Reduced API onboarding time from weeks to days
Cut integration costs by standardizing API development and reuse
Enabled migration of 300+ APIs with zero disruption to critical banking services
OTP Bank adopted Apigee Hybrid, streamlining its API infrastructure. This cut integration time from weeks to days, enhanced security and compliance, improved cost visibility, and accelerated service delivery across 2,200 branches and ATMs.
OTP Bank adopted Apigee Hybrid, streamlining its API infrastructure. This cut integration time from weeks to days, enhanced security and compliance, improved cost visibility, and accelerated service delivery across 2,200 branches and ATMs.
Solving integration challenges across teams and systems
APIs could be considered the invisible glue of modern banking infrastructure, connecting systems, services, and customer-facing applications to create the digital experiences customers have come to expect. OTP Bank, Hungary’s largest commercial bank and a leading financial services provider in Central and Eastern Europe, has pursued an ambitious growth strategy over the past few years, expanding into new markets and serving nearly 17 million customers across 11 countries. The company needed to move beyond one-off, fragmented integrations and rethink how it connected teams and systems across its growing footprint.
“We had some great APIs and strong expertise within our teams, but everything was very fragmented, with no common standards,” says Tibor Németh, integration team lead at OTP Bank. The company needed to replace its on-premises API setup with a secure and standardized platform capable of supporting regulatory compliance, faster time to market, and real-time visibility into usage and performance. To do this, the team implemented Apigee Hybrid in cooperation with Alerant. “We reviewed all the available solutions and found that Apigee was the best option for OTP because of its regulatory compliance, governance, and security features, and multi-cloud support,” Németh explains.
We reviewed all the available solutions and found that Apigee was the best option for OTP because of its regulatory compliance, governance, and security features, and multi-cloud support.
Tibor Németh
Integration Team Lead, OTP Bank
Streamlining API management at scale
Five years ago, OTP took its first steps towards centralized API management by implementing an on-premises version of Apigee. Three years later, the company migrated to Apigee Hybrid as part of a broader infrastructure modernization journey that involved a hybrid cloud model with some core legacy systems remaining on-premises.
"It was a huge project,” Németh recalls. “Our on-premises architecture was under high load — we had more than 100 customer systems and a couple of billion calls per year — and it was essential to maintain business continuity throughout the migration. You could compare it to changing an aircraft engine mid-flight.” Over eight months, several internal teams worked together to migrate over 300 APIs to Apigee Hybrid, creating a new container-based architecture that replaced the former VMware-based on-premises version. “We had great support from Google Cloud throughout the transition,” Németh says. “Whenever we ran into issues, they were really quick and efficient about fixing them. We also had help from a Google solution architect, who reviewed our plans and gave us best practices, which was very useful."
We manage only the on-premises component of the API gateway — everything else is handled by Google Cloud. That means we no longer need to invest significant time in maintaining the core system, and can spend that time on more high-value tasks.
Tibor Németh
Integration Team Lead, OTP Bank
With Apigee Hybrid, the control plane runs in Google Cloud and is managed as a SaaS, while the runtime plane is deployed on-premises. This enables OTP to benefit from a managed experience for administration, analytics, monitoring, and updates, while allowing the company to retain control over data and API traffic — essential from a regulatory perspective. “We manage only the on-premises component of the API gateway — everything else is handled by Google Cloud. That means we no longer need to invest significant time in maintaining the core system, and can spend that time on more high-value tasks,” Németh says.
Faster time to market and lower costs
While the former architecture required custom integrations for each use case, Apigee now acts as a single access layer to backend systems, regardless of whether they’re in the cloud or on-premises. “Beforehand, there wasn’t any centralized API governance related to APIs. Apigee is now a common entry point for all consumers, whether third-party or internal systems,” Németh says.
The team developed an automated CI/CD pipeline that allows teams to deploy APIs by simply submitting an OpenAPI descriptor. The pipeline generates the API proxy, applies the bank’s required policies, and deploys it to Apigee. As a result, internal teams and partners no longer require a lengthy onboarding process, streamlining collaboration across the company’s 1,500 branches. “Internal teams like the internet bank and branch systems no longer need to adapt to each new backend,” Németh says. “We simply place the system behind Apigee, and they connect to it the same way every time. It hides complexity, so teams don’t need to know where a service is hosted or how it’s built. They just connect and use it.”
In addition to simplifying deployment, the setup has led to significant business outcomes, such as improvements in time to market, “No longer needing to develop integrations one by one has made a real difference. Before Apigee, they could take weeks, or sometimes even months. Nowadays, it’s more like days, or sometimes just a couple of minutes,” Németh says. This approach has also led to operational savings. “Costs are significantly lower because teams no longer need to build custom connections or figure out how each system works” he continues. “What’s more, we now have visibility over costs that were previously hidden. In a fragmented system, it’s hard to see the number of API calls or developer hours.”
No longer needing to develop integrations one by one has made a real difference. Before Apigee, they could take weeks, or sometimes even months. Nowadays, it’s more like days, or sometimes just a couple of minutes.
Tibor Németh
Integration Team Lead, OTP Bank
Simplifying security and compliance with real-time monitoring
As a financial institution, OTP needs to be able to meet stringent requirements set by the Hungarian National Bank alongside broader regulations. “Regulatory compliance was one of the main reasons we opted for Apigee,” Németh says. The centralized API gateway helps them do this by supporting traceability and accountability, maintaining sensitive workloads on-premises, and providing real-time analytics and logging.
We’re migrating legacy systems to REST-based, API-first applications that rely on data-driven architecture and AI. Apigee will be the key integration point for these new technologies in the years ahead.
Tibor Németh
Integration Team Lead, OTP Bank
The platform is designed around a multi-layered security model with built-in capabilities such as token-based authorization, encrypted authentication, and request validation. Centralized policies ensure consistent enforcement of access controls and usage limits, enabling OTP to meet its compliance requirements. The team is currently looking to further improve its security profile with the Advanced API Security module. “Threats evolve fast. Our main goal is to enhance protection with AI-driven threat detection and identify risks faster than we can today,” Németh explains.
Apigee’s real-time monitoring and analytics capabilities reinforce this security foundation by providing visibility into API traffic, latency, and error rates across the entire ecosystem.
“We can quickly identify unresponsive microservices or backend slowdowns and share that insight with business or other IT departments, enabling them to act fast,” says Németh. As a result, incident response has become faster and more targeted, with the bank able to resolve problems at the integration layer rather than diagnosing them system by system.
Németh expects Apigee to remain a key component of OTP’s infrastructure over the years to come. “We’re migrating legacy systems to REST-based, API-first applications that rely on data-driven architecture and AI. Apigee will be the key integration point for these technologies in the years ahead,” he explains.
OTP Bank is Hungary’s largest commercial bank and a leading financial services provider across Central and Eastern Europe, currently serving customers across 1,500 branches in 12 countries.
Industry: Financial Services
Location: Hungary
Products: Advanced API Security, Apigee, Apigee Hybrid
About Google Cloud partner — Alerant
Alerant, operating as a recognized Google Cloud Service Partner in Hungary, provides enterprise-level cloud-native services, with specialized competencies in API management, platform engineering, and application modernization.
