Evaluation of “BigFour” Open Banking Product APIs

This is a personal exercise to evaluate Australian Consumer Data Standard (CDS)specification for Banking implementations available from “Big Four” (Commonwealth Bank of Australia [ComBank], Australia and New Zealand Banking Group Limited [ANZ], National Australia Bank Limited[NAB], Westpac Banking Corporation[Westpac]) banks. I have looked at Product and Product Details APIs.

1. Westpac

Look and feel of the Developer Portal is shown below.

Results of the Product API access is shown below on the postman tool.

HTTP Headers that were returned from the API Request are shown with details.

The pagination works correct as shown below.

2. Commonwealth Bank of Australia

Look and feel of the Developer Portal is shown below. COMBank has the best developer experience.

Results of the Product API access is shown below on the postman tool.

HTTP Headers that were returned from the API Request are shown below. CommBank had the least number of HTTP headers returned. API Gateway is based on Nginx.

Sent in “x-min-v” value a wrong number and following response returned.

Westpac returned following result for “x-v” HTTP header set to a wrong number.

NAB returned following result for “x-v” HTTP header set to a wrong number.

3. National Australia Bank (NAB)

Look and feel of the Developer Portal is shown below. All though product API page is primitive in user experience, other non-open banking APIs have rich user experience.

Results of the Product API access is shown below on the postman tool.

HTTP Headers that were returned from the API Request are shown below. NAB API Gateway is based Kong deployed in Amazon. Services are built as lambda functions. Additionally it sends in a HTTP cookie. HTTP Headers that were returned from the API Request are shown below.

If you pass HTTP Header with the name “x-correlationid” the same value is returned. If not, a UUID is generated by the API gateway and returned. Please note that this behaviour in COMBank is different. Differences are listed below.

4. Australia and New Zealand Banking Group (ANZ)

Look and feel of the Developer Portal is shown below.

Results of the Product API access is shown below on the postman tool.

Following HTTP Header are returned. ANZ returns the highest number of HTTP headers and three of them are duplicated as seen below. It does not support “x-Correlation-Id” HTTP header.

Following diagram shows how each bank has implemented business error when page “0” was requested.