Investing in Integration Management
You’re probably looking into the scope of your next integration project and thinking: what have I gotten myself into?
At Merge, we’re no strangers to integrations. While you probably have the upfront cost of building integration in your head: the engineering resources required to map and normalize data, the changes and updates to your front-end, UX, and team enablement, a prickly realization may emerge as you continue to add more and more integrations:
There’s a lot more that goes into offering integrations at scale than stringing together a few more endpoints.
In fact, we’d argue that integration management - or, the activities, infrastructure, and time that you need to spend around the connections you build - soon begins to eclipse the actual cost of building the integration itself.
In this article, we’ll cover the areas of integration management you need to anticipate as you scale out your integration offerings, and look into how a unified API can work to alleviate those costs for you.
What to anticipate for integration management (at scale)
Every API is going to have a different form of how they handle authentication parameters (otherwise known as - how you’re able to identify yourself as an authorized user).
You’ll need to anticipate building and scaling out infrastructure that handles everything from basic authentication, to OAuth, to the weird forms in between (trust us - we’ve seen it all). While it may feel reasonable to manage just a few forms of authentication at first, as you scale your integration offerings into the tens of dozens the work of managing tokens, configuring access, and maintaining authentication with third-party platforms may start to take over more of your engineering time than you think. When platforms change protocols, things tend to break.
Unified APIs require just one form of authentication for every integration they offer. Merge, for example, uses just two primary protocols: a Merge API Key (to show you’re a Merge user) and a Linked Account Token (to specify which user and integration you’re authorized to access) to securely handle authentication for all of its APIs. Read more about the technical aspects of unified API authentication here.
User authorization is handled via a single modal, called Merge Link, that passes on secure tokens to allow your app to programmatically handle authentication
Companies change. APIs change. Endpoints change. Your customers’ expectations that your integration work? They probably don’t change. In the best-case scenario, a platform will send out a notice about breaking changes, whether they be a deprecated endpoint or adjustments to required parameters. In the worst case, a change like this could happen overnight, impact your customers’ experience with your app, and cause your team to scramble to come up with a solution.
For a company that focuses on integrations, a unified API’s responsibility is not just building integrations, but maintaining them for the long term. Whether through responsive customer service or rapid patch notes, a unified API acts as the support team for integrations.
Control of Data - Object and Field Level Scopes
How do you assure your users you’re only pulling the data they want you to?
As you scale your integrations, you’re probably considering how to move upmarket, too. Different customers will set different requirements over what data you can access on their behalf. You’ll probably need to accommodate this and build in the flexibility that will make this work across different users and different integrations. For example, if you deal with HR data, it’s not difficult to imagine a customer stipulating that your app is only able to process an employee’s first name, last name, and department (and nothing more).
A unified API handles this situation by providing built-in toggles for object and field level scopes. Simple switches, accessible from a management dashboard, allow you to configure what data is pulled at the object level (for example, never pulling something that is related to an Employee’s Bank Info) as well as the field level (for example, never pulling something related to an Employee’s home address). This way, you can guarantee your user that you only have access to the data that’s required to get the job done, and nothing more.
If you’re curious about how a platform like Merge handles object and field-level data controls, read more here.
Rate limits are a lot like authentication: they vary from API to API, have their own nuances within systems, and are absolutely critical to consider when you think about the long-term health of your integrations at scale.
Managing API calls on behalf of many users to just one API platform is a challenge: imagine that on the scale of thousands or millions of API calls every day. At Merge, rate limiting is mission critical, and we’ve written at length about what to expect when building out your own system (and provide some insights on how we maintain our own. It’s safe to say we handle all the nuances of rate limit tracking for you.
Third-party APIs typically have some form of response when things go wrong. Those responses, however, can be hit or miss. Sometimes error messages can be vague or misleading, sometimes they might not even be in your native language - it truly depends on the platform you’re integrating into. (If you’ve noticed a theme here, it’s that the difficulty of integration maintenance usually arises from just how many ways different APIs manage different pieces).
A unified API often offers a single, standardized way of searching, viewing, and understanding logs across multiple integrations. For example, Merge features fully searchable logs that cover every request you make to Merge and Merge makes to third-party platforms.
With additional developer-focused functionality like debug_mode (a parameter that returns every log associated with an API request in the API request) - unified APIs offer features that make your developer’s lives far easier.
As you go through the roll-out of your integration, it’s important to know that sometimes basic things break. API keys expire and permissions change. Even though the solution to these issues may be quick: just asking your user to refresh their key or adjust their access level, your ability to diagnose what these issues depend on the tooling you’ve built out around your integration infrastructure.
Unified APIs like Merge can offer full Issues dashboards and tooling that make it easy and accessible for your team to diagnose these types of problems. Merge features a section of its dashboard dedicated to providing insight into not just the thing that went wrong, but offers functionality that allows a member of customer success (and not engineering) to fix it.
As you continue to scale out your integration strategy, it’s important to consider all aspects of where you’ll need to invest time and resources to make your integrations work for you.
If you’re interested in exploring more about how a unified API works to handle all of these aspects of integration maintenance and more, then explore your own Merge Dashboard. Signing up for an account is free, and you’ll be able to investigate Logs, Issues, and more with demo data. It’s a great way to get started.
If you think a unified API might be suitable for your integration strategy and want to discuss your use case further, then feel free to schedule a call with our experts or reach out to us over Intercom. We’re more than happy to help talk through what your integration goals are and what solution works best for you.