Digital transformation has compelled companies in the financial services sector to seek new strategies and business models to create and capture value. At the heart of this transformation is the increased adoption of Application Programming Interfaces (APIs). API is a software intermediary that allows two different applications to talk to each other. Every time you use a rideshare app like uber, send a mobile payment, or check your bank balance from your phone, you’re using an API. APIs are an accessible way to extract and share data within and across organizations.
APIs have been widely used in improving internal processes and recently opened to third-party developers to enable innovations in digital ecosystems. Notable examples of how companies use APIs include:
- Safaricom exposed API endpoints for accessing M-Pesa services. These allow businesses to integrate payment functionality into their websites or applications particularly, automated payment receipt processing, automated payment disbursements and automated payments reversal.
- Finserve (a Fintech in Kenya) unveiled two revolutionary fintech solutions, the Jenga Payment Gateway that allows cash-out by merchants to any bank in the world and to all mobile wallets in seven countries. Jenga APIs provides an integrated platform for businesses to send money, buy, pay, manage their accounts, manage credit, withdraw and conduct KYC, CRB and AML querying.
- Airlines and travel agencies like booking.com use flight booking APIs to access real-time flight data, make bookings and manage reservations.
- Uber, Bolt and other mobility applications use mapping and geolocation APIs such as Google Maps to embed maps into their applications, provide directions and perform various location-based services.
- Most websites provide users the option to login using Gmail or Facebook instead of creating accounts. This capability is powered by media integration APIs that allow users to log in to their business applications using their social media accounts.
These are just a few examples of real-life applications of APIs. Overall, APIs have opened new growth opportunities, improved operational efficiency, and enhanced customer experiences.
APIs – A Hackers Treasure Trove
Here are some reasons why hackers are targeting APIs:
Notable cases involving API compromise typically involve compromise of APIs that handle transaction requests from one institution to another. Using a technique known as Man-in-the-Middle (MITM) Attack, an attacker intercepts communication between the client and the API server. If the data that is being transmitted between the client and the API server is not properly encrypted, it can be intercepted and exposed. An attacker can therefore view, modify, or redirect transaction data, compromising the integrity and confidentiality of the transactions.
This example highlights the importance of implementing robust API security measures, conducting frequent security audits, and following best practices to protect against API vulnerabilities and potential breaches.
Looking ahead
As data exfiltration via APIs becomes more appealing to cybercriminals, there is clearly a need for increased cooperation between cybersecurity teams tasked with defending those APIs and software developers handling the APIs. When working with APIs, companies should implement various strategies to ensure the security, reliability, and successful integration of the APIs into their systems.
Here are some key strategies companies need to deploy:
By implementing these strategies, companies can ensure the secure and successful integration of APIs, mitigate potential risks, and provide a reliable and valuable experience for users and developers leveraging their APIs.
