Driving outcomes and getting value from production when security is paramount

SECTOR  Financial Services

Modulr and Tyk

Innovative financial services platform Modulr is using the full Tyk API Management platform to securely and seamlessly form a layer in front of the Modulr API, safely routing all API calls through the Gateway. As part of this process, Tyk is also responsible for managing the security controls applied to each incoming request, ensuring Modulr platform stays secure.

Who is Modulr?

Modulr is the tech behind the tech for some of the UK’s biggest enterprises, providing the digital payments plumbing demanded by the digital world.

Modulr is the embedded payments platform built for businesses that need a faster, easier and more reliable way to move money. Businesses can automate payment flows, embed payments into their platforms and build entirely new payment products and services themselves. All managed in real-time, 24/7 from one API.

Who is Modulr

Why did Modulr need an API gateway?

Modulr built its FinTech platform in an incremental way, adding features and functionality as needed from the ground up. As the company rapidly scaled and added more customers, Modulr found it had outgrown its initial, home-grown security framework. It was time to bring in an API Gateway to form part of its technology stack, with the initial purpose of sitting in front of the internal API’s and handling both security and routing controls.

“Our core purpose is to solve our customers’ payments problems. It makes sense to work with a partner, someone who could help us with the routing and the security management,” says Ritesh Tendulkar, Chief Innovation Officer at Modulr.

As Modulr’s platform was built following a microservices pattern, each service which it provides exposes a set of API’s, which in turn are consumed by clients to make use of. Modulr was clear from the outset that it didn’t want to expose the internal structure of its API to customers, as doing so would limit the company’s ability to swiftly and easily roll out future improvements. The FinTech needed a component to limit, route and expose a streamlined version of the Modulr API, whilst also hiding the internal details of how its API was structured, to support ongoing development plans.

Why Tyk?

Modulr looked at several options and found that Tyk ticked all the boxes. One key benefit of Tyk was that it had several architectural deployment options, and provided a platform which was easy to extend. The variety of deployment options meant that Modulr had a choice of a service hosted by Tyk or a fully self-managed deployment.

The final decision was to proceed with a Hybrid model. This solution meant that Modulr had the ability to begin building out its API infrastructure within a fully hosted Tyk platform, before making use of the Hybrid model to host the Tyk Gateway component locally, allowing for better control of its data and enhanced control over deployment locations.

The Hybrid model was the ideal solution in terms of flexibility, whilst still providing a fully featured API Management platform. Modulr was able to balance management overheads to suit its own internal functional and resiliency requirements. Modulr took control of the Gateway, handling the component which processed all of its API requests internally. Tyk meanwhile handled the key creation and management component through the admin portal.

“The competencies that mattered to us, we hosted, and the admin was obviously hosted by Tyk. That was really good,” says Ritesh.

Another benefit of Tyk was that, although it was easily extensible, Modulr didn’t need to create and deploy a range of plugins in order to deliver what it needed. Some of Tyk’s competitors would have required plugin management as part of their solutions. With Tyk, everything was just included in one easy-to-implement package. Everything was included out-of-the-box.

How is Tyk working with Modulr?

Tyk sits in front of Modulr’s API, meaning that every time a client talks to Modulr’s API, it is talking to Tyk.

“Essentially all clients which we serve are behind the scenes using Tyk. All the calls that are going through our API are going through Tyk and in that sense are exposed to it. And that’s whether they hit us directly on the API level or they are using our customer portal website,” explains Modulr’s Ritesh Tendulkar. “We are very much an API-first company. And Tyk has helped us build our platform that way to serve our customers,” continues Ritesh Tendulkar.

Modulr is using Tyk for the routing of its API’s, allowing its clients to connect to the Modulr API, without exposing its own services. Each unauthenticated API call goes through Tyk and Modulr’s backend service checks its authentication and generates an HMAC Token using Tyk’s API. Tyk also handles key management and key validation in real time, adding no latency at all.

Modulr also uses Tyk’s out-of-the-box controls for rate limiting and quota management via security policies. This functionality allows Modulr to relinquish the need to set specific clients on a per sign-up basis, with the security policies configured within Tyk taking responsibility. This makes it easy for Modulr to keep on rolling out new clients, new keys etc.

From an operational standpoint, Tyk also helps Modulr separate all of its traffic for production, sandbox and non-production environments enabling it to manage who has access to what, which is critical given the nature of Modulr’s business.

As well as separating traffic between environments, Tyk also separates it between customers and supplier endpoints. With Tyk, it can use different methods of security and routing for each, giving Modulr complete control on a per user group basis.

“It is primarily used in engineering, but other teams are aware of Tyk as a supplier, which is important to us. If you look at the service provided by Modulr that spans right from the clients on the front to our capacities on the back then Tyk is obviously an important component of that ecosystem,” continues Ritesh.

How is Modulr benefiting from using Tyk?

Tyk has delivered a range of benefits for Modulr. The slick, easy-to-manage API Gateway delivers both functionality and security. At the same time, the lightweight nature of Tyk means that the overheads it adds to Modulr’s API requests are negligible. This is a major benefit, given that Modulr processes payments and has SLAs in place with clients that commit to how quickly it acts.

“We had to choose something that did not add overheads to our API requests as we process payments. We have SLAs with our clients about how quickly we do things and we did not want to add components that took up more and more of that time. It has been fantastic in terms of not adding much overhead. If you consider the functionality that Tyk provides, the amount of overhead it adds on top of API calls is negligible,” says Ritesh.

Having Tyk in place has also enabled Modulr to transition to the Cloud painlessly. With Tyk as a constant, the company was able to easily transition to its services being in AWS because it could use Tyk for that routing. The front end remained the same, but the routing at the backend pointed to the services in its AWS Cloud rather than on a Private Cloud.

When Modulr signed with Tyk it was hosting everything in a Private Cloud. Now it has moved to AWS and “Tyk has been with us through that transition, which has been seamless,” says Ritesh Tendulkar. “We have been able to do what we do because Tyk has been brilliant in terms of support. We have always had the support we need. Any time we needed support you’ve always been there.”

As may be expected, integration capability is a key consideration for Modulr, so an important part of its workflow is centred around the rich functionality provided by the Tyk Dashboard API. “That makes it very easy for us to integrate it into our system, it is an excellent component for us. The API that you provide, connected to our platform, let’s us push it forward as an integrated component. That’s the best thing about Tyk,” adds Modulr’s Ritesh.

What’s next for Modulr and Tyk?

Tyk’s API’s have replaced a range of processes at Modulr such as key issuing. They have also enabled Modulr to use OAuth-based authentication for Open Banking flows.

Modulr’s use of Tyk has evolved over the years, with the company gradually using more and more features.

“Tyk provides some of the nice features that we have now used,” says Ritesh Tendulkar. “Our use of Tyk has evolved over time and we use more of the features that are available.”

In terms of future features, Modulr is keeping a close eye on all things GraphQL-related with a view to evolving its API’s. Being able to make its REST API’s behave in GraphQL is firmly on Modulr’s radar.

“Tyk provides some of the nice features that we have now used,” says Ritesh Tendulkar. “Our use of Tyk has evolved over time and we use more of the features that are available.”

“I look with interest in some of the new features you have launched, the GraphQL etc., and we have talked about it internally and haven’t got down to using it yet but it looks an interesting feature set, especially as we look at evolving our APIs. It seems like a huge, interesting thing for us.” says Ritesh Tendulkar. “What we always want to make sure, and this is how Modulr works, we want to use technologies that make sense for us. We are not using technologies for technology’s sake. GraphQL is a great idea and we are looking at how we can use it. How can our customers benefit from that? Features that we could provide. Whether we could do them by using something like Tyk giving us that GraphQL interface. That helps us get stuff out to market that much quicker,” comments Ritesh.

If Tyk was a car, what would it be?

“A Volvo, safe, secure, reliable. The lights are always on. You can always trust it. You can get in it. You know it is going to work. You know it is going to get you from A to B. And a Volvo Estate as it carries a lot. It has a lot of capacity,” concludes Ritesh.

Download this case study as a PDF