PAYPAL PLATFORM THE FUTURE OF PAYMENTS ON THE ROAD

API Days SFJune 14, 2014

Jason HarmonHead of API Design

@jharmnjasharmon@paypal.com

PayPal …– 148 million active accounts– 193 markets in 26 currencies

– 2013– Total Payment Volume was $180 billion– $27 billion in mobile payments

– Q1 2014– Total Payment Volume of $52 Billion– At $6688 TPV / second– 834 million payments, 9+ million every day

– $1 in every $6 spent on e-commerce– 25% spent on cross-border trade

THE PAYPAL CONTEXT

In a dynamic environment– 300+ features per quarter– We roll 100,000+ lines of code every two weeks

PAYPAL PLATFORM HAS EVOLVEDTO SUPPORT NEW INTEGRATION NEEDS

PayPal API

PayPal Capabilities

2001 Instant Payment Notification

2004 Transaction, Mass Pay API

2005 Direct Payment API, Express Checkout

2007 Payment APIs (NVP)

2009 Adaptive APIs (SOAP/XML, NV, JSON)

2013 Payment APIs (REST)

PAYMENTS: THE WAY THINGS USED TO BE

PAYMENTS: HOW IT WORKS TODAY

HOW OFTEN DO YOU PAY AND DRIVE?EASILY…

UBER + PAYPAL: EASY

UBER + PAYPAL: EASY

GET IN.RIDE.GET OUT.

UBER + PAYPAL: REST API

UBER + PAYPAL: MOBILE SDK

THE USUAL RULES:DUMB API CLIENTS ARE GOOD API CLIENTS

• REST API should encapsulate business logic• Complicated steps should be made easy• Minimize the need to for client to persist state

• Multiple identifiers are problematic• /widgets/{id}/things/{id}/stuff/{id}

• Hypermedia helps• Encapsulate permissions• Opaque URLs

TO MAKE THINGS EASIERSOMETIMES THE CLIENT HAS TO BE SMARTER

WHEN API CLIENTS NEED SMARTSLOCATION AT THE EDGE

Mobile OS provides some location data

Identifying a specific venue is more difficult

Interacting with that venue is really tricky

Bluetooth LE allows interaction with the venue

WHEN API CLIENTS NEED SMARTSLOCATION AT THE EDGE

WHEN REST APIS AREN’T ENOUGHIDENTITY

• OAuth 2 provides framework

• Passwords are weak at best

• API/OAuth provider can only provide so much…

BIOMETRIC IDENTITY

Samsung S5 First implementation of FIDO Fingerprint scan interacts with

mobile client library FIDO data is passed to Paypal

for authentication REST APIs + additional Oauth

grant type

http://www.embedded.com/design/real-world-applications/4430305/Implementing-Android-based-fingerprint-authentication-for-online-payments

PAYPAL BEACONVOICE RECOGNITION

Plans to integrate voice recognition integrated into the app

THE FUTURE OF PAYMENTS IN THE CAR

TODAY MOST OF THIS IS DOABLE ON A MOBILE DEVICE

TESLA: THE FUTURE OF CARS

TESLA: API-ENABLED CAR

APPS IN THE DRIVER EXPERIENCE

• How could we tie all of this together?• Retail presence: connected sensors• Developers in the dash: installable apps

• Bluetooth: already largely available in cars, developer access needed

• Biometrics: FIDO provides a standard, vehicles would be safer if utilized

MOBILE DEVICES MIGHT BE BEST

Dash-based apps could be a big riskhttp://www.kurzweilai.net/how-an-mp3-can-be-used-to-hack-your-car

Mobile devices won’t give your car a blue screen of death at the drive-thru

jasharmon@paypal.com@jharmn

Thanks!