This Month’s Banking API Highlights

  • Bank of Ireland in the Open Banking API – UK – Open Data category takes the overall title this month with a CASC score of 9.73.
  • HSBC in the Open Banking API – UK – Open Data category takes the overall title again in March with a median latency of 88 ms, down from 91 ms in February.
  • B (bank) in the Open Banking API – UK – Production category takes the overall wooden spoon with a CASC score of 4.15.
  • We take a good, hard look at just what went wrong with the Lloyds Group Open Banking Open Data API on 13 March.

Something of interest

The three Lloyds Group APIs (Bank of Scotland, Halifax and Lloyds) prop up the Open Banking API – UK – Open Data category for March. All three are firmly in the Amber Zone with the same pass rate.

Just what went wrong?

The Lloyds Get ATMs v2.2 endpoint illustrates the problem perfectly.

There was a major cluster of failures on 13 March. We see this for all the endpoints. The outage begins at 13:37 UTC on Saturday, 13 March.

Now, a Saturday might be an expected day for a maintenance outage, but 13:37 isn’t really the time you would expect one to begin at. (Half-past one on a Sunday morning is more likely.)

The banking API outage begins with a HTTP status code 502 Bad Gateway server-side error and then continues until with HTTP status code 404 Not Found client-side warning until 19:47.

That’s six hours, which is a pretty long outage and we see intermittent errors later in the day, too.

So, we are getting 404s. Now, the thing about 404 is that a cornerstone of the web. Arguably, it’s the invention that enabled the WWW because it did away with the idea that the world brain was a database (see Theodore Nelson’s Xanadu.)

Pages could just disappear. If a page isn’t there, you just return a 404. Simple. The client can then do whatever they need to. The thing is, just because you can doesn’t mean you should.

If I type in an incorrect URL when I am setting up a test, I should get a 404. But here we know the URL is correct. If the banking API was down for maintenance (and really a bank should have the resources to be able to provide a redundant server), you should get a message that tells you that it is down for maintenance and when it might come back up. Instead, the 404 message returned is:

404 Not Found: Requested route (‘lbgibm-microservices-atm.lloydsbanking.com’) does not exist.

But that wasn’t the URL in the test. So we definitely shouldn’t get be getting a 404 for a URL we know nothing about. Instead, we should be getting, if this is a maintenance outage, an HTTP status code 503 Service Unavailable returned as this makes it clear that fault (or if you prefer, the cause) lies with the banking API provider. And if it not a maintenance outage, we should still be getting a 5xx status code of some kind such as a 502 Bad Gateway.

This is one reason why you need to be actively monitoring your banking APIs. You want to provide the best possible service to your users. And that means following best practices.

And by being able to look back through the results of your active monitoring and drilling down into individual test results and seeing what your API is actually returning that you will be able to understand how it is really behaving optimally.

API Analysis: Tops in Overall Quality

March 2021

Category

Organization

CASC score

 

Cryptocurrency Exchanges

 

RadarRelay

9.14

Fintech

Square (Sandbox)

9.36

Open Banking: PSD2

 

Railsbank

9.43

Open Banking UK: API Sandbox

 

Royal Bank of Scotland (Sandbox)

9.61

Open Banking UK: Production

 

Tide (Auth)

9.72

Open Banking UK: Open Data

 

Bank of Ireland

9.73

Bank of Ireland in the Open Banking API – UK – Open Data category takes the overall title this month with a CASC score of 9.73.

API Analysis: Top Performers by Latency

March 2021

Category

Organization

Median Latency

 

Cryptocurrency Exchanges

 

Coinbase

118 ms

Fintech

Stripe

331 ms

Open Banking: PSD2

 

Railsbank

102 ms

Open Banking UK: API Sandbox

 

Royal Bank of Scotland (Sandbox)

147 ms

Open Banking UK: Production

 

Creation Cards

149 ms

Open Banking UK: Open Data

 

HSBC

88 ms

HSBC in the Open Banking – UK – Open Data category takes the overall title again in March with a median latency of 88 ms, down from 91 ms in February.

API Analysis: Worst Quality

March 2021

Category

Organization

CASC score

 

Cryptocurrency Exchanges

 

Bancor Network

5.59

Fintech

Open Bank Project (Sandbox)

7.67

Open Banking: PSD2

 

Halifax

6.39

Open Banking UK: API Sandbox

 

Deutsche Bank

7.91

Open Banking UK: Production

 

Barclays (Sandbox Auth)

5.40

Open Banking UK: Open Data

 

B (bank)

4.15

B (bank) in the Open Banking API – UK – Production category takes the overall wooden spoon with a CASC score of 4.15.

See you again in a month as we look at the State of the financial APIs in March. Also look out for our weekly reports on financial APIs and our weekly and monthly reports on non-financial ones. We will also be producing reports looking back at the year 2020 in APIs.

Do more with Fintech API monitoring!

If you’re new to API monitoring, you can learn about our comprehensive features for testing, monitoring, security and performance and sign up for a free trial account.