ANZ Bank turns to Apigee to execute a secure and compliant API strategy

ANZ Bank is one of Australia’s top four banks and the largest bank in New Zealand by market capitalization. Headquartered in Melbourne, Victoria, we operate in more than 32 markets across Australia, New Zealand, Asia, Pacific, Europe, America and the Middle East. Our Payment team deals with all payment transaction types by providing highly secure, mission critical payment services to retail, institutional and international customers. The core payment platform is based on microservices architecture to support discreet payment processing requirements such as continuous volume growth, industry service level agreement (SLA) and complex payment orchestration and more. The API platform leverages APIs to perform specific business functions under the payment orchestration layer, which need to be resilient, scalable and heavy on security controls.

Simplifying our technology landscape 

At ANZ, our mission is to improve the financial wellbeing and sustainability of our customers through reliable payment services. Over the past 12 months, we looked to simplify our technology landscape, to free up time so we could focus on implementing more customer-focused banking services. We needed an API management solution that would align to our API-first strategy, while also maintaining our high performance, security, and regulatory standards. 

Specifically, the solution needed to:

• Simplify channel interactions with our platform;

• Improve developer experience and enable self-service;

• Ensure resilient fault tolerance;

• Improve our payment API security posture;

• Enable API-first digital enablement for both our internal and external payments customers;

• Have a scalable and transparent pricing model that ensured sustainable API programme growth.

Core focus on security and compliance

To meet our security and regulatory compliance standards  an API solution would need to offer functionality including:

• Providing coarse-grained and fine-grained authorization and domain specific entitlements for API requests;

• Bundling APIs based on the nature of the channel; 

• Integrating easily with established identity providers;

• Establishing patterns for connecting trusted upstream and downstream systems;

• Providing support for the industry standard OAuth 2.0 authorization protocol as per enterprise security standards. 

We reviewed Apigee against other API management solutions and gateways, and determined it was the best fit for our needs. Not only did Apigee deliver on all our mission-critical requirements, but it also provided strong ease of use, feature-completeness and support for multiple coding languages. 

Enabling smooth developer onboarding, processes and troubleshooting   

Using Apigee has greatly improved developer onboarding and reduced the tedious steps involved in knowledge transfer and upskilling. The platform is easy for developers to use, and is backed by great documentation and video resources. These resources provide clear guidance about how to execute certain processes and troubleshoot as needed.   

Overall, Apigee has delivered the features we need to manage the publication and consumption of APIs efficiently. We are now running eighteen APIs in production, including two APIs that enable payments through connection to our transaction database, and others that enable supporting services in the payment services platform team. 

Our engineers and testers have found it easy to use the interface and Apigee API Management to deploy and test proxies. In addition, out of the box policies allow for fine-grained access control to handle and build proxies of varying degrees of complexity. These policies allow us to control security, manage traffic, mediate transformations and implement custom functionality via scripts. 

We can now implement our fine-grained entitlement-based access control requirements, onboard new customers to the cloud and streamline payment channel onboarding. With Apigee, we are also integrating with other API management tools at the bank, in part to enable self-service for API providers and consumers by building a developer portal.

Thanks to Apigee, we are well positioned to adopt a decentralized API team model that will see different teams within payments and beyond create APIs, and ramp up to full production of our API-centric model in the near future. This is a key component of the bank’s broader cloud and API-first strategy that is designed to help ANZ become a more agile and adaptive technology organization. With the right components in place, can we help ANZ create opportunities and propositions that colleagues and customers love, ultimately helping ANZ realize its vision across Australia, New Zealand and international markets.