API integration

Any API. Any direction.

Q: Can I version my published APIs?

Yes. Standard URL-prefix versioning (/v1/, /v2/) is supported via the routing layer. Header-based versioning also works. You can run multiple versions of the same endpoint simultaneously while consumers migrate, then deprecate older versions on your schedule. Each version maps to a distinct flow definition, so changes don't affect live consumers.

Consume any API — REST, SOAP, GraphQL, OData. Any auth. Any complexity. Build your own APIs and webhooks. Receive callbacks. Compose flows from API calls. The most comprehensive API support in any data platform.

Start free trial Talk to us

Any: REST / SOAP / GraphQL
10+: Auth methods supported
2-way: Consume + publish
Webhooks: In and out

The problem

“We support APIs” usually doesn't survive contact.

Every ETL platform claims API support. Then comes the OAuth refresh that doesn't refresh, the pagination scheme nobody anticipated, the multipart upload that times out, the response payload nested seven levels deep. Most platforms can do simple REST. Few handle the messy reality.

What real API integration looks like

APIs are messy. Your ETL tool should handle that.

Real APIs use HMAC signatures and rotating tokens. Real APIs paginate four different ways across the same vendor. Real APIs deliver data via async polling, callbacks, or streaming — sometimes in the same workflow. Real ETL needs to publish APIs as well as consume them, and handle webhooks in both directions. Etlworks was built for messy APIs from day one. It's why most customers find us — and why they stay.

Three-way API platform

Most tools do one. Etlworks does three.

API integration platforms typically only consume APIs. Etlworks consumes them, publishes them, and handles webhooks in both directions — all from the same flow engine, with the same connectors and same auth.

Consume

Etlworks Their API

Read or write any API

REST, SOAP, GraphQL, OData. Read with GET, write with POST / PUT / PATCH / DELETE. Any auth, any pagination, any payload structure. Async polling, multipart, streaming.

Publish

Their app Your API

Build your own APIs

Turn any flow into a REST endpoint. Pull, push, CRUD, upload. Authenticated, versioned, monitored.

Events

Webhook Etlworks

Webhooks both ways

Receive webhooks to trigger flows. Send webhooks for event notifications. Signature validation, retry, dead-letter.

Capabilities

What “comprehensive” actually means.

Any API, any complexity

REST, SOAP, GraphQL, OData. Custom headers, body templates, async polling, streaming responses, multipart uploads, nested payloads.

Build your own APIs

Turn any flow into a REST endpoint. Pull, push, CRUD, upload. Per-endpoint auth, versioning, OpenAPI spec generation. No backend service required.

Webhooks both directions

Receive webhooks via HTTP listener — instant flow trigger. Send webhooks for event dispatch. Signature validation, retry policies, dead-letter handling.

Auth that actually works

OAuth 1.0 / 2.0 (all flows), API key, JWT, HMAC, NTLM, Kerberos, mutual TLS. Token refresh, key rotation, multi-tenant credentials handled.

Compose calls into workflows

Chain API calls — use response from one as input to another. Conditional branching, error handling, retry with backoff. APIs as workflow steps.

Test, monitor, version

Sandbox flows before deploy. Per-call request/response logging. Version-controlled API definitions. Rate-limit and cost tracking built in.

Specifications

The depth your team will check.

Every protocol, auth method, pagination scheme, and webhook pattern supported. The detail integration engineers actually verify before signing.

Protocols

REST (HTTP/HTTPS)

All HTTP methods · custom headers · request body templates (JSON, XML, form, multipart)

SOAP

SOAP 1.1 / 1.2 · WSDL parsing · WS-Security · custom envelope manipulation

GraphQL

Queries · mutations · variables · introspection · subscriptions via WebSocket

OData & WebDAV

OData v2, v4 · WebDAV property and lock support · custom protocol extensions

Authentication

OAuth

OAuth 1.0 · OAuth 2.0 (authorization code, client credentials, password, device, PKCE) · automatic token refresh

Token-based

API key (header, query, body) · Bearer · JWT (signed and encrypted) · custom token schemes

Signed

HMAC (SHA-1, SHA-256, SHA-512) · AWS SigV4 · custom signature schemes

Enterprise

NTLM · Kerberos · mutual TLS / client certificates · SAML

Request / response patterns

Pagination

Page-based · offset · cursor · nextLink · time-based

Async patterns

Polling for completion · callback URLs · long-polling · server-sent events

Payload handling

JSON · XML · form-encoded · multipart · binary · custom parsing rules

Rate limit / retry

429 / Retry-After honored · exponential backoff · circuit breakers · per-endpoint quotas

Published API capabilities

HTTP methods

GET · POST · PUT · DELETE · PATCH · custom verbs · per-endpoint configuration

Inbound auth

API key · OAuth 2.0 (resource server) · JWT validation · IP allowlist · mutual TLS

Routing

Custom URL patterns · path / query parameters · per-endpoint flows · versioning

Documentation

Auto-generated OpenAPI 3.0 spec · Swagger UI · per-endpoint examples

Webhooks

Inbound listener

HTTP listener triggers flows · custom URL paths · per-endpoint auth · payload validation

Outbound webhooks

Send events to external URLs · signed payloads (HMAC) · retry with backoff · dead-letter queue

Signature verification

HMAC-SHA256 · GitHub / Stripe / Slack patterns · custom signature schemes

Comparing API platforms? See Etlworks vs MuleSoft, Workato, and Boomi

Proof

Why most customers find us.

“Etlworks gives us the possibility to connect and exchange data from different sources, without any coding effort. As a business, this makes you more agile and flexible. The software works very stable, and if there are any unclarities, the Etlworks team is always fast in responding to any questions we might have.”

Wouter Rosenkamp

Director Marketing & Strategy, RecBi · API-led integration

Also in production

TriNet — complex API data automation. Transport for NSW — built a REST API in under an hour. QuickFee — real-time payment APIs across SQL Server, files, and external systems.

FAQ

Common questions.

Can I integrate with a really complex API?

Yes. Etlworks handles APIs that other ETL platforms can't — rotating tokens, custom HMAC signatures, multi-step async polling, deeply nested response payloads, partial failures with retry, multipart uploads with chunking. The HTTP connector exposes every detail you need: custom request templates, response parsing rules, authentication chaining, pagination schemes. If your API has a spec (OpenAPI, WSDL) you can usually be reading from it within an hour. If it's a custom internal API with weird auth, expect a few hours of configuration and you'll have it stable in production.

What does “publish your own APIs” actually mean?

You can turn any Etlworks flow into a REST endpoint. Define the URL pattern, HTTP method, authentication, and response format — Etlworks handles the rest. Common patterns: expose a database query as a GET endpoint, accept a POST upload that triggers a transformation flow, build CRUD endpoints over a data source, expose internal data to partner systems. Includes auto-generated OpenAPI spec, Swagger UI, versioning, rate limiting. Used by customers who need lightweight backend services without standing up a separate API gateway.

Do you handle GraphQL subscriptions or streaming?

Yes. GraphQL queries and mutations work like any other REST call. Subscriptions are supported via WebSocket transport — events stream into Etlworks and trigger downstream flows. For other streaming protocols: Server-Sent Events (SSE) is supported natively; chunked transfer and long-polling work for legacy streaming patterns.

How are API credentials and tokens managed?

Encrypted credential storage, per-tenant isolation, never sent to the LLM (relevant for customers using Simba). OAuth tokens are refreshed automatically before expiry. API keys can rotate on schedule. Multi-tenant credentials supported — different end-user OAuth tokens for the same flow. Customer-managed keys (BYOK / CMK) supported on Enterprise via AWS KMS, Azure Key Vault, HashiCorp Vault.

What throughput can published APIs handle?

Depends on tier and underlying flow complexity. Standard tier handles thousands of requests per minute per endpoint comfortably. Enterprise scales to high tens of thousands. For published APIs that need extreme throughput (hot path traffic), we recommend horizontal scaling with multiple flow workers — sizing guidance provided during architecture review.

Does the agent help build API integrations?

Yes. Simba can read an OpenAPI spec, generate connection configurations, suggest pagination patterns, and write the auth setup. Common workflow: “Connect me to the X API, paginated, OAuth, with rate-limit handling” — Simba builds the configuration, you review and approve. See the AI integration page for more on the agent.

Can I version my published APIs?

Yes. Standard URL-prefix versioning (/v1/, /v2/) is supported via the routing layer. Header-based versioning also works. You can run multiple versions of the same endpoint simultaneously while consumers migrate, then deprecate older versions on your schedule. Each version maps to a distinct flow definition, so changes don't affect live consumers.

Start your trial

14 days. No card. Any API.

Spin up a free trial, point it at your messiest API, and see if “comprehensive” actually means comprehensive.

Start free trial Talk to us