As open banking comes into force at the beginning of 2018 the UK's banks are racing to build and deploy robust application program interfaces (APIs) for the first time.
HSBC was the first to publish an open banking API last month, and it has already built a new mobile banking app to test out some of the features open banking promises to bring.
Computerworld UK sat down with David Knott, chief architect at HSBC, to talk about the technical that has gone into the "API-ification" of the bank ahead of the open banking regulations coming into force.
An API, in short, allows one piece of to 'talk' to another piece of software. They generally facilitate real-time applications.
This is useful in banking for a number of known, and as yet unknown ways. One example is of an API which connects your bank account to a mobile app to facilitate real-time categorisation of transactions, giving customers a better view of their finances than previously allowed by traditional banking apps that had to wait to sync up with old legacy systems.
Knott categorises the work HSBC is doing into two parts: what he calls "the plumbing" and the value-added services the bank can start to offer customers once this is in place.
He describes the 'plumbing' as: "Making sure we have the connectivity to backend systems with APIs that meet our standards. While that is work, a lot of that is building on the general API-ification of the bank we are undertaking anyway to pursue our digital transformation agenda."
Open banking has imposed some additional requirements, such as authenticating the third parties that are interacting with the bank. HSBC is using specialist identity management software vendor ForgeRock for this, using the platform as its underlying directory for customer’s digital identities and the third parties connecting to their APIs.
It's this area that still gives Knott, and others in the industry, pause for thought. "There is one thing that we need to make sure as we move towards the implementation of open banking, and I mean we as an industry, is make sure that the accreditation and authentication of the third parties that are going to turn up and participate in this ecosystem are rock solid.
"We have to pay attention as we are going to be exposing APIs, which means we are sharing our trust with those people, so we need to ensure that all of the companies that are turning up are worthy of that trust."
Then there is what Knott considers the more interesting part, namely what the bank can start to offer customers once this plumbing is in place.