In the early stages of migrating to the cloud, Martin Brennan, ANZ Technology Area Lead, and his Enterprise Integration Services team were seeking to invest in a lightweight API gateway to support their organizations recent strides towards modernizing its cloud-native environments.

"When categorizing API gateways, you might first think of the feature-full gateways that lean more towards the old-school ESBs. They can do a lot of different things for you; however, the downside is that they are typically heavyweight and tempt you into bringing too much logic into your gateway layer they also tend to be slower to scale up and down," said Martin. "We had an existing on-prem API gateway solution; however, we knew it wasn't a good fit for where we wanted to go."

On 1 July 2020, Australia introduced Open Banking legislation that mandated all major banks within the Commonwealth to share their product reference data with accredited data recipients. The announcement sparked industry-wide discussion, with questions surfacing around how to best gauge the rate at which Open Banking would be adopted by the public. Furthermore, the industry sought to understand whether financial institutions should accelerate their digital innovation plans to support this new banking reform.

"Open Banking represented new unknowns for our industry and the world at large. The uptake in terms of the fintech companies and data consumers who would get involved was the first unknown. The second major unknown was the actual individual customer adoption and if they would even be interested in using the services that the data recipients would make available," explained Martin.

There were new regulations coming in and specifications being produced by Data61, but in terms of usage, the requirement for Open Banking was still fairly ambiguous. In Australia, the UK, Europe, and New Zealand, different forms of Open Banking were taking shape.

"In New Zealand, it was very much about payment initiation and request-to-pay transactions. In the UK, it was more balanced between data sharing and enacting. When looking at the Australian market, however, it was difficult to tell if Open Banking was going to be adopted in the same way usage could easily end up being anything from 50 requests per year to 50,000 requests per second," said Martin.

With ANZ migrating most of its workloads into cloud hosting platforms, Martin Brennan and his team sought vendors that could support the banks existing on-prem services as well as its emerging cloud-native development.

After a thorough search, ANZ determined that the lightweight nature of Kong, paired with the platform's flexibility to operate across any cloud, platform, and protocol, was the missing piece for ANZs formative integration infrastructure.

"Kong fits into the lean and scalable category. It is a good API policy enforcer for securing APIs and it protects the service providers from excessive use while also looking after the non-functional controls like security and throttling," said Martin.

"From an integration gateway perspective, using Kong has been a great experience for our platform team. Kong's API gateway is easy to manage. It is extremely reliable and performs well while also being low-touch in terms of operational overhead -- a critical success criterion for us."

Given consumer demand was still largely unknown, Martin Brennan and his team identified an opportunity to leverage Kongs ease of scalability to support the new use case in question.

With Kong involved, ANZ was able to successfully test drive the new Open Banking use case at comfortable speeds of iteration while using Kong to throttle usage as dictated by consumer demand.

"We wanted to put the majority of our Open Banking integration solution into cloud-hosted containers with fully automated CI/CD. We wanted to go with a scalable, not scaled approach meaning starting off by building something small and lightweight to work with, and then having the option to scale to meet greater demand if needed," said Martin.

"We felt that using Kong as our API management solution for this new use case would give us the best opportunity to meet the needs of Open Banking at ANZ and prove out the technology for wider use. We were able to take advantage of Kong's flexibility to quickly scale up and down to meet unpredictable traffic demand, while also keeping our existing platform operating at a healthy rate."

With Kong abstracting away much of the initial work involved in establishing the Open Banking API gateways at ANZ, the team could now focus on furthering the bank's long-term plan for its multi-cloud architecture investments.

"As Open Banking carries on and continues to deliver our public data and customer data use cases, we have seen that we can effectively make use of the Kong product for our wider use cases," said Martin.

"What we're building now is a configuration-driven and highly flexible set of gateways and pathways that we call the API Mesh. This is the connective tissue between our availability zones and is the evolution of our existing internal API ecosystem. The API Mesh will enable the applications that provide APIs into the ecosystem to move independently of each other and reduce the friction involved with managing their API lifecycle, without dependency on a centralized team during development and testing," explained Martin.

"Kong's gateway acts as the entry point into the API Mesh, and we are architecting it with observability baked-in so we can gather information around how services are being used. In doing this, we can provide an instantaneous view into which pathways between applications are available and in use from a security and business dependency perspective."

Open Banking unlocks the opportunity for innovation around new financial products and services. "When thinking about the spectrum of potential partnering opportunities for ANZ, the advent of Open Banking opens up a new channel for us," said Martin.

"Typically a business will have a small number of highly trusted partners that they work with for certain things and then build deeper relationships with them -- which is great for delivering something substantial in terms of customer benefit. However, it may not be ideal for those times when your team just comes up with a cool idea, and you'd like to quickly test it out to see if it works or not."

With ANZ aiming to embrace a startup mentality to promote agility among its multidisciplinary teams, the Australian bank also increased its infrastructure flexibility to bridge the gap between internal API innovation and the company's growing Rolodex of external partner opportunities.

"In addition to using Kong to support our API Mesh and Open Banking solutions, we have positioned it to be our outward-facing API gateway for our partner ecosystem. In doing so, we will be able to curate our internal API ecosystem and decide which of the services presented will be most beneficial to our partner network going forward."