The Role APIs Play in Securing the Safety and Success of your Payroll Integration

October 15, 2020
5 mins read
Back to all posts

Integrating your HR system is an essential requirement for large organizations today, but what does it entail? Technology vendors use the term integration glibly. They say on their websites that they integrate with “market-leading HCM providers” – but what does that really mean, and how can you be sure that the integration won’t compromise your HR system?

As organizations complete detailed reviews of potential technology partners, I recommend they spend time addressing and understanding these critical areas.

The role of adaptors in integration

Different integrations require different approaches and different technologies. There is never just one approach. It requires a lot of thought and design to build reliable, scalable, and flexible integration. When an integration is being developed, you need to know three things– the system you are integrating from, the system you are integrating to, and the bit in the middle.

That’s where APIs, or application programming interfaces, come in. APIs are connectors that define the types of requests that can be made between the two systems, how to make them, the data formats to use, and the conventions to follow. Basically, they lay down the rules for how the two systems can communicate with each other.

Using a real-world example, when you travel to Germany from Ireland, you discover that each country uses different electrical sockets. Therefore, to plug in your phone charger, you can either unscrew the plug and manually join the wires together to get power or use an adaptor. In order to develop an adaptor that works, though, it has to understand both sides of the integration equation.

APIs are the adaptor that we use to connect two systems.

Why certification is critical

For CHROs, one of the major concerns is the quality of data in the system. For most HCM systems, there are two types of data – typed in and piped in.

There are a series of validations created in the system to ensure incorrect or wrong data is not entered for typed in data. For example, in payroll, typical validations for typed in data include standard templates, predefined formats, and expected values. These validations are an important part of the HCM’s system set-up, usually done by certified systems integrators. This means that they understand the system; they know how to set it up to maximize the investment for the customer and ensure data integrity.

The same should happen when you pipe in data. You need to ensure that the data coming in is good quality and that it is reliably coming into the HCM system.

You can spend time testing the integrations yourself, or you can look for a vendor that certifies the quality of the integration.  Providing this guarantee ensures your organization a sense of protection. It demonstrates that the solution was tested, and any piped in data won’t negatively impact the HR system, compromise security or performance. Certification indicates that the integrator understands both sides of the equation.

More and more HR and HCM vendors are moving to a more rigorous certification model because they understand that if there is an issue with the data in their system, they will be blamed, irrespective of its origins.

Certification is also an indicator of how both parties work together. When evaluating vendors, it is essential to ask about how many joint customers they have, what deals they worked on together, are they an active member of the user groups.

The quality of the APIs

When you build a house, ideally, you want to plan where the plug sockets will go before you start the build. To do this after the house is constructed makes it infinitely more complicated, disruptive, and expensive.

Shifting to an API-first approach is key in your early product development. If part of your solution involves collecting data from other systems, then integration needs to be a fundamental cornerstone of design. You need to think about how you will collect data from other systems; you need to be clear where the data comes from and where it goes. You have to optimize your system design for integration, and doing it retroactively is almost impossible.

Of the applications we use, we usually focus on the user experience (UX), we spend a lot of time talking about user testing, and how we chose the colors and the buttons on the screen. Where you are building an aggregation and data cleansing framework, where you don’t have many people typing in data, data comes from other systems. That data is extremely sensitive, and the usability and reliability of the integration layer become much more important and relevant than the UX.

Having an API-first strategy is really important because the solution will be more effective in the long term and will enable data to be exchanged in a reliable, stable, and performant way.

Why APIs are important when integrating global payroll

For global payroll, fundamentally, any API accessing your HCM data must be secure, reliable, scalable, and flexible. The API stops the wrong data coming through, and the better your API, the better your data in your HCM system.

When I spoke with Immedis, I was impressed with their API first approach. We spent a lot of time talking about APIs, how they are designed, and are core to the application philosophy.  This also makes it easier to get certified. If your APIs are really clear, well documented, and easy to test, you are demonstrating that you understand the system you are integrating from, the system you are integrating to, and the bit in the middle.

The impact of GDPR & Schrems II on integration debates

As we look to the future, customers will want to understand the security of APIs and how they protect their data. GDPR and Schrems II require global organizations to know where their data is coming from and going to in order to protect and be audit-ready.  I expect to see a tightening of customer’s requirements to ensure the quality, reliability, auditability, security of APIs. Certification plays a part in that, but I encourage you to ask your vendors about their APIs, and whether they are part of the fundamental design of the product or something that people do after the fact. If APIs are coming after the fact, that should be a warning sign.

About Thomas Otter

Thomas has extensive experience in the HCM space, is the founder of Otter Advisory, and recently served as Head of Product at SAP SuccessFactors. Otter Advisory provides advisory services to corporates, technology vendors, and investors in the field of HR Tech and enterprise application software. Thomas built his expertise in research, consulting, strategy, and product management as Head of Product at SAP SuccessFactors and at Gartner as Research Vice President. He has worked with companies from around the world on their technology strategy. Thomas holds a Ph.D. in business administration from the Karlsruhe Institute of Technology, and an LLM in computer law from Strathclyde University.  He is a fellow of the British Computer Society. Thomas currently serves on the board of directors as a non-executive director at HeadHunter Group.

Back to all posts