API Management components:

• API Gateway
• API Integration & Services
• Reporting & Monitoring Interface
• API Publisher
• API Store
• API Management Analytics
• RESTful API Microservices

The API Gateway retrieves the request initiated by User via the Client Application hosted by TPP and sends it to the Identity Server (hosted by the bank), for achieving User authentication. FinTP-Connect implements also the Strong Customer Authentication specific flows.

The Identity Server returns an Access Token to User through the Client Application, via the API Gateway. A series of subsequent actions are allowed: Return Access Token, Refresh Token.

Based on the Access Token already received, the TPP sends User request to the Resource Server through FinTP-Connect (API Gateway and API Integration & Services components).

The Resource Server delivers data requested by the User to the Client Application hosted by TPP, via FinTP-Connect (API Gateway and API Integration & Services components).

FinTP-Connect provides data via standard APIs, open to TPPs. Different Standards can be adopted for the requests and responses sent in relations to TPPs, ranging from the wide spread, country or regionally approved, to the customized ones for cross group communications, depending on banks specifications and particularities.

TPP management is used for access validation and User activity tracking. This feature includes insights for TPPs with regards to API usage, resource usage, subscriptions or users per application. Monitoring traffic per API can estimate the frequency of tier limit hit of a particular user, that is throttled for reaching a subscribed tier limit of a specific API, which indicates the need for a tier upgrade.

Payment data processed by FinTP-Connect is monitored and analyzed, from several perspectives, including TPPs preferred by users for their transactions, access patterns, or types of financial services accessed.  This information can be used afterwards for predictive analysis, new business services creation and anti-fraud purposes. Payments could be as well initiated by clients through other banks authorized as TPPs, considering a new business model approach.

Data processed by FinTP-Connect is leveraged and used to provide operators details on the patterns or types of services clients access through different external entities. This information can be related to internal reports on services already contracted by particular users, in order to generated relevant and personalized cross selling.

FinTP-Connect is an application that centralizes and consolidates data from internal applications, as well as external entities. It represents a single entry point for TPPs accessing data exposed by the bank. At the same time it aggregates services from multiple internal resources to generate the response to a request. In the process API Integration & Services component ensures format conversions so that internal systems do not have to be adjusted, regardless of their export capabilities.

API requests are scanned for compliance with enforced security policies (authentication, authorization, audit and regulatory). Business rules include policies, verification of access limits or security checks.

Integration with electronic invoicing or EDI platforms gives banks insight into their client companies’ data that generates payments. If the bank is an authorized TPP, it can then access the accounts of their business customers held at other banks, initiate payments based on the invoices in the platforms it integrates, and the offer reconciliation services of those invoices.

These together make up the premises for money liquidity as well as automated factoring functionality, both for requests as well as for assessment, in order to providecustom financing offers

The internal format used by FinTP-Connect is ISO 20022

FinTP-Connect receives requests from the PISP/AISP in JSON/XML – ISO 20022 elements format

Data processed by FinTP-Connect is traced and monitored. Various types of reports are available to tech or business operators.

One of the functionalities is balance interrogation.

One of the functionalities is payment initiation.

One of the functionalities is invoice processing, followed by payment initiation and reconciliation with information from the statement issued by the bank.

The API Gateway (a FinTP-Connect component hosted by the bank) retrieves the request initiated by User via the Client Application hosted by TPP and sends it to the Identity Server (hosted by the bank), for achieving User authentication.

FinTP-Connect implements Strong Customer Authentication flows, reusing the bank’s second (or more) authentication factor mechanisms, ensuring a seamless integration with the online banking systems.

Though the Users can perform certain operations on their accounts through TPPs, without being authenticated or asked for a second or multi factor method, the TPP has to be identified each time a User request is performed through their application.

The API Gateway (a FinTP-Connect component hosted by the bank) performs a validation of the TPPs’ details against the details used for the enrollment, as well as other lists. The Identity Server (hosted by the bank) generates an access token for the operation, containing the specifics of the transaction.

The Identity Server returns an Access Token to User through the Client Application, via the API Gateway. A series of subsequent actions are allowed: Return Access Token, Refresh Token.

Based on the Access Token already received, the TPP sends User request to the Resource Server through FinTP-Connect (API Gateway and API Integration & Services components).

FinTP-Connect secures, protects and scales API calls. It contains Business Logic mechanisms that provide rule management for applying Strong Customer Authentication, as well as for aggregating services to generate a response, format enrichment, duplicate detection, or applying additional validations for fraud prevention.

Reporting & Monitoring Interface enables activity monitoring. From a quantitative perspective, based on the data received from API Gateway, it provides statistical reports containing details about the successful or failed authentications. The API Integration Layer offers a qualitative perspective, providing reports for fraud risk identification and management, services accessed by the Services Providers (PISP/AISP), insight on how to monetize these and to generate new services for the bank’s clients.

FinTP-Connect has native built the redirecting authentication method. The user is prompted to enter his credentials used in the relation with his bank, in the screen he is already used to. The API Gateway identifies and authenticates the TPP and the customer, by accessing the Identity Server and by checking credentials, tokens or registry. The API Gateway also collects analytics data and provides it to the Reporting & Monitoring Interface.

Requests and responses in relation with TPPs are in different standard formats, versions or structures, that need to be adapted correspondingly with bank systems capabilities. API Gateway send the TPPs requests in compliance with the security policies in place (authentication, authorization, audit and regulatory compliance) to API Integration & Services component which ensures the management of requests received , passes the requests to core banking systems in their native formats, retrieves responses from the core banking systems and then sends them back to the API Gateway.

FinTP-Connect checks if the TPP was mandated by the end customer and that the pair of mandate and credentials are authorized to perform the requested operation. The Business Logic mechanisms implemented in the API Integration Layer of FinTP-Connect ensure that both the User, and the TPP, as well as the TPP-User pair have the corresponding access for the services requested for a particular client code and IBAN number.

FinTP-Connect provides multiple possibilities of detecting unusual activity, among which analytics based on real time monitoring of the APIs consumption and Applications traffic. These point out abnormal activities with regards to requests counts or resource access patterns, in order to indicate suspicious activity, high traffic, and separate them from system malfunction of client application.  It also monitors and provides insight on API usage across geolocation, or application throttled requests, in order to support uncertain decisions derived from monitoring abnormal activities.

FinTP-Connect can ensure high availability and resilience using multiple processing nodes, each of them representing a new instance. Load balancing is used at cluster level defaulted based on the round robin algorithm, supporting random and sticky mode as well. This ensures both scaling and fail-over capabilities, in case one node (instance) becomes unavailable.

FinTP-Connect also monitors and sends alerts regarding abnormal back end response time or request counts, allowing necessary actions to be taken and address the API runtime or back end issues identified.

RESTful API Microservices. The API service is the functionality that runs in the backend. It ensures compliance with requirements for user account information request flows and for payment initiation flows on behalf of the final user, offering a unique end-point in the bank. This component ensures communication with internal bank systems and conversion of TPP requests and responses to the standard format developed by the Berlin group (or a customer preferred format). The component also supports the monitoring feature that analyzes and reports user activity via TPP.