In the age of the Internet and digital technologies, APIs (Application Programming Interfaces) are changing entire business models and leading to the emergence of an API economy. Companies like Uber, AirBnB or Amazon are built entirely on APIs, and provide services through an interface for APIs to interact.
An API is basically a piece of code providing an interface between two applications using a set of routines, protocols, and tools that help the applications to communicate with each other by acting as an intermediary. They ensure security of the information transferred through encryption, user management, authentication, and other security measures. Thus ensuring the legitimacy of all parties involved in the exchange.
They also standardise access and remove any dependency on the technical aspects of the application as APIs have the ability to integrate two applications regardless of the language, machine, operating system or mobile device they are written in.
APIs also allow you to build apps which connect several apps together and bring the functionality of all the apps onto a single interface.
Use cases of APIs in building new business models
APIs in Transport
In the age of Mobility as a Service (MaaS), as travellers start adopting a consumer mindset, demanding better connectivity, mobility and trust, there is an increasing need for service stakeholders to improve the delivery of their products, especially in the field of ticketing, payment and loyalty.
Account-based ticketing offers a compelling and flexible solution to meet the needs of the transit ticketing industry. Using an open-API centric approach, it allows the existing ticketing system to integrate technologies like UPI or QR codes and enables ticketing through contactless cards, wearables, and smartphones. This has helped operators with better customer identification, lesser need for transit-specific cards and reduced the number of on-the-ground resources.
APIs in Payment
The payment services industry is currently undergoing a tectonic shift due to the influence of APIs. With the increase in customer demand for more flexible payment systems, banks are now facing pressure to build stronger relations with third parties who provide more advanced technologies, ultimately contributing towards creating a better ecosystem.
Payment APIs help the integration of multiple payment sources, provide a payment tracking mechanism to customers and help them in managing subscriptions. It also gives retailers more options of payment methods and enables a seamless customer buying experience across channels, thus enabling them to deploy an omnichannel strategy. A prime example of this is UPI (Unified Payment Interface), an instant payment system developed by NPCI which enables the real time transfer of cash through a mobile interface using the receiver’s mobile number or QR code.
APIs in Ecommerce
With the retail sector increasingly going digital through their own websites or online marketplaces, APIs enable retailers to manage inventory, keep track of orders and manage payments.
This is especially true in the case of ecommerce sites, which have little to no inventory of their own and rely solely on the integration of third-party apps and products on their interface to solve the needs of their consumers. APIs have helped unify this commerce logic by providing easy and secure connectivity between different applications.
APIs also enable retailers to collect accurate data on their customers which can help them improve their customer shopping experience and ensure better customer retention.
The Importance of a Strong Testing framework for APIs
The core functionality of an API is to enable the transfer of encrypted information. Failure or lack of adequate response from APIs can often lead to crashing of applications or different actions from applications. Improper validation of APIs, especially those used for payment services, may result in reconciliation issues or fraudulent situations. If not properly authenticated and authorised, API failure could also lead to data theft.
Because of the these issues, it is crucial to have a strong API testing and validation framework.
API testing helps to ensure that the APIs chosen align with functionality requirements and that there is seamless connectivity between the two applications. This testing is performed by sending requests to the API, getting a response and then validating that response against a pre-determined result. It also allows us to check the permissions granted to the user in order to prevent any vulnerabilities that could compromise the server.
Through continuous monitoring and API Testing, it is possible to ensure that you get a head start in case of any defect in the system, and fix the error before the partner or customer notices.
The types of tests that can be performed are:
- Functionality and Behaviour Test: This checks if the API chosen meets functional requirements. With a wide range of API tools available in the market, it is crucial to choose one that is the right fit for the application.
- Performance and Reliability Test: This ensures that the API chosen can perform well, even under high pressure. This is done by testing its payload, stress taking capacity etc.
- Security: This validates whether the security requirements, like authentication and permissions, etc. are met.
Challenges in API Validation and Testing
Setting up the right test use cases and making sure that the right API testing infrastructure is up and running is one of the biggest challenge developers face today. With a plethora of testing tools to choose from, it is important to pick the right one that matches all requirements and allows the right type of integration between applications, to ensure the best experience for end users. Often, API testing is completely left in the hands of the developer, who is only experienced in testing and may not be able to incorporate the right governance structure. On the other hand, business teams struggle to perform proper API testing because of limited understanding or the absence of the right testing tool.
With the changing requirements, updates and payloads, regular maintenance is necessary to make sure that the testing tool chosen is able to capture any errors. To take the example of a bank and a third-party payment app like Google Pay, if Google Pay comes up with an update to offer new services in partnership with the bank, the bank now has to update its API to include these requests.
Testing tools usually ensure the working of APIs by entering requests and analysing the response received from the system. But it is crucial for the tester to choose the right parameter combinations to enter and to ensure the right responses are received. Failure to do so may leave undetected errors in the system.
Players in the market
There are several tools currently available in the market, which enable the implementation of the right framework for API testing and help automate the testing process. One of the players in the market is FIME, a payments testing and consultancy expert, which has launched “TrustAPI+”, an automated open banking API test solution.
TrustAPI is an online or a standalone tool which provides a common environment to create, run and maintain automated functional and security test campaigns for generic REST APIs. It provides customers with the option to choose between a standardised testing plan or create their own customised testing solution tailored to fit individual requirements.
As the API testing landscape is largely unregulated and unstandardised, there is a legitimate need for a tool that ensures that a trusted, open financial ecosystem is maintained, which meets regulatory, functional and security mandates, while delivering a frictionless customer experience. Through a unique and complimentary API security evaluation approach, testing tools like TrustAPI+ ensure the authentication, authorisation, confidentiality and integrity of messages shared between the client and the service.
Thus, API can essentially be defined as a contract between the user server and the provider, and API testing helps ensure that the data which is being transferred between these applications is secure and pre-approved. It is important for users to keep in mind that API testing is a continuous process in order to enable the detection and resolution of system vulnerabilities before they can affect the end user.
Before testing, it is important for applications to choose the right testing tools and to define the right parameters. The testing is usually done by checking the request-response combination against a pre-defined one. API testing helps in checking the functionality, performance and security of the API.
Testing tools like TrustAPI+ from FIME reduce the testing time required and provide a level of assurance for the function and security of APIs. The tool combines traditional testing with modern functional and security testing, allows users to develop entire test libraries for use cases such as UPI and lending, and automates testing with request and response configuration for APIs.
With an increasing number of applications operating on cloud platforms using ‘as-a-service’ business models, ensuring the smooth and secure functioning of APIs has become crucial and will continue to grow in importance in the future.