“The risk and compliance factors in the fintech industry are huge, which means as developers, there is a LOT of time spent there. And on top of that, having APIs is now an expectation in the financial services industry, so it’s crucial to have a solid API program.”
— George Mitry, Expert Application Engineer, API Enablement and Standardization at Discover Financial Services
This week on the API Intersection podcast, we interviewed George Mitry, an Expert Application Engineer of API Enablement and Standardization at Discover Financial Services. The Discover team works with over 1,500 external and internal APIs, which are used to provide cash-back bonuses or card payments. Their current focus has revolved around security as a top priority in their API program, as well as increased demand for speed, digitalization, and transparency.
To keep up with the pace of development demand, George and his team must remain agile, product-centric, and have well-understood boundaries by the business to set the team up for success. We sat down with George to discover the significant mindset shifts he’s applied to get his business leaders and API team all on the same page.
1. Your Approach to API Management
One paramount importance George touched on was the differentiation between application architecture and API management because sometimes that line can seem a little fuzzy to an outsider looking.
He explained that while application architecture is concerned with microservices and breaking down the right-sizing of components within the application, API management is more about the lifecycle management, versioning, and promoting reuse of the APIs at the enterprise level.
One thing that helps immensely with proper API management is building an inventory of microservices and APIs to manage and secure them effectively. An inventory or catalog is a great way to keep track of all APIs that you have.
George shared how he once built a catalog of business APIs through a security lens, resulting in nearly 100% coverage of their APIs. Building a comprehensive inventory of APIs is an essential first step in API governance and security, which gets into George’s second approach to success.
2. Your Approach to API Governance
For the Discover API team, their focus is less on a center of excellence and more on a federated style of governance. Looking at the fallacies of API governance, George highlights the need for an open and collaborative approach to API governance and that it should operate similarly to how the open-source community operates.
Applying learnings from the open-source community and maintaining a transparent and open environment for collaboration to your governance strategies will bode success in the long term.
“Move away from being an ‘Ivory Tower’ [governance team] to a teaching or learning organization, where anyone in the community can share their solutions and be promoted to an enterprise standard. That’s how you do governance right,” shares George.
For example, in practice, their internal team has a “Discover Technology Academy” for engineers as a resource for gaining insights and promoting that openness model in practice. It’s a great way to onboard new developers, educate business stakeholders, and refresh the whole team to ensure alignment.
Another governance tip that George swears by to keep up with standardization is to always use common grammar and vocabulary. This is crucial in promoting consistency and understanding in API development, especially between different teams. It makes learning and understanding easier when various stakeholders work on your API designs.
3. Your Approach to the “Iceberg of API Strategy”
Finally, George walked us through the iceberg of API strategy, meaning that “like an iceberg, there are many aspects of API Strategy that are hidden. In order for an API strategy to succeed, it needs to establish a multidisciplinary program that must orchestrate multiple areas simultaneously.”
He illustrates how the tip of the iceberg is business transformation, and beneath the surface are the hidden elements that often go unnoticed by stakeholders outside of the API team, such as security and compliance. These unnoticed elements need to be orchestrated first and constantly (preferably during the design phase) to achieve the ultimate goal of digital transformation.
“API programs will only get out of API strategy as much as they put into it, and a lot of work needs to be done behind the scenes to discover, document, secure, and make sense out of the API assets,” shares George.
In the end, these approaches are just a few that George applies to the Discover Financial Services API team to further success and innovation. He stressed that overall, “ no matter what technology you’re working on, it should be designed to reflect well-understood business boundaries to enable the development of effective APIs.”
It’s always a pleasure chatting with George. For more advice from industry leaders, check out the API Intersection podcast.