MWC26 | Open Gateway Summit | Accelerating Network API Adoption | Session 1
How the network API ecosystem shifted from hype to distribution and what operators must do next.
MWC Barcelona 2026 opened with a clear message from the GSMA Open Gateway Summit: the era of pilots and proof-of-concepts is over. Network APIs are generating real revenue, in real markets, for real enterprises. The question is no longer whether this works, it is how fast the industry can scale.
The first session, Understanding the Expanding Network API Ecosystem, chaired by Justin Paul (Marketing Director, Open Gateway, GSMA), brought together operators, aggregators, and platform players to examine how far the ecosystem has come, and what needs to happen next.
From Pilots to Pay Checks
Keynote speaker Dr. Nicolai Schättgen (Match-Maker Ventures) set the tone with a sharp framing: the industry has passed through the standardisation phase. CAMARA APIs are in place. The commercial momentum is building. But the KPI that now matters most is not time-to-first-API, it is time-to-distribution.
“The value lies beneath the connectivity iceberg: identity, trust, context. Those who capture it will differentiate; those who don’t will be squeezed.”
Nicolai Schättgen, Matchmaker Ventures
Business cases are increasingly tangible. Markets like Brazil and the US are already processing millions of API transactions each month. The message to operators was direct: the window for capturing value is open, but it will not stay open indefinitely.
OTP is Under Pressure and the Industry Knows It
The fireside chat, moderated by Markus Kümmerle of CAMARA, featuring Atty Adel Tamano, DITO Telecomunity, Orisa Cherenfant, Twilio, and Eddie DeCurtis, Shush, brought a striking data point into the room: Twilio is processing 30.8 million API transactions per day, and the shift away from OTP-based authentication is well underway.
DITO, operating in the Philippines with 17 million subscribers, highlighted the direct link between high mobile fraud rates and the need for better network-native authentication. Shush’s ‘business in a box’ model, handling contracting, technical integration, and commercial setup, is removing friction for enterprises that want the benefits of network APIs without the integration overhead.
The message from this session was clear: SMS OTP is not a long-term solution. Fraud via SIM-swap and SMS interception is rising, regulators are paying attention, and risk-based orchestration that combines network signals with biometrics is the architecture that is winning.
Consent is Not a Legal Checkbox
One of the most technically substantive presentations came from Dr. Chathurangi Wickramasinghe, Deutsche Telekom (DT) and Terry Guo, LotusFlare, who laid out what operationalising consent actually looks like at commercial scale.
For high-value APIs, location, KYC, identity, consent is not a one-time approval. It is a multi-party workflow with three non-negotiable pillars:
- Capture and record consent with full context: scope, duration, and purpose
- Real-time verification against consent records whenever an API call is made
- Immediate revocation capability and a full audit trail
DT’s analogy was striking; consent infrastructure is to network API monetisation what SSL and PCI compliance were to e-commerce. Once standardised and deployed at scale, it unlocks the entire ecosystem. Without it, sensitive APIs cannot be commercialised with confidence.
“Every API call must be traceable back to a consent record; this is the foundation for both regulatory compliance and commercial confidence.”
Dr. Chathurangi Wickramasinghe, Deutsche Telekom
AI Agents Are Already Knocking
One theme that ran through the entire session, and would intensify in Session 2, was the arrival of agentic AI as a new class of API consumer. Schättgen introduced MCP (Model Context Protocol) as a technical shift that transforms network APIs from developer integration projects into zero-friction tool access for AI agents.
The implication is significant: operators who have been building for human developers need to begin preparing for machine-to-machine consumption at speed and scale. The agentic AI wave is not on the horizon. It is arriving now.
LotusFlare
Deutsche Telekom
Match-Maker Ventures
Key Takeaways from Session 1
- Distribution is the new frontier, the ecosystem has proven it works; the challenge now is reaching global scale
- Consent infrastructure is a commercial prerequisite, not a legal formality, treat it like core product capability
- OTP is declining, risk-based orchestration combining network signals and biometrics is the winning model
- Aggregators play an essential role, operators cannot build bespoke integrations market by market
- Prepare for AI agents, MCP is making network APIs discoverable and consumable without human-in-the-loop integration
Session 2 explored what the shift to agentic AI means for network API design, identity, and trust frameworks. Read the Session 2 Blog
GSMA Open Gateway Summit · MWC Barcelona 2026
Three sessions. One direction of travel: from capability to commercial outcomes