In our fast-moving world business wants to shorten the period between an idea and an implementation.You might need a payment system, a notifications provider or a content management tool for your app or website. I bet, you can develop some of them in-house, but in most cases, you can find a tool that would help your business to get to market faster and to start getting benefits ($$$) earlier.
3rd party vs. in-house development
Let’s analyze what advantages and disadvantages 3rd parties bring to your business.
I personally love pros/cons matrix. It helps during the analysis, and it is an excellent visualization of your thought process for a presentation.
Using SaaS solutions is like renting instead of buying. You are not sure whether you want to live in this neighborhood and whether you want to take care of house maintenance.
3rd Party Technical Evaluation
Once you decided to go with a 3rd party, it is important to do a technical evaluation of the vendor. Your business becomes dependable on the vendor that you can’t control. If there are any risks associated with the vendor, it’s better to know it sooner than later. It gives you an opportunity to mitigate those risks and to negotiate SLAs.
APIs and SDKs
- What kind of APIs are provided by the 3rd party? What kind of APIs? Do they have documentation for the APIs?
- Do they provide SDKs for your mobile apps?
- What is their systems (APIs, apps) availability?
- If it’s a critical system for your business (payment provider) and it has availability 99.5%, and your app/website has availability 99.9%, your overall system availability becomes 99.4%. Is that acceptable for your business?
- Do they have any available history of downtimes?
Performance and Scalability
- What is response time for their APIs, SDKs and web applications?
- Is it an auto-scalable solution?
- Do they have a disaster recovery plan?
- What type of disaster recovery do they have? (cold, warm, hot)
- How much time would they need to recover?
- SSL for APIs?
- Do they encrypt sensitive data?
- Where data centers are located? Some countries have regulations about where data can be stored
- Is there any monitoring in place to detect malicious activities?
- What PII information will be sent and stored by a vendor?
- If you are providing the 3rd party with PII, can that be hashed? What hashing mechanisms do they support?
- What is their support SLAs? If this is a critical system for your business, you might want them in respond fast.
- Alerting. Can you be notified if there are any issues with a vendor so you will be able to mitigate the impact on your business?
- Ask 3rd party to provide contacts for a reference call. They might have some case studies available, but that’s always better to talk to a person who has experience with a solution that you plan to use. Ask questions about ease of development, support process, availability and unexpected downtimes.
Research on internet
- check Gartner’s and Forrester’s recommendations
- check StackOverflow on any issues that were reported by other developers
Once you collected and evaluated a vendor from a technical perspective, you are ready to design an integration.
The first question to answer is: what is the system’s level of criticality?
If the system is critical, my advice is to be prepared for the worst:
- How your system will behave if the 3rd party is unavailable? Would it impact user experience?
- Can you turn off the integration with the 3rd party?
- if you send data to the 3rd party, make sure that you have retry mechanism built in case of system unavailability
The next step is to do a POC. During the POC you might like to achieve the next goals:
- validate that your developers are comfortable with SDKs/APIs,
- implement a few key use cases
- check how vendor behaves and whether they provide a professional support during the POC
If everything looks good to you after a technical evaluation, reference calls, POC and you can mitigate all found risks – you are ready for integration!