Feeds

Apigee beefs API service for payment card transactions

PCI for API

Secure remote control for conventional and virtual desktops

Apigee – a Silicon Valley startup offering various tools for managing and using APIs across the interwebs – has announced a new online service for providing financial-transaction APIs that comply with the Payment Card Industry Data Security Standard (PCI-DSS).

Known as Apigee Enterprise Cloud PCI, the service is operated from within PCI-compliant data centers run by webhost Datapipe, the same outfit that hosts Apigee's new API delivery network.

"This is crucial for retail and financial services companies that are rapidly growing their API volumes and need to turn all their interactions into money," says vice president of strategy Sam Ramji, who once oversaw open source at Microsoft.

Since its launch two years ago, Apigee has offered both an online service and a locally-installed software package for managing their APIs. According to Ramji, Apigee handles 40 billion APIs calls a month on its online service and "many billions more" through software installed inside customers' private data centers.

Previously, the company offered PCI-compliance with private installations, but not on its "cloud" service. PCI covers not only how an application talks to a back-end service, but also how the back-end service its implemented. "It looks at what's happening to the data, how it's following, and if it's at rest, where it's resting. And then it looks at who has access to the data and the machines, Ramji says. "It lets you provably demonstrate that the data hasn't been exposed."

Visa and Mastercard laid down the PCI standard roughly a decade ago, according to Ramji, and it's now widely used across the web. "If you want to transact, you need PCI for your API," Ramji tells The Reg. "It's the transactional equivalent of HIPA [the standard for controlling the use of for health records]." ®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
Intel's Raspberry Pi rival Galileo can now run Windows
Behold the Internet of Things. Wintel Things
Linux Foundation says many Linux admins and engineers are certifiable
Floats exam program to help IT employers lock up talent
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.