This Month’s Banking API Highlights
- Bank of Ireland in the Open Banking API – UK – Open Data category takes the overall title this month with a CASC score of 9.73.
- HSBC in the Open Banking API – UK – Open Data category takes the overall title again in March with a median latency of 88 ms, down from 91 ms in February.
- B (bank) in the Open Banking API – UK – Production category takes the overall wooden spoon with a CASC score of 4.15.
- We take a good, hard look at just what went wrong with the Lloyds Group Open Banking Open Data API on 13 March.
Something of interest
The three Lloyds Group APIs (Bank of Scotland, Halifax and Lloyds) prop up the Open Banking API – UK – Open Data category for March. All three are firmly in the Amber Zone with the same pass rate.
Just what went wrong?
The Lloyds Get ATMs v2.2 endpoint illustrates the problem perfectly.
There was a major cluster of failures on 13 March. We see this for all the endpoints. The outage begins at 13:37 UTC on Saturday, 13 March.
Now, a Saturday might be an expected day for a maintenance outage, but 13:37 isn’t really the time you would expect one to begin at. (Half-past one on a Sunday morning is more likely.)
The banking API outage begins with a HTTP status code 502 Bad Gateway server-side error and then continues until with HTTP status code 404 Not Found client-side warning until 19:47.
That’s six hours, which is a pretty long outage and we see intermittent errors later in the day, too.
So, we are getting 404s. Now, the thing about 404 is that a cornerstone of the web. Arguably, it’s the invention that enabled the WWW because it did away with the idea that the world brain was a database (see Theodore Nelson’s Xanadu.)
Pages could just disappear. If a page isn’t there, you just return a 404. Simple. The client can then do whatever they need to. The thing is, just because you can doesn’t mean you should.
If I type in an incorrect URL when I am setting up a test, I should get a 404. But here we know the URL is correct. If the banking API was down for maintenance (and really a bank should have the resources to be able to provide a redundant server), you should get a message that tells you that it is down for maintenance and when it might come back up. Instead, the 404 message returned is:
404 Not Found: Requested route (‘lbgibm-microservices-atm.lloydsbanking.com’) does not exist.
But that wasn’t the URL in the test. So we definitely shouldn’t get be getting a 404 for a URL we know nothing about. Instead, we should be getting, if this is a maintenance outage, an HTTP status code 503 Service Unavailable returned as this makes it clear that fault (or if you prefer, the cause) lies with the banking API provider. And if it not a maintenance outage, we should still be getting a 5xx status code of some kind such as a 502 Bad Gateway.
This is one reason why you need to be actively monitoring your banking APIs. You want to provide the best possible service to your users. And that means following best practices.
And by being able to look back through the results of your active monitoring and drilling down into individual test results and seeing what your API is actually returning that you will be able to understand how it is really behaving optimally.
API Analysis: Tops in Overall Quality
March 2021
Category |
Organization |
CASC score
|
Cryptocurrency Exchanges
|
RadarRelay |
9.14 |
Fintech |
Square (Sandbox) |
9.36 |
Open Banking: PSD2
|
Railsbank |
9.43 |
Open Banking UK: API Sandbox
|
Royal Bank of Scotland (Sandbox) |
9.61 |
Open Banking UK: Production
|
Tide (Auth) |
9.72 |
Open Banking UK: Open Data
|
Bank of Ireland |
9.73 |
API Analysis: Top Performers by Latency
March 2021
Category |
Organization |
Median Latency
|
Cryptocurrency Exchanges
|
Coinbase |
118 ms |
Fintech |
Stripe |
331 ms |
Open Banking: PSD2
|
Railsbank |
102 ms |
Open Banking UK: API Sandbox
|
Royal Bank of Scotland (Sandbox) |
147 ms |
Open Banking UK: Production
|
Creation Cards |
149 ms |
Open Banking UK: Open Data
|
HSBC |
88 ms |
API Analysis: Worst Quality
March 2021
Category |
Organization |
CASC score
|
Cryptocurrency Exchanges
|
Bancor Network |
5.59 |
Fintech |
Open Bank Project (Sandbox)
|
7.67 |
Open Banking: PSD2
|
Halifax |
6.39 |
Open Banking UK: API Sandbox
|
Deutsche Bank |
7.91 |
Open Banking UK: Production
|
Barclays (Sandbox Auth) |
5.40 |
Open Banking UK: Open Data
|
B (bank) |
4.15 |
Do more with Fintech API monitoring!
If you're new to API monitoring, you can learn about our comprehensive features for testing, monitoring, security and performance and sign up for a free trial account.