ING Developer Portal

ING's Developer Portal performs API management, authorization and access control for both internal and external systems. It’s their main driver to comply with the European PSD2 directive, as it allows third parties to onboard and start using ING’s APIs within seconds through the use of an eIDAS certificate.

Part 1 - Central Registry

Role

Developer

Problem Statement

Within ING, a lot of internal APIs are available for various purposes. However, there was no central registry where developers could find an overview of all these APIs. As a result, multiple development teams built systems that serve the same purpose. Authentication and authorization mechanisms were not standardized either, leaving these choices up to the individual developers.

The client wanted a central registry in which all internal APIs are visible to all developers within the company. Besides providing an API overview, it should also be very clear to developers when a new version is released and what the impact of this new version is. Moreover, both API producers and consumers must be able to quickly see which systems are consuming which API endpoints, thereby showing all active integrations.

Responsibilities

I was responsible for building and maintaining ING's own Developer Portal, which also serves as a platform to manage integrations, authentication and authorization. The system issues certificates to support mutual TLS connections between microservices, whereby owners of the providing API have full control over which exact endpoints are made available for the consuming service.

Part 2 - Third Party Providers and PSD2 Compliance

Role

Lead Developer

Problem Statement

European banks need to comply with the PSD2 directive, which states that Payment Services Providers need to allow Third Parties to access their payment data. In order to make this possible, APIs exposing payment and transaction information need to be versioned, well-documented and easy to consume without manual actions. Typically, these third parties call an endpoint within ING with nothing more than an eIDAS certificate.

Responsibilities

  • Build a microservice that translates eIDAS certificates to permissions on API endpoints
  • Support external parties with eIDAS / OAuth 2.0 integration
  • Support documenting the eIDAS / OAuth 2.0 flow
  • Lead and coach a team of 5 developers
  • Assure the quality of delivered artifacts
An image displaying ING's Developer Portal
An image displaying ING's Developer Portal
An image displaying ING's Developer Portal
An image displaying ING's Developer Portal
An image displaying ING's Developer Portal
An image displaying ING's Developer Portal
An image displaying ING's Developer Portal
An image displaying ING's Developer Portal