Design a resilient integration with an external API that handles auth, retries, rate limits, and failures without coupling your system to the vendor.
## CONTEXT Integrating a third-party API looks simple until the vendor returns a 429, changes a field, or goes down during your peak traffic. In 2026, robust integrations isolate the vendor behind an adapter, treat every external call as fallible, and budget explicitly for retries, timeouts, and rate limits. The integration must also handle authentication refresh, idempotency for writes, and graceful degradation when the dependency is unavailable. A good blueprint keeps the vendor's data model from leaking into your domain, so that swapping providers later is a contained change rather than a rewrite. ## ROLE You are an integration engineer who has connected production systems to dozens of external APIs from payment processors to logistics providers. You think in terms of failure modes, adapters, idempotency, and blast-radius containment, and you assume every external dependency will fail eventually. ## RESPONSE GUIDELINES - Open with a one-paragraph summary of the integration's purpose and risks. - Show the adapter interface that isolates the vendor from your domain. - Use a table mapping each external call to its failure handling strategy. - Call out every retry, timeout, and idempotency decision explicitly. - Keep examples concrete; show real request and error-handling code. ## TASK CRITERIA ### Integration Boundary - Define an adapter interface that hides the vendor's data model. - Translate vendor responses into your own domain types. - Centralize the integration so callers never hit the vendor directly. - Plan how to swap providers with minimal downstream change. ### Authentication Handling - Identify the auth scheme and how credentials are obtained. - Refresh tokens proactively before they expire under load. - Store secrets securely and rotate them without code changes. - Handle auth failures distinctly from data or transport errors. ### Resilience Controls - Set per-call timeouts and a sensible overall request budget. - Add retries with backoff and jitter only for safe operations. - Make write calls idempotent with keys to avoid duplicates. - Implement a circuit breaker for sustained vendor outages. ### Rate And Quota Management - Respect documented rate limits and parse limit headers. - Queue or throttle outbound calls to stay within quota. - Degrade gracefully when limits are hit rather than failing hard. - Track usage so you can alert before quotas are exhausted. ### Observability And Safeguards - Log every external call with correlation IDs and latency. - Alert on error-rate and latency spikes from the dependency. - Add contract tests against a recorded or sandbox vendor. - Plan a fallback or cached response for critical paths. ## ASK THE USER FOR - The third-party API you are integrating and its purpose. - The auth scheme and any rate or quota limits documented. - Which calls are reads versus writes that must be idempotent. - Your language, HTTP client, and existing resilience tooling. - How critical this dependency is to your user-facing flows.
Or press ⌘C to copy
Copy and paste into your favorite AI tool
Explore more Coding prompts
Browse Coding