers.
The application’s user interface enables access to its functionalities in accordance with the roles assigned to a user.
The component performs the following business processes:
- Managing services (adding and editing services and their versions).
- Editing and managing the publication of service descriptions and specifications.
- Managing TPP partners (including partner data and service subscriptions).
- Managing tariff plans
- Preview of API services trigger reports (in the context of services and partners).
API Manager plays an important role in the process of authorizing access to API services provided by API Gateway and provides information about:
- TPP’s status
- TPP’s rights to use a particular service
- The status of the triggered service
API trigger events are counted and saved in API Manager database, and are used to present use reports and for the purposes of the rating process.
2. API GATEWAY
The component responsible for sharing API services. As part of the service triggering process, API Gateway communicates using REST services with the API Manager component, with systems managing access inside the organization and with source systems providing data for services.
API Gateway module is responsible for:
• Sharing services with TPP partners.
• Registering new versions of services in API Manager.
• Verifying rights to services by communicating with access management systems in the organization and the API Manager.
• Publishing information about service triggers
3. PARTNER/DEVELOPER PORTAL
The Partner/Developer Portal is an application for sharing outside the internal network, performing the following functionalities:
Sharing documentation with descriptions of services made available to the partners
Registering partners who are interested in establishing cooperation in using API services
Sharing a sandbox for testing services in a safe environment with registered partners
Sharing information with registered partners concerning their subscriptions to services, statistics of use, billing data, etc.
FAQ and support for registered partners
4. RATING
A system responsible for calculating the rate for triggering API services. The rating process is based on the following information collected in the API Manager:
• API trigger counters (UsageCounters)
• Data of the triggering subscription, i.e.:
o API service
o Tariff plan
API consumer data
Upon clearance, the counters of API triggers are automatically propagated to the billing system as clients’ (API consumers’) orders for products corresponding to API services.
5. BILLING
A system responsible for registering orders for partners on the basis of information about API service use. The component is integrated with API Manager (synchronizing data concerning TPP and services-products) and with the Rating module (creating orders). The system enables generating a report from the created orders, has billing and invoicing functionalities.
6. SANDBOX
A component sharing test versions of API Gateway services. Sandbox enables a test trigger of an API service in a safe, non-production environment. API Gateway Sandbox returns sample answers defined for each service. Sandbox is integrated with the partner portal.
7. IDENTITY MANAGER
A system for managing the identity of internal and external users. Supports SSO, enables integration with LDAP and mapping user groups, e.g. in the Active Directory, onto API Manager application roles, and grants access to API Manager and the Portal in accordance with the user’s configuration.
8. IMPORT MODULE (Data Integration Module)
This module is responsible for importing third-party partner data to the Agama API system. In the context of PSD2, it is responsible for integration with the so-called licensing authority register for certifying partners, which in Poland will ultimately be the National Clearing House.
Challenge: Seeing to the key aspects of IT transformation
The new regulations will undoubtedly and significantly impact the shape of the entire financial services market, including banks and FinTech institutions, which is why your organization should anticipate the changes to both Business and IT. BlueSoft consultants, after an in-depth analysis of, for instance, the PSD2 regulation, have identified three immensely important factors which, if properly addressed, may influence your future market position.
SECURITY
All financial institutions are characterized by high security of the services offered, even more so when making API available to a large number of users.
High flexibility resulting from the need to operate multiple authorization and authentication scenarios necessitates introducing a certain level of flexibility while maintaining own credibility.
SCALING
Making API available at a larger scale forces your organization to see to appropriate horizontal and vertical scaling of the entire solution (including the application and the infrastructure). .
Seeing as there is potential for virtually indefinite vector of interest in available API, it is a key aspect from the point of view of providing the appropriate Customer Experience for your end user.
MONETIZATION
The new regulations necessitate developing new business models and profit-ensuring standards with relation to using your services available, for instance, via API.
Increased interest in available services requires that your organization uses an efficient and transparent model to monetize on API requests.
Obviously, it must be realized that these are not all challenges and factors that may influence your organization. However, it is our assessment that perfectly addressing the issues of security, scalability and monetization, with adequately designed production and maintenance processes, e.g. Agile and DevOps, allows you to be reassured about your future.