> This experience fits a pattern I keep running into with European business-facing APIs and services. Something is always a little bit broken.
I feel like this isn't just business services though.
American engineers are used to working for either big tech or "Silicon Valley inc." European engineers are used to working for Volkswagen, Ikea or Ryanair. Very different kinds of businesses who treat tech very differently.
Over here, competing on user experience and attracting users with a slick interface that people love to use isn't really something most companies think about (and so they get their lunch eaten by the Americans).
Nowhere is the European mentality more evident than in cybersecurity, where outdated beliefs still dominate. In this mentality, everybody is out to get you (and that notably incudes your vendors, your business partners and your customers), so all infrastructure has to be on prem, open source is free and hence suspicious by definition, obscurity is the best kind of security, encryption doesn't work so data should go over custom fiber, and if you have to expose an API on the public internet, an Authorization header isn't enough, it should also require MTLS behind a layer of IpSec.
And we're still getting passwords changed periodically or requiring a number, upper case letter, symbol...
I'm an European engineer and I can confirm that our tech is often broken and customer-reachable people are usually obtuse and hostile about it. We don't even seem to properly implement our own legal requirements. Sometimes, Americans implement the RGPD better than we do.