As APIs are becoming the building blocks of modern software, being able to rely on them is critical. Some might even say that APIs are the next big SaaS wave. But the problem is that as APIs become more universal, integrating them is not getting any easier, on the contrary. After interviewing over 50 engineering organizations, we’ve compiled a list of the best practices we came across and the challenges faced while building API integrations.

1. What it takes to build
API Integrations
By Guillaume Montard
Cofounder & CEO @ Bearer.sh

2. (hi)Story

3. API integration
/api intɪˈɡreɪʃ(ə)n/
noun
The action or process of using one or multiple APIs to interface
software with each other.

4. APIs, a tale of two worlds
Hey, did you integrate with
our awesome API?.
We’d love to, but..

5. Who builds integrations?

6. Interviewed 48 companies

7. Do you consume third party APIs?

8. ● Build the core product ● Add features & create partnerships
What for?

9. To build your core product?

10. To add new features?

11. Who doesn’t add new features through APIs?

12. Summary
Company per Stage Do you consume third party APIs?
To build your core product? Who doesn’t add new features through APIs?To add new features?

13. Eventually, we all build integrations.

14. And it’s just the beginning..

15. but, it’s not that simple

16. Don’t know when and why APIs break
Lack of proper monitoring
Managing credentials & rotation
Technical debt & dependencies
APIs are too diverse (protocol, format, etc.)
Feature disparity (sdk, webhook, etc.)
Authentication flow (OAuth 1, 1a, 2.0, etc.)
Lack of async/event-driven mechanism
Unclear potential use cases
Data leak

17. Playbook

18. The four pillars of API Integration Management
Build Monitor
Optimize Secure

19. Build

20. ● Thinking about API Client & SDK usage
○ Is there one? Would I use it?
■ Impact on your technical debt & dependencies
■ Features such as network retry, request identifier, timeout configuration, etc.
● Working with OAuth
○ Versions, grant types
○ Dance, token refresh, token revocation, scope change & token impact
● Using Webhook
○ Are there any?
■ Retry? log? signature?
Building API Integrations means

21. Monitor

23. ● Gathering metrics
○ Instantly know which APIs you use
■ Monitor latency, error rate, rpm, etc.
● Producing logs
○ Log every API call request, response, headers, status code, payload, etc
○ Filter sensitive data
● Setup alerting
○ Receive alerts using custom rules based on:
■ Error rate, latency deviation, certain types of error, rate limits.
Monitoring API Integrations means

24. Secure

25. ● Storing credentials
○ Outside your codebase
○ Use different credentials per environment
○ Manage visibility between Developer, SRE & Security teams
● Rotating credentials
○ One-click rotation, every 6 months
○ Log trail of when & who they were updated by
● Preventing data leaks
○ Monitor critical data sent through APIs (PII etc.)
○ Setup automated alerts
Secure API Integrations means

26. Optimize

27. ● Shielding your App from API failure
○ Perform critical API call as async
○ Setup retry logic using status code & circuit breaker algorithm
● Setup caching
○ Circuit breaker cache pattern for API failure or latency issues
○ Reduce API call cost
● Optimizing for latency
○ Optimize API network call, especially on mobile.
● Polling API
○ Poll APIs through a job/queue manager, deal with delta & retry
Optimizing API Integrations means

28. As APIs are becoming the building
blocks of modern software, being
able to rely on them is critical.

29. Takeaway
s
API Integrations are everywhere and it’s just the beginning
Building is critical but it’s only one part of the overall equation
Integration goes through the entire engineering organization
Enforce best practices and invest in tooling as soon as possible

30. Q&A

31. Let’s continue the discussion
👇
Twitter: @g_montard
guillaume@bearer.sh