ml-connector
DeltekTwilio

Deltek and Twilio integration

Deltek Vantagepoint runs project accounting, billing, and resource management. Twilio sends SMS, voice calls, and one-time passcodes. Connecting the two means a finance event in Deltek can reach the right person on their phone within seconds instead of waiting in an email queue. ml-connector listens for Deltek workflow events such as an AP invoice needing approval or an expense report submission, then sends a Twilio message or verification to the approver. Twilio is not an ERP, so this is a notification and verification bridge rather than a two-way ledger sync.

How Deltek works

Deltek Vantagepoint exposes firms, contacts, employees, projects, AP invoices, AR invoices, journal entries, and employee expense reports through a REST API on a tenant-specific URL of the form company.deltekfirst.com. It authenticates with OAuth2 password grant, returning a bearer token that expires in about an hour and is refreshed with a refresh token; the Allow Password Grant Type setting must be enabled on the instance. For real-time triggers, Vantagepoint offers workflow-driven outbound webhooks configured under Settings Workflow, which POST name-value JSON on record-save events including expense report saves. These webhooks carry no HMAC signature and authenticate with optional basic or key fields. Reads use page-based pagination, and the older Costpoint product is SOAP and pull-only.

How Twilio works

Twilio is a communications platform, not a finance or procurement system, so it has no invoice, vendor, purchase order, or GL objects. It exposes Messages for SMS and MMS, Calls for voice, and Verify for one-time passcodes through REST APIs under api.twilio.com and verify.twilio.com. Authentication is HTTP Basic auth on every call, using an API Key SID and Secret for production rather than the account Auth Token. Request bodies must be form-urlencoded, not JSON, and all phone numbers must be in E.164 format. Twilio pushes delivery status and inbound replies as outbound webhooks signed with HMAC-SHA1 in the X-Twilio-Signature header, keyed by the account Auth Token.

What moves between them

The flow runs from Deltek into Twilio. When a Deltek workflow fires on an AP invoice awaiting approval, a submitted expense report, a project status change, or a scheduled check, ml-connector reads the relevant record and sends an outbound Twilio SMS, voice call, or Verify passcode to the mapped recipient. Direction back from Twilio is status only: Twilio delivery callbacks and inbound reply webhooks are captured and recorded against the originating Deltek record so finance can see whether the alert was delivered or answered. No financial data is written into Twilio, because Twilio holds none, and ml-connector never posts back into the Deltek ledger from a message event. Cadence is event-driven from Deltek webhooks, with a scheduled poll of Deltek records as a fallback where webhooks are not configured.

How ml-connector handles it

ml-connector stores both credential sets encrypted. On the Deltek side it accepts the full tenant URL per customer, runs the OAuth2 password grant, and refreshes the bearer token when a call returns 401. On the Twilio side it sends every request with HTTP Basic auth using the API Key SID and Secret, form-urlencodes the body, and normalizes recipient numbers to E.164 before sending. Because Deltek webhooks carry no signature, ml-connector authenticates them with the basic or key fields configured on the workflow and matches each payload to a known record before acting. Inbound Twilio delivery and reply webhooks are validated against the X-Twilio-Signature header using the Auth Token, since Twilio does not guarantee exactly-once delivery and handlers must be idempotent. Neither system has a native idempotency key, so ml-connector dedupes sends at the queue layer with a jobId derived from the Deltek record and event. Twilio rate limits return HTTP 429, so sends back off and retry with jitter, and every message and receipt carries a full audit trail with error replay.

A real-world example

A 200-person architecture and engineering firm runs Deltek Vantagepoint for project accounting and billing. High-value subconsultant AP invoices routinely sat in the approval queue for days because principals only saw them when they happened to open Vantagepoint or scroll past the email, which delayed vendor payments and held up project close. With Deltek and Twilio connected, a Vantagepoint workflow fires the moment an AP invoice over a set threshold enters approval, and ml-connector sends the principal an SMS with the firm name, amount, and project, plus a Verify passcode prompt before the payment can be released. Approvals that used to take days now happen the same hour, and the firm has a logged delivery record tied to each invoice.

What you can do

  • Send Twilio SMS or voice alerts when a Deltek AP invoice enters approval or an expense report is submitted.
  • Trigger a Twilio Verify one-time passcode before sensitive Deltek payment or approval steps.
  • Bridge Deltek OAuth2 tenant login with Twilio HTTP Basic auth on every call.
  • Validate inbound Twilio delivery and reply webhooks against the X-Twilio-Signature header.
  • Log every Twilio send and receipt against the originating Deltek record with retries and audit trail.

Questions

Can Twilio receive Deltek invoices or vendor records?
No. Twilio is a communications platform with no invoice, vendor, or GL objects, so there is nothing in Twilio to write financial records into. The integration sends Deltek event details outward as SMS, voice, or passcode messages, and treats Twilio as a notification and verification channel rather than a data store.
How does ml-connector know when a Deltek event happens?
Vantagepoint offers workflow-driven outbound webhooks that POST on record-save events such as an AP invoice or expense report change. ml-connector receives these and, because they carry no HMAC signature, authenticates them with the basic or key fields configured on the workflow. Where a customer has not enabled webhooks, ml-connector falls back to a scheduled poll of the relevant Deltek records.
Why does the integration validate the X-Twilio-Signature header?
Twilio signs its outbound delivery and reply webhooks with HMAC-SHA1 in the X-Twilio-Signature header, keyed by the account Auth Token, so ml-connector verifies that header on every inbound callback to reject forged events. Twilio also does not guarantee exactly-once delivery, so ml-connector keeps its handlers idempotent and dedupes at the queue layer to avoid double-processing a status update.

Related integrations

More Deltek integrations

Deltek and Adobe CommerceDeltek and ADPDeltek and AdyenDeltek and AirbaseDeltek and Amazon Seller CentralDeltek and AnaplanDeltek and SAP AribaDeltek and AsanaDeltek and AvalaraDeltek and AvidXchangeDeltek and BambooHRDeltek and Basware

Other systems that connect to Twilio

Acumatica and TwilioDATEV and TwilioMicrosoft Dynamics 365 Business Central and TwilioMicrosoft Dynamics 365 F&O and TwilioMicrosoft Dynamics GP and TwilioMicrosoft Dynamics NAV and TwilioEpicor Kinetic and TwilioExact Online and TwilioFreshBooks and TwilioIFS Cloud and TwilioInfor CloudSuite and TwilioSage Intacct and Twilio

Connect Deltek and Twilio

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started