# Participant Feature Matrix
This document provides a comprehensive matrix of different participant types, their requirements, and recommended connectivity solutions for Mojaloop integration.
# Payment Use-Case DFSPs
| Participant Category | Description | Expected Use-Cases | Infrastructure Requirements for Mojaloop Integration | Expected Production SLA | Likely Relevant Regulation | Special Security Requirements | Solution Options |
|---|---|---|---|---|---|---|---|
| Small self-hosting DFSP | - Small FI with single branch. - Own workstations - Minimal cloud and/or SaaS. | - All moja transfer types except bulk. - Open banking (incl PISP, AISP) | - Single, cheap, low-end dedicated mini-pc (e.g. RPi) - Single small business broadband Internet connection - Self-hosted core banking system e.g. Mifos - Use OS/Software firewall on same HW node as integration layer. | - "Some" downtime acceptable if hardware fails. - Some schemes may rule out DFSPs that cant meet a certain downtime SLA. - May take many days/weeks to purchase replacement hardware on total failure. - Full Mojaloop security feature set: mTLS, JWS, ILP - ~10 TPS peak sustained for 1 hour. - Max capable of 864000 per 24 hours. | - Record keeping? - Security? | - No need to integrate with existing enterprise security platforms. - Need a fully secure solution "in-a-box" following best industry practice for internet facing services i.e. including firewall. | The “Standard Service Manager” is recommended: A minimal functionality Integration Toolkit-based solution (accessible locally by means of a BI tool). This can be hosted in a basic server, ranging from a mid-specification server for a large MFI or a small bank, right down to a Raspberry PI for the smallest DFSPs with less rigorous service continuity requirements and lower transaction volumes. The Standard Service Manager does not support bulk payments. - Docker compose based integration layer. - Minimal, self-contained integration layer. |
| Low Medium self-hosted DFSP | - Small FI with one or two branches. - Own "data centre" i.e. broom cupboard with a few servers, router, firewall etc... - Some cloud knowledge and/or SaaS usage. | - All moja transfer types - Bulk (1000's of transfers). - Open banking (incl PISP, AISP) | - Single enterprise grade server hardware node. - Use OS/Software firewall on same HW node as integration layer OR dedicated HW firewall. | - "Some" downtime acceptable if hardware fails. - Some schemes may rule out DFSPs that cant meet a certain downtime SLA. - May take hours to replace hardware on total failure. - Full Mojaloop security feature set: mTLS, JWS, ILP - ~50 TPS peak sustained for 1 hour. | - Record keeping? - Security? | - May need integration with existing enterprise security platforms e.g. firewalls, gateways etc... ?? needs more clarification | The “Enhanced Service Manager” is recommended: Based on the “Standard Service Manager” described earlier, this extends it by adding a Kafka deployment and support for bulk payments. It can be hosted at minimum in a basic server in the DFSP's own "data centre". - Docker compose or docker swarm based integration layer. - Minimal, self-contained integration layer. |
| High Medium self-hosted DFSP | - Small FI with one or two branches. - Own "data centre" i.e. broom cupboard with a few servers, router, firewall etc... - Some cloud knowledge and/or SaaS usage. | - All moja transfer types - Bulk (1000's of transfers). - Open banking (incl PISP, AISP) | - In order to tolerate failure on 1 hardware node 3 or more hardware nodes are required. (2n+1) | - "Some" limited (minutes) downtime acceptable if hardware fails. - Some schemes may rule out DFSPs that cant meet a certain downtime SLA. - Should have spare hardware waiting or very fast replacement services in case of failures. - Full Mojaloop security feature set: mTLS, JWS, ILP - ~50 TPS peak sustained for 1 hour. | - Record keeping? - Security? | - May need integration with existing enterprise security platforms e.g. firewalls, gateways etc... | The “Enhanced Service Manager” is recommended: Based on the “Standard Service Manager” described earlier, this extends it by adding a Kafka deployment and support for bulk payments. It can be hosted at minimum in a redundant, multiple server configuration in the DFSP's own "data centre". - Kubernetes based integration layer - Possibly have existing integration technology. |
| Large self-hosted DFSP | - Mature, multi-branch FI with high internal IT capability - Has own data centre and experts to manage systems - Comfortable with Cloud and hybrid applications - Has internal software engineering capability. | - All moja transfer types including bulk. - Bulk (1000000's of transfers in a transaction @ 1000 per chunk, sorted per payee DFSP). - Open banking (incl PISP, AISP) | - High availability of internal infrastructure is necessary - Multiple active instances of all critical integration services spread across multiple hardware nodes. - High availability, replicated data storage. - may be multi-site / availability zone / region. | - No downtime acceptable - High-availability of connectivity. - multiple active connections via diverse routes. - Optional persistent storage. - Scheme connection and integration layer SLA should match SLA for existing internal infrastructure. - Up to 800 TPS peak sustained for 1 hour for e.g. FXPs. | - Record keeping? - Security? | - May need integration with existing enterprise security platforms e.g. firewalls, gateways etc... | The “Premium Service Manager” is recommended: A fully functional, Payment Manager-type service, for use by larger DFSPs. Operation of this needs significant resources; it must be hosted either in the DFSP’s existing data centre or in the cloud. - Kubernetes based integration layer - Possibly have existing integration technology. |
# Fintechs which use PISP and/or AISP
| Participant Category | Description | Expected Use-Cases | Infrastructure Requirements for Mojaloop Integration | Expected Production SLA | Likely Relevant Regulation | Special Security Requirements | Solution Options |
|---|---|---|---|---|---|---|---|
| Small self-hosting PISP/AISP | - Small org with single "branch" fintech with one or two products. - Own workstations / servers - Minimal cloud and/or SaaS. | - Relatively small bulk payments e.g. salary payments for SMEs | - Single, cheap, low-end dedicated mini-pc (e.g. RPi) - Single small business broadband Internet connection - Self-hosted core banking system e.g. Mifos - Use OS/Software firewall on same HW node as integration layer. | - "Some" downtime acceptable if hardware fails. - Some schemes may rule out DFSPs that cant meet a certain downtime SLA. - May take many days/weeks to purchase replacement hardware on total failure. - Full Mojaloop security feature set: mTLS, JWS, ILP - Bulk interface SLA? - How should this be defined? Batch size? time to send batch over API? response time for callbacks? - Max batch size approx 10k payments - Sending 10k payments via bulk API should take < 30 seconds. - Responding to callbacks should take < 5 seconds. | - Record keeping? - Security? | - No need to integrate with existing enterprise security platforms. - Need a fully secure solution "in-a-box" following best industry practice for internet facing services i.e. including firewall. | - Docker compose based integration layer. - Minimal, self-contained integration layer. |
| Low Medium self-hosting PISP/AISP | - Small org with one or two branches. - Own "data centre" i.e. broom cupboard with a few servers, router, firewall etc... - Some cloud knowledge and/or SaaS usage. | - Relatively small bulk payments e.g. salary payments for SMEs - Account aggregation | - Single enterprise grade server hardware node. - Use OS/Software firewall on same HW node as integration layer OR dedicated HW firewall. | - "Some" downtime acceptable if hardware fails. - Some schemes may rule out DFSPs that cant meet a certain downtime SLA. - May take hours to replace hardware on total failure. - Full Mojaloop security feature set: mTLS, JWS, ILP - Bulk interface SLA? - How should this be defined? Batch size? time to send batch over API? response time for callbacks? - Max batch size approx 25k payments - Sending 25k payments via bulk API should take < 60 seconds. - Responding to callbacks should take < 10 seconds. | - Record keeping? - Security? | - May need integration with existing enterprise security platforms e.g. firewalls, gateways etc... ?? needs more clarification | - Docker compose or docker swarm based integration layer. - Minimal, self-contained integration layer. |
| High Medium self-hosting PISP/AISP | - Small org with one or two branches. - Own "data centre" i.e. broom cupboard with a few servers, router, firewall etc... - Some cloud knowledge and/or SaaS usage. | - Bulk payment for large organisations e.g. government depts. - Account aggregation | - In order to tolerate failure on 1 hardware node 3 or more hardware nodes are required. (2n+1) | - "Some" limited (minutes) downtime acceptable if hardware fails. - Some schemes may rule out DFSPs that cant meet a certain downtime SLA. - Should have spare hardware waiting or very fast replacement services in case of failures. - Full Mojaloop security feature set: mTLS, JWS, ILP - Bulk interface SLA? - How should this be defined? Batch size? time to send batch over API? response time for callbacks? - Max batch size approx 100-200k payments - Sending 100-200k payments via bulk API should take < 300 seconds. - Responding to callbacks should take < 120 seconds. | - Record keeping? - Security? | - May need integration with existing enterprise security platforms e.g. firewalls, gateways etc... | - Kubernetes based integration layer - Possibly have existing integration technology. |
| Large self-hosting PISP/AISP | - Mature, multi-branch org with high internal IT capability - Has own data centre and experts to manage systems - Comfortable with Cloud and hybrid applications - Has internal software engineering capability. | - Bulk payment for large organisations e.g. government depts. | - High availability of internal infrastructure is necessary - Multiple active instances of all critical integration services spread across multiple hardware nodes. - High availability, replicated data storage. - may be multi-site / availability zone / region. | - No downtime acceptable - High-availability of connectivity. - multiple active connections via diverse routes. - Optional persistent storage. - Scheme connection and integration layer SLA should match SLA for existing internal infrastructure. - Bulk interface SLA? - How should this be defined? Batch size? time to send batch over API? response time for callbacks? - Max batch size approx 1mil payments - Sending 1mil payments via bulk API should take < 600 seconds. - Responding to callbacks should take < 300 seconds. | - Record keeping? - Security? | - May need integration with existing enterprise security platforms e.g. firewalls, gateways etc... | - Kubernetes based integration layer - Possibly have existing integration technology. |
# Document History
| Version | Date | Author | Detail |
|---|---|---|---|
| 1.0 | 9th June 2025 | Tony Williams | Initial version |