Organisations cannot work on their own as they have to integrate with customers and suppliers. I will explain some of the integration types I have worked on until now.
REST
This is the standard and what all systems should use nowadays. It is simple, clear and easy to create and to consume. In Java for example you can use Feign for calling the endpoints and the JSON requests and responses are automatically converted to objects. If you want to make the consumer happy you could also provide a Postman file like some companies such as Currency Cloud do or even a connector like Atlassian provides.
There are many ways to handle the security. If you are the provider and want to protect the endpoints, a simple way to do it is to have the APIs in a secured network and use some tools like Apigee that allow to expose only some endpoints.
If you are the consumer you will have to handle different ways like sending a security token in the headers or doing first an authentication request that will return a token that would be sent in the next requests.
SOAP
This is a bit older alternative that has the advantage of having more stable formats in the requests and responses. The providers usually share templates with the format (wsdl). There are some tools such as JAXB that allow to generate objects and converters that transform the data to the format accepted by the API.
Connectors
Many organisations use the most popular SaaS solutions like NetSuite or Salesforce. Some companies have noticed it and have created tools that have connectors built in for them.
There are some scenarios where they are handy like when the team that maintains the integrations doesn’t have experience coding. However these tools are pricey and I have sweet and sour experiences using them, so I will leave to you to try them and decide by yourself.
SFTP
This is the most standard approach used by organisations that don’t offer APIs, including banks and SaaS platforms. They upload spreadsheets to a server that you will have to poll to detect when a new file has been added.
They may allow to access the server from only one whitelisted IP address and it may take them some time to configure it, so I would suggest to ask for it and test it since the very beginning. I had to wait for weeks to use the production SFTP of a bank because the IT responsible was on holidays and then different teams had to coordinate to configure it.
Alternative solutions
This is one reign where I hope you never have to enter. There are some organisations that don’t have resources to integrate with partners so they offer other solutions like a back and forth of emails that you would have to parse or generate, or putting the files in external systems like Box.
If it is by email I hope you can convince them to send the data in a spreadsheet that is encrypted or that at least is protected by password as the communication by email is quite insecure. In the case of using systems like Box you may be able to have access to a REST API that may allow you to get the files easily.
Summary
There are different ways of integrating with other systems and it will depend on both sides. If possible use REST, if not use SOAP and leave SFTP and other solutions for the cases when an API is not accessible.
Consultant and security champion specialised in Java, with experience in architecture and team management in both startups and big corporations.
Disclaimer: the posts are based on my own experience and may not reflect the views of my current or any previous employer
