Financial Services Company: MuleSoft API Implementation & Strategy
XTIVIA’s client is a technology and data-driven financial services company specializing in credit cards. With more than 7 million cardholders across the United States, the client is a leader in the credit card industry. They offer a full spectrum of credit card products for everyday purchases, helpful features, and state-of-the-art security.
Our client quickly encountered the challenges of building APIs for business opportunities before establishing an API strategy to guide organizational adoption for scalable and extensible APIs. The immediate challenges included:
- Existing APIs were exposed directly with the real domain name/IP address, limiting the usage of the API outside the secure zone.
- Exposed APIs did not have security policies on the API calls.
- Authorization Policies that could be enforced on the API dynamically were absent. Authorizations require a change of code and tedious redeployment of API.
- There is no Centralized management of all APIs that fit into a single solution.
- There is no Insight on the usage of API’s and tracking and identifying the errors. There are no traces of logging and monitoring on who is calling the API.
- Connectivity with Partners was a challenge. Even though the functionality exists, the partners are not able to connect to the APIs in real-time, they are using batch jobs.
XTIVIA designed an API Integration Strategy for interactions within the internal applications and external partners (i.e. A2A and B2B) alike. With our MuleSoft Anypoint Platform experience, we designed the process to hide the implementation APIs behind the proxies without needing to call the implementation APIs directly. Additionally, we used the MuleSoft API Manager to set different security policies on the APIs without needing to modify and redeploy the actual API implementations. The API Manager was then used to centralize API management.
- Anypoint Monitoring was leveraged for tracking the usage of APIs.
- We enabled the monitoring of APIs and used the existing dashboards in the Anypoint Platform to give the client insight into API load usage and error identification in the transactions.
- XTIVIA also used proxies for the API in a private DMZ to hide actual API implementations within proxy API implementations.
This solution allowed our client to configure different policies, including security, threat protection, rate limiting, etc. This helped secure and expose the APIs to partners for real-time connectivity instead of connectivity using batch jobs.
XTIVIA delivered the API strategy within ten weeks, which provided technical agility and the following tangible business results.
- Centralize API Management
- API implementation is hidden from the clients.
- The proxy API’s exposed in weeks, not months.
- Security policies are applied to legacy and other APIs, without needing to modify the actual implementations.
- Applied API Threat protection policies
- Provided insight into success and fail transactions and reasons for failure.
- Tracking API usage
- Zero-copy cloning of production data to non-production environments