Creado el 23 Jan. 2018

With more than 700 million active users and one million advertisers registered on its platform, it has proved to be a buoyant business. How can you leverage it to improve your business? There are several options.

Instagram Business

Opening a business account in Instagram is the most complete and direct option for your company, brand or agency. It enables you to create ads that will appear before the eyes of millions of people. There are several formats:

Simple photo: send a photo as an ad, with a lower button that you can customize with a call-to-action and that may be similar to: "Buy", "Discover more" or "Sign up", if it is a service.

Video: with a duration of up to 60 seconds, you can send videos that will be played automatically to the target audience.

Carousel: you can send a gallery of grouped images to form an ad. This way you can get more personality and depth in the campaigns.

Stories: the new full-screen format is more captivating and enables advertisers to capture the target audience's full attention with a full-screen short clip.

The statistics that Instagram provides its clients are very detailed: scope, plays, views, clicks, number of times the ad has been shared, conversion, subsequent installations, etc.

Scheduling posts

Instagram does not allow images to be uploaded in an automated way to prevent videos being sent en masse via programmed robots. Luckily, some tools provide a solution to this problem. allows you to create a complete schedule of posts for different accounts. You can select the best times to post, get recommendations of #hashtags for photos and videos shared, complete reviews of comments and "like", etc.

HootSuite: this veteran tool that is the best friend of social network managers has added support to schedule posts without having to keep an eye on it.

There are other options like and that allow business to basically perform the same task. In all cases it is completely automated, except for the final post. A notification is sent to some devices (a smartphone, for example), and from there you can post with all the fields that have already been selected. It is so fart the only possible way to do it.

Direct API

The Instagram API is not as powerful as the Twitter or Facebook API platform, but it has several interesting methods if we want to perform the tasks related to our business in this social network on our own.

Likes: the same method /media/{identificador}/like allows to get a list of likes that a photograph or video have received, if we use a GET call.

If we use the POST method we can add a like to that specific identifier with the account in which we are authenticated and, if we send a DELcall, we can delete it.

Users: this is perhaps the most extensive method of the entire API, despite it being read only. It always uses GET calls and allows users to obtain information on their account, by calling at any time with /users/self. It is useful to know with which account we are authenticated or to review our profile statistics.

To obtain information about another account, whether it be our business or any user, we can call /users/{identificador-de-cuenta}.

This method has two sub-methods that we will use often, as they are /users/{identificador-de-cuenta}/media/liked to review the latest likes sent from this account or /users/{identificador-de-cuenta}/media/recent to get the latest posts sent.

Relationships: to manage who we follow or stop following, Instagram offers us methods of reading to check the status of follow-up relationships between users.

We can get the list of accounts that follow an account by calling /users/{identificador-de-cuenta}/followed-by or those followed by that account at /users/{identificador-de-cuenta}/follows. Simple.

You can make a GET call to /users/{identificador-de-cuenta}/relationship to check the status of the relationship between the target account and the account with which we are authenticated, or by using a POST call to the same method to edit it. Valid actions are follow, unfollow, approve and ignore.

Unfortunately you cannot check the status of the relationships between users that do not correspond to the authenticated account, so we will not be able to follow up among third parties.

Tags: tags are perhaps the most powerful option for an advertiser. They allow access to complete sub-universes within Instagram and to reach specific audiences. There are three methods of tags, even though they are read only.

/tags/{nombre-etiqueta} allows us to find out information about the tag as well as the total of available content, popularity, etc.

/tags/search allows us to specify a term to search within tags. Useful for finding popular tags to send our photos and videos to.

As you see, the possibilities for your business by using Instagram are far ranging if you know how to master your API. It will allow you to reach where other businesses have not been able to get and find an audience that is willing to find out about your product or service.

Are you interested in financial APIs? Discover all the APIs we can offer you at BBVA.

Creado el 22 Jan. 2018

The range of available APIs for developers is ever expanding. Turning to an external service that provides the tools that otherwise would have had to be built from scratch not only saves time but also resources.

Therefore, in order for those who turn to your API to be happy with the results, there is no need to provide them with all possible options; instead, it is important to make sure that your service is working properly and that there are no bumps on the road. The only way to fulfil this premise is to monitor its performance and consider possible changes to make it compatible with the software of third parties. Undoubtedly, the work becomes more difficult as complexity increases as well as the number of dependencies (components that the applications can use) of the API.

Thus, the key to assess the success of your API is to monitor traffic (incoming calls), the developers and applications that use it, the quality of service offered (this includes error rate, code failures and efficiency of responses) and the income provided by its use by third parties.

Resources: APImetrics, Visual Studio Application Insights and APIscience

Fortunately, there are different tools to keep an eye on your API and swiftly detect possible failures and solve them fast. One is APImetrics, a sort of scorecard from which to analyse different parameters of the programming interface.

This software solution allows measuring the time the API takes to respond to requests from apps, the effectiveness of its response and the reaction capability it presents for each dependency or type of call. Thus, it offers a holistic view of the performance of the service.

Another monitoring tool is Visual Studio Application Insights, available in the Microsoft Azure service. In this case, analysis includes checking data bases, HTTP calls, Java and databases, as well as the evaluation in real time of interactions between the API’s and the external interfaces.

It is worth noticing that the program facilitates the analysis of the response produced by a particular type of call, so that it is possible to evaluate if the versions of the API interface and those of third parties are compatible. On the other hand, faults and exceptions are detailed in the reports provided by the tool.


Turning to the past to understand the present

Unlike the previous ones, the kind of analysis provided by APIscience is staggered; it first evaluates the integration of external APIs with its own, and then assesses the results of their interactions. It serves to monitor, among other styles of software architecture, REST, JSON and OAuth APIs.

One of the main advantages of this tool is that it allows to compare previous versions of the programming interfaces with the current one, a comparison used to detect errors, slow responses and integration problems.

The tool is based on a system that monitors variations in the functioning of the API as well as its performance on the basis of time. Next, it represents the data by means of useful dynamic graphics. These reports help developers to analyse the code of the programming interface in search of possible errors.

Meanwhile, AlertSite offers a three-for-one solution, allowing to monitor the performance of the API along with that of websites and applications. For the first, the solution is called SmartBear, a complete manager of the status and health of programming interfaces. It is based on a network of nodes to monitor the speed of interactions and responses at a global level (it includes a map in the report of results), subsequently relating this flows to the degree of performance exhibited in each case.

Another useful feature of the AlertSite solution is that it offers different types of analysis adapted to third-party APIs, public APIs and those of partners, as each of them presents different problems. SmartBear also accepts scripts, so that internal assessment tools, such as Ready! API and SoapUI, are integrated into the service. Thus, developers can then execute these other services from the same product.

Ideally, a combination of tools

Although the existing tools and solutions are varied, the choice of one over the other should depend on the needs of each case. If only global assessments apply, and there is no need to look too much into the detail of the functionalities of the API, this latter may seem perfectly functional with respect to third-party applications despite being an outdated or obsolete version.

On the other hand, checking only the basic elements of the API, without considering the overall picture, it is also a partial approach. The best is to combine both strategies to achieve complete monitoring.

Are you interested in financial APIs?  Discover all the options offered by BBVA

Creado el 18 Jan. 2018

Combating tax fraud

After two years of preparations, in the summer of 2017 Spain's Tax Agency launched its Immediate Supply of Information initiative (SSI in its Spanish acronym). The platform makes it far easier to identify fraudulent practices, such as double use software, which are computer programs designed to mask sales.

José Borja Tomé, Deputy General Manager of Technologies at the Tax Agency, under Spain's Treasury Department, explained in an article published on, that "once the infrastructure was in place, we realized there was much more we could use it for."

Tomé pointed to actions such as "identifying shareholdings in companies", which helps to unmask those who claim bankruptcy but have a series of shell companies shielding their assets. "It is now much easier to explain the sudden emergence of certain fortunes and who really owns them. The platform uses simple cross-checking analysis that renders good results."

The next step for the Tax Agency in terms of using data, said Tomé, is to run advanced analysis that will gradually lead to the automation of certain decisions currently made by inspectors. Machines will make it easier for inspectors to detect unusual patterns.

Thanks in part to data analysis, this will not only prevent "that those who honestly pay taxes end up paying more because of fraudsters," but also mean that "we will be among the tax agencies that cost less to taxpayers in Europe."

Urban Discovery

This is one of the projects run by the BBVA Data & Analytics department. It is an interactive tool open to all users, running analysis of commercial activity in the cities of Madrid, Barcelona and Mexico City. The results come in the shape of new maps that redraw urban boundaries and identify the most popular tourist and residential areas, or those areas with younger consumers.

A total of 413 million card transactions over a period of one year were evaluated. This aggregated and anonymous data offers an up-to-date overview of the dynamics in these three cities.

Another strong point of the tool is how the data is displayed. Developed in partnership with CARTO, users are able to explore maps of each city, and even create their own tags to establish new divisions.

Juan Murillo, Head of Territorial Analysis at BBVA & Analytics, explains that “data science gives us a better idea of the dynamics in these cities, and allows us to examine how people use them according to their lifestyles, describing the specializations of each area, and their predominant patterns and activities."

He also adds that the tool allows BBVA to "give users the opportunity to enhance the project with their own contributions, and we invite them to create categories that will provide a new perspective on results.”


The U.S. retail chain, with 20,000 stores in 28 countries, is making significant use of big data. At its headquarters in Arkansas it has set up a data café, a workspace that analyzes data from more than 200 sources, both internal and external.

The tool's greatest strength is its capacity to quickly process up to 40 petabytes of data - enough to store 542 years of high resolution video - on recent transactions. All of this data is processed and displayed with one key objective: to cut the time it takes to make the right commercial decisions. What used to take weeks can now be done in a matter of minutes.

As detailed in a BBVA article, the Walmart Data Scientist Naveen Peddamail told Forbes magazine: “If you can't get insights until you've analyzed your sales for a week or a month, then you've lost sales within that time. If you can cut down that time to 20 or 30 minutes... That’s the real value of what we have built with the data café."

BBVA Bconomy

Thanks to this big data solution, BBVA customers can now identify their financial safety net and improve it by controlling their expenses. Hence, customers are able to better manage their personal finances and make the decisions that are right for them.

The tool provides customers with a diagnosis of their financial health, based on the analysis of four variables: monthly savings, financial freedom, spending on housing, and spending on loans or deferred card payments. Based on the outcome of the analysis, BBVA Bconomy can suggest tailored plans to improve domestic economies.


If you want to know more about BBVA's financial APIs,, visit this website.

Creado el 16 Jan. 2018

BBVA API Market will collaborate in this initiative, the largest travel Hackathon in Spain and the second largest Hackathon, as far as awards are concerned, which has been celebrated in the last year. We will allow teams of developers, designers and tourism experts to use some of our retail and aggregate data APIs. The best project using one or several of the APIs on our platform (and even APIs from other sources) will be awarded 2,500 euros.

HackaTrips will be held on January 20 and 21 at pavilion 10 of IFEMA, in Madrid, organized by the traveling platform Minube and Fitur. It will be a unique occasion to show everything that different APIs can give to this sector by transforming and enriching the experience of tourists.

We will be there to find out about your projects and to select the app that makes the most of the APIs on BBVA API Market available for the hackathon.

In total, hackaTrips will give away over 18,000 euros in prizes. The jury will look at factors such as the projects' originality, design, usability and their commercial viability.

If you think you can improve the tourist experience with an innovative project that uses the APIs on BBVA API Market, we will see you on the third weekend in January at Fitur. But you need to hurry up: hackaTrips only takes up to 100 participants!

You can sign up here.

Creado el 15 Jan. 2018

At BBVAOpen4U we have spoken more than once of the sweeping change in paradigm in modern banks and their transformation in platforms as a service (PaaS) to exploit the ecosystem driving the new PSD2 regulation (Revised Directive on Payment Services) imposed by the European Banking Authority (EBA). To date, practically no financial sector professional is in any doubt that the banks will be able to comply with the regulatory requirements, thanks to the use of third-party application programming interfaces (APIs).

PSD2 –which is driving the change in January 2018– rules that the banks will have to open up their payment services to outside companies (Third Party Payment Service Providers - TPPs): payment initiation service providers (PISPs) on the one hand, and account information service providers (AISPs) on the other. Both services require authorization from the customers –whether private individuals or companies– and of course prior authentication.

The EU therefore seeks a payment market in Europe that is open to other actors in addition to the banks (fintech companies). In this scenario, managing users' digital identities takes on a new dimension. This Discussion Paper from the EBA explores most of the risks and requirements of the new environment around the corner after the implementation of PSD2. It is evidently much more complex, and more sensitive. This is why APIs and the approach used to program them (open or closed application programming interfaces) is a matter for international debate.

Digital identity, a paramount asset

In the digital age, where mobile devices are now a tool for almost everything and all times, users' data represent raw material of incalculable value. People registered with their username and password make financial transactions in real-time, associated to a first and last name, identity document, place of residence, gender, age and so on. Transactions associated to the retail sector, insurance, leisure… Not only do they provide information on expenditure, but also a record of customers' revenues. The financial digital identity of millions of people is in the hands of the banks.

With the new PSD2, any company can become one of these TPPs and use the release of data to generate new income. There is no doubt that this is a race for the ownership of customers' digital identities, and will involve hundreds of companies fighting for authorized access to this information. Europe considers it combines all the essential elements to deregulate the market and that the greatest beneficiaries will be the customers.


The components that guarantee a secure process are the following: 

Identification: definition of the attributes that confirm, beyond any shadow of a doubt, that the user is who they say they are and not someone different pretending to be them. 

Authentication: verification through credentials that the user is the customer they say they are (username and password, OTP, digital certificates and others). 

Authorization: the financial service providers (TPP) with a license to operate must be given authorization by the customers before they can access their accounts. They need to have proof of consent, which can be obtained through access tokens. 

Risk-based authentication (RBA), a new ecosystem

Risk-based authentication (RBA) is the method whereby several levels of security are applied to the processes for authenticating customers or users to minimize the risk of violation. Some of the elements used in a risk-based authentication process are often the same as the ones used in some of the latest generation firewalls for classifying risk. These are:

Role-based identification: the greater the privileges a specific user may have (for example a network administrator), the greater the risk controls they will be required to undergo. This is because they have an even greater capacity to break the protection. 

Location-based authentication: location is a key element for determining whether a transaction or bank operation entails risks or not. If the user or customer has logged on to an application or a financial service from a specific place and shortly after attempts to do the same thing from another totally different location, this may indicate an action that represents a risk to the bank and to the customers themselves. 

Activity-based identification: the characteristics of some financial transactions trigger greater levels of control. Transfers involving large sums of money, transactions between accounts in banks in different companies, sending money to accounts located in tax havens...  

Habitual behavior patterns: when a user makes a transaction that is not habitual in their behavior as a customer, that action is more delicate than the ones that follow their regular behavior patterns. These tend to be detected by measuring the speed of the linked transfers, the amounts of each transaction, and so on. 

Other important elements in the systems for RBA digital identity control include type of device, IP address, status of antivirus software, and others. 


Are you interested in financial APIs? See BBVA's catalog at this website