Paypal + Uber for seamless driver payment experience.
Samsung S5 fingerprint scanner for OAuth-based API identity in mobile payments utilizing FIDO
Paypal Beacon utilizing Bluetooth LE to provide location awareness
The Future of Payments on the Road - API Days SF 2014
1. PAYPAL PLATFORM
THE FUTURE OF PAYMENTS ON THE ROAD
API Days SF
June 14, 2014
Jason Harmon
Head of API Design
@jharmn
jasharmon@paypal.com
2. PayPal …
– 148 million active accounts
– 193 markets in 26 currencies
– 2013
– Total Payment Volume was $180 billion
– $27 billion in mobile payments
– Q1 2014
– Total Payment Volume of $52 Billion
– At $6688 TPV / second
– 834 million payments, 9+ million every day
– $1 in every $6 spent on e-commerce
– 25% spent on cross-border trade
THE PAYPAL CONTEXT
In a dynamic environment
– 300+ features per quarter
– We roll 100,000+ lines of code every two weeks
3. PAYPAL PLATFORM HAS EVOLVED
TO SUPPORT NEW INTEGRATION NEEDS
PayPal API
PayPal Capabilities
2001 Instant Payment Notification
2004 Transaction, Mass Pay API
2005 Direct Payment API, Express Checkout
2007 Payment APIs (NVP)
2009 Adaptive APIs (SOAP/XML, NV, JSON)
2013 Payment APIs (REST)
11. THE USUAL RULES:
DUMB API CLIENTS ARE GOOD API CLIENTS
• REST API should encapsulate business logic
• Complicated steps should be made easy
• Minimize the need to for client to persist state
• Multiple identifiers are problematic
• /widgets/{id}/things/{id}/stuff/{id}
• Hypermedia helps
• Encapsulate permissions
• Opaque URLs
12. TO MAKE THINGS EASIER
SOMETIMES THE CLIENT HAS TO BE SMARTER
13. WHEN API CLIENTS NEED SMARTS
LOCATION AT THE EDGE
Mobile OS
provides some
location data
Identifying a
specific venue
is more difficult
Interacting with
that venue is
really tricky
Bluetooth LE
allows
interaction with
the venue
15. WHEN REST APIS AREN’T ENOUGH
IDENTITY
• OAuth 2 provides
framework
• Passwords are weak
at best
• API/OAuth provider
can only provide so
much…
16. BIOMETRIC IDENTITY
Samsung S5
First implementation of FIDO
Fingerprint scan interacts with
mobile client library
FIDO data is passed to Paypal
for authentication
REST APIs + additional Oauth
grant type
http://www.embedded.com/design/real-world-
applications/4430305/Implementing-Android-based-fingerprint-authentication-
for-online-payments
21. APPS IN THE DRIVER EXPERIENCE
• How could we tie all of this together?
• Retail presence: connected sensors
• Developers in the dash: installable apps
• Bluetooth: already largely available in cars,
developer access needed
• Biometrics: FIDO provides a standard, vehicles
would be safer if utilized
22. MOBILE DEVICES MIGHT BE BEST
Dash-based apps could be a big risk
http://www.kurzweilai.net/how-an-mp3-can-be-used-to-hack-your-car
Mobile devices won’t give your car a blue screen of death at
the drive-thru