Driving Digital to Systematics Using APIs to Enable Digital Agility

April, 2017 Gautam Bhan, Services Practice Executive

Session Highlights

• Creating the “Digital” experience

• Core architecture evolution and integration challenges

• Mediated APIs as an abstraction pattern that enables digital agility

• Integrating to Systematics using APIs

• API design and development

• Security use cases

• API demonstration

• Key takeaways, Q&A, wrap up

2

The Digital Experience – an Evolution of the Customer Interaction Model

Evolution of the Customer Interaction Model

Creating a Seamless, Rich User Experience

Traditional Branch

• Full service

• Banker’s hours

• Fixed location

• No device constraints

• Some fulfillment may lag

ATM

• Partial service

• 24/7 for some functions

• Additional locations

• No device constraints

• Some fulfillment may lag

IVR/Call Center

• Full service

• 24/7

• No geo constraints

• Telephone needed

• Some services may lag

Online Banking

• Partial services

• 24/7 for some functions

• Limited to PC locations

• Access to PC needed

• Some services may lag

Mobile Banking

• Partial services

• 24/7

• No geo constraints

• Personal mobile device needed

• Some services may lag

Target Digital Experience

• Everything

• Anytime

• Anywhere

• On anything (IoT)

• Fulfill now

4

Barriers to Achieving Target Digital State

• IT and Digital Business run at different speeds

• Integration and core changes can be the long pole and slow agile innovation

Agility and Time to Market

Cost and Time to Change

Area of

maximum

friction

5

Driving Digital Access to Core Assets

Benefits

Evolution of the Core

Monolithic Architecture

• All-in-one

Modular Architecture

• Multiple modules with logical aggregation of business functionality

Component Architecture

• Best of breed components

• Incremental transformation

• Abstraction of Core assets

Microservices Architecture

• Decomposed, containerized, individually scalable functionality

• Integrated Development and Operations

Screen/transactions

SOA Services

APIs

Microservices

6

Digitally Enable Core Core Currency - Opening Integration – API Enablement

Extend Business Capabilities with Enterprise Business Components across all FI Cores

Enable Customer Relationship Centricity

Enable Customer Active Analytics Digital Banking Integration

Improve Operational Model & Process Rationalization

Systematics Modernization Focus Areas Each bank will modernize and evolve their banking capabilities with a sequence and timeframe aligned to their business and technology drivers and their capacity to absorb and implement change into their environment

Banking

Modernization

1

2

3

4

5

Mediated APIs Enable Digital Innovation

APIs are foundational for any digital business.

They enable the API economy, multichannel

applications, pervasive integration and other

digital business scenarios. Application

architecture leaders should strategically adopt

the mediated APIs model to enable and

protect their APIs.

Reference: “Mediated APIs: An Essential Application Architecture for Digital Business” -- Gartner, 26 August 2016

9

APIs Defined

• Application Programming Interface (API) is a term used to describe interfaces for software to

invoke other reusable software functionality

• APIs have been around for many years in different forms on different technology platforms

• APIs can invoke reusable software in-process or remotely (i.e. located on a different computer)

• APIs represent the façade of the interface, various providers implement the APIs

• For the purposes of this discussion the following context is assumed:

– APIs are invoked using the Representational State Transfer (REST) communication protocol

– HTTP is used as the underlying protocol (specifically the use of the HTTP 1.1 verbs GET, POST, PUT, and DELETE)

– API call request and response payloads are transmitted using JavaScript Object Notation (JSON) format

– “Swagger” is used as the framework for designing, documenting and invoking RESTful APIs

– The terms “Business APIs”, “Web APIs” or “APIs” are used interchangeably to refer to outwards facing (via the web) easy-to-use interfaces for common business assets (e.g. Account, Customer, etc.)

10

APIs and Application Architecture

• “Services” are an essential element of a Services Oriented Architecture (SOA)

• In recent years SOA has been a dominant enterprise architecture pattern for implementing IT

solutions

• SOA relies predominately on “macro” services, often using XML and SOAP

• SOA services have had challenges, among which are:

– Complicated SOAP interface with large payloads that are not easy to consume

– Services taxonomy primarily oriented around System of Record (SOR) view rather than end consumer

• Future application architectures are trending towards a “mesh” approach

– Distributed, loosely coupled autonomous components

– Technology and platform agnostic, event-driven, auto scaling back-end services

– Composed, loose mesh of apps and “microservices” invoked via APIs

11

Microservices Concepts

• An architecture pattern in which applications

are composed by employing smaller services

that execute autonomously

• Microservices run inside “containers”, which can house services built using a variety of

technologies, and can run on various

technology infrastructures

• Containers can be made to auto scale

depending on demand, using workload

management solutions

• Microservices communicate with each other,

usually employing an asynchronous event

mechanism

• Microservices may or may not be directly

associated with presentation (UI)

• Microservices maintain their own persistent

data

• Stateless

• Individual smaller function, organized around

very specific business functionality

• Communicates via REST/HTTP

• Could be deployed in a hybrid model, on

premise for predictable load, in the cloud for

higher load

Commonly Understood Characteristics

12

Virtualized Microservices

• Systematics microservices implementations are “virtualized” interfaces

• Mediations built on top of existing HTTP interfaces to the core as well as “true” microservices (cloud or on premise)

– Capability to abstract and aggregate across Systematics and other components

– Translation between semantics, protocols, security mechanism, etc.

– Enables low-impact incremental evolution of back end components

• Organized and designed around meeting specific business needs

– Driven by front-end requirements, rather than being transaction or screen centric

– Granular, easy to use -- hides complexity of back-end interfaces

• Scaling characteristics determined by implementation

– Back-end SOAP/REST services scale traditionally

– Aggregated cloud-based containerized microservices scale and recover dynamically

13

The mediated APIs

architectural model is a

solution for enriching and

protecting interactions

between distributed

components. Reference: “Use Mediated APIs to Connect Your Legacy and Packaged Systems With Modern Applications” – Gartner, 26 August 2016

14

Abstraction Through Mediated APIs

15

Systematics Integration -- Today

• Systematics Web Services

• Systematics REST Services

• Screen-oriented

– 3270 “Green Screen”

– Browser Based Interface (BBI)

– “Screen Scraping”

• Canonical model based

– Xpress (IFX)

• Other – MQ, etc.

16

End to End Integration with APIs

• Core “system” microservices virtualize

existing integration

• Business-driven design

• These services can

aggregate or orchestrate

other cloud-based

microservices that are

containerized, auto-

scalable, etc.

• Enable front-end

innovation to run faster

17

Designing and Building APIs

API Implementation Approach

• Establish standards for exposing APIs through an API management solution

– “Outside facing” APIs abstract the domain model and provide a mapping between semantics, protocols, security mechanisms, etc.

– Drive API design from the outside in, rather than inside out -- existing integration typically tends to reflect the domain model

– Use API management as a pass-through proxy for existing business-oriented fine grained back-end services

– Mediate granular APIs focused on business needs to coarse services as appropriate

• Design business APIs based on real consumer needs

– Without concern for technology platform and core capabilities

– Abstract complex message-centric processing

– Should be concise and simple to consume

• Establish API governance and lifecycle management strategies

• Respect the interface and refactor implementations as technologies and back-end topologies evolve

19

Partial List of Prototype Operations

API Starter Kit -- Systematics

GET /customer/{customerId}/accountlist

GET /account/{acctId}/recxfer/inq?type={val1}&ctl1={val2}

POST /account/{acctId}/histinq

POST /account/{acctId}/recxfer/add

POST /account/{acctId}/recxfer/upd

POST /account/{acctId}/recxfer/del

GET /account/{acctId}/deposit?type={val1}&ctl1={val2}

GET /account/{acctId}/loan

GET /customer/{customerId}/profile

GET /account/{acctId}/loan/payoff/{payoffAsOfDate}

POST /customer/{customerId}/address

POST /customer/{customerId}/accountrelation/add

POST /customer/{customerId}/accountrelation/del

POST /transferfunds

20

Partial List of Prototype Operations

API Starter Kit – Enterprise Customer

GET /banks/{bankId}/customers/{customerId}/preferences

POST /banks/{bankId}/customers/{customerId}/preferences

GET /banks/{bankId}/customers/{customerId}/extattributes

POST /banks/{bankId}/customers/{customerId}/extattributes

GET /banks/{bankId}/extattributes

POST /banks/{bankId}/extattributes

POST /banks/{bankId}/customers

GET /banks/{bankId}/customers/{customerId}/profile

GET /banks/{bankId}/customers/{customerId}/retrieveip

21

Partial List of Prototype Operations

API Starter Kit -- Profile

GET /public/accountList/{custNumber}

GET /public/customerInformation/{custNumber}

GET /public/emailAddress/{custNumber}

22

API Security

Security Use Cases

• Bank employee accessing internal application

– Call center or teller application

• Bank customer accessing internal application

– Online banking or mobile application

• Bank customer accessing 3rd party application

– Personal finance manager or peer-to-peer payment application

24

API Security Concepts

• API authentication through industry standards such as OAuth 2.0

• Use of Transport Level Security (TLS) to provide security of data in transit

• Key Manager component of API Manager software handles all security and key-related

operations

• Allows for use of an external Authorization Server, which works as an intermediary between the

client and resource owner

• Access Token passed as an HTTP header of a request and used to authenticate API users and

applications

• JSON Web Token (JWT) used to represent claims that are transferred between two parties, such

as the end user and backend systems

25

In House Security Model Example

• Access Token: used by

the API Gateway to

validate that the digital

application is

authorized to access a

service

• JSON Web Token (JWT):

passed to the endpoint

for fine-grained

authorization

26

API Demonstration

Demonstration Use Cases

• Aggregated Customer Inquiry across multiple systems of record

– Secondary CIS system for additional attributes

– Data mart for profitability score

– Dynamic extension of customer data

• Deposits APIs

– Balance Inquiry

– Funds Transfer

– Granular services mapped to existing integration (virtualized)

• Lending APIs

– Consumer lending

– Auto Finance

28

Aggregation Use Case

• APIs allow abstracted access to core

data and functionality

• Allows transparent access to

heterogeneous mix of components

• Shields front-end systems from

incremental transformation of back-

end systems from monolithic to

component-based

29

Virtualized Microservices Use Case

• Virtualized microservices allow agile

development of business-specific

APIs for use by rapid front-end

development

• One specific business function per

service

• Virtualizes existing integration to

provide a lightweight granular

interface for rapid consumption

• Can be aggregated with other cloud-

based containerized microservices

30

Key Takeaways

• Mediated APIs are a go-forward Systematics integration mechanism and allow for Digital

innovation

• Create mediation layer as first step to establish abstraction

• Follow with targeted mediations targeted towards business API needs

• API design requires careful consideration with regards to insulating business needs from back-

end characteristics

– Drive API requirements from the “outside” and map to “inside” interfaces

– Implement API governance at the onset to establish processes and avoid API proliferation

– Implement API management capabilities on the onset

• Establish API lifecycle policies, including deprecation approach

• Iterate through back-end model as transformation occurs incrementally

31

References

The following research was used in this presentation:

1. “Use Mediated APIs to Connect Your Legacy and Packaged Systems With Modern Applications” -- Gartner, 26 August 2016

2. “Mediated APIs: An Essential Application Architecture for Digital Business” – Gartner, 26 August 2016

3. “The Programmable Bank: How Banks Can Deploy and Monetize Open APIs” – Aite Group,

November 2016

32

Thank You Gautam Bhan

gautam.bhan@fisglobal.com

Douglas Atkinson

douglas.atkinson@fisglobal.com