Inside Krungsri Bank’s open API journey

Many leading financial institutions across the Asia-Pacific region have been embracing application programming interfaces (APIs) to spur innovation and drive collaboration with startups and partners to create new products and improve customer experience.

At Thailand’s Bank of Ayudhya, also known as Krungsri Bank, the use of open APIs has enabled its partners to make it easier for their customers to get a mortgage, secure a loan or take up an insurance policy.

Speaking at Red Hat ASEAN Forum 2021 earlier this week, Guy Deffaux, senior vice-president of infrastructure and application service at Krungsri, said the development of APIs was part of a multi-year business plan that includes, among other things, efforts to empower its business partners.

Deffaux said while banks have traditionally provided partners with access to account information and web-based interfaces through APIs, a bigger variety of APIs are needed to help partners scale up their IT operations or offer more capabilities for customers.

As a sign of the importance that Krungsri places on application programming interfaces, the APIs it offers are being managed internally as products by its agile development team. The bank also works closely with partners to refine the APIs, capture new requirements and improve the customer experience.

“We’re here to listen and iteratively bring more features and APIs to our business partners, and over the past two years we have been pretty successful,” said Deffaux. “We’ve been able to grow our business and capture customers from other banks.”

With APIs typically developed as an aggregation of different features that tend to be fairly independent or loosely coupled, Deffaux said deploying them as microservices and containers was key. Krungsri’s APIs are deployed as containers on Red Hat OpenShift with no downtime, scalability and elasticity, he added.

“With hundreds of containers and microservices out there, automation and DevOps are also a must in our open API strategy,” he said.

The bank, part of Japan’s Mitsubishi UFJ Financial Group, however, has not migrated most of its core systems to microservices, choosing to mix “capabilities we have at the back end and creating new products that customers need” through open APIs.

To that end, it is making sure its back-end systems are API-enabled from the start, with little customisation and more towards parameterisation.

The bank also operates applications, such as digital banking, which may or may not be delivered as microservices. “The key point is being API-enabled and having the scalability you need,” said Deffaux.

Deffaux attributed Krungsri’s success in harnessing open APIs to the partnership with the bank’s business teams.

“Open APIs are a bit of a special product. They are very technical by nature, and so we would expect business people not to be very knowledgeable in this area. But it turned out that were a number of people who knew what APIs were and could liaise between the IT team and customers.

“Creating that bridge between the two sides worked well for us as we could know what the customer wanted before we coded and released it,” he said.

APIs, however, are not the panacea for companies looking to grow their market presence or create new products, revenue streams and engagement channels in their digital transformation efforts, according to David Irecki, Boomi’s director of solutions consulting in Asia-Pacific and Japan.

In an interview with Computer Weekly, Irecki said organisations that are building APIs to expose data to partners and customers often overlook back-end systems and processes that need to be improved for those APIs to be useful.

“It’s like building the door to a house without putting up the walls, plumbing or electricity,” said Irecki, who called for companies to consider whether their data is correct, secure, in a form that can be exposed and synchronised across the business, before taking the plunge.

“And once you create an API, how do you secure and manage it? That’s where the API management piece comes in, to authorise the use of the API before taking these APIs to market and releasing new products.”