"Composable" sits in almost every pitch deck, where it usually means nothing — a label for "modern" meant to justify the next contract. With Medusa it is not a marketing word but the way the system is built: a modular commerce core to which you attach payment, PIM, ERP, search and CMS over clean APIs.
The difference is not semantic, it is a budget question. Buy composable as a slide and you end up with a monolith wearing a REST facade. Understand the architecture and you buy swappability — the ability to replace a single building block without replatforming the whole system. That is the strategic value, and that is where composable commerce with Medusa turns out to be either an investment or an expensive detour.
What composable commerce with Medusa actually means architecturally
Medusa is built in four layers: API routes on Express, workflows below them, modules below those, and the PostgreSQL data store at the bottom. This separation is not cosmetic. It is the reason commerce and infrastructure building blocks can be swapped independently — "you can replace any of the third-party services … to build your preferred commerce ecosystem", as the architecture documentation puts it.
A module in Medusa is "a reusable package of functionalities related to a single domain or integration". The decisive property is isolation: one module does not reach directly into another's data models. That sounds like a constraint, but it is the core of modularity — no building block can quietly couple itself to another, which is exactly why each one can be replaced or removed. This isolation is the technical precondition for "swappable" being more than a line in the contract.
The modules are joined through Module Links. Instead of dragging foreign-key constraints across the database, Medusa generates an automatic link table that stores only IDs — no hard coupling between domains. Above them sit the workflows: sequences of steps with built-in durable execution and per-step rollback. When an order touches an ERP system, a payment provider and a CMS, and the third step fails, the workflow compensates the first two back cleanly. That is the unspectacular but operationally decisive answer to how you keep data consistent across system boundaries.
Best-of-breed instead of monolith: why swappability is the real value
The selling point of composability is rarely "we can build anything" — you can do that with a monolith and enough technical debt too. The point is that you can undo a bad decision without tearing down the whole house.
Concretely: Medusa ships roughly two dozen commerce modules out of the box — from cart, order, payment and pricing through inventory and fulfilment to promotion and tax. Alongside them sit swappable integrations for payment (Stripe, PayPal), search (Algolia, Meilisearch), and CMS and ERP as their own modules. If your search provider stops convincing you in two years, you swap the search module — not the platform. That is best-of-breed in practice: the best tool per domain, joined over a documented commerce API, instead of an all-in-one suite whose weakest feature you carry because it happens to come bundled.
This is also where ERP PIM integration shifts from an integration project to an architectural decision. A PIM as its own module, an ERP adapter as its own module, joined over Module Links and workflows — structurally the same pattern as the internal cart-order link, only with external systems. For decision-makers who have to connect legacy estates, that is precisely the interesting part: Medusa works as an integration layer that encapsulates old systems rather than replacing them.
How a procurement layer slots cleanly into this architecture
Here the architecture becomes concretely testable. The Medusa core contains no company, quote or approval module — the B2B base logic is deliberately not part of the core. What exists sits in the B2B starter: company and employee management, per-employee spending limits with configurable reset frequencies, simple company-level approval workflows, and quote management with negotiation.
And now the point that carries the thesis: these features are implemented in the starter as custom modules (company, quote, approval) — not drawn from the core, not delivered as a SaaS feature flag. The B2B starter describes itself as "designed to be customized and extended". It is boilerplate to fork and maintain yourself, not a product feature Medusa keeps up to date. That distinction is not pedantry but a make-or-buy question with a direct TCO consequence: you take on maintenance and further development of this code.
The real proof of the composability thesis, though, is *how* these modules are built: as standalone domains hung onto cart and order over Module Links. A genuine procurement layer — with punchout catalogues, cXML and OCI, cost centres, multi-stage approval chains and net-terms invoicing — is demonstrably missing from the starter and has to be built. But it hooks into the same structure: as another module, joined over the same mechanisms. Nothing in the architecture has to be broken open for it. Anyone who wants to know what the starter delivers and what enterprise procurement really demands will find the honest boundary in our piece on why Medusa ships no turnkey procurement. And anyone looking for the basics of why Medusa is built this way at all should start with the question of what Medusa.js actually is.
Where Medusa sits in the MACH context — and where the bias sits
MACH stands for Microservices-based, API-first, Cloud-native and Headless; the MACH Alliance was founded in June 2020 and now extends the acronym with the layer "Open, Composable, Connected". Medusa follows these principles in its own structure: API-first over a documented interface, swappable commerce and infrastructure modules, and the explicit invitation to replace third parties. The MACH architecture is therefore not a label you stick on but a build decision you can read off the module isolation.
This is where a dose of realism is due. The MACH Alliance is an advocacy body and, naturally, names the upsides of composability. The other side — higher integration, governance and operating complexity, no out-of-the-box suite — does not appear there. Judge an architecture solely from the marketing of its advocates and you buy half the truth. Composability is a tool with clear costs, not a law of nature dressed up as progress.
The price of modularity, honestly counted
Composable comes with an invoice, and it is not printed in the pitch deck. More modules means more integration work, more moving parts, more operations than an all-in-one platform. Medusa's production stack requires PostgreSQL and Redis, has to run in two modes (server for API/admin, worker for background jobs), needs at least 2 GB of RAM and Node 20 expertise on the team — plus your own uptime, scaling and security patching.
For a simple, standardised B2C catalogue that is massively over-provisioned. As of mid-2026 and depending on scope, a clean first implementation of a self-hosted stack tends to land in the low to mid five figures, with ongoing operations running to a few hours a month — an estimate to verify against your own case, not a quote. Money well spent if you integrate several best-of-breed systems and want to swap building blocks independently. Money wasted if a managed shop meets the same requirement at a fraction of the operating effort. Modularity only pays off once you actually use it — not because it sounds modern.
Where "composable" becomes an end in itself
The uncomfortable point: composability regularly flips into its opposite. Every building block acquires its own vendor, its own contract, its own operations, its own SLA and its own contact who, when things break, points at the others. "Best-of-breed" turns into a zoo of interfaces where no one owns the overall behaviour any more.
Without clear governance you get an integration monster that costs more than the monolith it was meant to replace — only with more invoices and more vendor risk. I have seen setups where five "best" individual systems together worked worse than one mediocre suite, because the integration layer itself became an unmaintained legacy system. Composability without an operating model is not progress, it is distributed technical debt.
The line does not run along the technology but along the organisation. Anyone who has not got data modelling across system boundaries under control — where product data is authoritatively maintained, say, and how it stays in sync with the shop — will produce the same inconsistencies with modules as with a monolith, only harder to trace.
What I tell decision-makers
Treat "composable" not as a goal but as a means. The right question is never "are we composable enough" but "which specific building block must we be able to replace in three years without replatforming". If you can answer that, Medusa with its module architecture is a precise tool — and a procurement layer, a new PIM or an ERP switch stay a module question, not a replatforming question.
If you cannot answer it, every additional module buys you optionality you never redeem but operate every month. Then the monolith is the more honest choice. The decision for or against composability is not a technology preference but a bet on your own rate of change — and you should size that up soberly, before a vendor sizes it up for you. Anyone wanting to go deeper into Medusa's role across the whole commerce stack will find the overview on our Medusa topic page.
