
Amex for Developers - titomc
https://developer.americanexpress.com/home
======
WhitneyLand
Wow, talk about too little too late. This kind of late to the party strategy
is why startups will always be needed to lead innovation.

The irony is the highest ranking person at AmEx who really understands this is
probably a pretty smart guy who had to fight and lobby for years to rally
enough support to make this happen.

edit: Its worse than I thought. A quick search shows they brought in high
level talent from Google, Amazon, etc. I'm willing to bet these guys pitched
some cool ideas before leaving frustrated after their short tenures.

~~~
Zelphyr
I've heard how Amex can be from a friend who has them as a client. They refuse
to let her host their instance of her product on AWS because Amex's security
team supposedly hasn't vetted AWS yet. This despite the kinds of customers
Amazon already hosts on AWS (the CIA comes to mind). Not to mention that she
has several other very large banks as clients that don't have a problem at all
being hosted on AWS. Or that exactly zero of the data she deals with is in any
way related to sensitive customer data because the product is used by Amex's
marketing department.

As an Amex customer I'm glad to know they have strict requirements but the
fact is, they're shunning a massive cloud infrastructure service like AWS over
a piddly little local co-locted hosting company.

~~~
spotman
This is the story of many "enterprise" companies sadly. Some I work for, and
while they are slowly changing, I would not say their own data centers (yes,
read: data centers) are "little co-located hosting" companies. Usually they
are entire departments, with entire budgets and multiple facilities, with many
peoples jobs within that.

So while for the developer, moving things to AWS is a no-brainer, a time-
saver, and a money-saver to the company, the amount of politics, and change,
is so large these behemoths of companies are the last to consider it.

Security is a valid piece, but also a political move to keep the money from
changing hands too rapidly.

~~~
btbuilder
Also not necessary a no-brainer on cost:

[http://www.prweb.com/releases/2016/10/prweb13764156.htm](http://www.prweb.com/releases/2016/10/prweb13764156.htm)

"But where labor efficiency is greater than [400 VMs per engineer], OpenStack
becomes more financially attractive. In fact, past this tipping point, all
private cloud options are cheaper than both public cloud and managed private
cloud options."

This study does ignore the services supplied on top of basic compute, however.

~~~
vosper
Disregarding cost (haha) is OpenStack actually attractive to use? I was under
the impression it was a bit of a bear to deploy and operate (my previous
employer gave up, though I strongly suspect the project was never resourced
properly in the first place).

~~~
mugsie
Depends on what you mean by "attractive"...

Are any cloud providers UIs good? OpenStack provides decent APIs, and a usable
UI. and I much prefer the CLIs OpenStack has to AWSs.

------
moduspwnens14
Imagine this potential future with me.

At first, it's just Amex. Then, to remain competitive, other major card
vendors do something similar. Most of us (developers) still use something like
Stripe for simplicity, but libraries start popping up that abstract away the
vendor-specific APIs and make it easy to use them.

Long term, though, as more and more payments are handled electronically and
online, this opens the door for a more competitive credit card market. Now, to
compete with Visa or Mastercard, all I need is to get my API into those
popular libraries and merchants can accept my card just as easily as theirs--
except I charge a lower rate.

You'll start seeing cards that are virtual only--allowing them to cut fees
below what companies handling physical cards can do. With the payment process
being decentralized, now even requiring a card number is unnecessary. Users
specify the ways they'd like to pay for things in their payment client
(browser? phone?) and this is negotiated behind the scenes with the payment
types the merchant will accept.

Users and merchants can directly decide between more traditional payment means
(centralized / fiat currency) and upcoming ones (decentralized /
cryptocurrency). The limiting factor is no longer what the PoS (point of
service) machine will accept, but what the popular payment processing
libraries support (and the merchant has configured them to allow).

I don't expect we'll see Visa or Mastercard do this, but this could be a key
first step toward a more competitive payment processing market (which has had
the same entrenched players for decades).

~~~
joe-stanton
Visa/Mastercard may well be forced to try something like this in order to
survive. Banks are opening up their own API's for P2P payments (at least
within the EU due to legislation). This could completely negate the need for
intermediate "payment networks" (except the following).

However - I don't think you'll see a proliferation of new payment methods. The
biggest problem here would be fraud mitigation, so it'd need to be a payment
provider the merchant deems trustworthy enough.

Interesting times ahead. Amex are just doing the bare minimum to keep up here.

------
nodesocket
I'll play devils advocate. If your Netflix and this direct Amex integration
saves you 1/2 percent per transaction that makes a <strike>huge</strike>
difference to your bottom line.

Netflix current subscribers 83 million and average revenue per subscriber per
month is $10.32.

    
    
        $83M * $10.32 = $857M total revenue per month.
        Assume 10% of transactions are Amex. $857M * .10 = $86M per month.
        Finally 1/2 percent of $86M is a savings $430,000 per month.

~~~
nodesocket
UPDATE: I originally thought it was a savings of $430,000 a year, but it is
actually a savings of $430,000 a month.

ORIGINAL: I think I just talked myself out of my own argument. That $430,000
savings is basically the cost of one Netflix engineer. The technical debt to
maintain separate Amex billing easily would exceed $430,000 a year.

~~~
mgkimsal
why does the "cost of an engineer" continue to keep going massively up
whenever these comparisons are made?

$430k? are netflix engineers that special?

glassdoor shows _sr_ engineers around $200k - i can't tell if they're
including stock/bonus in that or not. Range start in $120k range. Yes, taxes,
yes benefits, but... $430k?

~~~
ryan-c
Salary + health care + payroll taxes + equipment + space + other overhead,
etc.

~~~
muninn_
As a general rule of thumb a full time employee costs a company twice their
salary.

~~~
ryan-c
I've heard that as well, but didn't want to dig up a citation.

------
OliverJones
Hmm. For the typical card-not-present (online) use case, stripe.com and paypal
do a pretty darn good job of processing AMEX payment cards, as well as the
others.

Tokenization is vital in this age of cybermiscreants. Ya don't want customer
payment card data in your dbms.

The stripe.com API offers tokenization, and it offers the ability to send and
validate data like zip/postcode, cvv and street address to cut fraud. They
have an api for chargeback disputes, too. (The business I serve doesn't use
it, instead we use the forms on their web site. We have dozens of disputes per
decade, not worth programming.)

Squareup.com (Square) does a good job with card-present transactions.

And these service providers offer predictable processing fees.

I wonder what's special about the AMEX APIs? Maybe somebody from AMEX can
explain? Some of us are always looking for better ways to serve customers and
handle payments efficiently.

~~~
contingencies
_offers tokenization_

s/tokenization/lockin/ # devil's advocate

~~~
wpietri
Not sure why this is downvoted, but it's a fair point. I know of a small
business with a lot of subscriptions and this became a big issue for them when
provider quality declined.

------
niftich
It's tempting to think this ship has already sailed and they're late to the
party, but I'm actually more concerned.

Recently, we saw MasterCard announcing APIs; ultimately the card issuers are
the real gatekeepers of their own data and their own integrations, and as more
of them move to gain the control back that they ceded with their lack of
public developer engagement, the role of payment processors becomes less
clear.

Sure, for the near future, a payment processor can continue to abstract away
from the actual card issuer; but as richer APIs surface, those may siphon away
marketshare from payment processors.

~~~
master5o1
Developers are still more likely to implement the one API that provides n
payment methods than implement n APIs to get n payment methods.

That is, a payment processor like Stripe that provides AMEX, MC, Bitcoin or
what ever is often more valuable than by being able to reduce complexity in
the integration of services.

~~~
rubyfan
Right, it's not a choice of picking MasterCard's one API vs. Stripe (as an
example)

It's Stripe vs. implementing 10ish card or payment APIs. The choice is easy
and will continue to be for most consumer facing scenarios.

------
20years
Less than 10% of our customers pay with Amex. Can someone shed some light on
why a developer would implement this for Amex payments vs just using Stripe,
Auth.net or another payment gateway that supports Amex?

I am trying to understand the value here and how this will benefit the
developer and/or consumer.

~~~
matt4077
It's probably cheaper. If it saves you 1/2% it may be worth it if you're doing
>$1mil.

(Note that I have no idea how much cheaper it is because they don't seem to
have prices anywhere. Which makes me irrationally angry and looking forward to
their all-but-inevitable demise over the next decade).

~~~
cstejerean
I would bet it's more expensive than Stripe. AmEX is known for being much more
expensive than Visa and MC, and I wouldn't be surprised if Stripe loses money
on every AmEx transaction (but makes it up on other cards).

~~~
SyneRyder
Stripe used to charge a higher fee for AmEx cards, until August of this year.
(Or at least, they did in Australia.)

------
vitobeto
On the landing page you may see a computer screen with PHP code, but they just
offer JAVA and .NET SDK right now, fun fact!

~~~
Shanea93
To be honest, that code is pretty bad anyway. "If an arbitrary attribute table
doesn't exist, ignore this row and process the next one", no exceptions
thrown, no attempt to rectify the situation, no logging, no state change, just
ignore it. I can't really think of a situation where you both don't care and
don't want to know if your transaction completes.

That aside, this actually looks like it might even contain a SQL injection
vulnerability. I'm no Drupal 7 expert (which this code seems to be) but having
looked in to the code being ran here, db_table_exists seems to call down to
`$this->connection->queryRange("SELECT 1 FROM {" . $table . "}", 0, 1);` in
`DatabaseSchema_mysql::tableExists`, which contains an unescaped PDO query. I
feel like anyone running this code is going to have a very bad day and it
makes me untrusting of the rest of the work they're putting out.

~~~
bpicolo
I LOVE going around to websites and seeing their stock images for code. It's
usually insanely unrelated, e.g. hadoop vendors with some random HTML/CSS
pictures.

------
locusm
AMEX in Australia: Maybe 1 in 10 merchants even accept it, for that 1 you pay
a much higher surcharge.

~~~
ajdlinux
IDK, I've used Amex in Australia for >50% of my credit card spend. All major
supermarkets, department stores, most petrol stations and fast food chains
accept it. I assume outside of those categories it really depends where you
are though - the cafe across the road from my office accepts Amex with no
surcharge and no minimum, but I'm in CBR in the heart of public service
territory, so...

~~~
locusm
I goto the supermarket once a week so yeah, thats the only time I use it. I've
given up asking otherwise.

~~~
lostsock
Most merchants that also accept AMEX have a little sticker in their window.
There are actually a lot more businesses that allow you to use an AMEX without
a surcharge than there used to be:
[https://maps.americanexpress.com/aushopsmall#/](https://maps.americanexpress.com/aushopsmall#/)

~~~
SyneRyder
If you get time to watch the cycle of logos on the Paypass terminal while
you're waiting, it will usually display whether it accepts Amex or not (and
also logos now for Apple Pay & Android Pay too).

------
kkirsche
It's interesting for sure, but as a consumer rather than a business, is there
a use case for this?

~~~
elliottcarlson
Checking out on Delta via my Delta AmEx allows me to simply login to my AmEx
account (saved via a password manager) and checkout without entering my actual
card info. The convenience factor there is definitely nice.

------
emodendroket
Gotta try and make those lost Costco bucks somehow.

------
reubano
API Standard Practices

Generally, our public APIs follow a standard set of best practices:

\- All APIs follow REST principles.

\- JSON is the standard payload. Some APIs may include additional formats such
as XML and in such cases media type headers are used to specify your
preference.

\- Due to the sensitive nature of most data that is exchanged with American
Express, you will commonly find HTTP POST methods used where you may expect to
find either GET or DELETE methods used. The primary purpose is to prevent
sensitive search criteria from being used in the Query string, moving it
instead to the Body.

\----------------

So they claim to be RESTful yet not support GET or DELETE calls. Do they even
realize what they are saying?

------
VT_Drew
This seems neat but not what I was expecting. I am writing a small django app
to track my finances. This is just an app I am writing for myself to use
personally. I would love to be able to get transactions directly from a credit
card, I know it is possible there are other services (like mint.com) that can
do it. Can anyone point me the right direction? If could get my Amex
transactions as json or xml that would be great. As a personal project I
wouldn't be willing to spend much money to get access to an API like what I am
describing (if fees are associated with it).

------
rubyfan
"Data Intelligence" is an ATM locator. This is not my idea of Data
Intelligence.

Perhaps a better heading is called for there.

------
OJFord

        > passionate American Express developers who are adding new code regularly.
    

"adding new code"

------
programminggeek
This is interesting, but if you need card present payments and EMV, something
like CardFlight's SDK
[https://cardflight.com/sdk/](https://cardflight.com/sdk/) is going to be a
better fit.

Disclaimer: My friend works there and has told me all about it.

------
brianbreslin
So can someone explain to me why one would use amex over stripe or braintree?
Or why would one use mastercard's API or Visa's? They all have similar APIs
right?

~~~
jly
The biggest reason would be price. I don't know the amex payment pricing or
how it differs from stripe/braintree, but cutting out the middle man has got
to be cheaper.

I run a small business using stripe and cc processing fees are a big hit. The
service and support is amazing and it's so easy to use, but it's not cheap.
They charge the same for every card type when the card providers charge in-
person merchants much different (and lower) rates.

~~~
throwanem
Are you doing card-not-present? That's going to be a fee hit over card-present
regardless of processor.

If you're doing card-present, look into traditional acquirers and also chip-
and-PIN. You'll pay considerably more up front, but less over time due to the
fee difference, and you'll also no longer need to sweat being on the wrong end
of the EMV liability shift.

------
arenaninja
Slightly off-topic, but what a strong week for PHP -- the code in the Mac
image is PHP code

------
princetontiger
This is hilarious. 20 years late? Nothing to see here, move along.

WhitneyLand is correct.

