How to integrate with a 3rd party?

In our fast-moving world business wants to shorten the period between an idea and an implementation.You might need a payment system, a notifications provider or a content management tool for your app or website. I bet, you can develop some of them in-house, but in most cases, you can find a tool that would help your business to get to market faster and to start getting benefits ($$$) earlier.

3rd party vs. in-house development

Let’s analyze what advantages and disadvantages 3rd parties bring to your business.

I personally love pros/cons matrix. It helps during the analysis, and it is an excellent visualization of your thought process for a presentation.

pros cons
  •  you can build exactly what you need
  • full control over your data and application
  • Cost: in-house solution would require an initial investment in both development and infrastructure.
  • Capex vs. Opex for a 3rd party
3rd Party
  • Faster Time To Market
  • Scalability and support are a weight off shoulders
  • Security: you might need to share your data or your customers’ data with a 3rd party.
  • 3rd parties are hardly tailor-suited to meet unique business requirements

Using SaaS solutions is like renting instead of buying. You are not sure whether you want to live in this neighborhood and whether you want to take care of house maintenance.

3rd Party  Technical Evaluation

Once you decided to go with a 3rd party, it is important to do a technical evaluation of the vendor. Your business becomes dependable on the vendor that you can’t control. If there are any risks associated with the vendor, it’s better to know it sooner than later. It gives you an opportunity to mitigate those risks and to negotiate SLAs.

APIs and SDKs

  • What kind of APIs are provided by the 3rd party? What kind of APIs? Do they have documentation for the APIs?
  • Do they provide SDKs for your mobile apps?


  • What is their systems (APIs, apps) availability?
    • If it’s a critical system for your business (payment provider) and it has availability 99.5%, and your app/website has availability 99.9%, your overall system availability becomes 99.4%. Is that acceptable for your business?
  • Do they have any available history of downtimes?

Performance and Scalability 

  • What is response time for their APIs, SDKs and web applications?
  • Is it an auto-scalable solution?

Disaster Recovery

  • Do they have a disaster recovery plan?
  • What type of disaster recovery do they have? (cold, warm, hot)
  • How much time would they need to recover?


  • SSL for APIs?
  • Do they encrypt sensitive data?
  • Where data centers are located? Some countries have regulations about where data can be stored
  • Is there any monitoring in place to detect malicious activities?
  • What PII  information will be sent and stored by a vendor?
  • If you are providing the 3rd party with PII, can that be hashed? What hashing mechanisms do they support?


  • What is their support SLAs? If this is a critical system for your business, you might want them in respond fast.
  • Alerting. Can you be notified if there are any issues with a vendor so you will be able to mitigate the impact on your business?

Reference Calls

  • Ask 3rd party to provide contacts for a reference call. They might have some case studies available, but that’s always better to talk to a person who has experience with a solution that you plan to use. Ask questions about ease of development, support process, availability and unexpected downtimes.

Research on internet 

  • check Gartner’s and Forrester’s recommendations
  • check StackOverflow on any issues that were reported by other developers

Integration Architecture

Once you collected and evaluated a vendor from a technical perspective, you are ready to design an integration.

The first question to answer is: what is the system’s level of criticality? 

If the system is critical, my advice is to be prepared for the worst:

  • How your system will behave if the 3rd party is unavailable? Would it impact user experience?
  • Can you turn off the integration with the 3rd party?
  • if you send data to the 3rd party, make sure that you have retry mechanism built in case of system unavailability

The next step is to do a POC. During the POC you might like to achieve the next goals:

  • validate that your developers are comfortable with SDKs/APIs,
  • implement a few key use cases
  • check how vendor behaves and whether they provide a professional support during the POC

If everything looks good to you after a technical evaluation, reference calls,  POC and you can mitigate all found risks  –  you are ready for integration!

Good luck!



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at

Up ↑

%d bloggers like this: