Go talk to your vendor management team about getting a $2/mo contract signed. What does support look like because if this goes down at 2 AM, business is impacted.
Legal needs to review because it is sending employee PII (emails, phone numbers, etc) to a third party, who now knows the individuals in critical "approval roles".
Next hit up security and have them do an audit since this is going to be part of a security control. For bonus points, the internal pentest team finds a bypass that ApproveAPI needs to fix.
Your $150k a year developer is now spending 3-5 hours a week for 3 weeks shepherding a vendor onboarding for something they could have built and tested in a few hours.
Yes but your internal developer still needs to go through legal and security for the same reasons, as well as the internal pen test. The only thing you get to skip is vendor management.
And in most cases, vendor management isn't going to get involved for something that will be expensed on a credit card for $2/mo
Legal needs to review because it is sending employee PII (emails, phone numbers, etc) to a third party, who now knows the individuals in critical "approval roles".
Next hit up security and have them do an audit since this is going to be part of a security control. For bonus points, the internal pentest team finds a bypass that ApproveAPI needs to fix.
Your $150k a year developer is now spending 3-5 hours a week for 3 weeks shepherding a vendor onboarding for something they could have built and tested in a few hours.