Resources

Overview

Open banking platforms: Connect APIs, apps, and systems of record

BUILD AN OPEN BANKING ENVIRONMENT THAT ADVANCES BUSINESS 

Open banking provides a new opportunity for banks to monetize the products, services, and data they already have, as well as gain new customers. In fact, nearly 20% of banks have already invested in open banking-related initiatives and 77% will do so by 2019. Going beyond simply meeting regulations can help your organization surpass your competition and increase returns from your investments. To do this, you need a flexible digital environment that connects third-party applications to your application programming interfaces (APIs) and banking systems of record without compromising the security or operation of your systems. It should: 

  • Allow authorized third-party applications to securely access data from your banking systems.
  • Protect your systems from security threats and excess traffic. 
  • Track requests, audit use, and charge users and third-parties for use. 
  • Enable modern development approaches that speed time to market for new products and services and improve developer productivity.
  • Monitor infrastructure health and services to identify and remediate issues before they impact users.
  • Handle large volumes of expected and unexpected traffic. 

Red Hat offers an open platform that includes API management, cloud infrastructure, containers, microservices, automation, and modern development tools to promote ongoing innovation and successful open banking initiatives.

RED HAT’S MODULAR, INTEROPERABLE OPEN BANKING PLATFORM 

Using open systems and modern technologies, Red Hat can help you build a flexible, effective, security-focused open banking environment. 

OPEN PLATFORMS 

Open platforms are essential for creating effective open banking ecosystems. Red Hat’s open source software stack provides key elements—like application services, containers, management, automation, and connectivity—needed for open banking initiatives. Industry-standard interfaces and integration between layers of the stack simplify interoperability between applications, APIs, and systems of record. Without vendor lock-in, you can move applications and services between infrastructures and cloud providers to optimize costs, improve performance, and meet growing demand.

SECURITY FOCUS 

To protect your business and your clients, you need a continuous, integrated approach to security in your open banking environment. Red Hat builds advanced security features—like Security-Enhanced Linux® (SELinux), mandatory access controls, and container-based application isolation—into its products. Compliance with Payment Card Industry Data Security Standard (PCI-DSS), Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs), and Federal Information Processing Standards (FIPS) ensures your environment operates according to the latest, most stringent security standards. Integration between layers in the Red Hat® stack extends military-grade protection throughout your environment.

Additionally, Red Hat’s unique subscription model also gives you access to a dedicated team of experts who support Red Hat technology 24x7. For example, Red Hat Product Security issues fixes for most critical security issues within one day of discovery.

Using a modular approach, Red Hat provides all of the capabilities needed to add open banking APIs to your products and services. Figures 1 and 2 show how Red Hat products work together to process API requests and streamline API development and improvements. 

API REQUEST PROCESS AND DATA FLOW

APIs are at the core of open banking initiatives. Red Hat delivers innovative, tested, trusted components for each step in the API request and data delivery process. 

CONTAINER PLATFORM 

Containers simplify application and API deployment and portability across platforms. This eliminates the need to refactor services to launch them on different infrastructure and makes your environment more efficient. 

An enterprise-grade container application platform, Red Hat OpenShift® provides services to containerized workloads and components. It delivers built-in security features for container-based applications—including role-based access controls (RBAC), SELinux-enabled isolation, and checks throughout the container build process—helping to safeguard your overall API environment. 

In this open banking platform, Red Hat OpenShift serves as the underlying container application platform. Red Hat 3scale API Management, Red Hat Fuse, Red Hat Single Sign-On, and Red Hat OpenShift Application Runtimes all run in containers within Red Hat OpenShift.
 

image container Figure 1. API request process and data flow


SECURITY AND AUTHENTICATION 

Security is always a key concern in financial services and you must ensure that only authorized applications and users access your data and systems. Access control is achieved through authentication and identity management tools that integrate with your API management system: 

  1. A third-party application sends an authorization request to your identity provider, according to the standard OpenID Connect protocol. 
  2. Your identity provider system authenticates the request and returns a digitally signed JavaScript Object Notation (JSON) Web Token to the third-party application. 
  3. The third-party application attaches the web token to the API request and sends it to your API management platform. 
  4. Your API management platform contacts your identity provider to validate the authenticity of the token, and optionally the authorization, and forwards the API request to the appropriate banking systems of record and APIs.

Included as part of Red Hat OpenShift, Red Hat Single Sign-On is an integrated identity provider solution that implements federated authentication for web applications, mobile applications, and RESTful web services. It is a core service that is delivered as a part of many Red Hat products and can be configured to use OpenID providers like Google, Facebook, Twitter, Github, LinkedIn, Microsoft, or StackOverflow. Red Hat Single Sign-On also supports Kerberos logins and can federate existing Lightweight Directory Access Protocol (LDAP) or Active Directory systems. 

In this platform, Red Hat Single Sign-On provides authentication and identity services. The Istio service mesh can also be used to manage authentication, authorization, and communication encryption between services within your environment.

API MANAGEMENT 

Managing, securing, and monetizing your APIs is critical. An API management platform lets you monitor and control API use and throttle requests as needed to protect systems of record. They can also charge appropriate users and third-party application providers for use of valuable APIs. 

Red Hat 3scale API Management lets you share, secure, distribute, manage, and monetize your APIs on a centralized platform built for performance, customer control, and future growth. Whether in on-premise or cloud environments, a set of self-managed and cloud components provide traffic control, security, and access policy enforcement capabilities. Integration with Red Hat OpenShift lets you build, deploy, and scale high-performance, cloud-native applications and backends in a contained and automated way. Coordination with Red Hat Fuse lets business users, integration experts, and application developers create APIs easily and quickly. 

In this solution, Red Hat 3scale API Management provides a centralized point of control and management for your API program. Istio can also be used in conjunction with Red Hat 3scale API Management to control the flow of traffic and API calls, apply policies, and monitor services from user application to internal system of record. 

APPLICATION RUNTIME SERVICE 

To make the most of the API ecosystem, your environment needs to be able to handle APIs written in many different languages and platforms. 

Included as part of Red Hat OpenShift, Red Hat OpenShift Application Runtimes is a collection of cloud-native runtimes for developing Java™ or JavaScript applications on OpenShift. It provides portability across multiple cloud infrastructures, allowing developers to use microservices, containers, and DevOps automation to create new applications and APIs. 

In this solution, Red Hat OpenShift Applications Runtimes routes requests through the appropriate runtime service. 

API INTEGRATION WITH BANKING SYSTEMS 

An API integration tool serves as a connection point for your externally facing APIs and your internal banking APIs and systems of record. It transforms and directs incoming API requests to the appropriate endpoint within your environment, allowing changes to systems of record without impacting externally facing services.

Red Hat Fuse is a distributed, cloud-native integration platform that enables integration experts, application developers, and business users to collaborate and independently develop connected solutions. A distributed approach and API-centric, container-based architecture decouples services so they can be created, extended, and deployed independently. With more than 200 included connected, you can integrate everything from legacy systems to Internet of Things (IoT) devices into a single environment. 

In this solution, Red Hat Fuse converts incoming API requests and routes them to the appropriate banking API or system. 

API DEVELOPMENT AND IMPROVEMENT PIPELINE

In fast-moving industries like financial services, agility is critical. You must be able to rapidly develop and modify APIs to adapt to changing market demands and new competitive offerings.

A modern, container-based development and deployment platform can help you build, launch, and improve APIs and applications quickly and efficiently. Red Hat OpenShift helps you achieve this using a continuous integration and continuous delivery (CI/CD) pipeline. 

  • Continuous integration. Developers write and integrate code into a shared repository multiple times a day. Each code check-in is verified by automated build and integration testing to detect problems early in the process. 
  • Continuous delivery. Verified code is reviewed, staged, and moved to production in a repeatable process. 

Red Hat OpenShift includes build and delivery orchestration and automation so you can adopt CI/CD development approaches more easily.
 

image container Figure 2. Continuous integration and continuous delivery pipeline

DEPLOY FASTER WITH RED HAT SERVICES 

Red Hat Consulting offers services to help you build an open banking environment faster. Using a strategic solution delivery framework, Red Hat experts can provide assessment, planning, and implementation services to deploy one or more APIs quickly. These engagements typically include configuration of your environment, high-availability platform, and policies as well as integration with identity providers. Preconfigured open banking APIs, based on standard security policies and default API contracts, will also be available for you to use. 

CONCLUSION 

The move to open banking is inevitable. Deploying a flexible, interoperable open banking environment can help you go beyond simply complying with regulations to create a platform for ongoing innovation and revenue generation. Red Hat’s open, modular framework gives you all of the capabilities needed to build an agile, effective, security-focused infrastructure that adapts as your business and industry changes. 

Are you ready to move forward, faster? Start your trial of the Red Hat open banking platform today by registering at redhat.com/openbanking.