Custom API Integration Services that Ship and Scale

Custom API integration services connect your systems cleanly and keep data flowing without manual hacks. We design, build and support REST/GraphQL integrations, webhooks and background jobs across Shopify, HubSpot, Xero, AI services and internal databases. Typical delivery is 2–6 weeks, £4k–£25k, with production-hardening, monitoring and runbooks included.

If you need an integration that won’t fall over under load, won’t get banned for rate‑limit abuse, and won’t wake you at 3 a.m., read on.

What we mean by custom API integration

“Custom” does not mean starting from scratch. It means choosing the right mix of existing SDKs, workflow tools and lightweight code to meet your exact data model, security posture and operational constraints.

Common patterns we implement:

• Bi‑directional syncs (e.g. Shopify orders ↔ ERP, inventory levels ↔ marketplaces)
• Event‑driven flows with webhooks (e.g. HubSpot contact.created → CRM enrichment)
• Batch imports/exports when APIs are noisy or rate‑limited (nightly CSV/S3 jobs)
• Data transforms (XML/SOAP → JSON/REST, CSV → GraphQL mutations)
• Middleware that insulates fragile legacy systems from modern SaaS

We work in TypeScript and Python for most builds, deploy to AWS Lambda or containers where it makes sense, and use n8n when a graphical workflow shortens delivery without locking you into a black box. For state and audit, we prefer Postgres. For queues, Redis/BullMQ or AWS SQS. No brittle RPA unless a vendor truly gives you no API.

If you want the quick version of how we’d approach your project, see our Custom API Integration page, or just book a free discovery call.

Tooling and architecture choices

Tooling matters because it sets your future operating cost. Our defaults:

• n8n for orchestrating simple multi‑step flows with clear mapping UIs. We self‑host for control, version with Git, and keep custom code in nodes so you’re not stuck.
• Bespoke services in Node.js/TypeScript or Python when you need strict performance, complex transforms, or fine‑grained retries and idempotency.
• Storage: Postgres for durable state, Redis for fast caches and deduplication, S3 for files.
• Runtime: AWS Lambda for spiky workloads; containerised services on ECS/Fargate for steady throughput; Cloudflare Workers for fast, globally‑reachable webhook endpoints.
• Interfaces: REST for simplicity, GraphQL when the provider supports it well (e.g. Shopify Admin API GraphQL for efficient bulk queries/mutations). We’ll avoid gRPC unless both sides control the network.
• CI/CD: GitHub Actions to run tests, lint, security scans (Snyk), and promote to staging/production with approvals.

We design small, composable services. If a vendor changes a field or rate policy, you want to update one component, not redeploy your whole stack.

Authentication, security and compliance

Most integration outages trace back to auth and secrets. We build auth as a first‑class feature, not an afterthought.

• OAuth 2.0 and OIDC for SaaS apps like HubSpot and Google. We store refresh tokens encrypted, rotate regularly, and auto‑renew ahead of expiry.
• HMAC verification for webhooks (e.g. Shopify HMAC using shared secret). We reject and log any mismatches.
• API key rotation via AWS Secrets Manager or Doppler; no hard‑coded creds. Keys are scoped to least privilege.
• IP allowlists and mTLS when dealing with on‑prem services.
• PII minimisation: keep only what the workflows need. Redact logs at the edge. Encrypt at rest and in transit (TLS 1.2+). HSTS on public endpoints.
• Audit trails: every inbound/outbound call gets a correlation ID, request/response metadata (not raw PII) and outcome stored for forensics.
• GDPR: we sign DPAs, document data flows, and provide deletion/rectification hooks where required.

If your security team wants detail, we’ll share sequence diagrams, data retention schedules and penetration test reports from similar builds.

Rate limits, idempotency and retries that won’t bite you later

Vendors throttle. Users click twice. Networks blip. You design for it or you suffer for it.

• Shopify Admin API: REST uses a leaky bucket (40 credits) and GraphQL uses a cost‑based budget. In practice we cap to ~2–3 REST calls/sec per shop, or ~50 GraphQL cost units/sec, with adaptive backoff. Bulk operations process thousands of records safely.
• HubSpot: 100 requests/10 sec/app by default. We smooth with token‑bucket rate limiters and queue bursts.
• Xero: strict daily limits; batch where possible and spread jobs over time windows.

Reliability patterns we consider mandatory:

• Idempotency keys on writes, especially payments, fulfilments and inventory adjustments.
• Exponential backoff with jitter for 429/5xx; fail‑fast on 4xx configuration errors.
• Queues with dead‑letter routing (SQS DLQ or BullMQ with separate failure streams) and quarantines for bad records.
• Deduplication on webhook ingestion (hash event IDs for 24 hours) to avoid double processing.
• Circuit breakers around flaky dependencies to protect upstreams.

These guardrails sound fussy. They save weekends.

Testing, monitoring and support

You can’t support what you can’t see. We bake in tests and observability from day one.

• Contract tests using OpenAPI schemas and Pact where we control both sides. We mock upstreams in CI to catch breaking changes early.
• k6 or Artillery to load‑test hot paths (e.g. 1,000 orders in 5 minutes) and size queues and timeouts accordingly.
• Postman collections (or Newman in CI) for reproducible end‑to‑end checks.
• Monitoring: Datadog or Grafana/Prometheus for metrics; Sentry or Logtail/Logflare for error traces; health checks and heartbeats for schedulers.
• Dashboards that show: queue depth, success/failure rates, 95th percentile latency, vendor rate‑limit utilisation, and oldest unprocessed job age.
• Runbooks with clear “If X, do Y” steps. Example: “If Shopify returns 429 for >2 mins, lower concurrency to 1 and requeue.”

Support options: business hours incident response as standard; optional out‑of‑hours for critical flows. We target 99.9% integration uptime on managed stacks. On a recent retail peak we processed ~50k jobs/day with <0.2% retries and zero human intervention.

Examples from recent projects

• Shopify → Xero stock and fulfilment sync

  • Problem: overselling due to 2–3 hour lag between warehouse and store.
  • Build: Shopify GraphQL bulk API, warehouse REST, AWS Lambda, Redis dedupe, SQS, idempotent fulfilment updates.
  • Outcome: inventory updates under 60 seconds; oversell incidents down 95%; ~12k orders/day handled during peak with average latency ~8 seconds per event.

• SEO enrichment pipeline using SerpAPI and OpenAI

  • Problem: thousands of products with thin content; manual writing too slow.
  • Build: n8n orchestrating SerpAPI lookups, brand data scrape, OpenAI content suggestions, human approval queues, Shopify Admin API updates.
  • Outcome: ~1,800 products enriched in 10 days; meta CTR up ~12% on test category; editors spent minutes per product instead of 15–20.

• Legacy SOAP CRM ↔ HubSpot contact sync

  • Problem: 70k contacts, weekly batch CSVs, duplicates and GDPR risk.
  • Build: Middleware in Python (FastAPI) translating SOAP XML to JSON, dedupe rules in Postgres, webhook back‑prop to legacy system, AES‑256 at rest.
  • Outcome: sync window cut from 6 hours to 35 minutes; duplicate rate down 90%; audit trail searchable in seconds.

• Marketplace order router across three 3PLs

  • Problem: single 3PL SLA breaches on East Coast US orders; need georouting.
  • Build: Routing microservice in TypeScript, BullMQ for queuing, Cloudflare Workers webhook ingress, per‑3PL adapters, idempotent shipments.
  • Outcome: on‑time dispatch improved from 84% to 98%; shipping costs down ~7% via smarter carrier selection.

These aren’t lab demos. They’re typical of the integration work we deliver and maintain.

Delivery approach, timelines and documentation

We keep delivery predictable and visible.

• Discovery (3–5 days): confirm objectives, map endpoints, auth, data contracts, volumes, and edge cases. Produce a short spec with sequence diagrams, sample payloads and acceptance tests.
• Build (1–4 weeks): iterative development with weekly demos. Staging environment hits vendor sandboxes first. Feature flags to enable dark launches.
• Hardening (3–7 days): load tests, chaos tests for webhooks, failover drills, and runbook finalisation.
• Go‑live: phased roll‑out, elevated logging, and a rollback plan agreed in advance.
• Handover: documentation, diagrams, Postman collections, env var catalogues, and a 60–90 minute walk‑through recorded for your team.

We avoid surprise dependencies. If a vendor’s plan won’t support your volume, we’ll flag it up front with rough costs and alternatives.

Pricing and engagement options

We price to the shape of the work, not the buzzwords.

• Small connector (single system to system, straightforward mapping): £4k–£7k, ~2 weeks.
• Mid‑range integration (2–3 systems, webhooks, retries, transforms): £12k–£25k, 4–6 weeks.
• Complex estate (legacy systems, high volume, compliance needs): scoped after discovery.
• Discovery workshop: fixed‑price from £950, includes a delivery plan and risks.
• Support retainers: £1k–£3k/month depending on hours, SLAs and monitoring stack.
• Time & Materials when scope is fluid: typical day rates £700–£950.

We’re pragmatic about build vs buy. If Zapier, Make or a vendor app plus a small custom shim gets you 90% there for £0/month extra, we’ll say so.

If you’re comparing options, have a look at our Custom API Integration page for more detail, or just book a free discovery call. We’ll give you a straight answer on feasibility, timelines and budget in the first meeting.

FAQ

How fast can you start and deliver?

For well‑scoped work we usually start within 1–2 weeks. Small builds land in ~2 weeks; mid‑range integrations take 4–6 weeks. Urgent fixes or stop‑gaps can be shipped in days if access is ready.

Do you work with Shopify, HubSpot, Xero and Salesforce?

Yes. We regularly ship against Shopify Admin API (REST and GraphQL), HubSpot CRM, Xero Accounting, and Salesforce REST/Bulk APIs. We also integrate with NetSuite, Klaviyo, Azure AD, Google Workspace, and custom in‑house services.

Can you host and monitor the integration for us?

Yes. We can host on AWS under our account or yours, set up monitoring (Datadog/Grafana, Sentry), and provide support SLAs. If you prefer to run it in‑house, we’ll provide CI/CD pipelines and handover training.

How do you handle GDPR and data processing?

We minimise PII, encrypt in transit and at rest, log only metadata, and provide deletion/rectification hooks. We’ll sign a DPA and document data flows and retention so your compliance team is comfortable.