Extract from Jim Gill’s article “Analysis of SaaS API Limitations for Ediscovery and Compliance”
When it comes to ediscovery and compliance, APIs can give users the ability to use 3rd party solutions to preserve, collect, and even cull data housed in a SaaS application; however, functionality is still limited to what the API is built to communicate.
Even if an application has an API available, its design is often focused on the modification of objects and data rather than the creation of a consumable, universal format expected by legal and compliance teams.
It may also only capture text-based information and may lack some of the visual and dynamic features of the original interface, which can be quite important when it comes to understanding and contextualizing the data.
One particular limitation of APIs is the available export format. Some APIs may not have an export function at all, while others usually export data in JSON format (all but 21% of APIs surveyed in Hanzo’s 2022 Modern Guide to SaaS Preservation used JSON export).
JSON uses human-readable text to store and transmit data objects consisting of attribute-value pairs and arrays (or other serializable values). And while most of the required data is preserved in this format, it’s not the most usable when reviewing for potential relevance in an investigation, especially for platforms with complex user interfaces or communications channels.