Feeds

Apigee beefs API service for payment card transactions

PCI for API

5 things you didn’t know about cloud backup

Apigee – a Silicon Valley startup offering various tools for managing and using APIs across the interwebs – has announced a new online service for providing financial-transaction APIs that comply with the Payment Card Industry Data Security Standard (PCI-DSS).

Known as Apigee Enterprise Cloud PCI, the service is operated from within PCI-compliant data centers run by webhost Datapipe, the same outfit that hosts Apigee's new API delivery network.

"This is crucial for retail and financial services companies that are rapidly growing their API volumes and need to turn all their interactions into money," says vice president of strategy Sam Ramji, who once oversaw open source at Microsoft.

Since its launch two years ago, Apigee has offered both an online service and a locally-installed software package for managing their APIs. According to Ramji, Apigee handles 40 billion APIs calls a month on its online service and "many billions more" through software installed inside customers' private data centers.

Previously, the company offered PCI-compliance with private installations, but not on its "cloud" service. PCI covers not only how an application talks to a back-end service, but also how the back-end service its implemented. "It looks at what's happening to the data, how it's following, and if it's at rest, where it's resting. And then it looks at who has access to the data and the machines, Ramji says. "It lets you provably demonstrate that the data hasn't been exposed."

Visa and Mastercard laid down the PCI standard roughly a decade ago, according to Ramji, and it's now widely used across the web. "If you want to transact, you need PCI for your API," Ramji tells The Reg. "It's the transactional equivalent of HIPA [the standard for controlling the use of for health records]." ®

Boost IT visibility and business value

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
China hopes home-grown OS will oust Microsoft
Doesn't much like Apple or Google, either
Sin COS to tan Windows? Chinese operating system to debut in autumn – report
Development alliance working on desktop, mobe software
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Why has the web gone to hell? Market chaos and HUMAN NATURE
Tim Berners-Lee isn't happy, but we should be
Eat up Martha! Microsoft slings handwriting recog into OneNote on Android
Freehand input on non-Windows kit for the first time
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?