Design and Implementation of a Data-Driven, Provider-Independent Test Service for Banking APIs

Design und Implementierung eines Datenorientierten, Anbieterunabhängigen Testservice für Banking APIs

In 2015, the Council of the European Union introduced the Second Payment Service Directive (PSD2), which provided the legal basis for the creation of a uniform and efficient marketplace for payment services within the European Union (EU). It opened the financial market to new market participants and innovative services. The PSD2 requires banks to provide access to their infrastructure. Implementing Application Programming Interfaces (APIs) enables the exchange of financial data of bank customers with Third Party Providers (TPPs). The majority of banks and associations in Germany rely on the concepts and open standards defined by the Berlin Group. This initiative focused on the technical and organizational requirements to establish a standardized communication layer from which both banks and TPPs can benefit.

The verification of API implementations plays an essential role in the financial sector. Flawless functionality of PSD2-compliant APIs is particularly crucial in an industry mainly based on trust and confidence. Tests must be performed to determine whether or not the APIs meet the expectations in terms of functionality, reliability and performance. Early feedback shortens the error correction process and prevents costly, time-consuming problem fixes at a later stage in the development cycle. Therefore it is essential to have a well-functioning, efficient test process that ensures high quality and correct functionality.

This bachelor thesis presents an approach to improve the test process of different bank interfaces. Based on Hevner’s Design Science in Information Systems Research, an artifact was developed that makes the test process of PSD2-compliant APIs simpler and more efficient. Before its implementation, the requirements for such a tool were identified through interviews and literature research. Based on these findings, a prototype was developed to demonstrate vendor-independent and data-driven testing for the Access to Account (XS2A) interface of the Berlin Group. The tool uses a workflow from the Account Information Service (AIS) of the Berlin Group to demonstrate the test process. Financial institutions can use this tool to evaluate a predefined PSD2-compliant bank interface by dynamically adding test cases to it. Parallel to its implementation, the extensibility of the program was evaluated.

The results of this work show that the test process for PSD2-compliant APIs faces many challenges. The large number of different standards makes the evaluation of bank interfaces difficult. Despite these challenges, the prototype demonstrates a viable approach to improve and facilitate the test process of PSD2-compliant bank interfaces. Through the automation of this test process both costs and effort can be reduced. Furthermore, recommendations for future functionalities are presented based on an evaluation of the usability and extensibility of the test tool.