A guide to our API evaluation criteria
Merge’s integration development team has worked with hundreds of APIs since the company was founded, and some have been easier to integrate with than others. Below we describe the key criteria we consider when evaluating whether to add an API to one of our Unified API categories.
Data quality and accessibility
1. Consistent data format: The API should always provide data in a standard format, such as JSON or XML. This ensures that our connector can interpret and process the data reliably.
2. Comprehensive data: The API should provide a complete set of data that covers all of the necessary fields and data points required for our system and our customers.
3. Unique identifiers: The data should have unique identifiers that we can use to reliably pull and update data in our database
4. Timely and reliable data delivery: The API should provide data in a timely and reliable manner, with minimal downtime or data latency.
5. Public API: The API needs to be external-facing and standardized across customers and partners.
1. Secure authentication protocols: The API should support secure authentication protocols, such as OAuth 2.0, that protect user data and prevent unauthorized access. The API should also support encryption of data in transit to prevent interception and tampering.
2. Reliable authentication flow: The API's authentication flow should be reliable and well-documented, with clear instructions on how to authenticate and refresh tokens as needed. The API should also provide clear error messages in case of authentication failures.
3. Robust security practices: The API provider should have robust security practices in place, including regular security audits and vulnerability testing, to ensure the security and reliability of the data.
Sandbox and UI access
1. Sandbox with UI access: Merge requires access to a sandbox account/development environment in which we can test and build our connector in a safe and controlled environment. The sandbox should also provide UI access so that we can easily interact with the API and explore its capabilities.
2. API documentation: The API should be accompanied by publicly accessible documentation that explains the API's functionality, data schema, available endpoints, authentication procedures, and any rate limiting or usage restrictions.
API stability and maturity: As a matter of policy, we typically do not build to APIs in beta or APIs that are newly developed. We only build to established and stable APIs with a proven track record of reliability and performance.
Support: We also recognize that the quality of an API isn't solely based on technical requirements, and we frequently consider other factors such as a platform’s reputation, customer support responsiveness, and ability to troubleshoot developer issues.
By applying these criteria, Merge’s integration development team can help ensure that the data accessed by our system and our customers is complete, accurate, and secure, so that our customers receive a best-in-class product and service.