Pillar page

Enterprise System Integration

We connect ERP, CRM, accounting systems, HR/payroll, business registries, Microsoft Graph, Salesforce, SAP. Integrations through APIs, queues, ETL and webhooks — with full quality control, audit trail and production monitoring.

Discuss your integration project All services

A mid-sized company runs anywhere from a dozen to several dozen business applications. Each one stores fragments of the same data — customer, invoice, employee, order. Without integration, employees spend hours every day manually re-keying, exporting and importing data between systems.

System integration is not a luxury — it is the foundation of digital transformation. With a well-designed integration layer: a customer added in CRM appears in ERP without intervention, an invoice issued in accounting updates the CEO's financial dashboard, an order status is consistent across the online store, warehouse and customer service.

Why is integration hard?

Every system has its own data model, its own name for the same field, its own operation sequence, its own API constraints (rate limits, latency, transient errors). Two systems may look „compatible" in theory, but in practice they need weeks of work on mappings, transformations, edge-case handling and conflict resolution.

The second layer of difficulty is production reliability. An integration that works correctly in the dev environment is about 30% of the way there. The remaining 70% is handling exceptional situations: the external system is unavailable, it changed its API contract, returns unexpected data, a new customer appears in the CRM with characters that the legacy ERP cannot handle. Every such case needs thinking through, a test, and an alert when it happens.

Integration types

Six fundamental patterns. In most projects we combine several, picking the right method for each case.

REST API / GraphQL

Synchronous communication between applications. JSON as the exchange format, OAuth2/JWT for authorization, OpenAPI/Swagger for documentation. The most common choice for modern cloud systems.

Message queues

RabbitMQ, Redis Streams, Kafka — asynchronous exchange when the sender does not wait for the receiver. Perfect for notifications, business events, long-running operations. Delivery guarantee + retry.

ETL / ELT

Batch loading of data into a warehouse (Snowflake, BigQuery, Redshift, on-premise PostgreSQL). Airflow or dbt as the orchestrator, data quality validation (Great Expectations), lineage monitoring.

Webhooks

Push notifications from a source system (Stripe, GitHub, Slack, Salesforce) into our application. HMAC signature verification, idempotency, dead-letter queue for failed deliveries.

SOAP / XML

Legacy enterprise systems (SAP, Oracle, banking, insurance) — full WSDL support, XSD validation, WS-Security. Adapter to modern protocols for the rest of the system.

Databases — replication, CDC

Change Data Capture (Debezium, AWS DMS) for streaming replication of changes from a source database to a target. PostgreSQL logical replication for high availability and reporting.

Six key production challenges

Things we watch out for in every integration project. Missing any one of them = ticking time bomb.

Idempotency

Every request executed multiple times produces the same result. Idempotency keys in headers, application-level deduplication, transactions around critical operations.

Retry and backoff

Transient network errors are the norm. Exponential backoff (1s, 2s, 4s, 8s…), jitter to avoid thundering herd, circuit breaker after N failed attempts.

Mapping and transformations

System A names a field "client_id", system B "customerId", system C "id_klienta". A central mapping catalog, transformations in one place, tests for every transformation.

Eventual consistency

Data in two systems is never 100% consistent in real time. We accept latency (typically seconds), monitor drift, and alert on prolonged divergence.

Audit and compliance

Every integration operation logs: who/what/when/from/to, payload (anonymized if it contains PII), result. The audit log meets GDPR and ISO 27001 requirements.

Scaling and cost

Integrations grow with the business. Horizontal scaling (more instances), rate limiting (protection against excessive requests), per-integration cost monitoring.

How we deliver an integration project

  1. Discovery (1-2 weeks): mapping current data flows, identifying the source of truth for each entity, gathering API contracts, assessing risks and dependencies.
  2. Architecture design (1 week): picking patterns (sync vs. async, push vs. pull, hub-and-spoke vs. point-to-point), audit log schema, monitoring plan.
  3. Pilot on a single entity (2-3 weeks): we deliver the integration for one data type (e.g. customers) end-to-end. Contract validation, load testing, dry-run in the test environment.
  4. Expansion to remaining entities (4-8 weeks): subsequent syncs (invoices, orders, products) using the same pattern. Every rollout preceded by a Change Request and regression tests.
  5. Historical data migration (1-3 weeks): moving existing data. Dry-run, audit, rollback plan. Migration either incremental or in a service window.
  6. Hypercare (4 weeks in production): intensive monitoring, fast incident response, alert tuning. After hypercare, transition to standard maintenance.

Examples of delivered integrations

KRS + CRBR — RejestrFirm

Microservice connecting data from the Polish Court Register (740k+ companies) with the Central Register of Beneficial Owners. Smart caching (24h), dual-source with automatic fallback, 15+ REST endpoints. Used in KYC processes, counterparty verification and compliance reporting.

SSO across multiple applications

Central Keycloak platform (realm eskom-ai) integrated with a dozen client applications. OAuth2/OIDC + PKCE, social login (Google, Microsoft, Apple, Facebook), user provisioning, billing based on LLM token usage. Single sign-on across all ESKOM AI products.

Microsoft Graph — calendars, e-mail, OneDrive

Integration with Microsoft 365 for calendar automation (AI assistant scheduling meetings), transactional e-mail delivery, document archiving. OAuth2 with delegated permissions, refresh tokens in Vault, Graph API rate-limit monitoring.

LLM Proxy — multi-provider routing

Central queue connecting multiple LLM providers (Anthropic, OpenAI, local Ollama). Per-task routing (small — local model, complex — Claude Opus), response caching, per-project cost monitoring, fail-over between providers.

Frequently asked questions

What does system integration mean?
System integration is the process of connecting two or more applications so that they can exchange data, trigger events in each other, and stay consistent. In practice: when a customer is added in CRM, they automatically appear in ERP; when an invoice is issued in accounting, the data flows to CRM and analytics. Without integration, the company manually juggles data (CSV exports, copying between systems), which produces errors, delays and cost.
What integration technologies do you use?
Technology choice depends on the context: REST API and webhooks for modern cloud systems, SOAP/XML for legacy ERP/banking, message queues (RabbitMQ, Redis Streams, Kafka) for asynchronous exchange, ETL/ELT for warehouse feeding, GraphQL when the client wants flexibility. We often mix approaches — synchronous where the user waits for a result, asynchronous where throughput matters.
Do integrations break when source systems are updated?
It is one of the biggest problems in integration — and that is why we build adapters with isolation (anti-corruption layer). An external system changes its contract → only the adapter changes, the rest of the integration is unaffected. On top of that: contracts are versioned (v1, v2), integration tests run daily against sandbox APIs, Sentry/Wazuh alerts fire on response format changes. The client learns about a problem before it reaches end users.
How long does a typical integration take?
Simple integrations (one system to another, ~5 endpoints, one-way sync) are delivered in 1-2 weeks. Complex integrations (two-way sync, a dozen entities, mappings, transformations, deduplication) take 4-8 weeks. Multi-system integrations (hub-and-spoke) are planned in phases, delivering business value in 2-3 week iterations.
What about historical data in a new integration?
Every integration project includes a separate historical migration step. First a full analysis: how many records, which data types, where duplicates live, which fields are required vs. optional. Then a migration script with dry-run, audit trail (what was moved, what was rejected, why) and rollback plan. Migration happens in a service window or incrementally, depending on business risk.
Does the integration have to run 24/7?
It depends on business criticality. Online processes (payments, authorizations) require high availability — we design them with redundancy (load balancer, multiple instances, health checks, auto-restart). Nightly processes (reports, batch syncs) can run in service windows. We classify every integration with an SLA: p95 response time, acceptable monthly downtime, RTO/RPO.
How do you monitor production integrations?
Every integration emits metrics to Prometheus (request rate, error rate, latency p50/p95/p99), logs to a central SIEM (Wazuh), errors to Sentry. Alerts fire on throughput drops, error-rate spikes or timeouts. A dashboard shows the state of all integrations in one place — the operator can see, for example, that integration with vendor X has a 3% error rate while the rest run smoothly.
What about security for external integrations?
Every integration uses least-privilege access. Keys and tokens live in HashiCorp Vault (not in .env files, not in code). Communication is always over TLS 1.2+, certificates are verified (never verify=False). Inbound webhooks have HMAC signature verification. On token leak — immediate rotation, the audit log shows what happened and when.
How does ESKOM AI's integration approach differ from a classic ESB (Enterprise Service Bus)?
Classic ESBs (Mule, BizTalk, WebMethods) are monolithic platforms — expensive to license and demanding a dedicated team. Our model: integration microservices, each integration as a separate component with its own deployment and monitoring, infrastructure built on open source (FastAPI, RabbitMQ, Redis, PostgreSQL, Vault). Lower licensing cost, easier maintenance, no vendor lock-in. For some clients that is a financial argument, for others — a strategic one.
Do you integrate with Polish public-sector systems (KRS, CRBR, KSeF, ePUAP)?
Yes. In production we run a microservice integrated with KRS and CRBR (rejestrfirm.eskom.ai — data for 740k+ companies including beneficial owners). KSeF (Polish e-invoicing) — we have ready-made integration components in the Kontroling project. ePUAP, e-deliveries — available via Microsoft Graph API and direct integrations. Full compliance with Polish law (GDPR, reporting obligations).

Got an integration project?

We start with a free audit — mapping current data flows, identifying bottlenecks and proposing a plan in clear phases.

Book an integration audit See our products