Embedded Banking Tech: How to Evaluate Your API Banking provider
Any company wanting to add payment products to its platform will find itself navigating aging bank infrastructure and complex regulations. Finding the best technical approach to embed finance and banking tools into your fintech or non-financial app takes diligence and is crucial to the success of your offering.
So where do you start with embedded banking tech?
Building everything in-house generally isn’t worth the effort when interfacing with financial institutions. Keeping up with changes on their end, while also building out your own product or service, can quickly become unwieldy and lead to a broken user experience. Instead, you can save time and money, and gain access to expertise, by partnering with solutions that are already fleshed out.
Your first step is finding the right banking as a service (BaaS) platform to support your needs. BaaS providers build APIs to connect apps to bank infrastructures and financial tools.
You’ll want to evaluate potential providers’ APIs across five categories: observability, stability, security, software architecture, and compliance. But before that evaluation, you’ll want to clarify your own needs and goals.
Here’s a broad overview of the process.
First: What API Banking functionality do you need?
Start the process by evaluating your own goals. If you’re an early-stage startup — like many of the companies Treasury Prime serves — you may still be clarifying your exact business model. That’s okay — just make sure you know what you need from a banking API before you pay for one. Here are three questions to guide you.
- What problem are you solving?
It’s a good idea to know what specific problem or problems you are looking for an API tool to solve before setting out to evaluate options. Talk through it with your team, and write down the specs and tools you expect an API provider to offer. Do you need an API that enables your users to open bank accounts, or do you want to issue debit cards? How about payments? Consider what you want that experience to look like for the user.
- What does success look like?
Now that you know what you expect the banking API to do for your company, pick a challenging use case—some sort of unusual problem that could come up—to make sure that you’re getting a feel for the full shape of the API. An example could be testing to see how the API would respond if your user tried to process a card transaction and the card network was down, or how a user would interact with their bank account if the bank was conducting some sort of maintenance.
- What resources are available?
Before evaluating what resources the API offers, evaluate your resources for testing it. Make sure that your team has the bandwidth to run an evaluation, and plan for that lead time. Make sure that you've got the milestones established along the way. Define what a minimum viable product (MVP) looks like, and figure out how you can roll that out. Prepare your team with the right questions for the API banking provider: Where are the docs? Can I get in the sandbox? And so on.
Once you understand your situation, you can start scoping out potential partners.
5 key aspects of a BaaS platform’s API that you need to assess
To choose the right BaaS provider, you need to be able to see what their API is doing. In other words, how observable are its processes? If a process stalls, can you see exactly what steps occurred to cause the problem? Or do you have to run the process again, potentially resulting in unwanted side effects like unintentionally issuing an excess debit card?
You want a BaaS partner whose API won’t constantly change on you, and you also want to know what changes are planned long before they happen. If a BaaS partner can’t guarantee that or tell you their future plans for updating the API, that’s a red flag. You also want to find out what the API does to ensure tasks are completed successfully. If it runs into an error, or a process fails, does it automatically try again or try to complete the task differently? Or does it just report to the user that the process failed?
There are a lot of different frameworks and approaches APIs can take to authenticate processes. Some APIs may take a simple approach, such as a long-lived API bearer token, or they might take a more complex approach. Select a mature partner that demonstrates they take security seriously.
4. Software architecture
You also want to zoom out to look at how the API interacts with other systems. How is it designed to deal with changes to a bank’s system, errors on the bank end, or updates to a card processor’s software? The reality is that however great a BaaS platform’s API banking experience is, the financial systems it deals with can go down. For example, early in 2021, the Federal Reserve’s automated clearing house (ACH) system went down, stalling money transfers between financial institutions. Can the API identify where an outside error has occurred, and what is its process for responding to that error?
Does the API include a “one-size-fits-all” compliance approach, or does it allow you to connect to specialized compliance offerings that your company can tailor to meet your unique needs? This is crucial because the fintech sector has exploded in recent years, drawing heightened scrutiny from regulators.
You need to tailor your compliance approach to your company’s unique needs, or you could risk straining your relationship with your bank and customers — or even facing regulator action that interferes with your ability to operate.
You can also learn more about the ins and outs of Treasury Prime’s API here. Developers can also learn more about our process by exploring our API reference or playing around with our Developer Sandbox. Treasury Prime is also happy to answer your questions directly. Contact us here.