ml-connector
Exact OnlineGoCardless

Exact Online and GoCardless integration

Exact Online runs your accounting and AR. GoCardless collects payments directly from customer bank accounts. Connecting them lets you move from sending invoices to automatically collecting them through recurring mandates. Invoices created in Exact Online trigger payment collections through GoCardless, and payment status flows back so your AR reconciliation reflects actual collections. ml-connector bridges the very different APIs and handles OAuth token refresh, invoice-to-payment mapping, and payment status reconciliation on a schedule you control.

How Exact Online works

Exact Online is a cloud-based ERP platform for SMEs with separate regional deployment bases: Netherlands, Belgium, UK, Germany, France, Spain, and USA. It exposes customers, sales invoices, GL accounts, and transactions through a REST API using OData v3 query syntax. Authentication is OAuth 2.0 Authorization Code Grant with 10-minute access tokens and 30-day rotating refresh tokens. The API supports webhooks for significant entity changes including sales invoices and customer updates, with HMAC-SHA256 signature verification. Webhook payloads contain only the entity key and action, so full entity data must be fetched via separate REST API calls. All API calls require a division ID, which must be retrieved from the /api/v1/current/Me endpoint.

How GoCardless works

GoCardless is a global bank debit payment processor handling recurring and one-off mandates across 30+ countries. It exposes customers, customer bank accounts, mandates, payments, subscriptions, and payouts through a REST JSON API. Authentication is via bearer token from the merchant dashboard or OAuth 2.0 authorization-code flow. The API uses HMAC-SHA256 webhook signature verification, and webhook verification failure returns 200 which causes GoCardless to mark the endpoint healthy and stop retrying, so signature validation is critical. Payouts are read-only and created automatically by GoCardless. All monetary amounts are integers in the smallest currency unit (pence or cents). The API supports webhooks for real-time payment events and also supports polling via GET /events.

What moves between them

The main flow runs from Exact Online into GoCardless. ml-connector reads outstanding sales invoices from Exact Online on a daily or weekly schedule, identifies customers with active bank account mandates in GoCardless, and creates payment collection requests for matching outstanding balances. Payment status and collection results flow back to Exact Online as paid transactions and journal entries for reconciliation. Customer and mandate reference data are kept aligned in both directions, so new Exact Online customers are registered with GoCardless and mandate changes in GoCardless are reflected back.

How ml-connector handles it

ml-connector stores Exact Online OAuth credentials encrypted and refreshes the access token before each call, since the 10-minute token lifetime is shorter than typical sync intervals. It accepts the Exact Online region base URL and division ID per customer, fetches the full list of outstanding invoices and customer records with OData filtering, and verifies HMAC-SHA256 webhook signatures from Exact Online using the webhook secret from App Center. On the GoCardless side, it presents the bearer token on each request, creates mandates for customers without existing bank account links, and builds payment collection requests by matching invoice amounts to customer balances. GoCardless webhooks post payment events which ml-connector verifies using HMAC-SHA256 and the webhook secret, then syncs back into Exact Online as transaction line updates. All records carry a full audit trail, and failed payment collections can be retried or manually resolved.

A real-world example

A regional software reseller in the UK runs Exact Online for accounting and AR, and uses GoCardless to collect subscription fees from customer bank accounts. Before the integration, the AR team manually reviewed monthly invoices in Exact Online, created payment collection requests in GoCardless for repeat customers, and spent time on the 15th of each month reconciling which customers had paid. With Exact Online and GoCardless connected, each new invoice in Exact Online automatically triggers a payment collection if the customer has an active mandate, payment confirmations flow back automatically into Exact Online transactions, and month-end AR reconciliation requires only a final check against the audit trail instead of manual cross-referencing.

What you can do

  • Read outstanding sales invoices from Exact Online and create payment collection requests in GoCardless for customers with active bank account mandates.
  • Sync customer records from Exact Online to GoCardless and keep bank account mandates aligned across both systems.
  • Verify HMAC-SHA256 signatures on both Exact Online webhooks and GoCardless payment events to ensure data integrity.
  • Refresh Exact Online OAuth tokens before expiry and handle GoCardless bearer token authentication on every request.
  • Capture payment collections, reconciliation status, and refunds into Exact Online transactions and journal entries on a daily schedule with a full audit trail.

Questions

How does the integration handle Exact Online's region-specific base URLs?
ml-connector accepts the full Exact Online region base URL per customer along with the division ID, since Exact Online has separate deployment bases for Netherlands, Belgium, UK, Germany, France, Spain, and USA. The division ID is fetched from the /api/v1/current/Me endpoint on first sync and cached for reuse.
What happens when Exact Online OAuth tokens expire after 10 minutes?
Exact Online access tokens are valid for only 10 minutes, so ml-connector refreshes the token before each sync interval and stores the rotating 30-day refresh token encrypted. The refresh token must be used at least once every 30 days, or the user must re-authorize through the OAuth flow.
Why is webhook signature verification critical for GoCardless?
GoCardless marks a webhook endpoint as healthy and stops retrying if it receives a 200 response, even on a bad signature. ml-connector validates every incoming webhook using HMAC-SHA256 and the webhook secret, and returns 200 only on a valid signature to ensure payment events are authentic before syncing into Exact Online.

Related integrations

More Exact Online integrations

Exact Online and Adobe CommerceExact Online and ADPExact Online and AdyenExact Online and AirbaseExact Online and Amazon Seller CentralExact Online and AnaplanExact Online and SAP AribaExact Online and AsanaExact Online and AvalaraExact Online and AvidXchangeExact Online and BambooHRExact Online and Basware

Other systems that connect to GoCardless

Acumatica and GoCardlessDATEV and GoCardlessDeltek and GoCardlessMicrosoft Dynamics 365 Business Central and GoCardlessMicrosoft Dynamics 365 F&O and GoCardlessMicrosoft Dynamics GP and GoCardlessMicrosoft Dynamics NAV and GoCardlessEpicor Kinetic and GoCardlessFreshBooks and GoCardlessIFS Cloud and GoCardlessInfor CloudSuite and GoCardlessSage Intacct and GoCardless

Connect Exact Online and GoCardless

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started