This posed a challenge for the global architecture team at Verifone since e-commerce and physical payments are traditionally supported by completely different systems.

"Essentially, we needed to expose our APIs to third parties who integrate into the Verifone payment services, such as sites with their own web shops," said Hans van Leeuwen, lead architect at Verifone.

Typically, the buyer for a Verifone e-commerce solution is a developer, who is likely to compare API documentation across different vendors and select the solution with the best-structured APIs.

"A good, clean API is very important," said Van Leeuwen. "We needed to make it as simple as possible. However, having no way to standardize API documentation would clearly stand in the way of API adoption and thus an omnichannel payments solution in line with Verifone's vision."

Compounding the issue was the global scale of Verifone's operation.

"Payments seem simple, but there are actually regional requirements due to regulations and customer preferences," explained Van Leeuwen. "We needed to tailor payments to regional requirements. However, our largest customers and international, well-known brands didn't want to log into separate systems for each region to manage their payments. "

Verifone's customers wanted a global system through which they could handle every payment operation and all interactions with Verifone.

The global architecture team decided the approach to delivering a global, omnichannel solution depended on moving payment systems to a microservices architecture, with an API management tool in place.

Since all regional payment systems were previously monoliths exposing APIs separately, the API gateway was a greenfield project for Verifone.

"In moving to microservices, we knew we needed an API gateway. We needed an abstraction layer with which to expose our services. Exposing all your underlying microservices to the end user is a bad idea," said Van Leeuwen.

Many solutions the team evaluated were eliminated due to being too bloated. Van Leeuwen and his team knew that they wanted a lean product, without extra components that would complicate and slow down their processes.

The team initially liked Kong because of its lightweight API gateway built on a proven tech stack and for the company's focus on microservices.

"As we learned more, Kong really stood out for being able to support lots of use cases for us," said Van Leeuwen. "Kong's flexible plugin architecture meant we could pick and choose the functionality we needed for each use case, as well as manage APIs across modern and legacy systems." The team also planned to use Kong for its load balancing needs, saving the cost of purchasing a separate solution for this.

Finally, Kong stood out for its flexibility to support any deployment model.

"We have some regions where we are required by regulations to operate on-premise or the private cloud. In other regions, we are able to leverage the public cloud. Kong can do it all," said Van Leeuwen.

Verifone uses Kong Gateway Enterprise to serve as a gateway across many regions.

"Previously, we had 20 different regional payments systems, each with a monolithic architecture," said Van Leeuwen. "We moved to a single, global payments system with a microservices architecture. Kong lets us centrally secure, manage and monitor this system."

Centralizing all APIs in one place makes it easy to maintain and govern APIs. Verifone uses Kong Gateway Enterprise to set up separate workspaces and segregate logic for development teams in different regions. From a single place, Van Leeuwen's team can apply policies to govern API traffic across all regions.

"Kong reduces our time to market thanks to its many authentication plugins available out-of-the-box," said Van Leeuwen. "We are able to support our legacy systems, where the business is moving or even write our own custom plugins."

Rate-limiting policies also help Verifone ensure maintainability and spread the load to reduce the risk of outages.

In addition to applying policies, the single point of view also allows the team a central place to log and view traffic flowing through the system.

"We also are using Kong to standardize and maintain our API documentation on OpenAPI 3.0," said Van Leeuwen. "Automatic generation of API contracts with Kong improves the quality of API specs and reduces the risk of breaking changes for our end users."

Beyond on-premise, hybrid, cloud, and multi-cloud deployment with Kong, the team also plans to make use of Kong's native integrations with Kubernetes.

"Kubernetes is on our roadmap. We know with Kong, we can use CRDs to configure Kubernetes and the gateway. That's a big difference compared to many other solutions without native support for Kubernetes," said Van Leeuwen.

Verifone has significantly reduced time to market with Kong in place. Whereas each regional payment system was previously managed separately and required its own business logic, now Verifone can govern all regions from a single place.

Development teams in the regions no longer need to spend time on business logic such as authentication and authorization, so they are able to develop features faster.

The global architecture teams productivity is much greater since Kong improves visibility by creating a central point to monitor and manage policies across the entire system.

The team has also increased efficiency in standardizing and maintaining API contracts. Finally, operationally the solution supports the high availability and zero downtime critical in a business where outages are not an option.

With nearly half of the world's non-cash transactions being made through Verifone products, the scope of impact is huge. "Our use of Kong is exciting because of the efficiency and impact we can achieve for the business," said Van Leeuwen.

"Three pillars we have in Product and Engineering at Verifone are security, scalability, and availability. The whole world economy depends on us. And now, on Kong as well."