Last October, a Series B logistics company in Long Beach pushed a Black Friday promotion expecting 3x normal order volume. They got 4x. By hour two, their inventory sync between Shopify and their warehouse management system was lagging 11 minutes behind. By hour four, they had oversold 340 units of their best-selling SKU. Customer support fielded 200+ calls that weekend. The CEO later told us the integration had “worked fine for two years.” It had. At low volume.
Every system integration checklist exists because someone learned the hard way that connections between systems behave differently under pressure. What works at 50 requests per minute can collapse at 500. What syncs cleanly with 10 concurrent users falls apart with 100. If you are planning to scale — adding users, expanding to new markets, launching a new product line — the integrations holding your stack together deserve the same scrutiny as the products themselves.
This is the checklist we use at LC Global Consulting when clients ask us to audit their integrations before a growth phase. It is organized into seven categories. Each item includes what to check, why it matters, and what happens when you skip it. If you are mid-scale and already seeing cracks, book a call and we will walk through the high-risk items together.
1. Reliability: Will It Stay Up When Traffic Doubles
Reliability is not about preventing every failure. It is about ensuring that when one integration fails, it does not cascade into a system-wide outage. Martin Fowler’s work on integration patterns calls this “designing for failure,” and it is the single most overlooked category in software integration planning.
Retry logic with exponential backoff. Every API call to an external system should retry on transient errors (5xx responses, timeouts, network blips) with increasing delays between attempts. Without backoff, a struggling downstream service gets hammered with retries, making recovery harder. A company we worked with — a healthcare SaaS called MedTrack — had their EHR integration retrying failed requests every 200 milliseconds. When the EHR vendor had a 90-second outage, MedTrack sent 450 duplicate requests. The vendor’s rate limiter kicked in and blocked them for 24 hours.
- Does every integration endpoint have retry logic?
- Are retries using exponential backoff (not fixed intervals)?
- Is there a maximum retry count before failing to a dead-letter queue?
- Are retries idempotent — can the same request be safely sent twice?
Circuit breakers. When a downstream service is consistently failing, a circuit breaker stops sending requests entirely for a cool-down period. This protects both your system and the failing service. Without it, one broken integration can starve your healthy services of connection pool threads and memory.
- Is a circuit breaker pattern implemented for each external dependency?
- Are circuit breaker thresholds tuned to actual failure rates (not defaults)?
- Does the circuit breaker emit alerts when it trips?
Dead-letter queues. When a message or event cannot be processed after all retries, it needs somewhere to go. A dead-letter queue captures these failed events so they can be inspected, fixed, and reprocessed. Without one, failed events vanish silently.
- Do all message-driven integrations have dead-letter queues?
- Is there a process (manual or automated) to review and reprocess dead-letter items?
- Are dead-letter items tagged with failure reason and timestamp?
Timeout configuration. Every outbound HTTP call needs a timeout. Every database query in an integration pipeline needs a timeout. “Wait forever” is not a strategy.
- Are connection and read timeouts set for every external call?
- Are timeouts tuned to realistic SLAs (not 30-second defaults for a service that should respond in 200ms)?
2. Data Ownership: One Source of Truth Per Field
Data conflicts between integrated systems are the slowest, most expensive bugs to diagnose. They do not crash your app. They just quietly produce wrong numbers on reports, wrong addresses on shipments, wrong balances on invoices.
System of record per field. Every critical data field — customer email, order status, inventory count, price — should be owned by exactly one system. Other systems can read it, cache it, display it, but they do not get to change it independently. When two systems both believe they are the authority on a customer’s shipping address, you get split-brain data.
- Is there a documented mapping of which system owns each critical field?
- Do downstream systems treat synced data as read-only?
- Are there validation rules preventing a non-authoritative system from overwriting the source?
Conflict resolution rules. Even with clear ownership, conflicts happen. Clocks drift. Messages arrive out of order. A user updates their profile in System A while a batch job is syncing from System B. You need documented rules for what wins.
A fintech client of ours — call them PayBridge — had their CRM and billing system both updating customer tier status. Sales reps would upgrade a customer in the CRM. The billing system would downgrade them based on last month’s revenue. The two systems fought silently for months before anyone noticed customers were getting incorrect pricing.
- Are conflict resolution rules documented and tested?
- Do you use timestamps, version numbers, or vector clocks for ordering?
- Is there an alert when conflicts are detected (not just silently resolved)?
Audit trail. If a field changes, you need to know who changed it, when, from what value, and to what value. This is not optional for regulated industries, and it is extremely useful for debugging in any industry.
- Is historical change tracking enabled for all critical fields?
- Can you trace a field’s value back to the integration event that set it?
- Is the audit trail retained long enough for compliance requirements?
3. Observability: Seeing Problems Before Users Report Them
If you cannot measure an integration’s health, you cannot manage it. Observability for integrations goes beyond standard application monitoring. You need to track the flow of data between systems, not just the health of each system individually. AWS’s Well-Architected Framework calls this “workload monitoring” — tracking the business transactions that cross system boundaries.
Integration health dashboard. A single view showing success rate, latency (p50, p95, p99), throughput, and error rate for every integration point. Not buried in logs. On a screen your ops team checks daily.
- Do you have a dashboard covering all integration endpoints?
- Does it show success/failure rates, not just up/down status?
- Is latency tracked at p95 and p99, not just averages?
Business-impact alerting. Alert on what matters to the business, not what makes noise. “Order sync failed” is more useful than “HTTP 503 on endpoint /api/v2/orders.” Alert fatigue is real. A team that gets 50 alerts a day starts ignoring all of them.
- Are alerts tied to business outcomes (orders stuck, payments unprocessed, users locked out)?
- Is there an escalation path with defined response times?
- Are alerts deduplicated so one incident does not generate 200 pages?
Distributed tracing. When an order flows through your API gateway, then to your order service, then to your payment processor, then to your fulfillment system, and something goes wrong at step three — can you trace the entire journey from a single trace ID? Without distributed tracing, debugging multi-system workflows means grepping through four different log systems and correlating timestamps manually.
- Are all integration flows instrumented with trace IDs (OpenTelemetry, Jaeger, etc.)?
- Can you trace a single business transaction across all systems it touches?
- Are trace IDs included in error logs and dead-letter queue items?
4. Recovery: Getting Back to Normal After Something Breaks
Systems fail. The question is how fast you recover and how much data you lose in the process. This is where most integration architectures have the widest gaps, because recovery scenarios are hard to test and easy to defer.
Idempotent reprocessing. After an outage, you will need to replay events. If your integration cannot safely process the same event twice — because it creates duplicate records, sends duplicate emails, or charges a credit card again — replay becomes dangerous. Idempotency keys and deduplication logic are not nice-to-haves. They are prerequisites for safe recovery.
- Can every integration safely reprocess the same event without side effects?
- Are idempotency keys implemented for write operations?
- Is there a tested runbook for replaying events after an outage?
Backfill capability. Sometimes you need to re-sync an entire dataset. A migration went wrong. A schema change corrupted a subset of records. Your integration partner had a silent data loss event. Can you re-sync 6 months of data without taking your production system offline?
Marcus, an ops director at a mid-market e-commerce company, learned this one painfully. Their product catalog sync with their PIM system had been silently dropping updates for products with special characters in their names. By the time they noticed, 1,400 products had stale descriptions and prices. They had no backfill mechanism. The “fix” took two engineers three weeks of manual data reconciliation.
- Can you backfill data from any integration partner on demand?
- Is the backfill process throttled to avoid overloading production?
- Have you tested a full backfill in the last 12 months?
Graceful degradation. When an integration is down, what does the user experience? A blank page? An error message? Or a slightly degraded but still usable product? The best systems fall back to cached data, queued operations, or reduced functionality rather than hard failures. If your checkout flow dies because the tax calculation API is down, that is an architecture problem, not a vendor problem.
- Do critical user flows have fallback behavior when integrations fail?
- Are fallback states designed and documented (not just “show error”)?
- Can the system automatically recover when the integration comes back online?
5. Security and Access Control
Integrations are attack surface. Every API key, every webhook endpoint, every shared database connection is a potential entry point. OWASP’s API Security Top 10 lists broken authentication and broken authorization as the top two risks, and both are amplified in integrated systems where multiple services share credentials and data.
Credential management. API keys hardcoded in config files, shared service accounts with admin permissions, tokens that never expire — these are not theoretical risks. They are the most common findings in integration security audits.
- Are all integration credentials stored in a secrets manager (not config files, not environment variables in plaintext)?
- Do service accounts follow least-privilege (only the permissions they need)?
- Are credentials rotated on a defined schedule?
- Is there an inventory of all active API keys and tokens across integrations?
Data in transit and at rest. Every data flow between systems should be encrypted. TLS for HTTP calls. Encryption for message queues. Encryption at rest for any integration staging tables or caches.
- Is TLS enforced (not optional) on all integration endpoints?
- Are sensitive fields (PII, payment data) encrypted at field level, not just transport level?
- Do integration staging areas (temp tables, S3 buckets, message queues) have appropriate access controls?
Webhook validation. If you accept inbound webhooks, are you validating the sender? Signature verification, IP allowlisting, and payload validation prevent attackers from injecting fake events into your integration pipeline.
- Are inbound webhooks validated with signature verification (HMAC, etc.)?
- Are webhook payloads validated against expected schemas?
- Is there rate limiting on webhook endpoints to prevent abuse?
6. Change Management: Surviving API Updates
APIs change. Vendors ship breaking changes with 30 days notice (or less). Internal teams refactor endpoints without updating all consumers. If your integration architecture cannot absorb change without downtime, every API update becomes a fire drill.
API versioning strategy. When your integration partners version their APIs, do you have a plan for migration? When you version your own APIs, do you know which downstream consumers will break?
- Is there a documented versioning strategy for each external API you consume?
- Do you monitor deprecation notices from your integration partners?
- Is there a migration timeline for moving off deprecated API versions?
Contract testing. Unit tests prove your code works. Integration tests prove two systems work together. Contract tests prove that the agreement between two systems has not been violated. They catch breaking changes before deployment, not after. Tools like Pact make this straightforward. Skipping contract tests means every release is a gamble on whether your partners changed something.
- Are contract tests in place for high-risk integration endpoints?
- Do contract tests run in CI/CD before deployment?
- Are both consumer and provider sides of the contract tested?
Rollback protocol. When a new integration version breaks in production, how fast can you roll back? If the answer is “redeploy the previous version and hope the database schema is compatible,” you do not have a rollback protocol. You have a prayer.
- Is there a documented rollback procedure for each integration?
- Can you roll back without data loss?
- Has the rollback been tested in the last 6 months?
7. Governance: Who Owns What, and Who Decides
Integration governance sounds bureaucratic. It is not. It is the answer to “who do I call at 2 AM when the payment sync breaks?” Without governance, integration decisions happen by accident, ownership is ambiguous, and technical debt accumulates invisibly.
Integration owner per connection. Every integration point — every API connection, every data sync, every webhook — should have a named owner. Not a team. A person. Someone who knows the business context, the technical implementation, and the vendor contact for the other side.
- Is there a named owner for each integration?
- Does the owner have authority to make decisions about the integration (not just monitor it)?
- Is there a backup owner for when the primary is unavailable?
Integration catalog. A living document (or better, a service catalog tool) listing every integration: what it connects, what data flows through it, who owns it, what SLA it carries, when it was last reviewed. Without this, you do not know what you have. You cannot secure what you cannot see.
- Is there an up-to-date catalog of all integrations?
- Does the catalog include data flow direction, volume, and sensitivity classification?
- Is the catalog reviewed and updated at least quarterly?
Capacity planning. Your integrations need to handle your growth plan, not just your current load. If you are targeting 2x user growth this year, have you validated that your integration throughput can handle 2x (and ideally 3x, for spikes)?
- Have you load-tested integrations at projected growth volumes?
- Do you know the throughput limits of each external API you depend on?
- Are rate limits documented, and do you have a plan for when you hit them?
Applying the System Integration Checklist: Where to Start
You do not need to fix all 47 items before scaling. Start with the ones that will hurt most if they fail.
Tier 1 — Fix before scaling (revenue and data integrity risk):
- Retry logic with backoff on all payment and order integrations
- System of record mapping for financial data
- Dead-letter queues on event-driven flows
- Credential rotation and least-privilege audit
Tier 2 — Fix within 30 days of scaling:
- Distributed tracing across critical paths
- Contract tests for top 5 integration endpoints
- Backfill capability for core data syncs
- Integration health dashboard
Tier 3 — Fix within 90 days:
- Full integration catalog with ownership
- Capacity planning and load testing
- Graceful degradation for non-critical integrations
- Governance model with quarterly reviews
If your stack is a mix of legacy systems, SaaS tools, and custom code — which describes most growing companies — the audit will likely surface legacy modernization needs alongside integration gaps. That is normal. The two efforts reinforce each other: modern systems are easier to integrate, and clean integrations reduce the urgency to replace legacy components.
For teams running manual processes alongside automated integrations, the overlap with process automation is worth examining. Often, the “integration” that breaks at scale is actually a human copying data between two systems, and automating that handoff is simpler and more reliable than building a real-time sync.
What Scaling Actually Demands From Your Integrations
The difference between an integration that works and one that scales is not cleverness. It is discipline. Retry logic, circuit breakers, dead-letter queues, idempotency keys, distributed tracing, contract tests, ownership maps — none of these are novel. They are well-documented enterprise integration patterns that most teams skip until they get burned.
The companies that scale smoothly are the ones that treat integrations as infrastructure, not afterthoughts. They audit before the traffic spike, not after the incident postmortem.
If your growth plan depends on integrations that have never been tested at 2x volume, your growth plan has a single point of failure. Moving to cloud-native infrastructure helps, but only if the integration layer moves with it. And building new integrations on a solid development process prevents you from creating tomorrow’s technical debt.
We have run this checklist with SaaS companies, logistics operators, healthcare platforms, and fintech startups. The specifics change. The failure modes do not. If you want us to run this audit on your stack before your next growth phase, book a 30-minute call and bring your architecture diagram. We will tell you where the risks are.