Five ways to automate a system with no public API, compared honestly: partner programs, no-code connectors, RPA, browser agents, and managed backend APIs. Updated July 2026.

Roughly 90% of enterprise software has no public API. If your workflow lives inside a property management system, a dealer platform, a claims clearinghouse, or a state licensing portal, you've probably discovered this the hard way: the data you need is behind a login, and there's no documented way for software to get it. You have five real options. Here's the honest comparison, updated July 2026.
If a no-code connector exists for both systems, use it. If the vendor runs a partner API program and you can absorb months of approval, apply. For everything else (which in vertical software is most things), automating the UI with bots or browser agents means paying a maintenance tax forever, while calling the portal's own backend directly gets you milliseconds and structured data. The build-vs-buy question on that last path is really about who owns maintenance at 3 a.m.
| Approach | Setup time | Latency | What breaks it | Who maintains it |
|---|---|---|---|---|
| Official partner API | 3 to 12 months of approval | Fast | Program scope changes | The vendor (partially) |
| No-code connectors (Zapier, Make, n8n, Power Automate) | Hours, if a connector exists | Minutes (polling) | No connector for most vertical software | You |
| RPA (UiPath, Automation Anywhere, Power Automate UI flows) | Weeks | Seconds per step | Any UI change, pop-up, or MFA prompt | You, forever |
| Browser agents (AI-driven) | Days | Tens of seconds | Prompt drift, UI changes, CAPTCHA | You, plus a token bill |
| Managed reverse-engineered API | Days | Milliseconds | Backend schema changes (detectable, fixable) | The provider |
Many "no API" platforms actually have one. It's just gated behind a partner program with an application, a waitlist, and sometimes a revenue share. If you qualify and can wait, this is the most defensible path. The catch: approval takes months, coverage is often a subset of what the UI can do, and the vendor can decline you, especially if your product competes with theirs.
Pick this when: you're big enough to matter to the vendor, your use case fits their program, and your timeline can absorb a quarter or two of waiting.
Zapier, Make, n8n, and Power Automate are the right answer when a connector exists. They're fast to set up and cheap to run. The problem is coverage: these platforms connect software that already has APIs. The vertical systems that run property management, auto dealers, clinics, and law firms mostly don't, so there's no connector to drag onto the canvas. Polling delays and missing fields are the other tax: a zap sees what the API exposes, on the schedule the trigger allows.
Pick this when: both systems have real APIs and near-real-time isn't required.
UiPath and Automation Anywhere built a category on driving the UI directly: record the clicks, replay them at scale. For desktop apps and mainframe green screens, RPA is still often the only option, and the big platforms bring real governance tooling. On web portals, the math gets worse. Every bot is a script pointed at a screen that wasn't built to hold still. A renamed button, a new required field, an MFA prompt: each one is a broken workflow and a support ticket. We wrote the full engineering comparison in Supergood vs RPA.
Pick this when: the target is a desktop or legacy app with no web backend, and you have staff to own bot maintenance.
The newest option: an AI agent that reads the page and operates the browser like a person would. Impressive demos, real progress, and a good fit for one-off or exploratory tasks. For production workflows, the numbers are hard. A browser session takes seconds to spin up and tens of seconds per task, costs compute (or tokens) on every run, and inherits every fragility RPA has, plus a new one: the model can simply decide to do something different today. In our own side-by-side test, a browser automation run took 47 seconds on a workflow that two direct HTTP calls complete in 16 milliseconds. The full argument is in Browser Automation Doesn't Scale.
Pick this when: tasks are low-volume, exploratory, or genuinely require judgment on unstructured pages.
Every web portal already has an API. It's the set of network calls your browser makes when you click around. Reverse-engineering means calling that backend directly: no browser, no pixels, structured JSON in milliseconds. Doing this yourself is real engineering: capture the traffic, work out auth and session handling, survive MFA, then maintain all of it when the vendor ships a change. That last part is the actual product. A managed provider (this is what we do at Supergood) instruments every call in production, detects schema changes when they happen, fixes the integration, and keeps documentation current, so what you consume looks like any other REST API, including uptime expectations and structured errors. More on the mechanics in What is an Unofficial API?
The honest trade-offs: it's a vendor relationship rather than a library, and it depends on the portal's backend staying reachable, which is why observability is the load-bearing part of the offering. For MFA, service accounts (real managed emails and phone numbers added to the portal as a normal user) are how this works cleanly.
Pick this when: the workflow runs in production, the portal has no usable official API, and you need speed and reliability without staffing an integration team.
Does "no public API" mean the data is unreachable? No. If a web portal can show data to a logged-in user, the data travels over network calls that software can make directly. The question is engineering effort and maintenance, never possibility.
Is screen scraping the same thing as a reverse-engineered API? No. Scraping parses rendered HTML and breaks when layout changes. A reverse-engineered API calls the portal's own backend endpoints and returns the same structured data the UI consumes.
What about compliance? Ask any provider for SOC 2 Type II, HIPAA support where relevant, audit logs of every call, and a clear story on credentials. (Supergood holds SOC 2 Type II and supports HIPAA workloads and on-prem deployment.)
Which approach is cheapest? No-code connectors, when they cover your systems. For vertical portals they usually don't, and the cheap option becomes RPA's sticker price plus an unbudgeted maintenance contract you sold yourself.
We publish integration docs for hundreds of vertical platforms, each answering what official access exists and what the alternative looks like. Start at the docs index, and if your platform isn't there, tell us. Requests reorder our build queue weekly.
Updated July 2026. We revisit this comparison quarterly as the tooling changes.