Notifications
Clear all
Topic starter
07/06/2026 8:25 pm
TL;DR: Legacy EDI still moves trillions of dollars in supply chain transactions, yet it remains invisible, slow to change, and built on 1970s-era formats that many modern engineering teams find hard to integrate with, according to WorkOS’s conversation with Stedi CEO Zack Kanter. The governance lesson is that integration speed now shapes operational resilience, and older access and partner models need to be treated as lifecycle problems, not just interface problems.
NHIMG editorial — based on content published by WorkOS: Stedi is making EDI less terrible, a conversation with Zack Kanter
Questions worth separating out
Q: How should teams govern legacy EDI integrations with modern API tooling?
A: Treat each integration as a lifecycle-managed identity dependency, not a one-time technical connection.
Q: What breaks when partner connectivity is modernised without access governance?
A: Speed increases, but accountability often weakens.
Q: When does EDI automation create more risk than it reduces?
A: It becomes risky when automation shortens delivery cycles but leaves credential issuance, partner approval, and offboarding manual or inconsistent.
Practitioner guidance
- Map every EDI partner connection as a governed identity relationship Create an inventory of trading partners, transport endpoints, credentials, and owning teams so that each integration has a clear lifecycle record and review owner.
- Define revocation triggers for partner integrations Tie offboarding, contract termination, system replacement, and partner change events to explicit deprovisioning steps for all integration credentials and routing rules.
- Measure onboarding speed against exception growth Track how long it takes to establish a new partner connection and how often teams bypass standard controls to meet delivery dates; rising exceptions usually signal governance strain.
What's in the full article
WorkOS's full article covers the operational detail this post intentionally leaves for the source:
- The interview context and founder perspective behind Stedi's approach to EDI modernisation.
- The specific developer experience tradeoffs that make EDI feel unlike modern API integration work.
- The commercial and operational reasons supply chain partners are adopting cleaner integration patterns.
- The AWS infrastructure context that shaped the discussion at re:Invent 2025.
👉 Read WorkOS's conversation on making EDI less terrible →
EDI integration in 2026: what changes for IAM and supply chains?
Explore further
07/06/2026 10:18 pm
Legacy integration is now an identity governance problem, not just a systems-integration problem. The article shows that EDI still carries high-value business transactions, which means every partner link represents a governed access relationship. When those relationships are managed as technical plumbing instead of controlled dependencies, ownership, review, and revocation become opaque. Practitioners should treat integration estates as part of the identity perimeter.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap.
A question worth separating out:
Q: What should security teams look for in legacy integration reviews?
A: Look for persistent trust relationships, undocumented endpoints, shared credentials, and partner links that survive organisational change. Those are the places where integration becomes a hidden access problem. A clean review should answer who owns the connection, what it can reach, and what event would trigger its removal.
👉 Read our full editorial: Stedi and the modernization of EDI integration for supply chains
