A close reading of three products: a private bank, a workout platform, and a delivery service, and the deliberate, opinionated decision behind each one's integration layer.
The pattern in this portfolio is not "we shipped a mobile app and a web app." The pattern is that each product makes a different deliberate choice about how mobile and web share data — and that choice is legible in the experience itself.
Meridian's private bankers need an audit trail, so the gateway is SOAP. Heat's coaches and athletes need a live feed, so the gateway is GraphQL. Bramble's kitchens and couriers need cacheable resources, so the gateway is REST. Three problems, three answers, three honest stacks.
A private bank can't pick a protocol on taste. It picks one that survives audit, settles with correspondents, and signs every byte going out.
A client initiates a $28,500 wire from her iPhone at dinner. Her relationship manager sees it on the web dashboard moments later and counter-signs from his laptop. Same envelope, two signatures, one audit log.
Mobile or web — the wire is the same SOAP envelope with a WS-Security header. Two X.509 signatures must be present for any transfer above $25,000.
<soap:Envelope> <soap:Header> <wsse:Security> <!-- Signature #1: Alexandra's iPhone --> <wsse:BinarySecurityToken Id="X509-iOS"/> <ds:Signature>...</ds:Signature> <!-- Signature #2: James's hardware key --> <wsse:BinarySecurityToken Id="X509-RM"/> <ds:Signature>...</ds:Signature> </wsse:Security> </soap:Header> <soap:Body> <mer:SubmitWireTransferRequest> <mer:Amount currency="USD">28500.00</mer:Amount> <mer:Beneficiary>Le Bernardin Holdings</mer:Beneficiary> <mer:ValueDate>2026-05-16</mer:ValueDate> </mer:SubmitWireTransferRequest> </soap:Body> </soap:Envelope>
A workout app surfaces deeply-related data — sessions, exercises, sets, reps, heart rate samples. Each screen needs a different slice. Each slice is one query away.
Maya starts a Primal Force session on her phone, paired to her chest strap. Her coach watches the BPM live from a laptop in Lagos. Same subscription, same socket, same numbers — both renders update in lockstep.
Mobile or web — the live HR feed is the same GraphQL subscription over a WebSocket. The server fans out one event to every subscriber.
# Both clients open the same subscription subscription LiveHeartRate($sessionId: ID!) { liveHeartRate(sessionId: $sessionId) { bpm zone # 1 (recovery) → 5 (max) timestamp deltaFromAvg } } # Each event, ~once per second: { "bpm": 158, "zone": 4, "timestamp": "2026-05-15T17:30:42Z", "deltaFromAvg": +16 }
Food delivery is a system of resources with clear lifecycles. REST gives it three things for free: edge caching, idempotency, and a model that a thousand third-party kitchens already understand.
A customer stages a cart from Ondo on the iPhone in line at a meeting, then opens her laptop at home to complete checkout. Same cart, one order, one idempotency key — the duplicate submit is silent.
Mobile or web — the order goes to the same endpoint with the same idempotency key. A duplicate request returns the original order instead of creating a second one.
POST /v1/orders HTTP/1.1 Authorization: Bearer brk_live_XXXX Idempotency-Key: "a1b2c3d4-e5f6-..." Content-Type: application/json { "restaurant_id": "rest_ondo_001", "items": [ { "menu_item_id": "mi_miso_cod", "qty": 1 }, { "menu_item_id": "mi_truffle_soba", "qty": 1 } ], "delivery_address": { "line1": "24 Bedford St" }, "tip_cents": 800 } # Response — 201 Created (or 200 OK on duplicate) { "id": "ord_8KQ4ZJ2x", "status": "pending_confirmation", "total_cents": 7114, "estimated_delivery_at": "2026-05-15T19:12:00Z" }
An API is not a technical detail. It's a posture. It's how a product tells its operators, its partners, and its future self what kind of problems it's trying to solve.
Wires, custody, and discretionary mandates demand a contract you can hand to a regulator. SOAP gives every transaction a signed, replayable envelope — and a WSDL that a treasury system can already parse.
A phone needs three workouts and a streak. A coach's dashboard needs the full leaderboard and zone-by-zone breakdowns. Same schema, same socket, different selections — and a live BPM feed that fans out in real time.
A menu read 10,000 times an hour belongs at the CDN edge. An order created from two devices belongs behind an idempotency key. REST gives us both for free — and a JSON shape that any third-party kitchen display already knows how to render.