Cursor integrates with GitHub to launch BugBot on every PR. Notion AI integrates with Slack and Google Drive to search across your team's entire knowledge base. Zoom integrates with Google Calendar to keep your meeting schedule in sync.

Modern B2B AI and SaaS products all integrate with other tools their customers are using. With the emergence of agents and AI-assisted coding, building these integration features is no longer a months-long epic. But you may have noticed that agents are extremely good at implementing certain features, but inconsistent at building other types.

At the current state of agentic coding, integrations are still not an easy problem to automate and build in-house. At Paragon, we use agentic coding tools ourselves to build solutions that avoid niche pain points and abstract complex integration code that unsteered agents can implement incorrectly.

With building integrations in-house, you avoid vendor lock-in, control how integrations are implemented, and potentially have more observability when integration errors occur on your infrastructure. Using a vendor has tradeoffs where you are dependent on their team for SLAs, fixes, and features you may need.

On the other hand, choosing a vendor like Paragon and building on top of the established platform,

1. You can build without worrying about integration-specific edge cases, rate limits, token policies, etc. across the integrations you want to build for. Paragon manages these details and infrastructure, all with guaranteed performance and security, battle-tested through our experiences working with enterprise customers.

2. You offload maintenance to Paragon. We take care of API drift, breaking changes, and refactoring integration logic in perpetuity when 3rd-party APIs and webhooks inevitably change.

3. You can focus on shipping core product features while Paragon handles integration pain points. With agentic coding, code output has been shifted into hyperdrive, but you still need to decide how to allocate engineering resource.

Despite these benefits, the tradeoffs between building integrations and buying Paragon are not straightforward. This guide walks through the integration development process from both sides, end-to-end.

Integrations start with authentication

Integrating with any 3rd-party provider, like Slack or Notion, starts with:

1. Providing an interface for your users to log in to that integration from your product

2. Grabbing the access and refresh tokens from the 3rd-party API

3. Storing those tokens securely for use whenever your app takes an integration action on a user's behalf

Building in-house

Every 3rd-party provider is a snowflake with their own unique OAuth flows, endpoints, and token policies. Building integrations in-house means building fluency with each provider's documentation and API, and this process can be arduous.

With agents, building authentication for integrations can be seamless.

• Popular integrations will have documentation that an LLM may have been trained on

• Integrations that follow standard OAuth practices can take just light testing (pictured below)

But for the long tail of smaller integrations, relying on agents to one-shot authentication without context from documentation can be like rolling dice. And there are certain integrations that don't follow standard OAuth practices (like the one pictured above) that an agent will struggle with without the right steering.

For example, Salesforce's integration isn't just credential-based; they also have an installation component with a managed app/package. NetSuite supports multiple authentication patterns: OAuth, token-based, and client credentials. Adobe Experience Manager uses OAuth server-to-server instead of JWTs.

After acquiring your users' credentials, you have to be sure these credentials are both valid and secure. Just as there are different patterns that 3rd-parties have for acquiring access tokens, they have different patterns for refreshing them. Slack can have access tokens that never expire, whereas Salesforce has unclear expiration policies, so you may have to hit a 401 status to know when to refresh.

An experienced engineer can build secure integrations with a careful eye on an agent, but authentication and security are components you do not want to vibe-code. There are already horror stories from apps like Tea’s data leak and Moltbook’s exposed API keys where vibe-coded authentication and security go wrong. If your app is trusted to hold your users’ integration credentials, security breaches can be disastrous as bad actors can then access all of your customers’ 3rd-party data.

Building on Paragon

Paragon takes care of all the different 3rd-party providers' authentication patterns and policies so you can immediately start working with the integration's API with your user's credentials.

Using Paragon's Connect Portal, you can quickly embed our pre-built UI into your frontend that takes users through the OAuth flow for any integration. The Connect Portal also offers configuration options and dropdowns to capture unique integration configurations like Salesforce custom fields or Shopify domains. We also support a Headless Connect Portal for connecting your users with your own UI components.

After your user logs in to their integration, Paragon stores their access and refresh tokens securely. Whenever you perform an integration action, call their API, or receive webhooks for a user, Paragon ensures a valid credential is used for the request to go through.

3rd-party APIs and Webhooks

Authenticating to an integration is like getting the keys to the car, but now your application needs to drive your user somewhere. Integration features need to leverage the 3rd-party's:

• API to interact with your users' integration data

• webhooks to react to your users' integration event

Building in-house

Agents have made working with many 3rd-party APIs and webhooks significantly easier. For popular 3rd-parties, an LLM may have been pre-trained on their documentation. For others, your agent probably has a harness with web search that can read well-structured documentation.

Calling APIs and subscribing to a webhook is the easy part; it's testing API functionality and maintaining those API interactions in your codebase that's the hard part.

Certain integrations make it difficult to obtain developer or test accounts to validate API calls. Integrations like Workday and BambooHR make it extremely hard to acquire a test account. Jira's test accounts expire after a certain duration of inactivity.

After developing and testing, maintenance and tech debt become real. The speed of agents has only made this problem more real. According to prospects and customers we talk to,

“Integration code rots faster than any other code in your codebase.”

You not only need to worry about your own API changes, but changes in the downstream integration provider's API as well.

Building with Paragon

Building with Paragon doesn't mean not using agents. In fact, our documentation and APIs were designed to be extremely agent-friendly, with unified APIs and interfaces that agents can implement without the need for different sources of context.

Imagine implementing a RAG pipeline that can sync data with Google Drive, Box, and SharePoint. Instead of working with three different sources of documentation and three different APIs, Paragon's Managed Sync is one API to spin up data pipelines for each integration and normalizes the file data across file storage integrations.

//Google Drive Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync\
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "googledrive",
  "pipeline": "files",
  "configuration": {}
}'
//Sharepoint Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "sharepoint",
  "pipeline": "files",
  "configuration": {}
}'
//Box Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "box",
  "pipeline": "files",
  "configuration": {}
}'

//Google Drive Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync\
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "googledrive",
  "pipeline": "files",
  "configuration": {}
}'
//Sharepoint Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "sharepoint",
  "pipeline": "files",
  "configuration": {}
}'
//Box Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "box",
  "pipeline": "files",
  "configuration": {}
}'

//Google Drive Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync\
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "googledrive",
  "pipeline": "files",
  "configuration": {}
}'
//Sharepoint Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "sharepoint",
  "pipeline": "files",
  "configuration": {}
}'
//Box Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "box",
  "pipeline": "files",
  "configuration": {}
}'

//Google Drive Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync\
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "googledrive",
  "pipeline": "files",
  "configuration": {}
}'
//Sharepoint Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "sharepoint",
  "pipeline": "files",
  "configuration": {}
}'
//Box Sync Pipeline
curl --request POST https://managed-sync.useparagon.com/sync \
  --header 'Authorization: Bearer <token>' \
  --data '{
  "integration": "box",
  "pipeline": "files",
  "configuration": {}
}'

In addition to the unification of different integration APIs, Paragon also provides abstractions for common integration use cases. Paragon's Managed Sync is packaged with the Permissions API, an abstraction that builds a permissions graph for all of your file storage integrations like the ones above, so you can check permissions on any synced file. All of the logic your agents need to write and engineers need to review is cut down, where ingesting your users' data and reconciling those user permissions for use cases like RAG can be done in 2 APIs.

ActionKit, with Tools and Triggers, is another set of APIs to interact with any integration provider via pre-built Tools and react to any integration event via Triggers. Both the Tools API and Triggers API are unified interfaces.

1. Call Tools to any integration with the same API, like SEARCH_SLACK_MESSAGES and CREATE_HUBSPOT_CONTACT

2. Triggers provides a single subscription model to standardize webhook delivery across integrations - subscribe to SLACK_MESSAGE_SENT and GITHUB_PR_CREATED with the same retry, rate limit, verification, and tracing policies

Lastly, Paragon Workflows are an abstraction built on top of Paragon's workflow engine for durable, asynchronous jobs. Workflows allow even non-technical users to define automations with pre-built integration actions (like the ones in ActionKit) that can be triggered via API, CRON schedule, or integration event.

Paragon’s QA team works around the clock, monitoring 3rd-party API changes, validating APIs and webhooks with our repository of test accounts for every integration, and testing new Paragon abstractions. In short, Paragon tests and maintains the underlying integration APIs for all of our Sync Pipelines, Actions, and Workflows so you don't have to. With Paragon:

1. Your agents build faster with unified APIs and simple abstractions for complex tasks

2. Your engineers can review and merge code faster, all without worrying about API drift down the line

3. Your product team can ship integrations and bring them to market 7 times faster

It's how a customer like Appsmith can ship new integrations in just one day. Appsmith has shipped dozens of integrations in their internal application builder, with less engineering resources, and resulting in higher user retention.

Monitoring & Observability

After your integrations hit production, you need to be able to monitor integration errors and track usage. Your on-call teams should have observability into when integration APIs fail, when users experience authentication errors, and how your integration infrastructure is performing.

Building In-House

Integrations introduce a larger surface area for errors from 3rd-party APIs that not all of your engineers will be familiar with. Debugging integrations has always been more difficult than debugging code in your existing codebase as each integration provider has their own respective authentication errors, error messages, and gotchas.

Imagine your application has Slack and Salesforce integrations. Slack has strict rate limits on many of their endpoints, like their search.messages endpoint, while Salesforce can face access token errors when too many tokens are requested by the same tenant. These errors can be hard to monitor, understand, and debug for engineers that are unfamiliar with these integrations. Capturing these errors in easy-to-read formats in your logging tools will make debugging different integration errors easier for on-call teams.

Many of our customers also rely on performance dashboards (Grafana) to make sure their integration performance isn't bottle-necked by specific services. Building these logging tools and performance dashboards can be like building separate services that require their own development, testing, maintenance, and deployment.

Building on Paragon

With Paragon, all integration events are unified under a unified monitoring platform, making debugging user-specific errors easier. With Event Logs, Paragon captures:

• All authentication events like Integration Enabled events, User Credential Refreshes, and any associated errors

• Third-party webhook events so you can easily trace when events may have been missed for specific users

• API calls to the integration provider through all of Paragon's products: ActionKit, Managed Sync, and Workflows

Paragon also supports Event Destinations to stream these logs to any of your observability platforms like DataDog or Sentry.

For on-prem/self-hosted Paragon instances, our engineering team developed and packaged specialized services and dashboards for performance and infrastructure monitoring. Leveraging Grafana, Prometheus, and other data exporters, you can monitor metrics and set alarms for different services, queues, and databases to catch any bottlenecks and opportunities for cloud savings (read more about how to self-host Paragon for data ownership, security, and performance).

Paragon's engineering team is happy to set these up for you for self-hosting Paragon without the DevOps lift.

Integration Infrastructure

Building integrations end-to-end means building services for authentication, APIs, webhooks, and monitoring. Each of these components relies on one another and needs to be hosted on a well-architected system.

Building In-House

Building in-house doesn't mean just building the logic to handle integration authentication and logic, it's architecting an entire system that can scale with your customer's usage. Integrations may not be core to your product, but the infrastructure need to be just as robust.

For example, your webhook infrastructure needs to be able to quickly scale with heavy loads, as certain 3rd-party providers like Shopify can send thousands of webhook events in a short amount of time, almost like a DDoS attack.

Another example, for large-scale data syncs where you want to keep a replica of Google Drive file data in your infrastructure (like a vector database), you will need polling services that run on high-frequency CRON jobs. The polling service may have to trigger and scale up data ingestion services that start pulling the data using Google Drive APIs.

Agents may be able to quickly write the logic for these services, but you'll need engineers collaborating on system design and architecture, DevOps resources to write Terraform scripts to reliably deploy infrastructure, a QA team to validate that these services are resilient to spiky loads, scale correctly, and do not cause bottlenecks from your different tenants.

Architecting systems, DevOps, and QA are resource-intensive functions that can’t be automated with agents yet. They eat up valuable engineering time that could otherwise be saved when using Paragon to manage your integration infrastructure.

Building on Paragon

Using any of Paragon's purpose-built abstractions - ActionKit for integration actions and webhooks, Managed Sync for data ingestion and permissions, Workflows for flexible async jobs - you can just build integration logic and actions without worrying about authentication, performance, scaling, or the underlying infrastructure.

Paragon's abstractions (i.e. ActionKit, Managed Sync, Workflows) make it easy to work with integrations by obfuscating the infrastructure required for certain integration features. For example, Salesforce doesn't have native support for webhooks when new records are created, updated, or deleted. To support webhooks for our users, Paragon has high-frequency polling infrastructure to poll Salesforce's API for changes and send webhook events with retries and validation. You can use these Salesforce webhooks on Paragon without worrying about setting up and scaling any of the polling infrastructure.

Paragon manages all of your integration infrastructure services with an architecture that's been pre-vetted in our QA environments, where we have access to test accounts for every integration we offer, and battle-tested by production workloads.

Paragon's infrastructure allows our users to handle 10M+ requests per month with basically no downtime (status page) and with different ways to host. Paragon is available on our cloud infrastructure, on-prem in your VPC, or even forward-deployed in your customers' cloud environments.

For self-hosted and forward-deployed Paragon instances, Paragon's engineering team has installers and helm charts to deploy to AWS, GCP, and Azure. Our team has also pre-built monitoring dashboards so you can monitor infrastructure health and cost, so your DevOps team can save the cloud and Kubernetes headaches.

Our users leverage agents to quickly implement Paragon's APIs, with trust that the AI-written code is running on infrastructure of the highest security and performance standards. Customers like Zendesk and Postman trust Paragon to handle their enterprise-level workloads.

Wrapping Up

Building end-to-end integrations means handling authentication, 3rd-party APIs, webhooks, and monitoring - all running on performant infrastructure.

Building your integrations in-house, you have more control over implementation details and are not reliant on any integration platform. But it can also mean:

1. Building with agents isn't as fast or secure as using Paragon's platform, hardened by experience and a team focused on the integrations challenge

2. You have to maintain these integrations and infrastructure in perpetuity

3. You have to divert resources away from core-product work

Building on top of Paragon, agents can implement and ship production-grade integrations faster while keeping tech debt and maintenance costs much lower.

We know that every team's integration roadmap and use cases are different. Schedule a call with our team with any questions you have on your team's integrations, or sign up for a free trial to explore Paragon further.