API Banking Is Moving From Connectivity To Strategy - Banking news and analysis from Global Banking & Finance Review
Banking

API Banking Is Moving From Connectivity To Strategy

Published by Barnali Pal Sinha

Posted on July 3, 2026

15 min read
Add as preferred source on Google

API banking has moved well beyond the idea of a technical connector between systems. It is becoming part of the operating model of modern financial services: a way to share data securely, distribute products through partners, improve customer experiences, and create new revenue pathways without rebuilding the bank from scratch. In practical terms, APIs are turning banks into more modular institutions, able to connect internal systems, fintech partners, merchants, enterprise clients, and third-party applications through governed digital interfaces. [1]

This shift is happening alongside a broader move from open banking to open finance. Open banking usually refers to customer-permissioned access to payment-account data and payment initiation. Open finance extends that logic to a wider set of financial products and datasets, including savings, investments, insurance, pensions, and lending-related information. The European Commission’s financial data access proposal captures that widening scope explicitly, while international bodies increasingly frame open finance as a next stage in digital financial inclusion and competition. [2]

The market evidence is now difficult to ignore. McKinsey’s banking research found that most surveyed banking executives see APIs as materially more important than they were two years earlier, with APIs increasingly treated as both a business and technology priority. In the UK, Open Banking Limited reported that one in five consumers and small businesses were actively using open banking by March 2025, alongside 31 million open banking payments in that month alone. [3]

For banks, the opportunity is not only about compliance or digital modernization. It is about participating in connected financial ecosystems where customer journeys increasingly begin outside the bank’s own channels. For regulators and risk teams, the priority is ensuring that connectivity is matched by standards for consent, authentication, security, resilience, third-party oversight, and operational governance. The institutions best positioned for the next phase are likely to be those that treat API banking not as a side project, but as a disciplined capability embedded across product, risk, operations, and distribution. [4]

A decade ago, many banks thought about APIs primarily as a technical matter. They were useful for mobile apps, partner integrations, and patching older systems into newer digital channels. That view is no longer sufficient. In McKinsey’s survey of IT executives at leading banks, 88 percent of respondents said APIs had become more important over the prior two years, 81 percent said they were a priority for business and IT functions, and large banks were allocating roughly 14 percent of their IT budget to APIs on average. [5]

That finding matters because it shows a change in mindset. APIs are no longer confined to digital plumbing. They are increasingly tied to product design, client servicing, platform distribution, and partner-led growth. In other words, banks are beginning to see APIs as instruments of business model flexibility rather than simple integration tools. That shift also explains why API programs now sit closer to decisions about commercialization, ecosystem partnerships, and customer experience. [6]

The global policy landscape has evolved in parallel. The BIS has described open banking as the sharing and leveraging of customer-permissioned data with third parties to build more efficient and transparent banking services, while also warning that such connectivity introduces data, cybersecurity, governance, and third-party risk challenges. More recently, the BIS noted that APIs are already being used internally, with external partners, and in broader open banking and open finance frameworks that aim to foster innovation, competition, and financial inclusion. [7]

The wider commercial backdrop helps explain why this matters now. The World Bank’s Global Findex 2025 reports that 79 percent of adults globally now have an account and that digitally enabled financial access continues to expand. As more financial activity becomes digital, the value of moving data and services securely between institutions, channels, and platforms rises with it. That is the environment in which API banking is maturing. [8]

How API banking works in practice

At a non-technical level, API banking can be understood as a structured way for one trusted system to request information or initiate an action in another trusted system. The important point is not the code. It is the operating model behind it: who is allowed to connect, what data can be shared, what action can be taken, under what permissions, and with what audit trail. [9]

A practical API banking architecture usually begins with an interface layer. This is the part exposed to authorized third parties, enterprise clients, or internal channels. Behind it sits an access and consent layer that verifies identity, permissions, and the scope of customer authorization. Open Banking Limited’s standards show how this is formalized through read/write APIs, directory services, dynamic client registration, security profiles, and customer experience guidelines, all intended to make interactions secure, standardized, and auditable. [9]

Behind that access layer sits orchestration. This is where a bank decides how a request reaches the right internal service, whether that is account information, payment initiation, identity verification, transaction history, or another product function. The BIS notes that APIs can connect customer-facing applications to core systems, link banks with external partners under BaaS arrangements, and support secure sharing with unrelated third parties such as accounting software providers. [10]

Finally, there is governance. That includes performance monitoring, dispute handling, change management, risk controls, and reporting. Open Banking standards in the UK explicitly separate API specifications from operational guidelines, availability requirements, and security profiles, which is a useful reminder that connected finance only works if the surrounding controls are as mature as the interface itself. [9]

This is why API banking is often described as modular. A bank does not have to expose its entire operating environment. It can expose selected capabilities in controlled ways, turning core banking functions into reusable services. That can shorten product-development cycles, improve partner onboarding, and make it easier to serve corporate clients, fintechs, and merchants without duplicating infrastructure. This is also what makes APIs central to connected financial ecosystems rather than just digital channels. [11]

Open banking, open finance, embedded finance, and BaaS

The language around connected finance is often used loosely, but the underlying concepts are distinct.

Open banking generally refers to customer-permissioned access to payment-account data and payment initiation. The World Bank describes open banking as a system that gives customers the right to share information that banks hold about them in a secure manner, with the policy goals of encouraging innovation and fostering competition. The European Commission similarly treats open banking as the existing framework around access to customer data held by account-servicing payment providers. [12]

Open finance goes further. The European Commission’s proposed framework for financial data access is designed to extend secure, customer-controlled data sharing beyond payment accounts to a wider range of financial services. It envisages clear rights and obligations, customer control over access and purpose, and standardization of technical interfaces. The World Bank has described open finance as a natural extension of open banking to broader sharing of customer-permissioned data across financial institutions and third parties. [13]

Embedded finance is different again. It is primarily a distribution model. Rather than asking the customer to visit a bank first, financial services appear inside a nonfinancial journey such as ecommerce checkout, a software platform, a mobility app, or a merchant portal. McKinsey notes that embedded finance sits at the intersection of commerce, banking, and business services, and that APIs and modular digital capabilities are helping more firms treat financial services as another feature inside the experience they already offer. [14]

Banking as a service is the regulated supply model that often makes embedded finance possible. McKinsey describes BaaS as the route through which fintechs and other nonbanks can offer financial services without becoming banks themselves in markets where regulation makes that impractical. Deloitte frames BaaS similarly, as third-party access to a bank’s licensed products and services so nonbank firms can offer capabilities such as payments and stored balances to their own users. [15]

These concepts overlap, but they should not be confused. Open banking is about permissioned access and interoperability. Open finance extends the data perimeter. Embedded finance is about where services are distributed. BaaS is about how regulated banking capabilities are supplied into those channels. Together, they form the commercial logic of connected financial ecosystems. [16]

Security, governance, and regulatory design

The promise of connected finance is appealing, but its credibility rests on risk management. The BIS has been consistent on this point: greater sharing of customer-permissioned data and growing connectivity among financial-service providers also create exposure around cyber risk, governance, and third-party oversight. The World Bank reaches a similar conclusion, emphasizing interoperability, security, governance, consent, and authentication as recurring design challenges across different regulatory models. [17]

Consent is the first principle. The World Bank’s work on consumer consent in open banking argues that APIs can expand choice and enable new financial products, but only if consent frameworks are implemented thoughtfully. This matters because connected finance is not simply about access. It is about purpose-bound access, time-bounded access, and transparent customer control. Without that, trust erodes quickly. [18]

Authentication and authorization are the second principle. Open Banking Limited’s security profiles build on OpenID and Financial-grade API specifications, recognizing that not all API access carries the same financial risk and that higher-risk functions require stronger authorization frameworks. That distinction is especially important when moving from read-only data access to payment initiation or other write-enabled actions. [19]

Operational resilience is the third principle. IBM’s guidance on API security highlights a simple truth: APIs expand the attack surface because each endpoint can become an entry point for misuse, data exposure, or service disruption. In financial services, where APIs often connect legacy cores, cloud services, third-party applications, and customer-facing channels, security has to be continuous rather than bolted on. Authentication, authorization, encryption, testing, runtime monitoring, and zero-trust design are no longer optional disciplines. [20]

Regulatory design is also becoming more nuanced. The World Bank notes that jurisdictions vary widely: some are regulatory-driven, some market-led, and others collaborative. The European Commission’s open finance proposal is notable because it tries to widen data access while keeping customer control, security, and standardization at the center. The IMF, BIS, World Bank, and other bodies have also jointly argued that open finance can strengthen competition and inclusion, but only if public authorities balance innovation with safeguards around privacy, data protection, and ecosystem concentration. [21]

Current adoption signals

The adoption picture is no longer hypothetical. In the UK, Open Banking Limited reported that by March 2025, one in five consumers and small businesses were actively using open banking, equivalent to 13.3 million active users. It also reported 31 million open banking payments in March 2025, 70 percent year-on-year growth in payments, and 145 live third-party providers, with the wider ecosystem estimated at about £4 billion in economic value. [22]

Those figures do not prove that every market will develop at the same speed, but they do show that API-based banking can move from regulatory concept to everyday financial utility. The BIS’s 2025 digitalisation report also points to international variety in models, including Korea’s open banking system, where standardized APIs support both inquiry and transfer services at scale. The global lesson is that once standards, incentives, and trust mechanisms align, adoption can compound. [10]

Future outlook

The next phase is likely to be defined less by the number of APIs and more by the quality of ecosystem design. The institutions that stand to benefit most are those that build reusable capabilities, clear partner models, disciplined consent frameworks, and resilient operating controls. In that world, the competitive question is not simply whether a bank has APIs. It is whether those APIs support sustainable distribution, faster product assembly, better underwriting, higher client retention, and safer data portability. [6]

Open finance is also likely to widen the addressable opportunity. The IMF and partner organizations have described it as a potential next frontier for increasing the use of a broader range of financial products, reducing information asymmetry, and helping consumers and small businesses compare providers more effectively. The same statement also warned that broader data exchange heightens privacy and security risks, which is why governance will remain central to the economics of adoption. [23]

SEO FAQs

What is API banking?
API banking is the use of application programming interfaces to let trusted systems securely access bank data or initiate banking functions under defined permissions and controls. In practice, it enables banks to connect internal systems, enterprise clients, fintechs, and third-party applications in a governed way.
[11]

Why is API banking important for banks now?
Because it supports digital distribution, operational flexibility, and partner-driven growth. McKinsey’s research suggests APIs are now seen as both a business and IT priority at leading banks, not merely a technical tool.
[5]

Is API banking the same as open banking?
Not exactly. API banking is broader and can include private partner or enterprise integrations. Open banking usually refers to customer-permissioned data sharing and payment initiation within a regulated or standardized framework.
[12]

What is the difference between open banking and open finance?
Open banking is generally focused on payment accounts and related services. Open finance extends consent-based access to a wider range of financial datasets and products, such as savings, investments, insurance, and lending information.
[13]

How does banking as a service relate to API banking?
BaaS uses APIs and related infrastructure to let nonbank firms offer regulated banking capabilities through licensed banking partners. It is one of the business models made possible by mature API banking.
[15]

What is embedded finance?
Embedded finance is the distribution of financial services inside nonfinancial customer journeys, such as checkout flows, software platforms, or merchant ecosystems. APIs help make that embedding possible.
[24]

How do APIs create value in financial services?
They can reduce integration friction, support real-time data exchange, enable payment initiation, accelerate product assembly, and let banks serve partners and clients through reusable digital services.
[11]

Are APIs more secure than older data-sharing methods?
When properly governed, APIs are generally regarded as more secure and more controllable than informal alternatives, because they can restrict what is shared, with whom, and under what authorization. That said, they still require strong security design and monitoring.
[25]

What are the main risks in API banking?
The main risks include cyber exposure, weak consent controls, data privacy failures, interoperability problems, poor third-party oversight, and operational resilience gaps. Regulators and standards bodies consistently emphasize these issues.
[26]

What does a non-technical API banking architecture look like?
It usually includes an interface layer, identity and consent management, routing and orchestration, access to underlying banking services, and monitoring and reporting controls. Open Banking Limited’s standards illustrate these components through API specifications, directory services, security profiles, and operational guidelines.
[9]

Why is consent such a major issue in open banking and open finance?
Because customer permission is the basis on which data sharing becomes legitimate and trusted. Consent determines what data can be shared, for what purpose, for how long, and with which party.
[27]

How far has adoption progressed in practice?
In the UK, open banking has already reached meaningful scale, with 13.3 million active users and 31 million payments in a single month as of March 2025, according to Open Banking Limited.
[22]

Can API banking support financial inclusion?
Yes, potentially. The BIS, World Bank, and IMF all link connected and permissioned data-sharing models to greater competition, more innovative products, and improved access, especially when safeguards are in place.
[28]

Conclusion

API banking is gradually becoming one of the defining layers of modern financial infrastructure. Not because customers see it directly, but because it changes how financial services are assembled, distributed, and governed behind the scenes. It allows banks to participate in a more connected model of finance without surrendering every advantage of their balance sheet, regulatory status, or client relationships. [1]

The larger lesson is straightforward. Connected financial ecosystems are not built by connectivity alone. They depend on standards, consent, reliable identity, resilient operations, clear commercial models, and disciplined security. The institutions that treat API banking as an enterprise capability rather than a compliance exercise are likely to be the ones best placed to shape the next chapter of financial services. [29]

[1][10][11][25][28] Digitalisation of finance

https://www.bis.org/bcbs/publ/d575.pdf

[2][13][16][29][32] Framework for financial data access - Finance - European Commission

https://finance.ec.europa.eu/digital-finance/framework-financial-data-access_en

[3][5][6] APIs in banking: From tech essential to business priority

https://www.mckinsey.com/capabilities/tech-and-ai/our-insights/tech-forward/apis-in-banking-from-tech-essential-to-business-priority

[4][7][17][26][30] Report on open banking and application programming interfaces (APIs)

https://www.bis.org/bcbs/publ/d486.htm

[8] The Global Findex Database 2025

https://www.worldbank.org/en/publication/globalfindex

[9] v4.0.1 - Open Banking Standards

https://standards.openbanking.org.uk/api-specifications/latest/

[12][21][31] Open Knowledge Repository

https://openknowledge.worldbank.org/entities/publication/cad939a1-6717-5d50-865a-00dcaccc71db

[14][15] What the embedded-finance and banking-as-a-service trends mean for financial services

https://www.mckinsey.com/industries/financial-services/our-insights/banking-matters/what-the-embedded-finance-and-banking-as-a-service-trends-mean-for-financial-services

[18][27] Open Knowledge Repository

https://openknowledge.worldbank.org/entities/publication/5fa1c972-ea32-5504-a60f-42237b7385ac

[19] Security Profiles - Open Banking Standards

https://standards.openbanking.org.uk/security-profiles/

[20] What Is API Security? | IBM

https://www.ibm.com/think/topics/api-security

[22][34] OBL Impact Report 7: open banking delivers real-world impact as adoption accelerates year-on-year - Open Banking

https://www.openbanking.org.uk/insights/obl-impact-report-7-open-banking-delivers-real-world-impact-as-adoption-accelerates-year-on-year/

[23] New Open Finance Guidelines Aim to Spur Financial Inclusion

https://www.imf.org/en/news/articles/2024/11/20/pr24428-new-open-finance-guidelines-aim-to-spur-financial-inclusion

[24] Embedded finance trends | McKinsey

https://www.mckinsey.com/industries/financial-services/our-insights/embedded-finance-who-will-lead-the-next-payments-revolution?utm_source=chatgpt.com

[33] Financial data access and payments package - Finance - European Commission

https://finance.ec.europa.eu/publications/financial-data-access-and-payments-package_en

[35] API Banking and Banking as a Service | Deloitte US

https://www.deloitte.com/us/en/services/consulting/articles/bank-integration-and-api.html

Related Articles

More from Banking

Explore more articles in the Banking category