Learn to handle any edge case with Authenticated Passthrough Requests

Central to your experience with Merge is our Common Models. As robust representations of common entities across multiple third-party platforms, they're built to handle and anticipate the most typical use cases in a given category.

Of course, as you explore your own use case with Merge there might be endpoints and edge cases that aren’t covered by our Common Models. A unified API means being opinionated about how to represent a given category, which means deciding what not to include is just as critical as choosing what to include (because, really, who wants to have to use a bloated API?).

Instead, to help you take advantage of all that Merge has to offer, our platform feautres Authenticated Passthrough Requests. Curious how to handle any use case your product might encounter when it comes to integrations? Let's dive right in.

You can learn more about Authenticated Passthrough Requests by attending our upcoming webinar.

How an Authenticated Passthrough Request Benefits You

An Authenticated Passthrough Request is an API call you make to Merge that we pass on to the third-party API of your choosing. 

While your request headers are Merge-specific, the request method and path are formed to meet the requirements of the API you want to access directly (more on that below).

Core benefits of using Authenticated Passthrough Requests:

  1. Merge handles authentication for you (so you save development time)
  2. You never have to store authorization credentials while making these requests (so you don’t have to worry about security issues and token management)
  3. Merge provides human-readable error messages across platforms to help you troubleshoot (so, you save even more development time!)

In short, anything you can do with direct integration, you can do with Merge. Only with Merge, it’s just a little (or, a lot) easier.

Example of an Authenticated Passthrough Request

A common example of when to use a Passthrough is to get information about ‘trainings’ from a specific HRIS system, such as BambooHR. While the ‘training’ model is not common across most HRIS providers, it factors into BambooHR's platform, and may play a crucial role in your product's use case.

So, let’s see how you can reliably and easily call BambooHR using Merge.


Before you make this request, you would need to sign-up for Merge and create a Linked Account.

Luckily, our Get Started guide walks you through what a Linked Account is, and how to create one. If you're totally new, make sure you sign up first - we'll still be here.

Step 1. Make a Passthrough Request

Here’s an example of a GET passthrough request for a training type via BambooHR.

If you’re familiar with requests to Merge, you’ll see it’s quite similar to a normal request to our API. Even better: it doesn’t include any BambooHR-specific authentication. Merge will automatically handle authentication when you submit the request with the credentials we already have stored from your customer.  In the example, those credentials are represented by {{INSERT_ACCOUNT_TOKEN_HERE}} and {{INSERT_PRODUCTION_KEY_HERE}}.

Step 2. Read the Response from BambooHR

You’ll receive something like this response, directly from BambooHR!

It’s that simple.

Pro-tip: Think you might need some help constructing your own Passthrough request? Customers on our Professional and Enterprise plans are assisted by our expert Growth and Solutions Engineering team with custom code that fits their use case.

As you build

Remember: anything that can be done via a direct integration can be done via Passthrough as well. The added benefit to you is being able to utilize our Common Models, tokenized authentication, and standardized errors and logging messages to aid your development. 

Interested in using Passthrough alongside our Unified API, and want to discuss your use case even more? Reach out to a member of our Sales team - we’re always happy to help you determine if Merge is the right solution for you.