Temenos supports API development primarily through its Integration Framework (IF) and Temenos DataSource layers. When implementing the APIs in T24, we usually consider installing them and getting proper requests to responses, but there are a lot of things to consider. We mostly use IRIS for this. IRIS is a lightweight, REST standards-based solution that uses OFS message format to communicate with T24. This allows the solution to be used for all T24 customers across release versions. This is our follow-up blog on 'How to start your Temenos T24 API journey - IRIS'.

Here is the list of best practices for T24 API development.

API Specification Compliance

• Check whether Object, Integration, and Orchestration services are developed as per the naming conventions.

• Ensure request and response structures are defined as per the naming standards.

• All endpoints and methods should be correctly implemented.

• The API should adhere to the Swagger specifications.

Request/Response 

• The API should return accurate and expected results for valid inputs.

• Error responses should be clear and informative for invalid inputs or errors.

• Empty responses and null values have been considered and handled appropriately.

Authentication and Authorization

• Authentication mechanisms should be implemented correctly (Public, Anonymous, Private).

• Authorization checks should be enforced for all sensitive parameters.

Input Validations

• Validations should be performed for mandatory input parameters.

• Input validation should be performed in preprocessors to prevent injection attacks (example: SQL injection).

• Sensitive input parameters like passwords and PII data should be encrypted before being saved into the database.

Error Handling

• Error responses should be standardized as per a common framework and be informative.

• Language-specific error messages should be handled.

• Error codes should be defined per module-wise specifications.

Logging

• Errors, exceptions, and critical events during API operations should be logged appropriately for troubleshooting and monitoring.

  
  

Security

• Ensure the recommended security guidelines.

Performance

• API response times should be within acceptable limits.

• Performance bottlenecks should be identified and addressed.

• The API should be designed to handle the expected load and scale horizontally if needed.

• Caching mechanisms should be used appropriately to improve performance.

  
  

Backward Compatibility

• The API should be appropriately handled to maintain backward compatibility.

• The Release-specific API enhancement information should be communicated to API consumers.

Documentation

• The API should be well-documented (for example, Swagger).

• Examples should be provided for different endpoints and responses.

• Breaking changes and deprecated API parameter details information should be adequately documented.

• The API contracts and usage guidelines should be documented for internal and external developers.

Usability

• The API should be intuitive and easy for developers to understand and use.

• The API should be consistent in its response formats and error handling across endpoints.

• The 4-layer architecture implementation should be done as per the guidelines.

Extensibility 

• Make sure to provide hooks wherever extensible.

• Follow a 4-layer architecture to allow partners/customers to implement class extensions quickly.

UTP

• The API deployment process should be automated in UTP.

• The API execution behavior should be consistent and reliable in UTP.

• The deployment configurations (example: environment-specific settings) should be appropriately managed.

We specialize in T24 API DEVELOPMENT – IRIS. If you are planning to implement IRIS in your T24 release, please contact us. We have a combined proposal for T24 API DEVELOPMENT implementation and training. Keep up the great work! Happy Performance Engineering! #TemenosAPI #T24CoreBanking #APIDevelopment