Not Your Keys, Not Your Integration: Unified API Vendor Lock-In Explained

# **Not Your Keys, Not Your Integration: The Hidden Vendor Lock-In of Unified APIs** There's a phrase in crypto that every serious investor learns eventually: "[Not your keys, not your coins](https://www.ledger.com/academy/not-your-keys-not-your-coins-why-it-matters)." The idea is simple. If someone else holds the private keys to your cryptocurrency wallet, you don't actually own those coins. You have an IOU. The same principle applies to SaaS integrations, and almost nobody procuring integration software is asking about it. ## **Unified APIs Create Credential Lock-In by Design** When your customers connect their Salesforce, HubSpot, or Slack accounts to your product through an integration platform, someone has to store their [OAuth tokens](https://auth0.com/docs/secure/tokens/token-best-practices). These tokens are essentially the keys that unlock access to your customers' data. Here's the question procurement teams should be asking but rarely do: **Who owns my customers API keys?** With most unified API platforms, the answer is the vendor. When your customer authenticates through Merge, Apideck, or similar platforms, those providers hold the OAuth tokens on your behalf. Your platform never touches the actual credentials. And you can't take them with you if you leave. This is the architectural problem platforms like **Ampersand** were built to solve. ## The Migration Tax Nobody Talks About Say you've been using a unified API for two years. You've onboarded 500 customers who've connected their CRM accounts. Now you want to switch providers. Maybe the vendors pricing increased, maybe you need features they don't offer, maybe you're building deeper integrations in-house. When you don’t own your keys, switching means asking every single customer to re-authenticate. That's 500 emails. 500 support tickets waiting to happen. 500 opportunities for customers to decide they don't actually need this integration anymore. This isn't a theoretical risk. It's a structural vendor lock-in mechanism baked into the architecture. The vendor holds your customers' keys. If you leave, those keys don't come with you. ## What You Can Do vs. What the Vendor Allows Owning your API credentials is about more than just vendor lock-in. Not having access to your API keys also means you’re stuck with the constraints of your vendor. When a vendor like Merge or Apideck holds your customers' OAuth tokens, you can only access data through their platform. If they don't support a particular API endpoint, you're stuck. If they rate-limit your requests, you wait. If they don't offer real-time webhooks, you poll on their schedule. Own the keys yourself, and the calculus changes. You can make direct API calls when you need to. You can build custom sync logic. You can access endpoints the integration platform doesn't officially support yet. The credentials are yours to use however you need. This matters most when enterprise customers show up with custom Salesforce objects, proprietary field configurations, and requirements that don't fit the standard unified api data model. With vendor-controlled credentials, you're limited to whatever the unified API exposes. With your own credentials, you can go around the abstraction layer entirely. ## Integration as Code: Infrastructure, Not a Black Box Most unified APIs sell you a black box. Data goes in, data comes out, and you don't get to see what happens in between. You don't own the credentials, and you don't control the sync logic. The whole integration lives inside their system. At Ampersand, we think about it differently. We provide infrastructure for syncing, while you own the integration. Your integrations are defined as [code](https://docs.withampersand.com/overview) that lives in your repo. You can see exactly what's happening, change it when you need to, and deploy it through your existing CI/CD pipeline. The credentials are yours, and the logic is yours while we handle the hard parts like authentication flows, token refresh, rate limits, retries. We provide the infrastructure, but you’re never locked out of your own integrations. This is the difference between renting a solution and owning your infrastructure. One comes with an exit tax. The other doesn't. ## Questions to Ask During Procurement Before signing with any integration platform, ask these questions directly: **1. Who stores our customers' OAuth tokens?** If the answer is "we do," ask about credential ownership. Can you access tokens directly? Can you export them if you decide to leave? Most vendors will say no—and they're not being difficult; it's genuinely how their architecture works. **2. What happens to connected accounts if we switch providers?** Get specific. Will customers need to re-authenticate? Can you migrate connections programmatically? What's the actual process? **3. Can we access APIs directly using stored credentials?** Some platforms allow pass-through requests. Others don't. Know what you're signing up for. **4. How are integrations defined and deployed?** Dashboard-only configuration means vendor lock-in on logic, not just credentials. Look for code-first approaches that let you version and deploy integration logic like any other code. **5. What's your data residency story?** If the vendor holds credentials and processes data, where does that happen? For regulated industries, this matters. ## How We Think About Your Keys at Ampersand We store your customers' OAuth tokens, but you own them. You can access credentials directly, export them if you leave, and your customers never need to re-authenticate because you switched platforms. We give you direct API access using stored credentials, so you're never limited to what our platform exposes by default. Integrations are defined in code that lives in your repo, not locked in a dashboard. And we can deploy in your infrastructure if data residency matters. Your keys, your integrations, no exit tax. **** ## The Bottom Line Vendor lock-in in integration platforms isn't about switching costs or contract terms. It's structural, built into who holds what credentials. When you evaluate integration platforms, treat credential ownership like you'd treat data ownership. Ask who has the keys. Understand what happens if you need to leave. Make that part of your procurement checklist. Because in integrations, just like in crypto: if they're not your keys, they're not really your integrations. --- ## Ready to Own Your Integration Keys? At Ampersand, we built credential ownership into our architecture from day one. You get the infrastructure—secure token storage, automatic refresh, rate limit handling—without giving up control. Your keys. Your integrations. [**Get started for free →**](https://dashboard.withampersand.com/sign-up) Or [read the docs](https://docs.withampersand.com/) to see how integration-as-code works.