Why is OpenCard based on APIs?

Looking back, financial messages have traditionally been transported as files using sFTP, which has its advantages when it comes to processing batch jobs. However, financial messages do not occur in batches, as purchases are made by several individuals at different times.

Further, the demands placed on technologies for secure data communication and the processing of personal data, as mandated by regulations like GDPR, have significantly increased. Files over sFTP face challenges in keeping up with these demands, leaving data more vulnerable during transmission.

Organizations and operators must now prioritise robust and compliant solutions to safeguard sensitive information and ensure the privacy and rights of individuals.

Therefore, when looking at the needs and demands that our partners (financial institutions and Expense Management Systems) face, its evident that the use of modern API protocols is far more superior the files over sFTP.

Below are some of the advantages of using OpenCard's API over traditional file transfer via sFTP.

Reduced development time

The API works with webhooks and JSON. Modern systems are designed to work seamlessly with JSON, heavily reducing the development time compared to sFTP, as the time to build the connection and map data is far worse in sFTP.

Real-time processing

The API allows for real-time communication, enabling immediate processing of financial messages.

Reduced data exposure

The API is designed to transmit only the necessary data for the financial message, minimizing the amount of sensitive information sent over the network. In contrast, with sFTP file transfers, all data contained in the file is exposed during the transmission.

Encrypted communication

The API utilizes HTTPS (HTTP Secure) to encrypt data during transmission, adding an extra layer of security. While sFTP also supports encryption, our API leverages modern encryption protocols, making it more robust against potential attacks.

Authentication and authorization

The API employs OAuth2 authentication, which allows for better control over access to sensitive data. You can assign specific permissions and revoke access quickly if needed. SFTP relies on username/password credentials (or certificates) which introduce security risks and complicate user management in large-scale systems.

Auditability and traceability

The API provides detailed logs and audit trails of transactions and access attempts, allowing for better traceability and accountability. sFTP transfers may not provide the same level of detailed logging and visibility into transaction history.

Scalability and performance

The API is designed to handle high-volume, real-time communication, making it more suitable for systems with a large number of transactions. The API scales horizontally rather than scaling vertically. sFTP might face performance bottlenecks when dealing with massive transaction volumes in a big file.

Cross-platform compatibility

The API is a more platform-agnostic solution, allowing OpenCard to communicate with EMS systems seamlessly. sFTP may require additional setup and configuration, making it less straightforward for communication between systems running on different platforms.

In summary, OpenCard is based on APIs because they offer real-time processing, enhanced security, better authentication and authorization mechanisms, detailed auditability, scalability, and platform compatibility. This makes them a more modern and effective solution for handling financial messages compared to traditional sFTP file transfers, which are more suitable for batch jobs.