Application programming interfaces (API) are highly important. They make the digital world tick by allowing different pieces of software to work together. This is not only true within the boundaries of a single financial institution. APIs are also an enabler for future cooperation models, ecosystems or embedded banking, i.e., they act as gateways between financial institutions and other service providers.
However, opening and providing such APIs to the outside world does come with a new set of cybersecurity risks financial institutions have to manage and mitigate. Implementing a consistent cybersecurity strategy has become an important element for success in banking today. Even more so while opening APIs to third-party providers and other banks. The clients trust in financial institutions to keep their data safe, secure and confidential. Data is a valuable commodity which needs to be protected.
Addressing this challenge, Adnovum was happy to lead the discussion within the Swiss Fintech Innovations (SFTI) workgroup Common APIs and to perform a threat modelling to assess the cybersecurity risks of open APIs. As a result, the Common API workgroup has now been able to create a white paper documenting potential risks as well as recommended mitigating actions. This white paper serves financial institutions as guidance for a secure implementation of open APIs.