As PEXA was looking to enhance its product and service offering to customers both in Australia and in the newer market of the UK, Simon Vallegra, General Manager of Technology Operations and Digital Delivery, and Shane Lee, Staff Engineer, Technology, realized the team would need an API management platform to enable them to increase agility, efficiency, and integration.

The solutions PEXA were using at the time would not scale with their aggressive growth goals, so they began researching API management platforms and found Kong through industry research leaders like Gartner and their existing integrators and partners.

“The most important quality when we started looking at our next-gen API program was a management solution that is more flexible, extensible, secure, and future forward-looking. We needed a solution that would allow us to expand into other markets and open up opportunities for indirect and direct monetization of our API product suite. Customer centricity, creating synergies between product and tech, improved developer experience, and enhancing our self-service capabilities are our major goals,” added Lee.

Two key challenges they identified for this new API management solution to address were security and scalability.

The ability to put in enhanced security protections was top of their list of needs in a platform to manage their APIs.

Additionally, as PEXA looks to the future, the team recognized the need to future-proof its foundations and support business growth strategies by evolving its technology and practices. They were specifically looking to increase flexibility to speed up their development, modernize their infrastructure, and reinforce resilience and performance by continuing to develop tools and practices that enable defect-free deployments.

PEXA chose to implement Kong Konnect as the infrastructure to carry them into their digital future. The team has built out its environment based on a model created to utilize Kubernetes, using AWS EKS, and has adopted infrastructure as code using Terraform, Helm, and Docker. This architecture was built with an eye towards flexibility to support future modernization, as well as the ability to scale to support future growth.

Vallegra, Lee, and the rest of the PEXA team also implemented Kong to drive efficiency, by allowing them to work in parallel, enabling reuse and shift-left, and improving onboarding. They will also accelerate time to market by reducing the learning curve for team members.

“Efficiency is the name of the game in our current market. We are creating a system that will allow our whole team to focus on the projects that support PEXA’s growth and new customers, by increasing their ability to self-serve and use APIs that already exist in our service catalog,” says Vallegra.

Their new solution with Kong also supports their goals of staying one step ahead of the increasing security threats to APIs. By moving away from point-to-point certificate management with their integrators, they will be able to scale while still maintaining the highest level of security. 

With the new infrastructure, the various team members who need to publish APIs can manage all their authorization permissions for their APIs without needing to engage the central platform management team. 

As Vallegra says, “The ability to scale and grow while maintaining our current level of security (and even increasing it) is crucial for us. With Kong, we’re able to set authorization and authentication policies across our APIs.”

As a result of implementing Kong, PEXA has already started to see improvements in cost savings, its security posture, and opportunities for new revenue streams.

Their Australian support team has reduced costs by releasing 30% of their capacity previously used to support existing integrators and is looking forward to greatly increasing that percentage as even more partners are onboarded to the new APIs. This released capacity is allowing the team to provide more support for growth with new customers.

The team has also improved its security posture and protection from security threats by using Kong's rate-limiting abilities to prevent security threats at the entry layer.

Additionally, they are ensuring that they are prepared for future security threats with Kong Analytics for observability and monitoring. Not only does the resulting data allow them to identify any irregularities with their traffic and usage, but it also enables them to make data-driven business decisions.

"Security is at the forefront at PEXA. We are in the middle of what is usually one of the biggest, most emotional transactions a home buyer or seller will make and it is essential that we protect our customers. Through our security program, we were able to shift security left and embrace the DevSecOPs model. With OAuth2 supported out-of-the-box by Kong, along with a number of other industry-standard authentication and authorization policies, we swiftly established a standardized framework and set of guidelines for request authentication, cross-level authorization, proxying and rate limiting capabilities that have all contributed to PEXA's engineers now being able to allocate more of their time and resources to delivering business value and advancing the company's product portfolio." added Lee.

The adoption of Kong and an API-centric model has also enabled PEXA to focus on what's next, including the development of new revenue opportunities, reinforcing resilience and performance, and creating a solution and infrastructure to support all PEXA business units, including future acquisitions.

"At PEXA, we are well underway in our development of an API-led strategy to strengthen our offerings to customers to increase our agility, efficiency, and integration, while maintaining a strong security posture. Kong is the next step in this strategy and while we are early in our journey, we're already starting to see strong results," says Vallegra.