View
500
Download
0
Category
Tags:
Preview:
DESCRIPTION
Paypal + Uber for seamless driver payment experience. Samsung S5 fingerprint scanner for OAuth-based API identity in mobile payments utilizing FIDO Paypal Beacon utilizing Bluetooth LE to provide location awareness
Citation preview
PAYPAL PLATFORM THE FUTURE OF PAYMENTS ON THE ROAD
API Days SFJune 14, 2014
Jason HarmonHead of API Design
@jharmnjasharmon@paypal.com
PayPal …– 148 million active accounts– 193 markets in 26 currencies
– 2013– Total Payment Volume was $180 billion– $27 billion in mobile payments
– Q1 2014– Total Payment Volume of $52 Billion– At $6688 TPV / second– 834 million payments, 9+ million every day
– $1 in every $6 spent on e-commerce– 25% spent on cross-border trade
THE PAYPAL CONTEXT
In a dynamic environment– 300+ features per quarter– We roll 100,000+ lines of code every two weeks
PAYPAL PLATFORM HAS EVOLVEDTO SUPPORT NEW INTEGRATION NEEDS
PayPal API
PayPal Capabilities
2001 Instant Payment Notification
2004 Transaction, Mass Pay API
2005 Direct Payment API, Express Checkout
2007 Payment APIs (NVP)
2009 Adaptive APIs (SOAP/XML, NV, JSON)
2013 Payment APIs (REST)
PAYMENTS: THE WAY THINGS USED TO BE
PAYMENTS: HOW IT WORKS TODAY
HOW OFTEN DO YOU PAY AND DRIVE?EASILY…
UBER + PAYPAL: EASY
UBER + PAYPAL: EASY
GET IN.RIDE.GET OUT.
UBER + PAYPAL: REST API
UBER + PAYPAL: MOBILE SDK
THE USUAL RULES:DUMB API CLIENTS ARE GOOD API CLIENTS
• REST API should encapsulate business logic• Complicated steps should be made easy• Minimize the need to for client to persist state
• Multiple identifiers are problematic• /widgets/{id}/things/{id}/stuff/{id}
• Hypermedia helps• Encapsulate permissions• Opaque URLs
TO MAKE THINGS EASIERSOMETIMES THE CLIENT HAS TO BE SMARTER
WHEN API CLIENTS NEED SMARTSLOCATION AT THE EDGE
Mobile OS provides some location data
Identifying a specific venue is more difficult
Interacting with that venue is really tricky
Bluetooth LE allows interaction with the venue
WHEN API CLIENTS NEED SMARTSLOCATION AT THE EDGE
WHEN REST APIS AREN’T ENOUGHIDENTITY
• OAuth 2 provides framework
• Passwords are weak at best
• API/OAuth provider can only provide so much…
BIOMETRIC IDENTITY
Samsung S5 First implementation of FIDO Fingerprint scan interacts with
mobile client library FIDO data is passed to Paypal
for authentication REST APIs + additional Oauth
grant type
http://www.embedded.com/design/real-world-applications/4430305/Implementing-Android-based-fingerprint-authentication-for-online-payments
PAYPAL BEACONVOICE RECOGNITION
Plans to integrate voice recognition integrated into the app
THE FUTURE OF PAYMENTS IN THE CAR
TODAY MOST OF THIS IS DOABLE ON A MOBILE DEVICE
TESLA: THE FUTURE OF CARS
TESLA: API-ENABLED CAR
APPS IN THE DRIVER EXPERIENCE
• How could we tie all of this together?• Retail presence: connected sensors• Developers in the dash: installable apps
• Bluetooth: already largely available in cars, developer access needed
• Biometrics: FIDO provides a standard, vehicles would be safer if utilized
MOBILE DEVICES MIGHT BE BEST
Dash-based apps could be a big riskhttp://www.kurzweilai.net/how-an-mp3-can-be-used-to-hack-your-car
Mobile devices won’t give your car a blue screen of death at the drive-thru
Recommended