I totally understand your point and agree

Some banks integration are still using pgp to encrypt the payload
im really looking for an all in one solution for sme to easily build where they could encrypt their payload and interface with the bank. Something like an adapter where sme could easily integrate into their solution. Pgp encrypt payload is really uncommon which is why I’m looking for easy way out for such customers
after google for weeks and response from you I guess this doesn’t exist
Kinda confused with which tier of the entire ecosystem you are tackling.
I know NETS uses PGP (
https://silo.tips/download/a-better-way-to-pay-unified-merchants-api-umapinet-integration-manual).
But you are asking about API G/W as your solution. If I understand it properly how "this" API G/W will be placed it should looks something like this
MERCHANT(SME) ---> YOUR API G/W ----> PAYMENT G/W API G/W
From YOUR API G/W, PAYMENT G/W API G/W will be the backend servers behind YOUR API G/W. If you are trying to alleviate the PGP complexities from the MERCHANT, then YOUR API G/W will be part of the infrastructure of the MERCHANT. Otherwise it may not be a secure ENDPOINT-2-ENDPOINT solution.
If that is the case, PGP at the API G/W is not really what you should be looking for. PGP at API G/W implementation is AA between the END-USER and the API G/W, which is between MERCHANT and YOUR API G/W.
You have emphasised one-stop solution, hence I'm not sure one-stop from whose perspective exactly. If it is the merchant one-stop solution that you are providing, then it seems what you are trying to do is to provide 2nd-tier solution where the PAYMENT G/W is your partners. You are providing payment solution on behalf of your payment G/Ws partners to other merchants.
Correct me if I have got your architecture wrongly.
If what you are providing is YOUR API G/W solution where it communicate with other PAYMENT G/W using PGP. Then simply you can implement it using Spring Framework (if you are on Java stack) providing REST WS, or other REST WS frameworks at your disposal. The authentication layer can be just OAuth2 for simplicity. The PGP key is stored at this middleware tier.
Thanks
