The Context
The APIs managed through Apigee at this major Australian bank are not back-office systems — they are the critical infrastructure behind personal banking for millions of customers: account access, payments, identity verification, and digital channel integrations.
In this environment, every API proxy must be configured precisely. A misconfigured policy can block legitimate transactions, expose security gaps, or cause cascading failures. The traditional approach — hand-writing XML policies and debugging through documentation — is slow and error-prone at enterprise scale.
"In a banking environment where API reliability directly affects customers' ability to access their accounts and make payments, the speed and accuracy of AI spec-driven development became a meaningful operational advantage."
Four Capabilities Delivered
- 01Policy Generation from Plain EnglishThe developer describes the policy type, configuration values, and variable names. Claude generates complete, correctly structured XML — ServiceCallout, KVM operations, JWT verification, OAuthV2, Quota, SpikeArrest, and 25+ more — ready to deploy without modification.
- 02Reusable Templates and Full Proxy ScaffoldingStandard ServiceCallout templates, complete proxy bundle scaffolds, shared flow templates for JWT authentication — all generated with the team's naming conventions (SC-, KVM-, AM- prefixes) automatically matched from a style reference.
- 03Real-Time Troubleshooting and Root Cause AnalysisThe most frequently used capability. Paste the error message and policy XML — Claude diagnoses the root cause and provides the exact fix in minutes. No documentation lookup. Used daily for production incidents.
- 04Security Review and Edge-to-X MigrationFull proxy security reviews flagging ordering issues and missing FaultRules. Automated compatibility checking as the bank migrates from Apigee Edge to Apigee X — replacing manual documentation comparison.
Real Prompts That Became Production Code
- eg."Generate a ServiceCallout that calls https://api.internal/validate with a 10s timeout and stores the response body in validateResponse"Output: Complete ServiceCallout XML with correct connect and I/O timeouts (10,000ms each), proper request/response variable binding, correct HTTPTargetConnection structure — ready to deploy without modification.
- eg."My VerifyAPIKey policy is in the proxy but never enforcing — requests with no API key go through"Diagnosis: Policy attached to PostFlow instead of PreFlow. In a banking context, this security gap could allow unauthenticated requests to reach backend services. Fix provided immediately with corrected XML.
- eg."Before I promote a shared flow to prod, show me what changed between this revision and the one in UAT"Output: Revision comparison engine detecting six types of breaking changes, each with a risk rating (HIGH/MEDIUM/LOW) — HTML diff report ready for change request documentation.
Results
| Dimension | Traditional Approach | AI Spec-Driven | Improvement |
|---|---|---|---|
| Policy generation | 30–60 min (docs + manual XML) | Under 5 minutes | ~90% faster |
| New proxy scaffold | Half a day | Single conversation | ~95% faster |
| Troubleshooting | Trial and error, documentation | Targeted fix in minutes | ~90% faster |
| Security misconfigurations | Caught in production | Caught during generation | Before deployment |
The developer's value shifted. From writing boilerplate XML to specifying intent and validating output — a fundamentally more productive and less error-prone way of working.
Style references are the unlock. Pasting one existing policy as a reference means every generated policy automatically adopts the team's naming conventions, structure, and patterns.
Troubleshooting is the killer use case. In production banking, diagnosing a policy error in minutes — rather than hours of documentation lookup — has direct operational value.
This is a daily workflow, not a pilot. The approach is used in production every day, generating the policies and proxy configurations that millions of banking customers depend on.
Want to transform how your team builds and manages APIs?
Singularity Tech helps organisations ship faster, reduce costs, and close the gap between domain expertise and engineering capacity. The assessment is free.
Talk to our team