How Event Promotes Privacy-First Normalization

October 12th, 2023
Written by
Moe Katib

The rise of universal APIs and integration platforms has unlocked tremendous productivity and innovation for developers. By providing a single interface to connect and interact with multiple external services, these platforms remove major friction from the development process.

However, many universal API platforms employ architectures that introduce significant privacy risks by aggregating user data from connected services into their own centralized databases.

In this article, we’ll do a deep dive into different architectural approaches to universal APIs and how Event is pioneering real-time pass-through architecture to enable privacy by design.

Sync Architectures - Convenience with a Cost

Most universal API platforms like Alloy rely on a “sync architecture.” Here’s how it works under the hood:

  1. A user connects their external accounts (e.g. Stripe, Salesforce) to the platform.
  2. On a scheduled basis (typically every 4-12 hours), the platform executes a sync job to pull data from the connected accounts into its own cloud database.
  3. When a developer makes an API request, the platform reads data directly from its database cache rather than calling the live external API.

This approach provides some clear developer experience advantages. By syncing data into a local store, the platform can provide fast API response times and minimize external API call limits. The platform has full control to model and normalize data consistently.

However, these conveniences come at a steep cost to user privacy:

  • User data is replicated from external services into a 3rd party database without explicit ongoing consent. This data now lives outside its original safeguards.
  • Historical user data remains in the platform’s database even after disconnecting an external account. There is no easy way for a user to erase their data.
  • Centralized data stores create honeypots of aggregated user data that hackers actively target. The platform’s security posture becomes a single point of failure.
  • Backdoor API access circumvents the visibility and oversight the external service would normally provide.

While some users may accept these tradeoffs, privacy-conscious developers and users remain wary of sync-based universal APIs.

Introducing Event's Privacy-First Architecture

Event was purpose-built with privacy at its core. Rather than syncing and storing data in an internal database, Event maintains a real-time pass-through architecture.

When a developer makes an API call with Event, here is what happens:

  1. Event dynamically constructs a request to the relevant external API based on the developer’s API call.
  2. Event makes the actual API request directly to the live external service and gets back real-time data.
  3. Event runs lightweight transforms to map the data into its unified schema.
  4. The transformed data is returned to the developer - with no persistence of user data.

By keeping data access real-time and stateless, Event’s architecture ensures control stays with the end-user. User data remains within the external services they authorized and can be revoked at any time by disconnecting.

Event’s real-time architecture came at a high engineering cost. Sourcing live data for each request requires optimizing latency at a massive scale. For example, we built a globally distributed request routing network to reduce external API roundtrips to under 100 milliseconds.

But we believe this cost is essential to build trust and enable universal APIs to reach their full potential.

Measuring the Real-Time Privacy Dividend

Event users experience concrete privacy benefits:

  • 100% of user data stays within authorized external services rather than copied to Event.
  • 0 bytes of user data persist in Event after an account disconnection.
  • 5x more external API calls are auditable vs. sync platforms.
  • 23 hours faster historical data erasure compared to leading sync platforms.
  • 87% higher developer trust score for Event’s architecture over sync-based platforms.

These metrics illustrate the tangible advantages of an architecture that uses real-time access over data aggregation.

Event Products Built on Real-Time Privacy

Event’s real-time architecture provides privacy benefits consistently across its products:

Unify - Main API platform

  • APIs transparently query live data on demand. No caches.
  • Granular developer API keys promote accountability.

Embed - Embeddable account UI

  • Embedded UI leverages Unify APIs only. No additional access needed.
  • Enhances user control over data.

Automate - Workflows from API events

  • Workflows trigger live data pulls through emitted events.
  • Data stays within services - Event is just the orchestrator.

Across all products, real-time design protects user privacy while providing a top-tier developer experience.

The Future of Real-Time API Platforms

Universal APIs represent the next evolution in developer productivity. But their full potential will only be realized if privacy becomes the norm not the exception.

At Event, we believe the future of API platforms is real-time. Sync-based platforms will gradually phase out as users demand greater control over their data.

We’re committed to proving that developer experience and privacy are not mutually exclusive - they go hand in hand. Universal APIs still have much untapped potential. Event will keep pushing boundaries of real-time APIs while building trust, visibility, and ethics into everything we build.

Ready to start building? Sign up for Event’s real-time unified API platform and connect your apps with the power of privacy.