CFOs managing their organization’s digital transformation have yet another technology they should become familiar with: application programming interfaces, or APIs.
These are the codes that applications use to talk to one another, no matter the differences in their implementation.
One of the most high-profile uses of the technology is the Twitter API, which enables people to search all tweets mentioning a stock symbol.
For CFOs, APIs are becoming crucial to managing the massive amounts of data their organization is collecting by enabling them to execute, in real-time, treasury and other transactions, greatly improving their ability to respond to events.
“We saw this clearly at the onset of the pandemic, when instant cash balance was crucial,” Peter Klein, co-founder and chief technology officer of FinLync, a vendor of bank APIs, told CFO Dive.
Bank APIs are particularly useful for the treasury function, Klein said, because they give CFOs and their treasury teams access to the most up-to-date, accurate version of their financial data, fully integrated into one solution. That enables the team to focus on strategy rather than execution — something that can give them “an advantage over competitors who are not yet making use of expanded data,” he said.
Terrance Wampler, general manager for financial applications development at Workday, says other, highly specialized types of technology are probably more glamorous, but APIs are the kind of back-office technology that can make a real difference in finance function operations.
Banks and other financial companies are using them to help with the challenges posed by open banking rules and data portability mandates, by making it easier to share data both within the company and with third-party partners.
“As opposed to the traditional method of screen scraping, APIs provide banks and third-party providers with the ability to engage in consumer-permissioned data sharing in a manner that significantly reduces security risks and inaccuracies,” said Seshika Fernando, vice president and head of banking for WSO2, an open source technology provider.
For all their advantages, APIs come with risks, particularly the vulnerabilities associated with API keys, says Rob Sobers, vice president of marketing for Varonis, a data security company.
As the mechanism that controls access to private information, API keys are essential, but if not implemented right they can give broad, unrestricted access to read/write information.
“Leaking API keys is a big source of risk for a company because, in theory, an attacker could use that API key to steal information or perform destructive actions like deleting or encrypting data,” Sobers said.
Nor is API key leakage the only risk; sometimes software developers who create APIs make mistakes and leave holes for attackers to exploit.
It was an API flaw in one Microsoft's products, for instance, that recently led to the compromise of 38 million personal data records, Sobers said.
A good way to start reducing risk when choosing how to implement APIs is the API gateway, says Douglas Sellers, managing director at global consulting firm Protiviti.
The gateway serves as a single point of entry and therefore is the foundation for security issues, including access control and policy enforcement, and performance issues, like load balancing, rate limiting and caching. It’s also the foundation for reliability issues, like dependency resolution and iterative deployment of new features.
“Some companies make mistakes with APIs through lack of due diligence when vetting what APIs to develop,” he said.
Because of that, many APIs end up being used less than anticipated, he said.
“Organizations often underestimate the value of a sound strategy for evolving and maintaining the APIs and their infrastructure,” he said. “It’s not a one-and-done activity.”
The danger isn’t becoming too reliant on APIs; it’s not using them enough, says Waifa Chau, CFO of Nylas, a provider of communications APIs for developers.
“Software is eating the world, and developers are the ones building that software,” he said. “APIs help developers build software faster and more productively, allowing them to ship features faster and shift their attention to other meaningful, high-value focus areas.”
Since corporate finance teams can use APIs to reduce the amount of time it takes to integrate software applications, it’s essential for CFOs to view APIs not simply through a cost lens but through the expenses that can be saved by freeing up their developers and engineers so they can focus on projects that accelerate the company’s product roadmap, improve customer and user experience, and drive productivity and ROI, Chau said.
The right API
Choosing a suitable API depends on the purpose you have, says Nick Chandi, CEO and co-founder of ForwardAI.
“Whatever company you choose, you should look for an API that meets your needs, has a team with a proven track record in that particular field, and is constantly innovating with new features,” he said. “It can be a real challenge for potential users or buyers of APIs to identify good ones, because if you look at those providers' websites or marketing content, they all look more or less the same. You may not know the difference until you ‘open up the hood.’”
His firm often hears from clients about APIs that sounded perfect until they tried to develop a product and found it to be unsuitable. Always test the API using a sandbox or trial account to make sure it fits their needs, he said. Most APIs are available for free for a trial period.