Contributed
This content is contributed or sourced from third parties but has been subject to Finextra editorial review.
Our recent report analyses the performance of
open banking APIs from 29 UK-based bank brands, grouped into CMA9 banks, neobanks, and traditional banks. APIContext monitored Financial-grade API (FAPI) compliant consent endpoints for each bank brand using its active monitoring platform,
with around eight million API calls made between 1 July 2023, and 30 June 2024.
The report’s scope covers the performance of key metrics:
- Availability and reliability of API endpoints,
- Latency metrics (DNS, TCP connect, SSL handshake, processing, and total time),
- Performance by cloud provider (AWS, IBM, Azure, and Google),
- Comparative analysis between different bank types (CMA9, traditional, and neobanks).
APIContext’s proactive, outside-in API performance and quality monitoring system, APImetrics, was leveraged to conduct detailed performance assessments. Using a Software Statement Assertion (SSA), we initiated standardised, end-to-end FAPI consent calls
for 29 distinct banking brands. These calls were executed at approximately five-minute intervals, with APIContext’s software agents deployed across dozens of cloud locations throughout Europe. This distributed architecture allowed us to capture real-world
performance data reflective of diverse geographic conditions and network environments.
The raw metrics gathered from these API calls were analysed using our patented Cloud API Service Consistency (CASC) framework. CASC is a comprehensive scoring system that generates a quality score for each banking brand by integrating key performance indicators
such as availability, latency, and consistency. This score provides an easy-to-understand benchmark for evaluating and comparing the performance of various APIs.
Each API call follows a structured sequence of steps that occur before any data is exchanged with the server:
- Name Lookup (DNS): This step involves resolving the domain name of the API endpoint to an IP address, a crucial step that ensures the request is directed to the correct server.
- TCP Connect: Once the DNS resolution is complete, a Transmission Control Protocol (TCP) connection is established between the client (API requester) and the remote server.
- SSL Handshake: After the TCP connection, a Secure Sockets Layer (SSL) Handshake occurs, which ensures that the communication is securely encrypted.
Once the secure connection is established, the API call request is uploaded to the server. The server processes the request and then sends a response back to the client. The entire duration—from the initiation of the call to receiving the complete response—is
recorded as the Total Time or latency.
We then tracked and recorded individual call results for each API call. By aggregating those calls together and analysing them using the Cloud API Service Consistency (CASC) Score, we measured the overall performance…
Read More: 4 application-specific recommendations for industry players
