Token.io Services Architecture

Services are units of software that perform a function. They are used to break complex problems into a series of simpler problems. Services are also designed to be separately deployable, allowing Token.io to build highly scalable and resilient systems.

A high tolerance to various stresses and failures under real word conditions is called resilience. Token.io's services architecture builds systems that continue to function when things fail by making them autonomous, thereby eliminating single points of failure (SPOF). These services are then deployed to Token.io's cloud infrastructure and scaled up or down on demand. Hence, when one service instance fails, the detects this and automatically finds or creates another instance of the service that is working. This is called failover.

A high-level structural view of Token.io's services architecture looks like this (click to enlarge):

Depending on the Token.io-connected bank, Token.io's Bank SDK is implemented either directly, interfacing with the bank's Open Banking API, or through Token.io, utilizing Token.io's Bank Integration SDK. The Bank Integration SDK communicates with the Token.io Platform (also called the Token.io Cloud) through Bank Adapter middleware and an Integration Service, which transform (translate) and segregate requests and responses to and from the Token.io Cloud into data objects understandable by the disparate systems — the bank's Core Banking System on one side and Token.io's Open Banking Service on the other. Token.io's Core Service similarly coordinates the request-reply information flow to and from registered and verified TPP members, managing the token creation-redemption-cancellation/expiration lifecycle. Token.io's Member, Consent, and Directory services handle TPP member enrollment and service access (AIS/PIS), authentication (SCA), and licensing and certification (eIDAS) verification, respectively. Securely relaying open banking requests by TPPs and the corresponding responses from the bank is achieved through a Gateway hosting Token.io's gRPC interface and a REST API for direct TPP communications. Indirect TPP application integration is supported by the TPP SDK, which is available in multiple programming languages (Java, Javascript, and C#) and which interfaces with the gRPC protocol buffers. System Administration and Monitoring of SaaS operations complete the architecture with secure management visibility and control services.

The foregoing, all working together, enable easy integration with your existing IT infrastructure, delivering bank connectivity to TPPs via a single connection. Moreover, just as bank integration can be accomplished directly or through Token.io, TPP integration can be direct-to-bank or through Token.io, as well. TPPs choosing the latter course (through Token.io) can use their own licence or Token.io's licence. Ultimately, this distinguishes TPPs into three types:

  • TPPs connecting to Token.io's network of banks using Token.io's licence
  • TPPs connecting to Token.io's network of banks using their own licence
  • TPPs connecting directly to a specific bank using their own licence

An additional level of classification involves resellers. See TPPs versus Resellers for additional information.