The idea of banks using APIs to 'open' their systems to third party developers is really popular now. That's fine when it comes to informational apps like Google maps. But with transaction data like card and other payments the security issue mean open APIs are not practical. PSPs have used hosted payments pages to circumvent this problem - OK but very limited control for the page developer often means poor UX. Tokenisation also helps but is quite limited and not suitable for interactions between user and app. This presentation explains a new approach by Ixaris which could revolutionize third-party development of transactional payments applications without compromising security.