DIGITAL TRANSFORMATIONBlazeMeter and DXC Drive Innovation in Open Banking with Virtual Services at Bankathon, Europe’s Biggest FinTech Hackathon

The Bankathon event, the biggest European open banking hackathon, focused on building innovative solutions and prototypes for open banking and its APIs.
Petr Vlasek Petr VlasekJanuary 16, 20208 min

Have you ever heard about PSD2? Whether you have or haven’t, you can be almost sure you will indirectly interact with it and its implications in the future – if you haven’t already. PSD2 stands for “Payment Services Directive” which is an European Union Directive to regulate payment services and payment service providers throughout the EU. Its purpose is to increase competition and participation in the payments industry through open-access to payment data and services.

This is becoming a big topic for banking institutions as well as for many established and newly growing fintech players. Analysts often describe it as the earthquake in European banking“, “the biggest upheaval to [the banking] industry for over 600 years” or “the biggest shakeup in a generation. It allows standardized and transparent access to the banking data (account data like balance and history of transactions) as well as to payment initiation services. It has also led to an emergence of various online and smartphone application innovative solutions for multi-banking (ability to see and manage accounts from multiple banks within the same application), personal finance and other payment and finance related applications.

As you can expect, these rely on security mechanisms and practices (also defined by PSD2), but the essential backbone and integration enabler are HTTP APIs. Banks and non-banking 3rd party providers (typically fintechs) can use APIs to get payment data from each other and also initiate payments. Such transparency achieved by publishing public APIs is commonly referred to as “Open Banking”. Open Banking is set to disrupt the whole industry – we often speak of “digital disruption”, and that is exactly what we’re witnessing in the retail banking space in Europe.

And this is exactly what the Bankathon event, the biggest European open banking hackathon, held at the end of September in Prague, was about – the hackathon focused on building innovative solutions and prototypes for open banking and its APIs. The hackathon was split into various themes including travel expense management, financial education for children, open banking for SMEs, asset management, new business models, and multibanking. Within a period of two days, 27 teams worked all-day and all-night long shifts full of creativity, innovation and hard work competing for a prize of 21 000 , all with hopes to deliver apps, services and solutions to disrupt the payment and fintech space.

DXC Technology participated in this event as a competitor as well as a technical partner of the event. DXC has a proven track record in the area of open banking with the successful solution Open Banking Accelerator built on top of Broadcom’s solutions from Continuous Testing, API Management and Security segments.

For the Bankathon, DXC chose to use Blazemeter Mock Services to power the development and testing of Bankathon projects – and it was an excellent fit. In a setup where time and efficiency is critical and agile approach to the problem is a must, Mock Services provided a quick way to provision not only the API endpoints for various open banking interfaces aligned with PSD2 directive, but any other real or not yet existing services required for the final solution to be developed, tested, delivered and demoed. This was achieved efficiently, without being constrained by the availability of these systems, their setup or data. 

There are critical issues with typical shared sandboxes or shared testing environments like instability, hard setup, insufficient data or the fact that more teams are stepping on each other toes using shared environment or sandbox. All these lead to delays in development, trade-offs in testing or even ruined demo scenarios. By using Mock Services, they were able to overcome these issues and enable innovation to stay focused and happen with speed and confidence.

 “We were able to stand up Mock Services and run functional tests with great ease. For sure the biggest benefit was having a tool that can abstract away the configuration and provide a simple endpoint which enabled us to focus on use case much earlier,” said Tumurkhuyag Mendbayar, DXC DevOps engineer who was responsible for the Mock Services initial setup.

Let’s describe some of the API endpoints and services our partners from DXC designed and used for the event. These artifacts are based on a hypothetical bank, bank account and financial services.

The first set of endpoints covers a selected collection of typical bank account data operations – account information, balance and payment transactions. They are based directly on a canonical design following the interface of the Open Bank Project (see the API documentation here) – an open-source API implementation of the Open Banking and PSD2 specs. In addition, there are other Mock Service transaction samples inspired by the Open Bank Project interface design.

The second category of endpoints covers the verification of payment transactions, including ones based on OTP tokens. These verifications represent the security element involved in the conversation flow between an application and API provided by provider.

The last set of endpoints is about a hypothetical loan service – that is not necessarily based on open banking, but it is a service from the financial domain, which is another element in a set of services the application may be interacting with.

A sample set of these APIs is available under the Open Banking Sample service you will find in your Blazemeter workspaces among AWS S3 and Facebook Login sample services. Do not hesitate to go ahead and use these sample transactions to create your own Open Banking Mock Service. You can also download the same sample content as a .har file and import it into any service in your Mock Services Asset Catalog.

List of Open Banking Sample endpoints:

API endpoint pathQuery parameters matchingDescription
GET /obp/v4.0.0/banks/my-mock-bank/balancesid=1Returns balances for the accounts of the current user at one bank.
GET /obp/v4.0.0/banks/my-mock-bank/accounts/8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0/1/transactionsnoneReturns list of transactions for the provided account_id  – account_id 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0 is retrieved from the previous call.

Returns HTTP 400 error in case different account_id than 8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0 is provided.

GET /bank/accountListconsentid=12345Returns accounts of the current user.
GET /bank/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/transactions

OR

GET /bank/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81g/transactions

noneReturns list of transactions for the provided account_id (account_ids returned from the previous call).

Returns HTTP 400 error in case different account_id than 3dc3d5b3-7023-4848-9853-f5400a64e80f or 3dc3d5b3-7023-4848-9853-f5400a64e81g is provided.

GET /bank/accounts/3dc3d5b3-7023-4848-9853-f5400a64e80f/balance

OR

GET /bank/accounts/3dc3d5b3-7023-4848-9853-f5400a64e81g/balance

noneReturns balance on the provided account.

Returns HTTP 400 error in case different account_id than 3dc3d5b3-7023-4848-9853-f5400a64e80f or 3dc3d5b3-7023-4848-9853-f5400a64e81g is provided.

GET /bankverify/otpOTP=8519874Verify provided OTP token.
GET /bank/verify/useruserid=601112233

OTP=8519874

Authenticate user by provided OTP token.

Returns HTTP 401 if OTP is different from 8519874

GET /bank/repayment_months/loan_amountloan_amount=[20000, 50000, 100000 or 200000]
repayment_amount=[1000, 3000 or 5000]
Return loan options based on the provided loan_amount and repayment_amount parameters.

 

Feel free to get inspired by the Open Banking Mock Services sample above and start to mock dependencies for your own applications. Mock Services can help get your development and testing to the next level by eliminating environment constraints and ability to simulate behavior desired for your development and testing. Start mocking in Blazemeter today and learn more about Mock Services in our blog or webinar recording.

Photos provided by © adam-costey.com and Bankathon (www.bankathon.net)

Petr Vlasek

Petr Vlasek

Petr works as Product Owner at Broadcom with focus on Continuous Testing products and solutions. In past he worked in architect and product roles in areas of workload automation, application security and blockchain research. His current passion is finding of innovative ways how to take Continuous Testing solutions to the next level and make them developer-friendly.