Skip to content

Drawbacks and Limitations of Merge.dev: The 2026 Architecture Guide

Evaluating Merge.dev for your B2B SaaS? Discover the hidden costs, schema limitations, compliance risks, and how to migrate without downtime.

Yuvraj Muley Yuvraj Muley · · 14 min read

If you are asking "what are the drawbacks or limitations of using Merge.dev?", you have likely hit one of two scaling walls. Either your enterprise customers are demanding custom Salesforce fields that a rigid unified schema silently drops, or your finance team just saw the projected infrastructure bill for your next 500 linked accounts.

The short answer is this: Merge.dev relies on a rigid common data model that drops custom fields, per-linked-account pricing that punishes your growth, a cached data architecture that complicates enterprise compliance reviews, abstracted error handling that hides upstream reality, and an AI agent framework locked into pre-built tools. None of these are dealbreakers for an early-stage MVP. All of them start to bite once you sell to enterprise buyers or scale past a few hundred connected accounts.

The initial pitch of a unified API is highly attractive. You write to a single endpoint, access hundreds of third-party platforms, and ship integration features faster. Building and maintaining integrations without the right architecture is a massive drain on engineering resources. Independent data from Zapier highlights that building a single integration without proper alignment can waste over 100 engineering hours, making ongoing maintenance a heavy hidden cost. Industry data from Ztabs estimates custom integration development costs between $8,000 and $12,000 in engineering time per connector.

Merge.dev solves this initial build problem effectively. But as your user base expands and your integration requirements mature, the abstraction layer that initially accelerated your roadmap becomes a structural bottleneck.

This guide breaks down the specific architectural trade-offs Merge.dev makes, when they stop making sense, and what to do about it. It is written for engineering leads and product managers who are either evaluating a Merge.dev contract or already staring at a renewal quote and running the numbers.

The Unified API Trap: Why Teams Outgrow Merge.dev

Merge.dev nailed a real problem. Building 40 CRM, HRIS, and ATS integrations from scratch is brutal, and having a single schema over them is a legitimate acceleration for a Series A team shipping their first integration marketplace. The pitch works: integrate once, get many.

Unified APIs force disparate data into a lowest-common-denominator schema. If you need standard read and write access to basic objects like CRM contacts or ATS candidates, this model works well. You map your internal data model to the unified provider's canonical model, and the provider translates it to Salesforce, HubSpot, or Workday.

The trap is that the abstraction layer that accelerated your first 10 customers becomes the bottleneck for your first 10 enterprise deals. Standardized schemas are inherently lowest-common-denominator. Per-connection pricing is inherently anti-scale. Cached architectures inherently create compliance surface area. These aren't bugs. They are architectural decisions with predictable consequences.

Here is what teams actually run into once they push past the demo stage:

  • Schema loss on custom Salesforce objects, custom BambooHR fields, and vendor-specific metadata that enterprise buyers require.
  • Pricing cliffs as linked account counts climb into the hundreds and per-account fees compound.
  • Compliance friction when your prospect's security team asks where third-party payroll data is being cached.
  • Debugging opacity when a normalized error message hides the actual upstream reason a sync failed.
  • AI agent rigidity when your LLM tool-calling needs do not fit the pre-built agent handler's tool shape.

Let's walk through each drawback with the specific technical and business contexts that matter.

Drawback 1: Schema Rigidity and the Custom Object Problem

Merge.dev's core design pattern is a Common Data Model: a canonical schema for CRMs, HRIS systems, ATSs, and ticketing tools. To make that model work across dozens of providers, Merge only maps the fields most providers expose. Anything vendor-specific gets dropped or shoved into a generic custom_fields blob.

That is fine when your customers use Salesforce out of the box. It falls apart the moment your top-tier prospect says something like: "We need you to sync our custom Renewal_Risk_Score__c field and our custom Deal_Committee object into your platform."

Why this hurts in practice:

  • Custom objects are invisible. A canonical CRM schema has Accounts, Contacts, Opportunities. It doesn't have your customer's highly specific Territory_Assignment object. You either build a passthrough on top of Merge or write custom code outside the unified layer, defeating the entire purpose of buying a unified API.
  • Bidirectional sync amplifies the loss. When Merge drops a field on the read side, you cannot write it back either. Enterprise buyers usually want two-way sync with their full schema, not a sanitized subset. If a Salesforce admin has created a custom_industry_code__c field that is mandatory for saving a Lead, the unified API must be able to read, map, and write to that specific field.
  • Enum coercion breaks logic. Vendor-specific pick-list values get mapped to Merge's predefined enum set, which means a status of Contract Out for Signature might arrive as In Progress, silently corrupting your internal business logic.
flowchart TD
    A["Enterprise CRM Payload<br>(Salesforce)"] --> B{"Merge.dev<br>Canonical Model"}
    B -->|"Maps standard fields"| C["Standardized JSON<br>(Name, Email)"]
    B -->|"Drops custom fields"| D["Lost Data<br>(custom_industry_code__c)"]
    style B stroke-dasharray: 5 5

The workaround Merge offers is remote data and field mappings, but they still route through a schema that was designed for the median customer, not your specific enterprise deal. Because Merge relies heavily on standardizing payloads, handling these custom edge cases requires writing specific override code or building separate pipelines outside the unified model.

Modern integration architectures solve this schema rigidity by moving away from hardcoded canonical models. Platforms like Truto use a pass-through architecture combined with declarative JSONata mappings. Instead of forcing data into a fixed schema, you define per-customer custom field and custom object overrides using declarative JSONata. This allows you to handle highly specific enterprise requirements without writing integration-specific code. For a deeper technical breakdown, see our post on why unified API data models break on custom Salesforce objects.

Drawback 2: The Per-Linked-Account Pricing Cliff

The most immediate pain point scaling teams experience with Merge.dev is the pricing model. Published pricing tiers have historically started around $650/month for up to 10 linked accounts, with each additional linked account costing roughly $65/month on the standard tier.

A linked account is defined as a single customer connecting a single third-party tool to your application. This model scales linearly and actively penalizes your growth.

Let us run that math for a mid-market B2B SaaS application:

  • 50 Linked Accounts: $650 + (40 * $65) = $3,250 per month.
  • 200 Linked Accounts: $650 + (190 * $65) = $13,000 per month.
  • 500 Linked Accounts: $650 + (490 * $65) = $32,500 per month.

If your SaaS product charges $150 to $1,000 per month per customer, handing $65 of that revenue directly to your integration infrastructure provider destroys your gross margins.

Why this pricing shape is problematic:

  • Linear cost scaling on a variable that grows with success. Every new customer who connects an integration costs you incrementally. Growth becomes a massive cost center, not a leverage point.
  • Every category multiplies the bill. If a customer connects a CRM, an HRIS, and a ticketing tool, that can count as three linked accounts, not one.
  • Free-tier users still cost you. If your product offers integrations on a free or low-tier plan, you're paying for connections that generate no revenue.
  • Renewals get painful fast. Teams often discover the cliff at year two, when their linked account count has 5x'd and the renewal quote lands.

Predictable, developer-friendly pricing should not charge per linked account. Infrastructure should scale based on actual compute or API volume, protecting your unit economics as your customer base grows.

Pricing Model How it scales Risk profile
Per linked account Linear with customer count Punishes growth
Per API call Linear with usage Bursty, hard to forecast
Flat platform fee Predictable Vendor commits to fair use
Consumption-based with committed capacity Semi-predictable Best for mid-market SaaS

Read more about the financial impact of usage models in our breakdown of the hidden costs of usage-based unified API pricing.

Drawback 3: Data Caching and Compliance Risks

Merge.dev uses a polling-based architecture that pulls and stores third-party data on their servers to power their unified endpoints. That cached copy is what your app reads from when you query the unified API. It is fast, and for small workloads, it is convenient.

The problem is what happens when your enterprise buyer's security team runs a vendor review. If your customer connects their HRIS (like Workday or Gusto), Merge is storing highly sensitive Personally Identifiable Information (PII), salaries, and organizational structures.

Their security questions will look like this:

  • Where is the cached copy of our employee compensation data stored?
  • What is the retention window for that data if we disconnect?
  • Is that data encrypted at rest with our KMS keys?
  • Does the sub-processor list satisfy our DPA requirements?
  • Do polling intervals meet our real-time regulatory reporting SLAs?

Any cached-data architecture has to answer these questions. This creates a massive compliance surface area. When you undergo SOC 2, GDPR, or HIPAA audits, your auditors will require extensive documentation on how Merge secures, encrypts, and retains this data. Your enterprise prospects will flag this in security questionnaires, extending sales cycles as infosec teams scrutinize the third-party data storage.

The secondary issue with polling is staleness. If your product needs to react to a Salesforce Opportunity update within seconds, a poll-and-cache pipeline running every 15 minutes is a bad fit. Some workflows tolerate cache lag. Others (fraud prevention, revenue ops, live agent context) do not.

Zero Data Retention Architectures The architectural counterpoint is a pass-through unified API that translates your request to the upstream call in real time, normalizes the response, and never persists the payload. Platforms like Truto do not store customer payload data at rest. When a request is made, the platform routes the call to the upstream API, normalizes the response in memory, and passes it directly back to your application.

Info

When a security review asks "where does our customer data live," the strongest answer is "nowhere in our integration provider's storage." That's only possible with a pass-through, zero-retention architecture.

This zero data retention architecture severely reduces your compliance burden and makes passing strict enterprise security reviews significantly easier. Learn more about what zero data retention means for SaaS integrations.

Drawback 4: Rate Limits and Error Handling Abstractions

Every unified API abstracts upstream errors. That is part of the value: you get consistent error semantics across 40 vendors instead of learning each one's quirks. Handling rate limits across hundreds of different APIs is notoriously difficult. Every vendor implements rate limiting differently.

It is also where the abstraction leaks the hardest.

What you tend to lose behind a heavy abstraction:

  • Actual upstream status codes. Was it a 429, a 403 with a specific scope error, or a 500 from the vendor's flaky endpoint? Normalized errors flatten this. If an upstream API returns an HTTP 429 Too Many Requests, but the unified API abstracts this into a generic "Sync Failed" error, your engineering team lacks the visibility needed to build proper exponential backoff mechanisms.
  • Vendor-specific rate limit windows. Salesforce has 24-hour org-wide limits. HubSpot has 10-second burst limits. Zendesk uses token buckets. A single retry policy across all of them is wrong for at least half of them.
  • The Retry-After header semantics. Some vendors return seconds, some return HTTP dates, some return nothing and expect you to back off exponentially. Cached abstractions often normalize this away.

There is a design philosophy question here. Some platforms auto-retry, throttle, and absorb rate limit errors on your behalf. That feels helpful, until you realize a hidden retry storm just consumed your customer's daily Salesforce quota during their end-of-quarter close.

Transparent Rate Limit Normalization Instead of absorbing or masking these limits, a robust integration architecture should normalize them while leaving control in the hands of the developer.

For example, Truto does not retry, throttle, or apply backoff on rate limit errors automatically. When an upstream API returns an HTTP 429, Truto passes that error directly to the caller. However, Truto normalizes the varying upstream rate limit information into standardized headers per the IETF specification:

HTTP/1.1 429 Too Many Requests
ratelimit-limit: 100
ratelimit-remaining: 0
ratelimit-reset: 1712053200

By passing the 429 error and providing standardized headers, the platform gives your application the exact context it needs to schedule retries or apply backoff logic, without hiding the reality of the upstream system. For a full pattern reference, see best practices for handling API rate limits and retries across multiple third-party APIs.

Drawback 5: Limitations for AI Agents and LLM Tool Calling

The rise of AI agents and Large Language Models (LLMs) has fundamentally changed how software interacts with APIs. As covered in our guide to the top Merge.dev alternatives for AI agents, agents do not just read data in bulk - they execute dynamic, multi-step tool calls based on user prompts.

Merge released an Agent Handler product to make its unified API accessible as LLM tools. If your agent workflow fits the pre-built tool shape, it works. The friction shows up when your agent needs something outside that shape.

Specific constraints teams have run into:

  • Fixed tool definitions. Tools are pre-built around Merge's common schema, so anything requiring a custom field, custom object, or vendor-specific action isn't callable without complex workarounds.
  • Coarse-grained tool granularity. Agents often want a single narrow action ("create a Salesforce Task on this Opportunity") but get handed a chunky object-level tool that requires the LLM to reason about too many fields, increasing hallucination risks.
  • Cached data staleness. If the underlying data is polled, the agent may reason on a stale snapshot, which is a terrible property for any consequential action like updating a payroll record or closing a support ticket.
  • No dynamic tool generation. Enterprise agents often need per-customer tools that reflect that customer's specific schema, and that's hard to express when tools are static.

The MCP Advantage A more flexible architecture generates Model Context Protocol (MCP) tools dynamically from the underlying API surface, so every endpoint your platform exposes becomes an agent-callable tool automatically. Instead of relying on a vendor's pre-built agent handler, platforms offering native MCP support give your AI agents direct, secure access to the full surface area of the upstream API. Combined with pass-through execution, your agent reasons on live data and calls real endpoints, without a lossy schema in the middle.

flowchart LR
    A[LLM Agent] --> B{Integration Layer}
    B -->|"Cached + Fixed Tools"| C["Common Schema<br>Pre-built Handler"]
    B -->|"Pass-Through + Dynamic Tools"| D["Live API<br>Auto-generated MCP"]
    C --> E[Upstream SaaS]
    D --> E

Top Alternatives to Merge.dev in 2026

If Merge.dev's limitations are blocking your roadmap, the market offers several distinct architectural alternatives tailored to different use cases. The alternative landscape splits into three architectural buckets:

  • Declarative, zero-storage unified APIs (Truto): Best when you need enterprise compliance (SOC 2, HIPAA, GDPR), per-customer schema flexibility, predictable pricing, and native AI agent tool calling without a rigid handler. Truto passes through data without retaining it, uses JSONata for per-customer schema overrides, and offers predictable pricing that does not charge per linked account. For a deeper dive, see our full comparison of Truto vs Merge.dev.
  • Embedded iPaaS (Prismatic, Paragon, Workato Embedded): Best when you need visual workflow builders, customer-facing configuration UI, and long-running orchestration. It is ideal for teams that need to expose workflow builders directly to their end users. Trade-off: more platform complexity and typically higher per-workflow cost.
  • Code-first integration platforms (Nango): Best when your engineering team wants to write and version integration code, self-host, or leverage AI coding assistants to build custom connectors. Nango criticizes fixed schemas and allows developers to write custom integration logic in code. Trade-off: you own more of the maintenance surface.
  • Consumer-priced Unified APIs (Apideck): Positions itself as a real-time unified API with consumer-based pricing rather than per-connection enterprise fees. It is particularly strong in the accounting and HRIS verticals.
Merge.dev drawback Truto approach
Schema rigidity Declarative JSONata overrides per customer for custom fields and objects
Per-linked-account pricing Predictable pricing that doesn't scale linearly per connection
Cached data Pass-through architecture with zero data retention
Abstracted rate limits Pass HTTP 429 to caller, normalize headers per IETF spec
Locked AI agent tools Auto-generated MCP tools from your integration surface

For a detailed comparison of these vendors, read our guide on the 5 best Merge.dev alternatives for B2B SaaS integrations.

How to Migrate Off Merge.dev Without Downtime

The biggest fear engineering leaders have when evaluating Merge.dev alternatives is the re-authentication cliff: forcing hundreds of enterprise users to click "Reconnect" on their Salesforce, Workday, or HubSpot integrations. Done wrong, that generates support tickets, increases churn risk, and burns social capital. Done right, users never notice.

If you are planning a migration, you can move off Merge.dev without touching your end users. The technical playbook involves exporting your underlying OAuth tokens and mapping them into your new integration provider's credential vault.

Tip

The Zero-Downtime Migration Strategy You own the OAuth apps used to authenticate your customers. By requesting an export of the raw access and refresh tokens from Merge, you can securely inject them into a new platform. The new platform simply takes over the token refresh lifecycle ahead of expiry.

The core moves in a zero-downtime migration:

  1. Export OAuth tokens from Merge. Merge supports token export for accounts where you own the OAuth app registration. This is why owning your OAuth apps from day one matters.
  2. Import tokens into the new platform's credential context. The new provider stores refresh tokens and handles refresh cycles.
  3. Shadow-run the new provider. Send the same requests to both systems and diff the responses before cutting over.
  4. Use declarative mappings to mimic old response shapes. Your frontend keeps consuming the same JSON shape while the underlying provider changes.
  5. Flip traffic in a controlled rollout. Start with 1% of accounts, watch error rates, then ramp.
sequenceDiagram
    participant DB as Your App
    participant Old as Merge.dev
    participant New as New Unified API
    participant Upstream as SaaS Vendor

    DB->>Old: Request OAuth Token Export
    Old-->>DB: Return Raw Access & Refresh Tokens
    DB->>New: Import Tokens & Map Credentials
    New->>Upstream: Validate Token via API Call
    Upstream-->>New: 200 OK (Valid)
    New-->>DB: Migration Complete (No User Action Needed)

Once the tokens are migrated, you can use declarative mappings to mimic your old API responses, ensuring your frontend and business logic code does not have to change immediately. We have documented this exact process in our Merge.dev migration playbook.

Making the Call: Strategic Wrap-Up

Merge.dev is a well-built product that provides a fast path to launching your first dozen integrations. The drawbacks above aren't accidents. They are the honest cost of the abstractions Merge chose. Rigid schema is what makes "one API for all HRIS" possible. Cached polling is what makes latency feel fast. Per-account pricing is what makes revenue predictable for their finance team.

Those trade-offs match some early-stage teams well. If your customers are SMBs using out-of-the-box SaaS tools, your integration volume is modest, and your compliance surface is limited, Merge is a legitimate choice.

But as you scale into the mid-market and enterprise segments, the architectural trade-offs become costly. If you are selling upmarket, if enterprise buyers ask for custom object bidirectional sync, if your compliance team blocks cached-data vendors, or if your linked account count is going to 4x this year, the architectural trade-offs stop making sense.

Evaluating your integration infrastructure requires looking past the initial developer experience and modeling your unit economics and enterprise compliance requirements two years out. If you are hitting these scaling walls, it is time to evaluate zero-retention, declarative architectures that give you control over your data, your error handling, and your margins.

The next step is to pressure-test your specific workload against a pass-through, declarative alternative. Bring your ugliest custom object mapping, your worst rate limit story, and your top three enterprise deal requirements. See what breaks.

FAQ

What are the main drawbacks of using Merge.dev?
The main drawbacks are a rigid common data model that drops custom fields, expensive per-linked-account pricing, cached data that complicates enterprise compliance reviews, abstracted error handling, and an AI agent framework locked into pre-built tools.
How much does Merge.dev cost at scale?
Published pricing has historically started around $650/month for up to 10 linked accounts, with additional accounts costing roughly $65/month each. Because it scales linearly per connection, 200 connected customers can cost over $13,000/month before enterprise features.
Can Merge.dev handle custom Salesforce objects?
Merge.dev's common data model maps standard fields but typically drops custom enterprise fields and objects. To achieve bidirectional sync for highly customized CRM instances, you often have to build complex passthrough workarounds.
Can I migrate off Merge.dev without forcing users to re-authenticate?
Yes. If you own your OAuth app registrations, you can export your underlying refresh tokens from Merge and import them into a new integration provider's credential vault to achieve a zero-downtime migration.

More from our Blog