API gateway and developer interface
The API gateway is the surface that engineering teams actually touch. It handles authentication, authorization, rate limiting, webhook delivery, and versioning. Done well, it disappears. Done poorly, it becomes the bottleneck for every product change, no matter how good the layers underneath are.
A few design choices separate mature gateways from improvised ones. Webhook delivery needs retries with exponential backoff and a dead-letter queue, because cardholder apps cannot afford to miss a card.activated event. Versioning has to be explicit, because card issuing platform behavior changes when networks publish mandates and customers cannot be forced to upgrade on the platform's schedule. Rate limits should be predictable and surfaced in headers so client teams can plan around them.
The quality of API design is what determines how quickly product teams ship. Marqeta's open API platform is a clear example because it treats the gateway as the product.
How the layers interact during a transaction
A single authorization in a card issuing platform is the cleanest way to see the stack in motion. Picture a cardholder tapping a Visa debit card at a coffee shop in Berlin at 8:14 AM.
Here is what happens inside the card issuing platform between the tap and the printed receipt:
-
The terminal builds an ISO 8583 0100 authorization request and sends it to the acquirer, which forwards it across VisaNet to the issuer's processor. Visa's Advanced Authorization scores the transaction against more than 500 risk attributes in under a millisecond before handing it to the issuer.
-
The issuing processing platform parses the message and confirms the card status from card lifecycle management after a tokenization lookup resolves the token back to a PAN reference.
-
The ledger receives a hold request for the transaction amount. Because the ledger uses double-entry bookkeeping inside a single atomic database transaction, the debit on the cardholder's available balance and the credit on the pending-authorizations account either both commit or both fail.
-
Risk and fraud rules run in parallel with the ledger hold. Velocity checks and merchant category restrictions are evaluated against the card's recent history, with geographic anomaly signals folded into the same pass.
-
The platform builds an ISO 8583 0110 response and sends it back to Visa, which returns it to the acquirer and the terminal. The cardholder sees "Approved" before they have put their phone back in their pocket.
Every one of those steps shares the same network-imposed time budget. If the ledger takes 40 milliseconds, the risk engine has less room. If the tokenization vault is in a different region, the round trip can blow the budget on its own. That is why senior engineers spend so much time arguing about co-location and connection pooling, with pre-warmed caches handled as part of the same latency plan. The architectural decisions determine whether the transaction ends with approval or a Stand-In Processing decline that counts against the SLA.
Scaling and security trade-offs
Once a program crosses a few million cards, the easy decisions are behind you and the trade-offs get sharper. Latency competes with durability: synchronous replication across regions adds milliseconds that the network will not forgive, while asynchronous replication risks losing the last few seconds of writes during a failover. Multi-region active-active sounds attractive until you try to keep a ledger consistent across two writers, and then most teams retreat to active-passive with a documented RPO.
Build versus buy is the other recurring tension. Building your own issuing processing platform is a multi-year project with scheme certification at the end of it. Buying one and customizing the layers above lets you ship in months but locks you into the vendor's roadmap. The middle path that fintechs like Block and Klarna chose was to buy the processor and program management role from Marqeta and build differentiation in the ledger and risk layers above it, with product logic handled there too.
Compliance shapes what can be changed and where. PCI DSS draws a hard boundary around any system that stores PAN data or transmits it through processing flows, and SOC 2 adds another layer of access controls and audit evidence. Network rules from Visa and Mastercard dictate timing and retry behavior, and they update dispute-handling rules on a fixed release calendar that the platform has to absorb. The framework most teams settle on weighs each trade-off against program stage and volume, with scope reduction treated as a feature.
What to evaluate before you commit
If you are sitting across the table from a vendor or reviewing an internal proposal, the architecture questions below cut through the demo gloss. Ask them in order and the answers will tell you whether the card issuing platform underneath is built for your roadmap or just your first quarter.
-
What is the uptime SLA on the issuing processing platform, and how is it measured? A 99.99% number with no remedies is marketing. A number tied to financial credits and a published measurement methodology is a commitment.
-
How does the ledger guarantee consistency under concurrent writes, and does it use event sourcing or balance overwrites?
-
Where does the tokenization vault sit relative to the issuing processing platform, and how does PCI scope flow through the architecture?
-
How mature is the API surface? Is versioning explicit, and are webhooks reliable? How are breaking changes communicated?
-
How flexible is the sponsor bank relationship? Can the platform support multiple sponsors across multiple geographies and the migration path between them?
-
What does card lifecycle management look like as a state machine, and which transitions are exposed as events your team can react to?
Next Steps
Map each answer against your roadmap. A program issuing 50,000 cards in a single country can tolerate trade-offs that a program issuing five million cards across the EU and the US cannot. Architecture choices that look identical on a slide behave differently at scale, and the gap shows up in incidents and audits while product teams feel it in the speed at which they can ship.
Resilient infrastructure is what separates a card program that grows from one that stalls. EGS provides fintech infrastructure that supports the architectural layers covered above, from issuing connectivity and ledger reliability to tokenization and card lifecycle management at scale. If you are evaluating a card issuing platform or planning a sponsor migration, reach out to the EGS team to size the engineering work behind your next launch and pressure-test your design choices against production realities.