How an API-first approach can help create a seamless payment experience
The best technology doesn’t make its presence obvious – it’s just there, making your life easier.1
So when our merchant clients want to take advantage of evolutions in application programming interface (API) technology, they rely on us to help them enhance their performance without them having to constantly reassess and update their payments infrastructure.
Merchants should be asking their payments providers, "When it comes to APIs, are you future-proofing me?” And crucially – “Am I going to have to do additional work a year from now to integrate a new set of technologies?"
Here’s how we’re making our API offering as smooth, secure and future-proof as possible.
The power of payments APIs: rapid access to new markets and real-time data
- We leverage APIs to be able to switch on new payment methods for our clients5 in a rapid and streamlined manner.6 Whether it’s integrating konbini convenience-store payments in Japan, enabling WeChat Pay, or allowing a merchant to accept cash payments in Mexican convenience stores, everything is driven by our new API architecture.7 This is both in terms of how merchants and clients connect into us for payments,8 but also in the APIs we’re offering through the J.P. Morgan developer store.9
- When a client connects one time through our new API layer, they will be able to add a method of payment in one of these local markets that they bill into.10 By adapting our legacy infrastructure to integrate APIs, we're making it more straightforward for our clients and for the merchant community to do business with us as a firm.11
- We are also developing APIs around real-time data streaming,12 that will allow our systems to receive data quickly for reporting and financial needs,13 resulting in a better merchant experience overall.14 Our objective is to allow our merchants instant access to their data.15
Expect evolution in API standards
As API technology is evolving all the time, I’m often asked whether there is a need for standardisation. The first thing to note is that there is no universal standard16 for what merchant payments APIs should look like. However:
- Looking ahead, we think new API standards could develop quickly. Look at Open Banking; within a year we have already seen several different standards emerge.17
- In contrast to Open Banking, which focuses on opening up access to banking data the API space also has pure technology players creating new concepts and products alongside financial institutions.18 Standardising the plethora of new API offerings which enter the market each year could be more difficult as a result.
- We'd like to see industry take a lead in standardising elements of API technologies around the security and authentication/authorisation methods – which is starting to happen with protocols like OAuth 2.0 and the various authorisation grant types it supports.19
Security is non-negotiable
Security is a key topic as API use develops, and rightly so. There’s the aforementioned lack of standardisation. There’s also the potential impact of exposing API documentation: when you expose any sort of protocol or data in a public manner, there's always a security risk involved.20
How are we handling this?
- For J.P. Morgan, security is non-negotiable. Our focus is on securing the payments authentication layer,21 and making sure that we're monitoring security throughout the entire transaction life cycle.22
- We’re building APIs expressly designed to enhance client cybersecurity.23 For example, an API can manage who has access to particular business functions – such as who can authorise and make payments.24
- We've established centres of excellence specifically around API standards,25 and around data security and resiliency.26
- We’re also leveraging industry-leading forms of authentication,27 such as the Mutual TLS and OAuth 2.0 protocol.28
Do it once, do it right
We're heavily invested with developing new API technology and also in developing a whole suite of value-added services that live throughout the entire transaction lifecycle.29 We want to make things easier for our merchants not just at the point of payment, but also from a banking and treasury perspective.30
Merchants should be asking whether their providers are a service provider and a vendor, or if they're a true partner. Our development of new APIs is just one example of our commitment to our clients – to furthering and developing the technology that they need for their business and making it easier to do business and connect with us.31
The right payments technology should be able to adapt and grow with a merchant’s ambitions in real-time. Our focus is on developing APIs that allow our clients to take advantage of multiple payment methods,32 and to go with us into new geographies with a fully local end-to-end offering.33
To learn more about how we leverage the power of APIs, visit J.P. Morgan Developer, contact your J.P. Morgan representative or call our merchant support team on:
Europe: +353 1 726 2909
UK: +44 845 399 1130
Jake Hershman is an Executive Director of J.P. Morgan Merchant Services, the merchant acquiring and payment processing arm of J.P. Morgan Chase & Co. As a leader of strategic client engagements in the Corporate & Investment Bank, Jake is responsible for partnering with the field and product organisations to enable clients in expanding internationally and taking advantage of the newest merchant services technologies. Jake brings experience from the issuing, acquiring, network, and merchant businesses.