- Needed to streamline a large-scale, complex global payments system without disrupting services for global customer and merchant base
- Needed infrastructure to govern and securely expose APIs for applications running in a microservices architecture with high reliability
- Kong Enterprise as a service connectivity platform to centrally secure, manage and monitor all global traffic
- Move from monolithic to microservices architecture, with flexibility to manage APIs across on-premise, cloud and hybrid deployments
- Reduced TCO 75% and decreased time to market 20X by consolidating 20 regional payment systems into a single global system, with all traffic managed and secured by Kong
- Saved development teams hundreds of hours per month via automated generation and maintenance of API contracts with OpenAPI and centralized monitoring of API traffic
Founded in 1981, Verifone is a global leader in payments and commerce solutions at the point of sale. If you have a credit or debit card, you have certainly paid on one of the 35 million+ Verifone payment terminals worldwide. Verifone solutions enable more than 10 billion secure transactions a year for merchants, consumers and the institutions that serve them. Verifone serves over 150 countries, with customers spanning financial services, retail, petroleum, restaurant, hospitality, transportation and healthcare industries.
While Verifone is the largest payment solution provider in most regions globally, it needed to evolve to meet demand for ecommerce. Verifone prioritized developing an omnichannel solution that covered both in-store and ecommerce use cases to remain competitive with players specializing in ecommerce.
ECommerce Buyers Demand Clear API Documentation
This posed a challenge for the global architecture team at Verifone since ecommerce and physical payments are traditionally supported by completely different systems.
“Essentially, we needed to expose our APIs to third parties who integrate into the Verifone payment services, such as sites with their own web shops,” said Hans van Leeuwen, lead architect at Verifone. Typically, the buyer for a Verifone ecommerce solution is a developer, who is likely to compare API documentation across different vendors and select the solution with the best-structured APIs.
“A good, clean API is very important,” said Van Leeuwen. “We needed to make it as simple as possible.” However, having no way to standardize API documentation would clearly stand in the way of API adoption and thus an omnichannel payments solution in line with Verifone’s vision.
Compounding the issue was the global scale of Verifone’s operation. “Payments seem simple, but there are actually regional requirements due to regulations and customer preferences,” explained Van Leeuwen. “We needed to tailor payments to regional requirements. However, our largest customers and international, well-known brands didn’t want to log into separate systems for each region to manage their payments.” Verifone’s customers wanted a global system through which they could handle every payment operation and all interaction with Verifone.
Verifone Chooses Kong for its Lightweight, Flexible API Gateway
The global architecture team decided the approach to delivering a global, omnichannel solution depended on moving payment systems to a microservices architecture, with an API management tool in place.
Since all regional payment systems were previously monoliths exposing APIs separately, the API gateway was a greenfield project for Verifone. “In moving to microservices, we knew we needed an API gateway.”
Hans van Leeuwen, Lead Architect at Verifone
“We needed an abstraction layer with which to expose our services. Exposing all your underlying microservices to the end user is a very bad idea.”
Many solutions the team evaluated were eliminated due to being too bloated. “We wanted a lean product. We didn’t want extra components in the core product beyond what we needed for our microservices use case,” said Van Leeuwen.
The team initially liked Kong because of its lightweight API gateway built on a proven tech stack and for the company’s focus on microservices. “As we learned more, Kong really stood out for being able to support lots of use cases for us,” said Van Leeuwen. “Kong’s flexible plugin architecture meant we could pick and choose the functionality we needed for each use case, as well as manage APIs across modern and legacy systems.” The team also planned to use Kong for its load balancing needs, saving the cost of purchasing a separate solution for this.
Finally, Kong stood out for its flexibility to support any deployment model. “We have some regions where we are required by regulations to operate on premise or the private cloud. In other regions, we are able to leverage the public cloud. Kong can do it all,” said Van Leeuwen.
Verifone Pilots a Global System, Governed by Kong Enterprise
Verifone uses Kong Enterprise to serve as a gateway across many regions. “Previously, we had 20 different regional payments systems, each with a monolithic architecture,” said Van Leeuwen. “We moved to a single, global payments system with a microservices architecture. Kong lets us centrally secure, manage and monitor this system.”
Centralizing all APIs in one place makes it easy to maintain and govern APIs. Verifone uses Kong Enterprise to set up separate workspaces and segregate logic for development teams in different regions. From a single place, Van Leeuwen’s team can apply policies to govern API traffic across all regions. “Kong reduces our time to market thanks to its many authentication plugins available out-of-the-box,” said Van Leeuwen.
“We are able to support our legacy systems, where the business is moving or even write our own custom plugins.” Rate limiting policies also help Verifone ensure maintainability and spread the load to reduce the risk of outages.
In addition to applying policies, the single point of view also allows the team a central place to log and view traffic flowing through the system. “We also are using Kong to standardize and maintain our API documentation on OpenAPI 3.0,” said Van Leeuwen. “Automatic generation of API contracts with Kong improves the quality of API specs and reduces the risk of breaking changes for our end users.”
Beyond on-premise, hybrid, cloud and multi-cloud deployment with Kong, the team also plans to make use of Kong’s native integrations with Kubernetes. “Kubernetes is on our roadmap. We know with Kong, we can use CRDs to configure Kubernetes and the gateway. That’s a big difference compared to many other solutions without native support for Kubernetes,” said Van Leeuwen.
Verifone has significantly reduced time to market with Kong in place. Whereas each regional payment system was previously managed separately and required its own business logic, now Verifone can govern all regions from a single place. Development teams in the regions no longer need to spend time on business logic such as authentication and authorization, so they are able to develop features faster. The global architecture team’s productivity is much greater since Kong improves visibility by creating a central point to monitor and manage policies across the entire system. The team has also increased efficiency in standardizing and maintaining API contracts. Finally, operationally the solution supports the high availability and zero downtime critical in a business where outages are not an option.
With nearly half of the world’s non-cash transactions being made through Verifone products, the scope of impact is huge. “We are nearing the end of our pilot and will be globally rolling Kong out in phases,” said Van Leeuwen. “It’s exciting because of the efficiency and impact we can achieve for the business.”
“Three pillars we have in Product and Engineering at Verifone are security, scalability and availability. The whole world economy depends on us. And now, Kong as well.”