Most financial services organizations are in the process of implementing support for the Payment Services Directive 2 (PSD2) from the EU mandating that they provide APIs accessing their data and services to various types of organizations. Many are addressing this by implementing some nature of API Gateway such as those from IBM Connect, Apigee, Mulesoft, Fiorano etc. but is this sufficient?
The standard configuration being used is represented very much like the following:
But this raises the following issues: