A close reading of three products: a private bank, a workout platform, and a delivery service, and the deliberate, opinionated decision behind each one's integration layer.
The pattern in this portfolio is not "we shipped a mobile app and a web app." The pattern is that each product makes a different deliberate choice about how mobile and web share data and that choice is legible in the experience itself.
Meridian's private bankers need an audit trail, so the gateway is SOAP. Heat's coaches and athletes need a live feed, so the gateway is GraphQL. Bramble's kitchens and couriers need cacheable resources, so the gateway is REST. Three problems, three answers, three honest stacks.
A private bank can't pick a protocol on taste. It picks one that survives audit, settles with correspondents, and signs every byte going out.
A client initiates a $28,500 wire from her iPhone at dinner. Her relationship manager sees it on the web dashboard moments later and counter-signs from his laptop. Same envelope, two signatures, one audit log.
Mobile or web, the wire is the same SOAP envelope with a WS-Security header. Two X.509 signatures must be present for any transfer above $25,000.
<soap:Envelope> <soap:Header> <wsse:Security> <!-- Signature #1: Alexandra's iPhone --> <wsse:BinarySecurityToken Id="X509-iOS"/> <ds:Signature>...</ds:Signature> <!-- Signature #2: James's hardware key --> <wsse:BinarySecurityToken Id="X509-RM"/> <ds:Signature>...</ds:Signature> </wsse:Security> </soap:Header> <soap:Body> <mer:SubmitWireTransferRequest> <mer:Amount currency="USD">28500.00</mer:Amount> <mer:Beneficiary>Le Bernardin Holdings</mer:Beneficiary> <mer:ValueDate>2026-05-16</mer:ValueDate> </mer:SubmitWireTransferRequest> </soap:Body> </soap:Envelope>
A workout app surfaces deeply-related data — sessions, exercises, sets, reps, heart rate samples. Each screen needs a different slice. Each slice is one query away.
Maya starts a Primal Force session on her phone, paired to her chest strap. Her coach watches the BPM live from a laptop in Lagos. Same subscription, same socket, same numbers — both renders update in lockstep.
Mobile or web — the live HR feed is the same GraphQL subscription over a WebSocket. The server fans out one event to every subscriber.
# Both clients open the same subscription subscription LiveHeartRate($sessionId: ID!) { liveHeartRate(sessionId: $sessionId) { bpm zone # 1 (recovery) → 5 (max) timestamp deltaFromAvg } } # Each event, ~once per second: { "bpm": 158, "zone": 4, "timestamp": "2026-05-15T17:30:42Z", "deltaFromAvg": +16 }
Food delivery is a system of resources with clear lifecycles. REST gives it three things for free: edge caching, idempotency, and a model that a thousand third-party kitchens already understand.
A customer stages a cart from Ondo on the iPhone in line at a meeting, then opens her laptop at home to complete checkout. Same cart, one order, one idempotency key — the duplicate submit is silent.
Mobile or web — the order goes to the same endpoint with the same idempotency key. A duplicate request returns the original order instead of creating a second one.
POST /v1/orders HTTP/1.1 Authorization: Bearer brk_live_XXXX Idempotency-Key: "a1b2c3d4-e5f6-..." Content-Type: application/json { "restaurant_id": "rest_ondo_001", "items": [ { "menu_item_id": "mi_miso_cod", "qty": 1 }, { "menu_item_id": "mi_truffle_soba", "qty": 1 } ], "delivery_address": { "line1": "24 Bedford St" }, "tip_cents": 800 } # Response — 201 Created (or 200 OK on duplicate) { "id": "ord_8KQ4ZJ2x", "status": "pending_confirmation", "total_cents": 7114, "estimated_delivery_at": "2026-05-15T19:12:00Z" }
An API is not a technical detail. It's a posture. It's how a product tells its operators, its partners, and its future self what kind of problems it's trying to solve.
Wires, custody, and discretionary mandates demand a contract you can hand to a regulator. SOAP gives every transaction a signed, replayable envelope — and a WSDL that a treasury system can already parse.
A phone needs three workouts and a streak. A coach's dashboard needs the full leaderboard and zone-by-zone breakdowns. Same schema, same socket, different selections — and a live BPM feed that fans out in real time.
A menu read 10,000 times an hour belongs at the CDN edge. An order created from two devices belongs behind an idempotency key. REST gives us both for free — and a JSON shape that any third-party kitchen display already knows how to render.