1. Introduction

This survey contains thirty-five questions about controls over API software that supports the open banking products and services provided by your financial institution ("the Bank").  The questions focus on software development; other surveys focus on open banking customer and API partner access and open banking operations.

The actual number of questions you see will depend on your responses to questions about the activities performed in your department and the range of online banking controls the Bank uses.

Topics include:
  • API software information and control categories covered in this survey include:
  • Types of APIs used to support the Bank's e-banking channels.
  • API software inventory
  • Development policies, standards, and procedures.
  • Coding standards and code reviews.
  • Software testing and API partner integration.
  • Configuration management.
  • API session management, logging, and monitoring.
  • Third-party API partner due diligence and annual monitoring.
  • Department self-monitoring and quality assurance testing.
Questions are based on API software controls described in two recent documents from the Federal Financial Institutions Examination Council (FFIEC) and from the Open Web Application Security Program ("OWASP") API Security Project.1,2,3

John
John Seddon
john@firiskassessment.com
310 344 2408

1 Architecture, Infrastructure and Operations, FFIEC, June 2021.
2 Authentication and Access to Financial Institution Services and Systems, FFIEC, August 2021.
3 https://owasp.org/www-project-api-security/ , OWASP..
 
3% of survey complete.

T