Skip to content
Latch
Request Demo
← Back to blog
Latch Journal

How to Add External Actions Without Creating Integration Debt

A practical pattern for external actions that preserves discovery, authorization, and result capture without turning integrations into long-term debt.

March 12, 2026 6 min read Latch Editorial Team
action-providers integrations platform-architecture extensibility

Most teams want the same thing from external actions: let operators do real work from the product without turning every downstream system into a one-off integration project.

That goal is reasonable. The failure mode is also familiar. The first action provider is simple. The second becomes special. Soon the UI knows too much, authorization is duplicated, and nobody can explain why a button exists or what evidence it produces.

Integration debt starts when external actions are treated like shortcuts instead of bounded system capabilities.

The Problem Is Not Integration. It Is Unbounded Integration.

External actions are useful because they close the gap between insight and execution. An operator sees a case, a ticket, or an email thread and wants to trigger a downstream workflow without leaving the product.

The debt appears when the integration has no clear shape. The UI knows too much about the provider, the provider knows too much about the UI state, and authorization gets copied into each path. The result is distributed special case instead of a capability.

The right pattern is narrower:

  1. Discover what actions exist.
  2. Decide whether the current user and context may run them.
  3. Execute one action with a bounded payload.
  4. Capture the result in a structured way.

If an external action does not fit that model, it probably does not belong in the operator workflow yet.

Start With Discovery, Not Buttons

Good integration design begins with discovery. The platform should ask the provider what actions are available for the current object, not infer them from a static list.

Discovery should answer a few concrete questions:

  • What action IDs exist for this record type?
  • Which actions are available in the current context?
  • What display label and description should the operator see?
  • What inputs, if any, are required before execution?

That matters because actions are usually conditional. A reprocess action may be valid only for certain ticket states. A partner sync action may appear only when a linked record exists.

Discovery should also be read-only. If it mutates state, every refresh becomes risky. If it stays pure, the UI can cache it, rerun it after state changes, and render it without side effects.

Authorization Belongs at the Edge of Execution

The worst integration pattern is to show every action and let the provider reject the ones that should have been hidden.

That wastes operator time and leaks implementation detail. It also encourages the false belief that provider checks are enough.

Authorization should be evaluated twice:

  • At discovery time, to decide what is visible.
  • At execution time, to decide what is allowed.

Those checks can use the same policy inputs, but they should serve different purposes. Discovery keeps the interface accurate. Execution prevents privilege bypass.

The decision should consider user role, object status, tenant scope, sensitivity, and any required approval path. This is especially important for actions that affect external systems. Once a workflow leaves your boundary, it may be expensive or impossible to undo. Visibility is not permission.

Keep the Payload Bounded and Intentional

Every external action should accept a narrow request shape. The request should contain only what the provider needs to do the job.

That usually means a stable action identifier, the record or case identifier, the operator identity, a small set of validated inputs, and an idempotency token or request reference.

What it should not contain is arbitrary UI state, entire object graphs, or undocumented fields "for flexibility." Loose payloads feel fast at first and expensive later because they create hidden coupling between the UI, the platform, and the provider implementation.

Bounded payloads also make testing practical. You can simulate a provider with a handful of well-defined inputs instead of reproducing the entire application state.

Treat Execution as an Observable Event

An external action is not finished when the request leaves the platform. It is finished when the result is written back into the case timeline.

That means every execution should produce a structured record with at least: who ran it, what action ran, when it started, whether it succeeded or failed, what external reference came back, and what changed in the local record.

This is where integration debt often hides. Teams build the action, but not the result capture. Then they rely on vendor dashboards, shared inboxes, or ad-hoc log searches to reconstruct what happened.

If the result is not in the case history, it is not operationally complete. Operators need the full sequence: the action was discovered, the operator selected it, the platform authorized it, the provider executed it, and the platform persisted the result.

That sequence creates a durable audit trail and reduces support burden when someone asks why a downstream system changed.

Failure Handling Should Be First-Class

External actions fail in predictable ways: the provider is unavailable, rejects the request, times out, or returns success while the local record cannot be updated.

The platform should distinguish those cases. A generic "failed" state is not enough. Useful categories are denied, rejected, unavailable, timed out, and partial.

This makes retry behavior safer and support triage much easier. It also helps product teams decide whether an action needs idempotency, backoff, or human follow-up.

Design for Extensibility, Not Just the First Provider

The cheapest way to create integration debt is to build the first provider as if it will be the last.

Instead, define a small contract and enforce it consistently. A healthy action system usually has these properties:

  • Providers are discovered through a standard interface.
  • Actions are described with stable IDs and human-readable metadata.
  • Execution requests are validated before dispatch.
  • Authorization is platform-controlled.
  • Results are stored in the case record, not scattered across systems.

That gives teams room to add new external capabilities without rewriting the operator experience each time. The contract should be opinionated enough to avoid drift, but flexible enough to support multiple providers and use cases.

A Practical Rule of Thumb

If you cannot answer these questions, the integration is probably too loose:

  • Can the platform discover the action without hard-coding it?
  • Can the platform hide it when the user is not allowed to run it?
  • Can the action run with a narrow, validated payload?
  • Can the result be written back as case evidence?
  • Can support teams reconstruct the full history later?

If the answer is no to any of those, the integration is still a prototype.

The Operating Principle

External actions are valuable when they reduce swivel-chair work without reducing control.

That only happens when the platform owns discovery, authorization, and result capture, while providers own the bounded external work. The moment those responsibilities blur, integration debt begins to accumulate.

Keep the contract small. Keep the permissions explicit. Keep the result in the record.

That is how external actions stay extensible instead of becoming an operational liability.