The API behind digital access to the Capital One Lounges
How we designed tech that provides contactless entry into Capital One Lounges and offers endless use cases across teams.
November 6, 2023 8 min read
Providing contactless entry and a platform for innovation
Technology is integral to everything we do, including how customers redeem rewards and benefits. Capital One Rewards is powered by cutting-edge tech built in-house, and we use it to create new experiences for our millions of customers.
One of these experiences is entry to our new Capital One Lounges. Eligible cardholders can create a digital pass on their phone and access Lounges without needing to show their physical credit card. They can simply show the agent a QR code that’s stored in their Android or iOS wallet and walk in. The friction that comes with digging into pockets or bags to pull out a card is gone, and we replaced it with extra time to enjoy the Lounge.
How tech transforms access to Capital One Lounges
What looks like an easy customer experience is actually multiple APIs built in-house to verify customers’ info and create digital passes on iOS and Android devices. We know travelers often use digital boarding passes on their phones, so we built this digital pass system to help customers gain contactless entry to Lounges. Importantly, using the digital wallet service means no need to pull out a credit card to gain access to the Lounge. This was our team’s original vision, but it evolved to embrace Capital One’s ethos to build impactful tech in a reusable way. When we started building Digital Wallet Service, we recognized the potential for other teams to use this functionality in the future. So, we decided to create the tech in a way that makes it reusable by dev teams across the organization.
We asked ourselves, 'How are we going to build this once for Lounges and support any use case for a pass?'
This is always our goal; we want our products to make the biggest impact and will work as integrated lines of business to build reusable tech that crosses into other lines of business. Put simply, the tech we build for one line of business means putting more tech into the hands of developers in every line of business. And of course, that level of cooperation goes both ways.
Designing this kind of flexible, extensible architecture is one of the hallmarks of our approach to tech at Capital One.
How we designed the architecture
To serve our specific purpose for Lounges and to scale it across the enterprise, we created two APIs: Digital Wallet Service and Lounge Digital Pass.
Digital Wallet Service is a REST API that controls digital passes on Android and iOS devices. Lounge Digital Pass is a Lounge-specific API that redeems the digital passes and manages customers’ visits to our Lounges. These are Node applications built from the ground up. In Capital One fashion, by creating lightweight Lambdas in a familiar tech language that was readable and maintainable, we made it easier for any new engineers joining the workflow to contribute.
In architecting the APIs, we adopted a multi-tenancy structure, in which a single instance of the application serves multiple clients, and designed the interactions between the individual components to be as segmented as possible so that each application could stand on its own. What this means is that Lounge Digital Pass can only interact with digital passes created for Lounge, and Digital Wallet Service is limited to creating and maintaining digital passes and calling third-party APIs managed by Google and Apple.
Components of our multi-tenancy structure
Supporting a multi-tenancy structure meant designing an architecture with other developers in mind. The DevExchange has out-of-the-box functionality that can handle access restrictions, preventing users from deleting or altering another team’s data. Data is locked in the exchange client that the team uses, and teams are responsible for maintaining their own certificates for Apple and Google. There are also shared lock boxes that teams access containing the certificates, and they can rotate them as needed. And to make it easy for new teams to use, Digital Wallet Service has endpoints to help with onboarding and creating pass templates. There’s also documentation to provide guidance and answer questions.
This approach to building multiple APIs allowed us to solve our Lounge-specific needs while giving other Capital One teams the ability to create and manage digital passes for their specific use cases. By adopting a multi-tenancy structure, Digital Wallet Service is set up to scale and can support different teams with different use cases while making sure that the data that they use is particular to them, and accesses can't be extended outside of their own. Both APIs are seamlessly integrated with the Capital One mobile app, so customers can experience the services using an interface they’re already familiar with—their mobile phone.
Using customer research to inform our decisions
Our decision to use this tech and leverage our third-party strategic partners was a direct response to customer feedback and research. We use a human-centered approach to design at Capital One, which is why before starting development, we uncovered our customers’ needs. For example, we heard that waiting in lines is one of the biggest hassles for customers.
We took these researched customer needs and translated them into tech solutions that are easy to use and meet customers where they’re at during transit. The main drivers of this experience are the use of QR codes and our ability to communicate directly with Google and Apple’s APIs.
How we use QR codes
Using a QR code gives the customer a seamless way to save their digital pass. Here’s the process for how the applications uses QR codes:
- An eligible card holder opens their Capital One mobile app to download their digital wallet pass.
- Lounge Digital Pass creates a design of the digital pass for the customer for their device—including the unique QR code for that customer.
- Digital Wallet API uses the design and creates an actual pass using iOS or Android servers.
- Once the customer uses the QR code, the APIs work together to update the user’s device pass with a new QR code (if applicable) or to expire the pass if the amount of allowed visits has been reached.
Using a QR code means one less thing a customer has to physically handle to get into the Lounge. Using the Digital Wallet API also benefits our multi-tenancy structure and integration with third-party partners, since we’re limiting internal and external data sharing.
Integrating with third-party strategic partners
Using the Digital Wallet API also benefits our multi-tenancy structure and integration with third-party partners. Digital Wallet Service API interacts with Google and Apple’s APIs in the back end, and as a result, customers can save digital passes where they’re easily found—in their Apple Pay™ or Google Wallet™. This functionality is available to other Capital One teams, and they can use it for their own use cases without needing to go through an extensive approval process with Apple and Google. We already took care of it.
There are more interactions happening with partners, and we created Lounge Digital Pass API to make this communication possible. There are API endpoints to redeem passes, retrieve a QR code or create one and search for accounts by QR code. Our partnering Lounge agents use a device application to call the Lounge Digital Pass API, and they interact with it using the different API endpoints to get the information they need to help our customers.
By designing the APIs for specific interactions with third-party APIs, we can deliver unique experiences for our different end-users at scale.
Using the cloud to scale
Operating at such a high level of scale without disrupting the experience due to performance issues could only happen in the cloud. The APIs use serverless AWS Lambda functions that are handled by a managed pipeline. This supports resilience by using cloud services—one of the many benefits of our cloud-first strategy. There are also major performance benefits since AWS Lambda scales as it’s required. iOS users’ passes are stored in Amazon Simple Storage Service (Amazon S3) and delivered through a CloudFront distribution while passes for Android users are saved on Google’s servers.
Choosing AWS as our cloud service provider brought additional functionality that we’re using to refine the customer experience.
Performing bulk updates in the cloud
For example, at launch, Digital Wallet Service could not perform bulk updates on the passes. If we wanted to change the background of passes, for example, it would require us to update each individual pass or create downtime for users. This was a big concern of ours — customers may only have a chance to visit once or twice a year, so it was important to get the experience right and prevent downtime.
So, we created a bulk update system that processes batch updates to passes. The Digital Wallet bulk update system uses Amazon Simple Queue Service (SQS) to process events and route events across regions using cross-region event buses through EventBridge. Events are sent to CloudWatch to check logs and ensure things are getting to the right place.
In addition to leveraging the out-of-the-box functionality of tools, we built in ways to debug and improve resilience. Lambda functions use the managed pipeline so they have automated resilience, S3 buckets have cross-region replication and CloudFront distributions have origin groups. Many resources are built to shift to secondary regions if the primary region fails.
Building tech for the entire enterprise and the impact of company-wide innovation
As an organization, Capital One’s focus on building reusable applications for the whole company is empowering us to build technologies and create experiences that feel frictionless both for our millions of customers and internal dev teams. And since Digital Wallet Service is enabled for the rest of the enterprise, any developer within the organization can easily create digital passes in their own applications. That’s more than 10,000 brilliant engineers that can use Digital Wallet Service to deliver new experiences for millions of customers.
The potential use cases are endless, and the value we’re delivering with the service continues to grow. For example, a tech team developing solutions for our auto lending business has used our API to make loan offers savable to Google and Apple wallets.
We understand how hard it is to make an impact at any organization, from 10 employees to 1 million. Not at Capital One. Integration, reusability, extensibility… these aren’t just industry buzzwords. At Capital One, they’re the real thing. It's part of our ethos overall to build in a reusable way, saving teams across the organization time and energy and standardizing how we build applications.
The APIs we built show the benefits of embracing Capital One’s technology mindset. We don’t work in silos and as a result, we have the ability to create meaningful tech that reaches thousands of developers and millions of customers. We’re excited about what we’ll build next — want to join us?
Lounge access is not guaranteed and is subject to space availability. Terms apply and are subject to change. Learn more about Capital One Lounges.