PEXA Ensures Secure Transactions for Their Customers with Kong

Australian property settlement pioneer depends on Kong to build an API strategy for the future

Transforming how Australians settle property through digital innovation

PEXA is a world-first digital settlement platform that has revolutionized how people buy and sell property in Australia. It has approximately 10,000 customers (lawyers, conveyancers, and financial institutions) and has facilitated an excess of 15 million transactions via its digital settlement platform.

By providing quick access to the process of a sale and real-time tracking on property settlements, PEXA and its network of partners and customers help over 20,000 home buyers and sellers a week settle their property safely.

PEXA is a fundamental part of Australia's property infrastructure, integrated with six land registries, five state revenue offices, and the Reserve Bank of Australia, playing a key role in more than 85% of all property settlements in Australia. It has now expanded to the UK, collaborating with the housing industry there to digitize the home purchase, sale, and remortgaging process there.

IndustryFinance
RegionAsia Pacific
Use CaseDeveloper Experience
Customer Since2021
Challenge

Security and Scalability Needs Drive Search for API Management Solution

As PEXA was looking to enhance its product and service offering to customers both in Australia and in the newer market of the UK, Simon Vallegra, General Manager of Technology Operations and Digital Delivery, and Shane Lee, Staff Engineer, Technology, realized the team would need an API management platform to enable them to increase agility, efficiency, and integration.

The solutions PEXA were using at the time would not scale with their aggressive growth goals, so they began researching API management platforms and found Kong through industry research leaders like Gartner and their existing integrators and partners.

Vallegra commented, "Kong is a natural fit for PEXA embarking on the modernization journey. It ticks all the boxes, scalability, security, and self-service, which takes the hassle of managing APIs".

"The most important quality when we started looking at our next-gen API program was a management solution that is more flexible, extensible, secure, and future forward-looking. We needed a solution that would allow us to expand into other markets and open up opportunities for indirect and direct monetization of our API product suite. Customer centricity, creating synergies between product and tech, improved developer experience, and enhancing our self-service capabilities are our major goals", added Lee.

Two key challenges they identified for this new API management solution to address were security and scalability.

"API Security is not something businesses can ignore or rely on existing systems to fully address. As the threat of API-targeted attacks grows, we knew we needed a solution that would provide the capability to prevent security threats at the entry layer, as well as introduce proactive action, automation, and policies that will ensure we stay one step ahead," says Vallegra.

The ability to put in enhanced security protections was top of their list of needs in a platform to manage their APIs.

Additionally, as PEXA looks to the future, the team recognized the need to future-proof its foundations and support business growth strategies by evolving its technology and practices. They were specifically looking to increase flexibility to speed up their development, modernize their infrastructure, and reinforce resilience and performance by continuing to develop tools and practices that enable defect-free deployments.

Solution

Implementing a Flexible Infrastructure with an Eye Toward the Future

PEXA chose to implement Kong Enterprise as the infrastructure to carry them into their digital future. The team has built out its environment based on a model created to utilize Kubernetes, using AWS EKS, and has adopted infrastructure as code using Terraform, Helm, and Docker. This architecture was built with an eye towards flexibility to support future modernization, as well as the ability to scale to support future growth.

Vallegra, Lee, and the rest of the PEXA team also implemented Kong to drive efficiency, by allowing them to work in parallel, enabling reuse and shift-left, and improving onboarding. They will also accelerate time to market by reducing the learning curve for team members.

"Efficiency is the name of the game in our current market. We are creating a system that will allow our whole team to focus on the projects that support PEXA's growth and new customers, by increasing their ability to self-serve and use APIs that already exist in our service catalog", says Vallegra.

Their new solution with Kong Enterprise also supports their goals of staying one step ahead of the increasing security threats to APIs. By moving away from point-to-point certificate management with their integrators, they will be able to scale while still maintaining the highest level of security.

With the new infrastructure, the various team members who need to publish APIs can manage all their authorization permissions for their APIs without needing to engage the central platform management team.

As Vallegra says, "The ability to scale and grow while maintaining our current level of security (and even increasing it) is crucial for us. With Kong Enterprise, we're able to set authorization and authentication policies across our APIs."

Results

Establishing a Modernized Infrastructure to Support Customer Success and Business Goals

As a result of implementing Kong Enterprise, PEXA has already started to see improvements in cost savings, its security posture, and opportunities for new revenue streams.

Their Australian support team has reduced costs by releasing 30% of their capacity previously used to support existing integrators and is looking forward to greatly increasing that percentage as even more partners are onboarded to the new APIs. This released capacity is allowing the team to provide more support for growth with new customers.

The team has also improved its security posture and protection from security threats by using Kong's rate-limiting abilities to prevent security threats at the entry layer.

Additionally, they are ensuring that they are prepared for future security threats with Kong Analytics for observability and monitoring. Not only does the resulting data allow them to identify any irregularities with their traffic and usage, but it also enables them to make data-driven business decisions.

"Security is at the forefront at PEXA. We are in the middle of what is usually one of the biggest, most emotional transactions a home buyer or seller will make and it is essential that we protect our customers. Through our security program, we were able to shift security left and embrace the DevSecOPs model. With OAuth2 supported out-of-the-box by Kong, along with a number of other industry-standard authentication and authorization policies, we swiftly established a standardized framework and set of guidelines for request authentication, cross-level authorization, proxying and rate limiting capabilities that have all contributed to PEXA's engineers now being able to allocate more of their time and resources to delivering business value and advancing the company's product portfolio." added Lee.

The adoption of Kong and an API-centric model has also enabled PEXA to focus on what's next, including the development of new revenue opportunities, reinforcing resilience and performance, and creating a solution and infrastructure to support all PEXA business units, including future acquisitions.

"At PEXA, we are well underway in our development of an API-led strategy to strengthen our offerings to customers to increase our agility, efficiency, and integration, while maintaining a strong security posture. Kong is the next step in this strategy and while we are early in our journey, we're already starting to see strong results," says Vallegra.

"By implementing Kong Enterprise as our API management solution, we are better prepared for the future. From accelerating our time to market and allowing more investment in supporting new customers' growth to protecting us from security threats and opening the door for new revenue opportunities, we're confident that PEXA is ready for whatever's next."

Simon Vallegra
General Manager of Technology Operations and Digital Delivery

Recommended Case Studies