Crescentek

API Integrations

Custom integrations where no plugin exists.

Two systems that need to talk, and no off-the-shelf connector between them. We build the API layer — REST, GraphQL, webhooks, WebSockets, or SOAP — with authentication, rate-limiting, retry logic and monitoring baked in.

OAuth, API keys, mTLS
Retry with exponential backoff
Versioned & documented
crescentek@api — zsh
200ms avg
$curlPOST/api/v1/customers
Request
request 1/4
Protocols we build with

Five protocols cover almost everything.

Which one is right depends on the volume, the latency needs, and what the other system actually supports. We'll tell you upfront — and pick the right tool even when it's the less fashionable one.

REST APIs
HTTP + JSON, the default
GraphQL
Flexible queries, single endpoint
Webhooks
Event-driven push
WebSockets
Real-time bidirectional
SOAP / XML
Enterprise legacy systems
APILayer
REST APIs
GraphQL
Webhooks
WebSockets
SOAP / XML
Spec sheet

What a production API integration actually includes.

Authentication
OAuth 2.0 / API keys / JWT / mTLS
Rotated secrets, refresh flows, token caching with TTL, secure storage in key vault — never committed to version control.
Rate limiting
Client + server-side, token bucket
Respect upstream rate limits, expose ours to clients, graceful 429 handling with Retry-After headers that actually work.
Retry logic
Exponential backoff + jitter
Idempotent operations retried up to 5× with spreading delays. Non-idempotent operations logged, not retried blindly.
Error handling
Typed errors, circuit breaker
Failures categorised (transient vs permanent), circuit breaks open on persistent failures, dead-letter queue for manual review.
Observability
OpenTelemetry traces + metrics
Every request traced end-to-end, latency percentiles, error rates by endpoint, alerts on SLA breaches — visible in your dashboard.
Versioning
URI or header-based versioning
v1 endpoints don't break when v2 ships. Deprecation windows honoured. Breaking changes communicated in advance with migration guides.
Documentation
OpenAPI / Swagger, auto-generated
Live docs from code. Every endpoint, every parameter, example requests and responses. Your dev team (or their successor) can pick up in a day.
Testing
Contract tests + live smoke tests
Integration tests against real APIs in sandbox. Scheduled smoke tests in production. Break early, alert fast, fix before users notice.
Common problems clients bring us

Real integrations we've built.

Two systems
WooCommerce → Sage 200
Orders, products, stock, customers syncing bi-directionally every 5 minutes. Stock decrements on order, stock additions push to WooCommerce.
Custom API
Legacy PHP app → mobile app
Built a REST API layer over a 10-year-old PHP monolith, enabled a native iOS/Android app to consume it without touching the legacy code.
Real-time
IoT sensor → dashboard
WebSocket ingestion of sensor data from manufacturing floor, live dashboard rendering on operations screens, alerts to Slack on threshold breaches.
Webhooks
Stripe → accounting + CRM + email
Single Stripe webhook fans out to Sage (invoice), HubSpot (deal), Mailchimp (customer tag) and Slack (team notification) — idempotent and retry-safe.
Legacy
SOAP wrapper for modern frontend
Third-party supplier only offered SOAP. We built a REST proxy that translates JSON requests to SOAP calls, with caching layer to cut response times.
GraphQL
Unified API across 4 microservices
Single GraphQL gateway aggregating user, product, order and content services. Frontend team moved from 4 backend calls to 1 with exact fields needed.
Our honest framework

When to build custom. When to use Zapier / Make / n8n.

Not everything needs custom code. Here's how we decide.

Use iPaaS (Zapier, Make, n8n)
Low to medium event volume (<10k events/month)
Off-the-shelf connectors already exist for both systems
Non-developers in the team need to tweak the logic
Speed to launch matters more than cost per event
Acceptable to have platform dependency & monthly fees
Build custom (what we do)
High event volume or strict latency requirements
Complex business logic that iPaaS can't model cleanly
No off-the-shelf connector exists (very common)
Per-event iPaaS cost is higher than build cost long-term
You want to own the infrastructure and data flow
Honest caveat: Most clients who come to us already using Zapier heavily don't need to migrate everything to custom. Usually 1–2 critical flows move to custom, the rest stay in Zapier. Total cost comes down, reliability goes up.
Frequently asked

API integration questions.

Very common. We allocate budget for API exploration and spike work before committing to a timeline. We test against sandbox thoroughly, document what we find, and build in resilience (retries, fallbacks, error queues) expecting failure.
You do. All code is delivered to your repository (GitHub, GitLab, Bitbucket), infrastructure is deployed to your cloud account (or ours initially if you prefer). We can hand over fully, maintain on retainer, or anywhere in between.
Yes — we've gone through certification for Amazon Marketplace, Stripe Connect, HubSpot App Marketplace, and others. We'll factor that timeline into the project plan. It typically adds 2–6 weeks depending on the partner.
We monitor release notes, subscribe to changelogs, and test against sandbox changes. Breaking changes are planned ahead of enforced deadlines. We include ongoing maintenance in our retainers for exactly this reason.
We build those too — full lifecycle: API design, OpenAPI spec, developer portal, API key management, rate limiting, usage analytics, billing if relevant. Same engineering standards as internal integrations.
Related services

Often builds into

Workflow Automation
Multi-step cross-system automations
Custom Systems
Full bespoke platforms
CRM Integration
Connect your sales stack

Got two systems that need to talk?

Tell us which systems, what events you need to sync, and what failure mode you're seeing now. We'll come back with a design doc, a phased timeline, and a realistic fixed quote.

Security-first design
2–12 week scopes
Code handed over to you