3 API trends Rabobank responds to

  • Helal Nouri
  • 07-06-2022
  • 6 min

Rabobank uses APIs in nearly every business unit and its accompanying process: from marketing and sales, to core banking applications such as mobile, PEGA, payments and other customer-facing applications. With APIs gaining popularity, let’s look at some key API trends at Rabobank.

1 – Increase of APIs

Rabobank continues to digitize customer journeys through APIs. With thousands of APIs deployed on the central API Management platform, the number continues to rise. Why is that?

Microservices

Firstly, the rise in the number of APIs is due to the proliferation of microservices. Backed up by the wide adoption of CI/CD, microservices break open monoliths and allow APIs to interact with each loosely coupled component. With such independent services at hand, the chance of a single point of failure is minimized and the exposure of the functionalities through APIs is abundant. We have witnessed an increasing number of our DevOps teams adopt such software design architecture within Rabobank.

Cloud transition

There is also an evident transition within enterprises to adopt a hybrid- or multi-cloud model (often keeping an on-premise network intact). This best-of-breed approach not only prevents vendor lock-in, but also provides a wider variety of cloud capabilities. This movement ameliorates development and deployment of APIs by the rapid provisioning options of cloud stacks.

API-First

Although we don’t actively evangelize an API-First strategy within the bank yet, we see the idea has surreptitiously spread across the enterprise and has consequentially contributed to the rapid increase of APIs being deployed. Simply because the end products developed will need to interact with other (mobile-) applications, ultimately leading to API provisioning and consumption. The positive benefit of an API-First approach is that it puts attention on reliability and ease of use for developers. In conjunction with the transition of single-device to multi-device experience, APIs are beginning to be treated as first-class-citizens of the business within Rabobank.

Governance

We are now at a stage where we’re making sure this sprawl of APIs is controlled by putting proper governance in place on our central API management platform. Promoting discoverability and reuse through the Rabobank Integration Catalogue (RIC), together with introducing API categorization (business-experience-process-system) are some examples of the measures we are currently working on.

2 – APIs as Products

APIs have been strongly elevated, and now play a central role in many enterprises in the implementation of new business models. At present, APIs generate more than half of some internet companies’ revenue. Alongside the change of API taxonomy from technical to intuitive, APIs are now considered as evolving products, with particular attention paid to API lifecycle and API design.

API Lifecycle

Like any other product characteristic, each API has its own lifecycle. As they evolve after the initial publishing, APIs should be versioned, replaced or superseded. DevOps teams within Rabobank who wish to expose and provide an API are responsible for the initial design, development, deployment and security, so that those registered applications who wish to consume can easily discover the API and subscribe to it. The API Management Platform teams within Rabobank are responsible for making sure the governance around team collaboration, proper visibility and controls are in place, along with the latest security policies, scalability options and performance tracking mechanisms.

API Design

Product design is imperative, and so is API design. When designing an API, one should, again, be thinking about its entire product lifecycle. How will my API be of strategic value in the future? This means bearing the end-in-mind and designing for extensibility. Unforeseen breaking changes cost a lot of energy and can often be prevented. Proper design also means seamless consumption by developers and holds possibilities for future leverage. This is why we pay so much attention to API design, OpenAPI specifications (OAS), REST standards and their validation at Rabobank. Our API Community and SMG (Standards Management Group) form a nucleus around these stipulated guidelines and subjects.

3 – API Management

Digital disruption and cloud adoption, fuelled by the increase of demand for APIs, have brought changes to the API Management domain (the domain for all stages of APIs full lifecycle). Some core necessities include a developer portal, API gateways, policy management, design, analytics and monitoring. Whereas previously a single API Management platform with a common gateway would manage all components of the entire lifecycle, we now see enterprises adopt a more hybrid model. A model with a central management plane, but with distributed gateways.

Central Management Plane

Having a common management plane where API Providers and API Consumers intersect is still the de-facto modus for many enterprises. Features like Identity and Access Management (IAM) and Role Based Access Control (RBAC) are often offered out-of-the-box by vendors. Most vendors also offer ways to interact with the management plane outside the UI. Artifacts are allowed to be changed on the central management plane by calling such administrative APIs and incorporating these actions in a CI/CD pipeline. Complete UI-agnosticism is likely the next step, such as envisioned by Rabobank.

Distributed API Gateways

API Gateways are the runtime components, with security and monitoring usage of your APIs. One should aim to deploy such gateways as close to the API Provider as possible and distributed within the IT-ecosystem of the enterprise. So one can request APIs and access the data regardless where the data resides (cloud and/or on-premise systems). Ideally, one should cater for each application by providing (cloud-native or on-premise) dedicated micro-gateways. Depending on enterprise requirements such as security and performance, a shared gateway might be needed too. In general, a setup of a central platform with lifecycle-management components, combined with decentral cloud-native gateways is beginning to advance.

Team Autonomy and DIY

Ideally, you want to provide DevOps teams a degree of aligned autonomy to manage their APIs, running on dedicated or cloud-native gateways. And they should be able to manage the lifecycle of the APIs and its concatenating actions in a DIY-manner. Team autonomy and DIY not only reduce the risk of a single platform team becoming potential bottleneck, they are also in line with architectural principle of loose coupling and necessary for an effective Scrum implementation.

Rabobank Area Integration

We take DIY and team autonomy seriously and we strive to automate, ease the process of onboarding, learning and evolution of nearly 400 DevOps teams. We do this mainly by providing templates, support and best practices on their developer-focused journey. With Gartner predicting APIs will become the top attack vector in 2022, we must continuously reassess which API security options we enforce and offer to our community.

Our efforts here at Rabobank always aim to closely position ourselves with the latest trends and to leverage API technologies optimally.

I am looking forward to an exciting API-future awaiting us!

About the author

Helal Nouri
Product Owner API Management

Helal Nouri is a Product Owner of API Management with the Area Integration of Rabobank. With a consultancy and engineering background he continually seeks to maximize the value of the products he is accountable for. Stakeholder understanding, combined with practical agile practices are deeply-rooted in his approach.