Understanding platform risk in SaaS: types, mitigation, and when to accept it

Executive overview

Building on another company's API or marketplace puts your business at the mercy of a single third party. Platform risk is not hypothetical — Shopify effectively ended CartHook's growth trajectory with a single email, despite it being a multi-million dollar business.

Two types of platform risk exist: infrastructure risk (no replacement for the core service) and app store risk (one marketplace dominates customer acquisition). Acquirers discount valuations for both.

If the platform disappeared tomorrow and it would devastate your business, you have true platform risk.

Two types of platform risk

• Infrastructure platform risk: your product is built on a service with no viable replacement (e.g. Shopify, Twitter, Reddit apps)
• App store platform risk: 80–90% of new customers arrive through a single marketplace
• Most platform-dependent businesses have both simultaneously
• Replaceable APIs (geolocation, email, SMS) with multiple equivalents are not true platform risk — switching is painful but survivable

How to minimise it

• Add additional platforms (Magento, WooCommerce, BigCommerce) to reduce single-source dependency
• Branching into new platforms is harder than it sounds — first-mover advantages rarely replicate on platform two
• For app store risk: invest in SEO, cold outreach, or other traffic channels to diversify lead sources
• Sometimes accepting platform risk is the right call, especially for step one or step two stair-step businesses

When it's acceptable

• Early-stage and lifestyle businesses often carry platform risk by design — this is fine for a defined period
• Running multiple step-one businesses provides diversification
• Treat platform risk as a temporary constraint on the path to a more independent step-three SaaS

If the platform cracks down

• Negotiate first — be persistent; contact forms and developer relations contacts are your entry points
• Frame it as a partnership: "you're destroying a business that's been on your platform for years"
• If they replicate your feature set, negotiation rarely works
• If they block API access or demand revenue share, there is room to push back
• Legal escalation is expensive and slow — use only if you have a strong case
• Founders have saved businesses through persistent negotiation; others have had to move on