If you’re evaluating Finch, a unified API solution, you’ll inevitably run into the term “assisted integrations.”

It’s referenced on their integration page and developer documentation, and it’s a reason why they can offer 200+ HR and payroll integrations.

Just by understanding how their assisted integrations work, however, you’ll realize that they can be problematic:

We firmly decided not to offer assisted integrations because they can lead to poor performance, disappointing customer experiences, and worst of all, breed significant security risks. Instead, we solely provide automated integrations, or integrations that sync data by communicating with 3rd-party endpoints.

You can read on to learn why automated integrations outperform assisted integrations in both security and performance.

How automated integrations can outperform assisted integrations

Assisted integrations are extremely manual. You’re depending on an individual to take data from clients’ systems, normalize them properly, and upload them to Finch. 

Since Finch’s team is dealing with countless assisted integrations across their customer base, they can experience delays in carrying out this work. A given assisted integration may, for example, take at least a week to sync data successfully. 

In addition, the human intervention work that’s involved can naturally lead to a high rate of syncing errors. Individuals may forget to add specific data to Finch or go on to add the wrong data, leading syncs to either go uncompleted or provide clients with the wrong information.

Automated integrations, on the other hand, don’t require manual intervention to sync data. A unified API solution (like Merge) is directly communicating with the clients’ API endpoints, allowing the solution to access the relevant data in near real-time. 

As a result, automated integrations, coupled with webhooks, can support time-sensitive processes effectively, while assisted integrations, in our opinion, can’t.

Evaluating the security impact of assisted integrations against your organization’s policies

Assisted integrations require an individual to sign in with the credentials that your customer has entrusted you with to pull the data every time a sync happens. 

Therefore, when evaluating whether assisted integrations pose a security risk to your company, ask who is actually doing the pulling. In other words, is this work contracted out? And if so, who’s contracted to perform it? Ensure that your organization’s policies around protecting data are followed throughout the transfer, including any requirements for the data to remain encrypted in transit and at rest. 

Unless you are evaluating assisted integrations against your organization’s policies for processing data, you could be compromising your ability to comply with data protection and privacy regulations like GDPR, HIPAA, and SOC 2 Type 2. This naturally gives your rivals a significant edge in winning new business, and it makes it all but impossible to build and maintain trust with clients.

Final thoughts

You likely have at least somewhat unique requirements when it comes to the customer-facing integrations you need to support. 

However, we believe that there’s little reason to invest in assisted integrations. They can put your clients at risk, hamper your integrations’ performance, and, ultimately, cause meaningful harm to your business.

You can learn more about Merge’s automated integrations, as well as our other features and capabilities for building, maintaining, and managing your integrations, by scheduling a demo with one of our integration experts.