Skip to content

The 2026 Buyer's Guide to Multi-Category Unified APIs

A senior PM's playbook for evaluating multi-category unified APIs and Merge alternatives: architecture, mapping models, pricing math, and migration.

Yuvraj Muley Yuvraj Muley · · 21 min read
The 2026 Buyer's Guide to Multi-Category Unified APIs

If you are a senior product manager at a B2B SaaS company evaluating integration platforms to ship native connectors across CRM, HRIS, ATS, accounting, and ticketing categories, you need a structured framework to compare multi-category unified APIs. The era of building point-to-point integrations by hand is over, but the vendor landscape has fragmented into vastly different architectural approaches.

The stakes are high enough that enterprise buyers are actively punishing vendors who get integrations wrong. 90% of B2B buyers either agree or strongly agree that a vendor's ability to integrate with their existing technology stack significantly influences their decision to add them to the shortlist. Furthermore, buyers delay contact until two-thirds of the way through their journey, initiate outreach themselves over 80% of the time, and overwhelmingly reach out first to the vendor they intend to buy from. Your public integrations directory is doing the qualifying before a sales rep ever sees a prospect's name.

This multi-category unified API buyer's guide breaks down the technical realities of evaluating platforms in 2026. We will examine why legacy integration models fail at scale, the hidden engineering costs of maintaining custom connectors, and how to objectively compare the top platforms based on architecture, data retention, custom object support, rate limit behavior, and total cost of ownership.

Why Multi-Category Unified APIs Are Replacing Embedded iPaaS

Key Takeaways:

  • Embedded iPaaS relies on visual workflow builders that create state management and version control issues for product engineering teams.
  • Unified APIs treat integrations as code, allowing developers to build native-feeling features using standard REST or GraphQL contracts.
  • Multi-category platforms prevent vendor sprawl by standardizing schemas across CRM, HRIS, Accounting, and more.

The architectural shift from visual workflow builders to code-first unified APIs is driven by the need for predictable software engineering practices. For years, the default answer to the integration problem was embedded iPaaS (Integration Platform as a Service) platforms like Workato Embedded, Tray, or Prismatic. These platforms promised that non-technical staff or ops teams could drag and drop their way to a fully integrated product.

Embedded iPaaS solves the "connect any app to any app" problem with visual workflows. But a visual workflow builder is a tool for end-users or internal ops, not a tool for engineers shipping core product features. If your prospect is asking, "Does your app sync employees from Workday into our HRIS dashboard?" the answer cannot be, "We have a Zapier template." It must be a first-class feature with predictable error handling, audit logs, and SOC 2 boundaries you control.

The reality of embedded iPaaS is entirely different when deployed in production. Visual builders create massive technical debt. They lack standard version control, make automated testing nearly impossible, and force your application to rely on proprietary domain-specific languages. When a complex bidirectional sync fails inside an iPaaS black box, your engineering team has no stack trace to debug.

Multi-category unified APIs (like Truto, Merge, Apideck, or Unified.to) solve this by returning control to the codebase. Instead of building isolated workflows in a third-party UI, developers interact with a single, standardized API contract across dozens of SaaS categories. Engineers can call GET /crm/contacts and receive the exact same data shape whether the backend provider is Salesforce, HubSpot, Pipedrive, or Close. A developer can pull a list of employees from an HRIS platform (like Workday) and push them as users into an ITSM platform (like ServiceNow) using the exact same standard data structures, authentication methods, and pagination logic.

graph TD
    A[Your Application] -->|Standardized Request| B(Multi-Category Unified API)
    B -->|Normalized CRM Model| C[Salesforce]
    B -->|Normalized CRM Model| D[HubSpot]
    B -->|Normalized HRIS Model| E[Workday]
    B -->|Normalized HRIS Model| F[BambooHR]

The shift toward unified APIs is driven by what mid-market PMs actually need to ship: a single integration feature that covers multiple providers on the same code path, rather than point-to-point connectors held together with fragile retry logic. For a deeper dive into this architectural divide, read our guide on /embedded-ipaas-vs-unified-api-the-2026-buyers-guide-for-b2b-saas/.

The Hidden Costs of Building SaaS Integrations In-House

Key Takeaways:

  • Developers spend roughly 30% to 39% of their time coding and maintaining APIs.
  • 69% of developers spend 10 or more hours per week strictly on API-related tasks.
  • The average annual integration maintenance tax runs between 10% and 20% of the initial development cost.

The initial build phase of an API integration is deceivingly simple. Connecting to a REST endpoint, handling a basic OAuth flow, and mapping a few fields takes a competent senior engineer a few days—often leading to the "I can build that by Friday" trap. The financial drain comes from what happens between months 6 and 36 after the integration goes live, which drastically impacts your Total Cost of Ownership (TCO).

According to MuleSoft's Connectivity Benchmark Report, 39% of developer time is currently spent creating custom integrations. Furthermore, a report by Nordic APIs found developers spend approximately 30% of their time coding and maintaining APIs, pulling them directly away from core product features. Postman's State of the API report corroborates this, finding that 69% of developers spend 10 or more hours per week strictly on API-related tasks. If you have a team of 6 engineers, that is the equivalent of carrying over 2 full-time integration engineers—whether or not your org chart acknowledges it.

When you build point-to-point integrations, you are not just writing code; you are taking on the operational burden of monitoring third-party schema changes, handling undocumented rate limits, managing OAuth token refresh lifecycles, and normalizing pagination strategies across dozens of unique providers. Multiply that across 30 connectors, and you have a permanent tax on every sprint.

What causes this integration drag?

  • API drift: Salesforce deprecates v52 endpoints. HubSpot moves CRM cards. NetSuite rotates SuiteQL behavior. Each requires a manual patch.
  • OAuth token failures: Refresh tokens expire silently. Tenants revoke access. Customers do not notice until a critical sync fails at quarter-end.
  • Webhook drift: Providers change payload shapes, signing schemes, or retry behavior without publishing changelog entries.
  • Per-tenant custom fields: Salesforce, in particular, forces you to build a dynamic field-discovery layer for every single customer that utilizes custom objects.

A single multi-category unified API consolidates this maintenance into one vendor relationship—assuming the vendor's architecture can actually absorb the change without forcing you to redeploy your own code.

Key Evaluation Criteria for Multi-Category Integration Selection

When evaluating a SaaS integration platform, product managers must look past the marketing logos and interrogate the underlying architecture. Skip anything that does not map to a real production risk. Here is the framework for evaluating vendors in 2026.

1. Data Retention: Pass-Through vs. Synchronization

The single most significant architectural fork in the unified API market is how platforms handle third-party data. There are two primary camps:

  • Synchronization (Sync-and-Store) Architectures: The vendor continuously polls third-party APIs, normalizes the data, stores it in their own managed databases, and then serves it to your application. While this makes querying fast, it introduces massive security liabilities. You are effectively copying your customers' most sensitive HR records, CRM contacts, and accounting ledgers into a third-party vendor's infrastructure. This creates a new sub-processor holding sensitive data, lengthening your Data Protection Impact Assessments (DPIA) and stalling enterprise security reviews.
  • Pass-Through (Real-Time) Architectures: The unified API acts as a stateless proxy. It executes requests in real-time, translating your standardized request into the provider's native format, fetching the data, mapping the response, and returning it to your application without ever storing the payload at rest. No customer SaaS data sits in the vendor's database. For compliance-sensitive buyers (healthcare, finance, EU customers under GDPR), a zero data retention unified API is a mandatory requirement.

2. Custom Object and Field Support

Standardized data models work perfectly for basic use cases, but enterprise SaaS platforms are heavily customized. A standard CRM model might cover First Name, Last Name, and Email, but it will fail when an enterprise customer asks for the Deal__c.Regional_Tax_Status_VP__c field on a proprietary Salesforce object.

If a unified API forces you into a rigid, lowest-common-denominator schema, it is useless for deep product integrations. You must ask vendors:

  • Can I expose custom fields through the unified contract per-customer, without a code deploy on the vendor side?
  • Can I override the unified schema for a single tenant?
  • Is there a pass-through / proxy endpoint for fields the unified model doesn't cover?

If the answer to any of these is "open a feature request," your enterprise pipeline is going to stall. For a deep technical explanation, see /why-unified-data-models-break-on-custom-salesforce-objects-and-how-jsonata-transformations-solve-it/.

3. Transparent Rate Limit and Error Handling

Third-party APIs enforce strict rate limits to protect their infrastructure. Watch how the vendor handles HTTP 429 (Too Many Requests) errors. Two patterns exist:

  • Absorb and retry: The platform silently queues, throttles, and retries the request behind the scenes on your behalf. This sounds convenient until you realize you have zero visibility into when a write actually lands. This creates a distributed systems nightmare and ambiguous timing semantics, making it dangerous for non-idempotent writes.
  • Pass-through transparency: The platform forwards the upstream rate limit error directly to you, normalizing the upstream rate limit info into standardized IETF headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset). This ensures your engineering team retains full control over retry logic, exponential backoff, and circuit breaker implementation.
Tip

Ask vendors: "When a third-party API returns 429, do you retry it on my behalf, or pass it through with the upstream rate limit headers normalized?" The answer reveals their entire reliability philosophy.

4. Webhooks and Event Normalization

Does the vendor offer real webhooks from providers, or do they fake "real-time" behavior with high-frequency polling? Polling is fine for a daily HRIS employee sync. It is absolutely not fine for real-time support ticket updates that drive on-call alerts or immediate CRM lead routing.

5. Pricing Model

Watch out for per-connection pricing layered on top of per-API-call pricing. A platform that charges you a fixed monthly fee for every tenant you connect punishes you for growth. A customer syncing 10 records costs you the same as a customer syncing 10,000. Model this out at scale, as per-connection pricing can quickly invert your unit economics. See our guide on /what-is-the-cheapest-unified-api-platform-2026-pricing-breakdown/.

6. Migration Cost and OAuth App Ownership

If you have to migrate away from the vendor later, can you keep your OAuth credentials? OAuth app ownership matters. If the vendor owns the OAuth client ID, your tenants will be forced to re-authenticate when you switch platforms. This introduces a massive friction point that kills migration projects. Always ensure you can bring your own OAuth client ID.

Comparing the Top Unified API Platforms in 2026

Based on the evaluation criteria above, here is an objective architectural comparison of the competitive landscape for multi-category unified APIs. Focus on architecture, not just feature counts, to determine which unified API is best for your enterprise SaaS.

Platform Architecture Data retention Categories Custom objects
Merge Sync-and-store (polling-heavy) Stores normalized data HRIS, ATS, CRM, Ticketing, Accounting, File Storage Supported via remote data
Apideck Hybrid (real-time + cached) Caches selectively Accounting, CRM, HRIS, ATS, File Storage Custom field mapping
Unified.to Pass-through emphasis Minimal data at rest CRM, HRIS, ATS, Ticketing, Messaging Provider-specific
Knit Pass-through (zero storage) No data at rest Strong in HRIS, ATS Limited multi-category breadth
Truto Pass-through, declarative No third-party SaaS data at rest CRM, HRIS, ATS, Accounting, Ticketing, MDM, Knowledge Base, more Per-customer JSONata overrides, raw proxy

Architectural Deep Dive by Platform

Merge: Merge is one of the most recognized names in the unified API space, offering broad coverage across multiple software categories with highly mature enterprise tooling. However, Merge relies heavily on a data synchronization architecture. It ingests and stores third-party data in its own infrastructure. While this makes querying fast, it introduces significant data residency and compliance hurdles for teams that cannot allow third-party data retention.

Apideck: Apideck provides a developer-friendly multi-category unified API with a strong historical focus on accounting and CRM integrations. They offer a hybrid mix of real-time passthrough and caching, but default to polling-based syncs for webhooks unless upgraded to specific enterprise tiers. It requires careful configuration to ensure data is not inadvertently cached if strict compliance is required.

Unified.to: Unified.to is a multi-category provider that heavily emphasizes real-time data access. They utilize a pass-through architecture that avoids storing customer data at rest, making them a strong candidate for teams looking for real-time reads and writes without the overhead of bulk data synchronization.

Knit: Knit is focused strongly on the HRIS and ATS categories, catering specifically to security-conscious buyers. Knit operates a strict zero-storage architecture, ensuring they do not retain third-party data. While their security posture is excellent, their category breadth is narrower, making them less ideal if you need a single platform that also covers complex accounting, ticketing, or CRM integrations.

The meaningful divide across the industry is sync-and-store vs pass-through, and rigid schemas vs declarative overrides. Sync platforms give you predictable read latency at the cost of holding your customers' data. Pass-through platforms keep you closer to the source of truth but inherit upstream API quirks.

flowchart LR
    A[Your App] -->|GET /crm/contacts| B{Unified API}
    B -->|Sync-and-store| C[(Vendor DB<br>copy of customer data)]
    C -->|periodic poll| D[Salesforce / HubSpot]
    B -->|Pass-through| E[Real-time proxy]
    E -->|live request| D

When to Choose Pass-Through vs. Cached Unified APIs

The pass-through vs. cached decision is the single most consequential architectural choice you will make, and it maps directly to your compliance posture and your write semantics. There is no universally right answer; there is only the answer that matches your buyer.

Choose a cached (sync-and-store) architecture when:

  • Your primary access pattern is high-volume analytical reads over historical data (BI dashboards, cohort analysis, long time windows).
  • You need sub-50ms latency on lookups that would otherwise require multiple third-party API round trips.
  • Your customers do not have strict data residency, subprocessor, or DPIA constraints.
  • You can tolerate sync lag - typically anywhere from one minute to 24 hours depending on the provider and tier.
  • Your product is read-heavy. Writes through a cached layer usually degrade to fire-and-forget or eventual-consistency semantics.

Choose a pass-through (real-time) architecture when:

  • Your buyers are in finance, healthcare, EU/UK, or any regulated vertical with strict subprocessor rules.
  • Your product performs writes (create leads, update tickets, post journal entries, sync employees) and needs unambiguous confirmation semantics.
  • Freshness matters more than raw read latency. You need to see what the source system shows right now, not what it showed 15 minutes ago.
  • You want to shorten enterprise security-review cycles by removing "third-party stores our customers' SaaS data" from every DPIA.
  • You need per-tenant custom fields exposed without redeploying either your code or the vendor's.

Specifically: the Merge.dev security and data-storage question

This is where the Merge evaluation gets concrete. Merge's architecture is sync-and-store: it polls provider APIs on a schedule, normalizes the data into its unified models, and stores that data in its own managed infrastructure. Reads are served from that copy. That design is why Merge can offer fast list endpoints and rich cross-provider filtering out of the box. It is also why Merge shows up as a data subprocessor holding your customers' HR records, CRM contacts, or accounting ledgers on every enterprise security questionnaire you fill out.

If your buyers push back on that model - and healthcare, fintech, and EU-headquartered enterprises consistently do - the honest alternatives are pass-through unified APIs: Truto, Unified.to, and Knit. These platforms proxy every request in real time and only persist OAuth tokens plus configuration, not the underlying SaaS records. If "we don't want another subprocessor storing our customers' data" is a hard requirement, a pass-through vendor removes the objection entirely rather than trying to negotiate around it.

Mapping Models: Declarative vs. Code-First

Every unified API has to translate between the provider's native shape and your unified contract. There are two dominant approaches, and they have very different maintenance profiles at scale.

Code-first (strategy pattern)

Each integration is a class or module implementing a common interface. Adding a provider means writing a new adapter, adding tests, running CI, and shipping a deploy. This is what most legacy unified APIs still use under the hood.

// Code-first adapter pattern (illustrative)
interface ContactAdapter {
  list(params: ListParams): Promise<UnifiedContact[]>
  create(body: UnifiedContact): Promise<UnifiedContact>
}
 
class HubSpotContactAdapter implements ContactAdapter {
  async list(params: ListParams): Promise<UnifiedContact[]> {
    const raw = await this.client.get('/crm/v3/objects/contacts', {
      properties: params.fields ?? DEFAULT_PROPS,
      after: params.cursor,
    })
    return raw.results.map((r) => ({
      id: r.id,
      first_name: r.properties.firstname,
      last_name: r.properties.lastname,
      email_addresses: r.properties.email
        ? [{ email: r.properties.email, is_primary: true }]
        : [],
      // ...30 more field mappings, per-tenant conditionals, custom field logic
    }))
  }
}
 
class SalesforceContactAdapter implements ContactAdapter { /* another file */ }
class PipedriveContactAdapter implements ContactAdapter { /* another file */ }

The pattern works. It is also linear in effort. Every provider quirk (a new endpoint, a schema change, a tenant-specific custom object) becomes a code change. Per-customer customization is effectively impossible without forking, and "fix a bug in the pagination logic" means editing N adapters.

Declarative (expression-based mappings)

The mapping lives as a JSONata expression stored in the database. The runtime evaluates it at request time against the raw provider response. Adding a provider is a data operation; adding a tenant-specific override is a database row.

# Declarative HubSpot contacts response mapping
response_mapping: >-
  (
    $defaults := ["firstname", "lastname", "email", "phone"];
    $extras  := $difference($keys(response.properties), $defaults);
    {
      "id": response.id.$string(),
      "first_name": response.properties.firstname,
      "last_name":  response.properties.lastname,
      "email_addresses": response.properties.email
        ? [{ "email": response.properties.email, "is_primary": true }],
      "custom_fields": response.properties.$sift(
        function($v, $k) { $k in $extras }
      )
    }
  )

Because the mapping is data, three things become cheap:

  • A new provider is a config plus a set of expressions, not a deploy.
  • A per-tenant override is a database row that deep-merges over the base expression. Tenant A can see 47 extra Salesforce custom fields; Tenant B sees the default schema. Same code, different data.
  • A bug fix in pagination or auth handling flows to every integration at once because there is only one generic runtime.

The trade-off is real: your integration engineers need to learn JSONata, and untested expressions can drift from provider docs. A mature declarative platform ships a CLI that generates and validates expressions against live proxy samples so drift is caught before deploy. For a deeper technical discussion, see /blog/why-unified-data-models-break-on-custom-salesforce-objects-and-how-jsonata-transformations-solve-it/.

Which model fits which team?

Signal Code-first Declarative
Small provider count (<10), stable schemas Fine Also fine
Enterprise customers with custom Salesforce/NetSuite objects Painful (forks) Native (per-tenant overrides)
Need to ship a new obscure ATS this week Sprint Config change
Bug fix propagation across N providers N edits One edit
Engineer onboarding Familiar (TypeScript classes) Learning curve (JSONata)
Vendor lock-in risk High if adapters are proprietary Lower - expressions are portable

Pricing Models and Unit-Economics Worked Examples

Vendor pricing pages are optimized for the first-look demo, not for the shape of your actual usage. Model both dimensions before signing.

Model 1: Per linked-account (per-connection) pricing

Assume $50 per connected account per month, flat.

Tenants Monthly cost Annual cost Notes
100 $5,000 $60K Manageable at seed / Series A
500 $25,000 $300K Absorbs most of a fully-loaded engineer
1,000 $50,000 $600K Board-level line item
5,000 $250,000 $3M Same cost whether a tenant syncs 10 records or 10 million

Per-connection pricing rewards the vendor when your customer count grows, regardless of actual API usage. A dormant free-trial tenant costs the same as a heavy-usage enterprise tenant. This is why Merge's pricing tends to hurt product-led-growth companies with long free-trial tails.

Model 2: Per API call (metered) pricing

Assume $0.001 per unified API call.

Tenants Avg calls / tenant / month Monthly calls Monthly cost
100 5,000 500K $500
1,000 5,000 5M $5,000
1,000 50,000 50M $50,000
5,000 50,000 250M $250,000

Per-call pricing aligns cost with actual value delivered, but it punishes chatty integrations. A misconfigured polling loop or a leaky retry can 10x your bill in a week. Alert on unit cost per tenant, not just total spend.

Model 3: Hybrid (base fee plus metered overage)

Most enterprise contracts land here after negotiation: a fixed floor that covers a call bucket, then metered overage. Budget for the floor and stress-test the overage rate against a realistic (not pitch-deck) call volume.

How to actually run the model

  1. Take your current tenant count and 12-month growth plan.
  2. Pull actual API call counts per tenant from your logs. If you have not shipped yet, use 1,000-10,000 calls/tenant/month as a starting estimate for CRM-style products; HRIS is typically lower, ticketing is typically higher.
  3. Compute yearly cost under each vendor's public pricing at 1x, 3x, and 10x your current tenant count.
  4. Add security-review time cost for sync-and-store vendors. Enterprise DPIAs, subprocessor amendments, and legal review realistically add $30K to $100K of engineering plus legal time per enterprise deal.
  5. Compare against internal build cost: a fully-loaded senior integration engineer at roughly $250K/year, plus 30-40% of one engineer's time on maintenance per 20-30 connectors.

If your projected annual vendor cost exceeds one fully-loaded engineer, you are in build-vs-buy territory and need to justify the vendor on non-cost dimensions: compliance, time-to-market, coverage breadth, or per-tenant customization.

Migration Checklist and Security Questionnaire Template

If you are migrating off Merge, off an in-house integration layer, or between unified API vendors, walk this checklist before signing the new contract. Print it. Cross it off in a meeting.

Pre-migration technical checklist

  • Export the full list of connected tenants, their providers, and the last-known state of their OAuth tokens.
  • Confirm OAuth app ownership on the new vendor. Can you bring your own client ID and secret so tenants do not have to re-authenticate at cutover?
  • Map every field you currently consume from the old vendor's unified schema to the new vendor's schema. Flag every field that does not have a 1:1 equivalent. Decide: back-fill via override, expose via raw proxy, or drop.
  • Enumerate every custom field or custom object exposed per tenant today. Confirm the new vendor can express these declaratively without a vendor-side deploy.
  • List every webhook subscription in production. Confirm the new vendor supports real webhooks (not high-frequency polling) for those event types on those providers.
  • Document every write path (create, update, delete). Confirm the new vendor's write semantics: synchronous vs. async, idempotency keys, whether upstream errors surface to your code.
  • Compare rate-limit behavior. Does the new vendor pass 429s through with normalized IETF headers, or absorb and silently retry?
  • Run shadow-mode read comparison for 30 days: send every unified read to both vendors and diff the responses. Investigate every material discrepancy before cutover.
  • Plan the cutover per-tenant, not big-bang. Move a canary cohort first, watch the error budget, expand.
  • Confirm data-deletion SLA on the old vendor. If they stored your customers' SaaS data, get written confirmation of when it will be purged after disconnect.

Security questionnaire template

Send this exact list to every finalist vendor. Do not accept marketing-page answers; require pointers to specific documents or clauses.

  1. Please provide the standard DPA and a complete subprocessor list. Include each subprocessor's name, purpose, and hosting region.
  2. Where (region, cloud provider, service) is third-party SaaS data stored at rest, if anywhere? For how long? What is the deletion SLA when a tenant disconnects?
  3. What encryption is applied at rest and in transit? Which cipher suites? Which key management service? Do you support customer-managed keys (CMK / BYOK)?
  4. Do you offer a private cloud, VPC-peered, or on-prem / self-hosted deployment for regulated buyers?
  5. Provide the most recent SOC 2 Type II report, ISO 27001 certificate, and HIPAA BAA availability. Include the audit period and the auditor.
  6. What is your incident response SLA? What is your historical mean-time-to-notify for security events? Provide a redacted example post-mortem.
  7. Describe OAuth token handling end-to-end: at-rest encryption, refresh flow, revocation-on-disconnect, per-tenant isolation, and staff access controls.
  8. Is unified API traffic logged with request or response payloads? For how long? Who has access? Can we opt out?
  9. What is the exact HTTP behavior when an upstream provider returns 429, 5xx, or a schema-violating response? Do you retry silently, or surface the error?
  10. Can we bring our own OAuth client ID for every provider so a future migration does not force our tenants to re-authenticate?

Score each answer 1-5. Any "we'll get back to you" on questions 1, 2, or 5 is a slow-down signal. Any "we retry silently and there is no way to observe upstream failure" on question 9 is disqualifying for regulated buyers.

Info

For security reviewers: a vendor that stores third-party SaaS data at rest becomes a subprocessor holding your customers' HR records, financial ledgers, or CRM data. That triggers a full DPIA, subprocessor notification obligations under GDPR Article 28, and often a mandatory update to your customer contracts. A pass-through vendor that only stores OAuth tokens and configuration typically clears security review in weeks instead of quarters.

How Truto's Declarative Architecture Solves the Multi-Category Problem

Truto was engineered specifically to address the architectural flaws of legacy unified APIs. The platform handles over 100 third-party integrations without a single line of integration-specific code in its database or runtime logic.

Instead of writing hardcoded if (provider === 'hubspot') logic, Truto treats every integration as a declarative data operation, an architectural shift that eliminates integration-specific code. The runtime is a generic execution engine that reads JSON configuration blobs detailing how to authenticate and paginate, alongside YAML mappings using JSONata expressions to translate between Truto's unified models and the provider's native fields. You can learn exactly how this works in our guide on /zero-integration-specific-code-how-to-ship-new-api-connectors-as-data-only-operations/.

What this means in practice for your engineering team:

  • New providers ship without code deploys: Adding an obscure ATS your enterprise prospect demands is a configuration operation, not an engineering sprint.
  • Per-customer schema overrides: If one tenant has 47 custom Salesforce fields, Truto's JSONata-powered unified models allow you to map them for that specific tenant without touching the global schema or writing new code. See how the /per-customer-api-mappings-3-level-overrides-for-enterprise-saas/ system works.
  • No third-party SaaS data at rest: Requests proxy in real-time. Tokens and configuration sit securely in the platform; your customers' actual SaaS records do not. This allows you to build deep, native integrations while maintaining strict SOC 2, GDPR, and HIPAA compliance.

Furthermore, Truto embraces radical transparency for API operations, explicitly taking the pass-through stance on rate limits. When an upstream provider returns an HTTP 429, Truto does not silently absorb it. Instead, Truto passes it back to you, normalizing the upstream rate limit info into standard IETF headers so your retry logic works uniformly across providers:

HTTP/1.1 429 Too Many Requests
ratelimit-limit: 1000
ratelimit-remaining: 0
ratelimit-reset: 47

Your code reads three predictable headers regardless of whether the upstream is Salesforce, HubSpot, or NetSuite. Retry, exponential backoff, and circuit breaker logic stay in your application layer where you control them. That is a deliberate architectural choice—it keeps write semantics unambiguous.

Warning

If a vendor claims to "handle all rate limits for you," ask exactly what happens to a write that gets 429'd mid-transaction. The honest answer is usually "we queue it and retry," which is fine for idempotent reads but incredibly dangerous for non-idempotent writes.

The Decision Framework: Match Architecture to Your Risk Profile

Most evaluations fail because PMs over-index on feature lists ("Do you support Workday?") and under-index on architecture ("How do you handle a Workday tenant with 200 custom fields and a quarterly schema change?"). The architecture question determines whether you ship one integration or fifty.

Run this checklist before signing a contract:

  1. Does the vendor store our customers' third-party SaaS data at rest? If yes, get a list of every region, sub-processor, and retention policy. Add a month to your security review timeline.
  2. Can we customize the unified schema per tenant without a vendor code deploy? If not, your enterprise deals will hit a custom-field cliff.
  3. What is the OAuth app ownership model? If the vendor owns the client ID, you are locked in. If you bring your own, you can migrate. See /oauth-app-ownership-explained-how-to-switch-unified-api-providers-without-re-authenticating-customers/.
  4. How are HTTP 429s handled? Pass-through with normalized headers, or absorbed with opaque retries?
  5. What is the actual webhook story per provider? Real webhooks or polling pretending to be real-time?
  6. What is the per-connection price at 1,000 tenants? Model it out. Per-connection pricing models can flip your unit economics at scale.

Where to Go From Here

Narrow your shortlist to two vendors that match your risk profile on data retention, then run a 14-day proof-of-concept against your hardest customer's SaaS stack. Pick the customer with the weirdest custom fields, the strictest security review, and the most aggressive rate limit. If the platform survives that scenario, it will survive your roadmap.

If compliance and per-customer customization are non-negotiable for your buyers, a declarative, pass-through architecture is the architecturally honest choice. If sub-50ms read latency on enormous datasets matters more than data residency, a sync-and-store provider may be the right call—just price the security review accordingly.

FAQ

What are the best alternatives to Merge.dev that don't store customer SaaS data?
The pass-through alternatives to Merge are Truto, Unified.to, and Knit. All three proxy requests in real time and persist only OAuth tokens and configuration rather than your customers' underlying HR, CRM, or accounting records. Truto adds per-tenant declarative overrides via JSONata for custom Salesforce fields and objects; Knit is narrower in category breadth but strong for HRIS and ATS; Unified.to is broad and emphasizes minimal data at rest. Merge itself is sync-and-store, which makes it a subprocessor holding customer SaaS data on every enterprise security review.
How does Merge API's security and data storage architecture actually work?
Merge uses a sync-and-store architecture. It polls each connected provider on a schedule, normalizes the payloads into its unified models, and stores that copy in its own managed infrastructure. Reads are served from Merge's copy rather than from the source system in real time. This gives predictable read latency and rich filtering, but it also makes Merge a data subprocessor that must be disclosed in your DPA, added to subprocessor notifications under GDPR Article 28, and reviewed as part of your customers' DPIAs.
What should a security reviewer request from a unified API vendor?
Request: the standard DPA and a complete named subprocessor list with hosting regions; a written statement of what third-party SaaS data is stored at rest, where, and for how long; the encryption scheme at rest and in transit plus KMS/BYOK support; on-prem, VPC-peered, or private-cloud deployment options; the most recent SOC 2 Type II report and ISO 27001 certificate; HIPAA BAA availability if applicable; the incident-response SLA and mean-time-to-notify; and OAuth token handling details including revocation-on-disconnect and per-tenant isolation.
When should I choose a pass-through unified API over a cached (sync-and-store) one?
Choose pass-through when your buyers are in regulated verticals (finance, healthcare, EU/UK), when your product performs writes that need unambiguous confirmation semantics, when freshness matters more than raw read latency, or when per-tenant custom fields need to be exposed without vendor-side deploys. Choose sync-and-store when your primary workload is high-volume analytical reads over historical data, you can tolerate minutes-to-hours of sync lag, and your customers have no strict subprocessor or data-residency constraints.
How do I model the total cost of a unified API at 1,000 tenants?
Model three variables: (1) per-connection cost times tenant count (at $50/connection/month and 1,000 tenants, that is $600K/year regardless of usage); (2) per-call cost times realistic call volume (at $0.001/call and 5,000 calls/tenant/month across 1,000 tenants, that is $60K/year); and (3) hidden security-review cost, which realistically adds $30K-$100K of engineering plus legal time per enterprise deal if the vendor stores your customers' SaaS data. Compare the total against a fully-loaded integration engineer at roughly $250K/year before deciding build vs. buy.
Can I migrate off my current unified API vendor without forcing customers to re-authenticate?
Only if you own the OAuth client ID for every provider. If the vendor owns the client ID, every tenant must go through the provider's consent screen again on the new vendor's app. Before signing any unified API contract, confirm in writing that you can bring your own OAuth app for every provider. This one clause determines whether a future migration is a weekend cutover or a multi-quarter re-consent campaign.

More from our Blog