But it wouldn’t be easier for me to connect all these systems in just one database and take all the data from it?

Not.

The reason is that if you give access to the database, its security, its business rules and its encapsulation are compromised.

Imagine that site A is a carrier and site B is a commodity sales company. Customers access the site B to make purchases and the website of company B talks to the site A through a webservice to schedule the delivery of the goods and to get the freight cost to be charged from the user.

But, let’s assume that instead, the website A opens access to the database for company B. In this case company B could get access to data from other customers of the carrier, could register, change and destroy information of which it does not own, including other customers of the carrier. The result would be chaos.

There is the question of the business rules of company A. With direct access to the database by company B, who in company A can guarantee that the process in company B will not register deliveries in unmet cities? Since company B has access to A’s database, all of A’s business rules would have been circumvented.

Also, let’s assume that to calculate freight, company A needs to collect data from 27 different tables. Why does Company B need to know that if all they want is the freight value? Company B does not want to know how the price of gasoline in different regions of the country and how the toll costs affect the freight price, as this is the responsibility of company A. What company B wants to know is just what the freight price would be. This price is something that company A’s webservice can inform, and what is behind this webservice is company A’s problem and responsibility. But if direct access to the database is instead used, then company B would need to execute all these processes in the 27 tables of company A, which should not be their responsibility.

Also, even if company B is well-behaved, company A will not be able to make changes to your database easily without breaking things for company B and all other customers who have access to your database. If someone breaks into company B’s website, company A’s database would also be compromised and along with it, that of all other customers in company A.

The best thing is that company A provides a web service by publishing the operations to be carried out. In this way, the implementation of the database is restricted to company A itself. If it wants to make changes to the database to use information on road rubbers to calculate freight, they just make some changes to the implementation of the service to ensure compatibility and company B doesn’t even need to know that there was some kind of change because it’s really not their problem.

In addition, with the webservice, you guarantee that business rules will be respected and that company B will only be able to access what they are interested in the way they should. If company B tries to register a delivery in a city that is not serviced, the webservice returns an error. With the webservice you can also make validations and checks (including login/password). In addition, company B does not need to know (and will not want to know) how to extract and gather data from 27 different tables to calculate freight, as this is the responsibility of company A and company B has nothing to do with it.

And not everything is limited to the database, imagine that in the calculation of the route for delivery in company A there is a process that depends on the generation and manipulation of some files. And then, would open the file system for others too?