API7 Automates Open Banking for Top Securities Company

Yilia Lin

Yilia Lin

January 23, 2023

Case Study



Established over three decades ago, this securities company stands as a stalwart in the financial services sector. The company showcases its expertise and influence in the market by participating in IPOs and actively engaging in mergers and acquisitions. In 2022 alone, the company underscored its financial prowess with total consolidated assets of 870 billion US dollars.

As a provider of comprehensive capital market services, this securities company distinguishes itself with industry-leading innovation capabilities. The company is dedicated to serving quality enterprises and a diverse investor base with a robust demand for financial products and services. It has strategically expanded its footprint, delving into lucrative areas such as private equity investment and overseas business, showcasing adaptability and a forward-thinking approach.


  • While sharing data with third-party financial providers via API fostered innovation and collaboration of financial information, it posed risks to security like unauthorized access and data breaches.
  • This securities company used various API gateways, including NGINX/OpenResty/Kong, leading to increased management expenses and additional risks to its system.
  • The rigorous approval process and lack of system and data isolation across different systems raised single-point dependencies, impacting the overall performance and efficiency of the system.


  • API7 Enterprise established a resilient security framework that safeguarded the securities company's valuable assets from unauthorized access, data breaches, and malicious activities.
  • API7 Enterprise streamlined the management system of the securities company, eliminating single-point dependencies while improving the company policies of user permissions and approval process.
  • The cutting-edge API gateway provided the securities company with a comprehensive API management solution to tailor their functionalities to perfection.


Traditionally, banks have held a monopoly on their customers' financial information and services. However, open banking seeks to break down these barriers and promote a more collaborative and interconnected financial ecosystem. By sharing customer data securely and in a standardized format, open banking enables customers to benefit from improved access to a wider range of financial products and services. It involves the sharing of financial information, with their explicit consent, between different financial institutions and authorized third-party providers through standardized APIs.

Open banking enhances competition, innovation, and customer experience in the financial industry. To make good use of open banking, securities companies urgently need to undertake digital transformation by enhancing its management, authentication, and authorization, as well as supporting common functionalities such as rate limiting and circuit breaking for APIs. As API management is becoming more and more important in technological transformation, addressing the challenges of API management has become a top priority.

Why Chose API7 Enterprise

To address the pain points, this securities company conducted a thorough review of API7 Enterprise, focusing on requirements such as high reliability, high performance, low latency, simple deployment, and auto-scaling.

The new API gateway is expected to:

  • Replace various open-source API gateways such as NGINX/OpenResty/Kong gradually
  • Provide a comprehensive and visible management system for convenient management and maintenance of the API gateway
  • Possess maintainability and scalability, allowing for customization of functionalities

So, what is API7 Enterprise? How does it effortlessly solve numerous complex problems and stand out among the multitude of API management products to meet the needs of this securities company?

Tailored for Securities Company: API7 Enterprise

APISIX, working as the basis of API7 Enterprise, is a globally renowned cloud-native API gateway known for its outstanding performance and active and open community. It comes with 100+ ready-to-use open-source plugins and supports multiple programming languages for enterprise-level extensions.

API7 Enterprise is an API management solution based on Apache APISIX, providing users with a platform for processing layer 7 traffic. It offers enterprise-targeted API management features such as SSL certificate management, access control, SOAP, FIPS, traffic labeling, and statistical reporting.

It possesses the following technical features:

  • Cloud-native architecture with powerful scalability
  • Highest performance and high stability, coupled with robust traffic governance capabilities
  • Support for multiple programming languages and protocols
  • Multi-cluster and multi-tenant support
  • Fully dynamic hot-reloading
  • Support for encryption standards

To accelerate the achievement of their digital transformation and achieve cost reduction and efficiency improvement, this securities company chose to adopt API7 Enterprise, which provides comprehensive API management, routing, access control, traffic governance, interface orchestration, circuit breaking, protocol conversion, logging, monitoring, and other functionalities for their public APIs.

Achievements After Using API7

The securities company successfully implemented API7 Enterprise within its production environment, seamlessly connecting it to the most intricate business projects. Below is a diagram of integrating API7 Enterprise with its API gateway architecture.

Top Securities Company's Architecture with API7 Enterprise

The leading securities company has achieved significant results after adopting API7 Enterprise.

Fortified Data Security under Open Banking

Amidst the ongoing wave of digital transformation within enterprises, data has evolved into a pivotal asset, playing a central role in fostering innovation within the financial services sector. The securities industry places paramount importance on data security, recognizing its critical significance.

SSL certificates, functioning as server certificates, play a crucial role in bolstering security measures. They not only support server verification for users but also facilitate the encryption of data transmitted between servers and users. In this context, API7 Enterprise emerges as a key player, providing robust SSL certificates. These certificates are instrumental in effectively fortifying the data security infrastructure of the securities company.

Besides, the implementation of multi-tenant isolation empowered diverse business projects to independently manage the system, resulting in a notable enhancement of internal efficiency. API7 Enterprise played a pivotal role in assisting this securities company in realizing multi-tenant isolation, contributing not only to heightened system stability but also bolstering the security of internal system data.

Simultaneously, it facilitated the unified management of clusters, leading to a significant leap in internal efficiency.

Built a Comprehensive Management System

Previously, the development, maintenance, and management procedures were intricate, requiring numerous personnel and involving complex workflows with redundant resource management.

However, with the adoption of API7 Enterprise, a comprehensive API management solution, the securities company experienced a transformative shift. The platform streamlined development, maintenance, and management processes, leading to a significant reduction in personnel, simplified workflows, and optimized resource management. This not only enhanced operational efficiency but also contributed to cost savings for the organization.

Moreover, the incorporation of unified monitoring, alerting, authentication, and canary release solutions went a step further in enhancing system availability. This comprehensive approach not only modernized the operations but also fortified the system's resilience and responsiveness of the securities company to meet the dynamic demands of the industry.

The discernible benefits include:

  1. Testability: API7 Enterprise offers a robust framework that facilitates comprehensive testing, ensuring the seamless functionality of the system.

  2. Clear Documentation: The technical documentation provided by API7 Enterprise is transparent and thorough, offering a lucid understanding of implemented functionalities.

  3. Reliable 24/7 Operation: API7 Enterprise stands as a stalwart, operating reliably around the clock, and providing uninterrupted services to meet the demands of dynamic business environments.

  4. Dynamic Load Balancing: Embracing dynamic load balancing, API7 Enterprise optimizes resource utilization, ensuring optimal performance even during fluctuating workloads.

  5. Alerting Capabilities: API7 Enterprise comes equipped with advanced alerting functionality, promptly notifying developers of any abnormal conditions within the entire system, and fostering proactive issue resolution.

Streamlined Configuration Processes

Previously, updating configurations necessitated approvals from various stakeholders, resulting in prolonged processes, diminished execution efficiency, heightened risk, and an increased susceptibility to human errors.

The introduction of API7 Enterprise's visual capabilities has revolutionized the configuration landscape, enhancing the ease of viewing and confirming configurations without the requirement for approval in interface operations.

Furthermore, the enhancements extended to management systems, encompassing refined user permissions and approval processes. These advancements expedited business development while eradicating single points of dependency. API7 Enterprise redefined the configuration and management landscape, ensuring a more streamlined, efficient, and resilient operational environment.

Flexible Customization at Ease

The new API gateway, distinguished by its emphasis on maintainability and scalability, offered unparalleled convenience for the subsequent customization of functions.

Here's how API7 Enterprise achieves this:

  1. Plugin Functionality: API7 Enterprise introduces robust plugin support, streamlining the customization of specific functions. This ensures adaptability to diverse requirements.

  2. Comprehensive Documentation and SDKs: To empower users in customizing functions, API7 Enterprise provides extensive documentation, Software Development Kits (SDKs), illustrative examples, and a wealth of resources.

  3. HTTP Management Interfaces: API7 Enterprise facilitates seamless query and configuration of functions through HTTP management interfaces, enhancing the user experience in managing and tailoring the gateway functionalities.


Embracing the era of open banking, this securities company diligently stays attuned to emerging technologies. Leveraging API7 Enterprise, a consolidated API management platform, the company's technical team fortified business interactions with heightened agility, stability, and security. This implementation not only facilitated seamless collaboration within the organization but also extended the potential for partnerships across diverse businesses and industries.

The collaboration between API7 Enterprise and this leading securities company fully demonstrates the mutually beneficial growth of technology in the context of digitalization. Technology drives the financial services industry while the financial services industry, in turn, drives technology, resulting in improved overall efficiency and endless convenience for users.

API7 EnterpriseFinanceOpen Banking