Tag: Digital Banking

Digital Banking – Testing OCBC API

23 May 16
pblumo
, ,
No Comments

OCBC API – Overview and sample code

Here it is, finally a Singaporean bank is jumping into the API space ! I’ve tested the OCBC API for you.

Last week, OCBC announced that they will publish 4 API’s to developers. Naturally, I was curious, so I’ve played a bit with those API.

The API portal is quite neat, you can access it here https://api.ocbc.com/store/

The 4 API currently available are

  • Branch Locator – Provides list of branches
  • Credit Card Advisor – Provides credit card suggestions
  • ATM Locator – Provides list of ATMs
  • Forex – Provides list of updated currency exchange rates

Note that Credit Card Advisor is the only API that can accept a Parameter. The Parameter will be a keyword that will be matched against each descriptions associated with OCBC credit cards, to provide credit card recommendation.

How to use the API

Step #1 : Create an account through the portal sign-up form here (https://api.ocbc.com/store/site/pages/sign-up.jag), pretty straightforward. The process is instantaneous, and will provide you free access to a “Bronze” profile allowing you to perform 1 query per minute against the API.

Note : the special characters are not authorized in email addresses, despite being perfectly standard (as per RFC2821, 2822, 3696).

Step #2 : Create an Access Token for your application

For the time being, the authorization is based on Access Token (like a lot of similar API). It is possible that other forms of authentication may come at a later stage (certificates, OTP, etc).

The portal provides you with a Default Application. You can create more applications, which will have their own respective Access Tokens, with SLA. For example, you can imagine having a Test Application with a Bronze subscription (1 query per minute) and a Production Application with another SLA (for the time being, you need to contact OCBC to change your “level”).

In the API Console, select your application, and click Generate, to create your Access Token.

ocbc-1

Note : the default lifetime of the token is 3600 sec (1h), you have to specify -1 if you don’t want the token to expire.

Step #3 : Once your Access Token is created, you need to subscribe your application to the API(s) you want to use.

Back into the API console, select your application and click Subscribe.

ocbc-2

The respective API will then be added to your subscription.

ocbc-3

Step #4 : Test it

You can test the API directly – without writing any code – as the OCBC team included sample queries.

Again, the action takes place in the API Console (if you don’t want to start writing code straight away)

On the Testing section, select your Application (the one you’ve generated an Access Token and subscribed to API). The Request Header will automatically be updated with your Access Token.

ocbc-4

Click on Get, then Try it out buttons. The API Console is then using Curl to generate a query to the API. The Response Body is using a basic JSON structure.

That’s it ! You can see here the list of branches, response to a GET query to the Branch Locator API

ocbc-5

Step #5 : Code !

Take your favorite language, and simply use the URL, with the Access Token in the header.

Below a Powershell example (yeah – I know – it is probably not the most widely used language to query a web service, but I like it anyway !)

# Ocbc-branches.ps1

# Put your OCBC API Key here
$APIKey = "Insert_YOUR_API_Key_Here" 

# The URL to the Branch Locator API 
$OCBC = "https://api.ocbc.com:8243/branch_locator/1.0" 

# Create the headers with your API
$headers = @{
    "Authorization" = "Bearer $APIKey"
    "Content-type" = "application/json"
    }

# Query the web service
  
$j = Invoke-RestMethod -uri $OCBC -Headers $headers

# Display the results

for($branchCount = 0; $branchCount -le $j.branches.Count; $branchCount++)
{
    Write-Host $j.branches[$branchCount]

}

Done ! Your JSON object now contains the response body, and can be accessed with the usual . notation (see the portal documentation for the details)

ocbc-6

Note : don’t forget that by default, the Access Token is expiring after 1h !

Step #6 : Publish to the world !

If you want to Go Live and publish your brand new app, you will very likely need much more queries per minute that the Bronze subscription…

To do so, you can contact OCBC, that will review your development. I don’t know if they will charge the higher subscription levels … But even if they may do so, I think
(and hope) the fee will be reasonable (like Azure or AWS API costs, priced few cents per 100,000 transactions – or similar model).

ocbc-7

Conclusions

The OCBC APIs are quite easy to use and integrate into custom code. The API subscription process is clear and straightforward.

Obviously, the amount of data published is very limited so far. For the time being, there is no statement or transaction data, which can dramatically change the banking application environment in Singapore – once available.

But at least it is a start. OCBC got an API published, and a portal in place to manage it.

How close are they to enrich the API with transaction data ? How far did they went to integrate their core banking system to the (potential) future API ?

This remains to be seen…

If anybody knows more, feel free to drop a comment below !

 

Pierre-Olivier Blu-Mocaer
po@fixsing.com