Open API Exchange Platform Implementation

Client: Hong Kong Bank ATM Network operator

Duration: Sept-18 to Mar-19 (7 months)

Position & Role Played: Lead Delivery Architect


The client initiated the development of the Open API Exchange Platform,, to enable its network of ATM-member banks to adopt the Open API framework mandated by the Hong Kong Monetary Authority (HKMA). Thirteen prominent Hong Kong-based banks participated in the initiative, collectively publishing over 230 APIs on the platform.

The architectural foundation of the platform rests on a Microservices framework, employing technologies such as Spring Boot, Docker, Kubernetes, and IBM API Connect. This robust foundation ensures the scalability, flexibility, and efficiency of the platform.

The implementation includes a dedicated Developer Portal designed for Third-Party Service Providers (TSPs). This portal facilitates TSPs in browsing, testing, and subscribing to APIs, fostering seamless integration. Additionally, an API Gateway has been established to authenticate, authorize, and sanitize API requests originating from TSP applications, ensuring secure and controlled access to the platform’s services. This comprehensive approach establishes as a sophisticated and secure environment for fostering collaboration between member banks and TSPs within the prescribed regulatory framework.

My Contribution:

I played the lead architect role to assist the client with

  1. Multi-Tenancy Architecture for OpenAPI Exchange Platform: Devised the multi-tenancy architecture design enabling member banks to host their APIs on the OpenAPI Exchange Platform.
  2. Microservices Architecture for Designed and developed the microservices architecture for using Spring Boot and Swagger UI.
  3. API Endpoints Integration Architecture with Member Banks: Devised the integration architecture for API endpoints with member banks, encompassing integration protocol, security requirements, and HTTP header standards.
  4. API Management for Platform: Proposed comprehensive API Management for, covering
    • TSP on-boarding process, security requirements
    • API products lifecycle management
    • URI scheme and versioning
    • Sandbox and Live API deployment model
    • Segregation of duty and security for client and member banks.
  5. OpenAPI Performance Testing Planning and Execution:  Planned and conducted performance testing for OpenAPI, ensuring the robustness and efficiency of the platform.