PSD2, API Gateways and Agile Development Sandboxes

PSD2, API Gateways and Agile Development Sandboxes

Most financial services organizations are in the process of implementing support for the Payment Services Directive 2 (PSD2) from the EU mandating that they provide APIs accessing their data and services to various types of organizations. Many are addressing this by implementing some nature of API Gateway such as those from IBM Connect, Apigee, Mulesoft, Fiorano etc. but is this sufficient?

The standard configuration being used is represented very much like the following:

ost psd2 api gateway 001

But this raises the following issues:

  • On boarding of any new organization is time consuming and costly when the organization cannot even prove it can comply and move into a production mode.
  • There is already a serious bottleneck accessing test environments within large financial services organizations; how can these additional demands be supported?
  • There are major data governance issues, particularly in the light of the upcoming GDPR legislation, with multiple organizations accessing a shared test environment.

This is where agile testing sandboxes can help:

ost psd2 api gateway 002

An Agile Testing Sandbox simulates the APIs to the test environment required to support PSD2 upon which an application is dependent for testing. The sandbox environment runs independently of the real test environment on Cloud, Docker or commodity hardware and software. Consider a sandbox to be like a flight simulator for your testing environments. This offers fully functional versions of the application, services and synthetic data that the testing teams can use for their continuous testing. These can be created on demand per organization requiring a test environment so no further sharing of environments is required and test coverage can be brought to 100%.

This addresses the issues outlined above:

    • A standard PSD2 testing sandbox can be created per organization requiring access to the organization’s services. This is a cost effective way of on boarding any new organization ensuring that they can successfully interface with your systems.
    • When organizations have been approved for access, they will need continuous access to testing environments as they roll out changes to their software. They can continue to test using their standalone agile testing sandbox thus avoid any further pressure on the real test environments. Final testing requires a simple validation against the real test environment.
    • As each organization gets their own standard alone sandbox for testing, there is no potential for data governance issues as no other organization will have access to that environment.

These sandboxes become a testing asset used from the on boarding of new AISPs and PISPs through to the support of those organizations into the future.

Portus EVS enables the creation of sandbox environments in days enabling financial services organizations to on board and support the explosion of AISPs and PISPs in an agile and cost effective way. This can ensure rapid compliance with PSD2 regulation and safety around data usage thus fully complying with the incoming GDPR regulations.