Behind the code: How Airbank is changing business finance

This is Patrick’s blog — our Co-Founder & CTO writing about his journey and tech experiences when building Airbank.

There are two things you can never say about SAP:

(1) “It can’t be done.”
(2) “It’s easy to do.”

— Corporate joke

Business finance is one of the fields where old-school software still finds shelter. While adjacent management territories such as marketing and HR evolved from paper wilderness to beautiful SaaS products, finance teams are still buried in spreadsheets, legacy banking portals, and bureaucracy.

But hey, let’s not blame the victims here. Founders and CFOs don’t have much choice when it comes to finance software.

Consider DATEV, the German monopolist in the SME accounting space. A friend recently registered his startup and received, per mail, a CD and a pendrive containing the software. Beware: It only works on Windows.

Truth is that usability has never been the bread-and-butter for finance software vendors. Security, regulatory compliance and feature coverage absorb most of the attention, resources, and sales pitches. However, thanks to the Open Finance movement, fintechs can now abstract away most of these issues and build fantastic business finance solutions with usability at the core. QED’s Frank Rotman recently had a fantastic take on the market dynamics we’re facing.

For us, this opens up a huge window of opportunity to bring the last decade of innovation in personal finance to companies of all sizes. Fintech Is Only 1% Finished would Simon Taylor, one of the great thinkers in our space, say.

Airbank, for instance, doesn’t have to build and maintain security and compliance infrastructure. We partner with Open Banking providers that handle bank connections and regulatory matters for us. In fact, separating those handling infrastructure and those interacting with the end-user is a trend in every sector of the economy — from shipping to finance.

If you’re not familiar with Open Banking, here’s the gist: A few years ago, Europe launched the Payment Services Directive 2 (PSD2) to increase competition and integration in the payments market. This regulation requires banks to share data and access to payment accounts with non-banks bearing the appropriate licenses. In order to serve this new-found market, many companies applied for these licenses and started working on standardized APIs that connect to thousands of banks and offer fintechs a unified gateway.

At Airbank, we access data from your accounts through Open Banking providers. This data is then used to give you a unified view over your finances. It is also possible to make bank transfers on our dashboard using the same connections.

Across our journey, we were questioned many times as to why we were going for Open Banking instead of other, legacy industry standards such as EBICS and SWIFT.

To answer this question, we must first go through Airbank’s top guiding principle.

Tech is supposed to be invisible.

A good product delivers its core value without making you aware of its inner mechanisms, asking for the minimum amount of input required to make it functional. Take your phone and open the Uber app. Now count how many taps you need to get home. One to activate the search field, one to select your home in the recent addresses list, one to confirm. Three.

At Airbank, we follow the principle of minimum user effort in everything we build — from bank connection to transaction categorization and cashflow analysis. This philosophy is also reflected in our brand identity, guided by peace, simplicity, and transparency.

With Open Banking, a user can connect any account to Airbank in a matter of seconds. All it takes is accepting the intent to share access, and confirming the operation through a redirect to a secure page or mobile app from the bank. This consent lasts for up to 90 days legally, but our back-end intelligently prompts you to renew it before it expires, thus making the process much simpler.

If we were using EBICS or SWIFT instead, there would have to be a human step to confirm the connection: Usually the user would have to send a letter to the bank requesting a connection, or even show up in person to sign a consent. While these standards do offer a deeper access in your finances due to not being restricted to checking and payments accounts, their bureaucratic nature is just inconsistent with a high-growth startup. Furthermore, the API providers working with these standards tend to be less innovative than the brand new Open Banking players out there. We’re talking about legacy tech, infrastructure-heavy operations, and a slow pace of evolution. It simply doesn’t fit Airbank’s culture.

Furthermore, Open Banking has been growing rapidly over the past few years and the Open Finance movement is expanding to other fields, such as insurance & investments. We strongly believe that, in the near future, Open Banking will be as powerful as legacy standards, while offering an incomparable user and developer experience. We had PSD1 in 2007, PSD2 starting in 2015, and PSD3 is already on the visible horizon.

Never trust the API.

Now expanding on the technical aspects — building an Open Banking integration may not be as painful as a direct SWIFT connection, but it has its fair share of challenges and caveats.

A guiding principle of software development is to never trust the user. This essentially boils down to always cleansing user input before using it in the front-end or submitting it to the server — not just because of security issues, but also due to human mistakes.

With Open Banking, one also learns to never trust the API. Connecting over 2.000 banks across dozens of countries through a single gateway, the data model has to deal with a great load of exceptions on top of its core standardization model. While equipped with sandbox accounts mocking a wide range of data contexts, the only way to truly capture exceptions is by testing live bank accounts at every relevant institution.

Airbank’s Open Banking integration is implemented through a GraphQL API. Using a restaurant metaphor, the front-end would be the main room, the back-end would be the kitchen and the API would be the waiters. GraphQL is a model developed by Facebook that makes it much easier to create complex queries and operations, avoiding performance and security problems such as over-fetching data from the database.

On Airbank, it is possible to assign nicknames, match bank accounts to legal entities, and do sophisticated data filtering through the dashboard. Therefore, there has to be a tight coupling between data piped from the external provider and data saved in the database — and GraphQL is just the best choice for that.

The GraphQL API is built with Apollo Server, deployed as a Netlify Function. Through this serverless architecture, we are able to instantly scale up and down, while not having to do any infrastructure management ourselves. In addition, leveraging Netlify’s Edge network makes our service available almost anywhere blazingly fast. We also use FaunaDB, which is a data API that combines the flexibility of NoSQL with the reliability of traditional relational databases — also in a serverless setup. Fauna is built with GraphQL in mind, so it felt like a natural match.

Finally, our current Open Banking API provider is Yapily, which offers great coverage across the UK and EU. To maintain greatest flexibility and scaling readiness, Airbank’s back-end is structured in a way that allows for quickly adding other API providers for better coverage, as well as feature and geographical expansion.

Try Airbank

That’s it for our “Behind the code” series for now. If you are part of a small or growing business, sign up to our waitlist today and we’ll onboard you as soon as we roll out across Europe. We can’t wait to show you around!

This was the first post of a series of stories about Airbank’s tech. I’ll dive deeper into the topics mentioned in this post a bit later. Keep in touch to get notified about new posts!