Why I built Pathfix, the OAuth middleware for devs.

Why I built Pathfix, the OAuth middleware for devs.

·

3 min read

I have been a developer all my life (25 years and counting) and I absolutely love it. Coding gives me so much joy, I always say “it’s not work, it’s a hobby”.

Over the years, I have built over 8 different SaaS platforms. Ranging from a no-code app development platform to conversational chatbots.

During each build, one thing always remained a constant need. Integrations.

This is a post on why I built Pathfix.

What is Pathfix?

Pathfix is a middleware API for OAuth integrations. Engineering teams can add multiple platform integrations directly into their app, in minutes, without ever having to deal with OAuth or manage integration servers.

Screen Recording 2020-08-26 at 08.39.43.23 PM.gif

The Motivation

With each development sprint on my previous products, there was always a significant amount that was spent on integrations. My team collectively spent anywhere from 4 weeks to over 3 months just building out the connection to different service providers.

Why? Its simple really. Although OAuth is an industry protocol for authorization, it servers more as a guideline. Which meant, each provider had their own setup process. Each setup was different. Each connection required hours of research. Each had their own way of handling authorization tokens.

And of course, there was the SDK problem. To access the providers API endpoints, you need to run an extensive search to find the right SDK for the integration you are building.

This not only meant ‘getting lucky’ finding the right SDK, it also meant setting up a server, managing the logs, monitoring connections, and maintaining security protocols (you are accessing customer data after all!).

This is why I decided to build Pathfix.

Standard OAuth integration elements

Let’s break this down. For you to add OAuth based integration in your platform, you will need to do the following:

  1. Setup and configure OAuth
  2. Implement OAuth flow
  3. Implement secure storage for tokens
  4. Implement logic to refresh access tokens when needed
  5. Build and implement logic to properly handle revoked refresh tokens
  6. Logic to handle reliable issues and outages
  7. Build and implement systems to track errors
  8. Find and implement the right SDKs
  9. On-going server maintenance

To add 5 integrations, this could take over 2000+ engineering hours to get done. Which is approx. $160,000+ (yes, we did the math, we had to).

The problem was too big and there wasn't a solution available that would take this pain away. This is why I decided to build Pathfix.

OAuth Integrations With Pathfix

Pathfix is the only API you need to integrate with any provider. It handles all the configuration and framework required to build integrations to any platform and access any providers API endpoints. It is a pass-through server that handles user authorization and API requests between platforms.

And of course, its all white-labeled. Users never see Pathfix anywhere.

Authorizing Users (OAuth API)

A simple one line code that enables user authorization.

Sample Code for Authorization:

<div data-oauth-ui="list" data-oauth-ui-switches="checkBoxes,statusOn,disconnect" data-oauth-ui-providers="" data-oauth-ui-providerTypes=""></div>

Pass-through API

Once authorized, use the pass-through API code to access any providers API endpoints.

Sample code for pass-through API:

POST https://labs.pathfix.com/oauth/method/googleanalytics/call?user_id=AcmeSaaS_end_user_id&public_key=733AC521-199E-496C-8250-FFCAD67355AB&private_key=E7804D26-0625-428F-8550-CDF073D3CF61                            
Content-Type: application/json
{
    "url":      "url_to_googleanalytics_API",
    "method":   "method_to_use_with_this_call",
    "payload":  {payload_as_requested_by_googleanalytics},
    "headers":  {header_if_requested_by_googleanalytics}
}

That’s it!

Compare it to the code and time you would need to create and maintain, Pathfix solves it in the most elegant way. With:

  • No additional code to maintain
  • Zero learning curve
  • Log monitoring
  • Secure encryption
  • Firewall settings
  • Notification engine

My site URL