Today, the GSMA Mobile Money team is very happy to publish a first set of harmonised mobile money APIs. Following a year-long industry engagement, these APIs were jointly designed by key stakeholders—mobile money providers, platform vendors, third party service providers and industry partners—and combine best practices in the technology industry.
The aim of the harmonised Mobile Money APIs is two-fold. First, we want to ensure that best practice from the tech industry in API design, security design, and others is made accessible to the mobile money industry. Second, we want to address the complexity and fragmentation that is apparent in the fast-growing, bottom-up industry that mobile money is. The GSMA is encouraging its members, and mobile money industry partners to raise the bar by using these APIs to ensure rapid partner on-boarding, offer advanced and secure functionality, and reduce the fragmentation that limits and delays regional partners to leverage mobile money.
The APIs have been designed to cater for a core set of mobile money use cases:
- Interoperability between mobile money and banks, or among mobile money providers
- Merchant payments, online and offline, including delegated authentication of transactions
- Bill payments and instant notification of payment
- Basic account management
- International transfers, including request for quotation
- Bulk transactions
- Cash in / Cash out
Mobile money API web portal
The web portal outlines the design principles, objects, behaviours and error handling for the Mobile Money API. The overriding goal is to enable all parties to implement mobile money APIs in a flexible and consistent manner. This has been achieved by the implementing the following principles:
- Use of REST (Representational state transfer) architectural principles
- Providing a set of well-defined objects
- Creation of a standard set of transaction types, removing the need for developers to map for each and every API implementation.
- Use of ISO international standards for enumerators such as currency and country codes
- Use of supplementary metadata and sub-types to enable use case and/or mobile money provider-specific properties to be conveyed where necessary.
Alongside the API definitions to standardize the connection between API clients and the mobile money platforms, the GSMA has also produced complementary security implementation guidelines. These security guidelines ensure that:
- Applicable security measures and best practices are applied to the connection between the API client and the API gateway.
- Applicable security measures and best practices are applied to authenticating an end user to the mobile money platform.
For API developers, the portal also includes a swagger interface with a high-level sandbox environment to test their code against the APIs. This functionality goes beyond a traditional API specification and allows the APIs to show their worth.
Recently, the APIs were tested at a Mobile Money Hackathon in Tanzania. This hackathon provided an opportunity for third parties working in the mobile money space to provide feedback on the harmonised APIs, and to test and build solutions around its use cases.
The GSMA Mobile Money team will now work with mobile money providers, platform vendors and third party service providers to ensure adoption. Please get in touch if you would like more information, or if you would like to get involved with strengthening our industry by using these APIs.