This section provides recommendations to design your connector architecture efficiently, helping to avoid regulatory delays and additional costs. The following architecture proposal ensures smooth integration and compliance.
General Integration Guidelines
Coding Standards and Compliance
- At Toqio, we adhere to Clean Code and Domain-Driven Design (DDD) principles.
- Our Continuous Integration/Continuous Deployment (CI/CD) pipeline includes Sonar for code analysis.
- We maintain a minimum test coverage of 80% for all services.
- All dependencies are reviewed, and any identified security alerts or vulnerabilities must be resolved before merging to the main branch.
- We strongly recommend a similar approach, especially when handling sensitive data.
- Regular compliance checks with the EU Digital Operational Resilience Act (DORA) will be conducted to ensure ongoing compliance.
Deployment Strategy
- Implement mechanisms allowing code deployment to production without service interruption.
- In case of planned downtime, provide at least 15 days notice to Toqio and joint customers for appropriate planning and communication.
Integration Recommendations by Service Type
Accounts and Payments
- Recommended to split services for independent deployment and simplified lifecycle management.
Cards
- Mandatory PCI-DSS compliance for integrating card services.
- Toqio requires connected providers to also maintain PCI compliance.
- During the PCI audit process, the compliance level required varies based on how card PAN data is handled.
- Isolating card-handling code in a dedicated service simplifies compliance and audit processes.
Compliance
- Recommended to separate compliance services from accounts and payments integration.
- Particularly advisable if the banking provider also serves as the compliance provider or if a dedicated compliance provider is integrated.
Following these guidelines will help ensure a secure, compliant, and efficient integration with Toqio.