ml-connector
Sage IntacctGoCardless

Sage Intacct and GoCardless integration

Sage Intacct tracks customer invoices, payments, and GL balances. GoCardless collects payments directly from customer bank accounts via recurring mandates. Connecting the two keeps your AR and your collections in sync. New invoices and credit notes in Intacct flow to GoCardless as billing requests, customer payment mandates are verified and stored, and payment events from GoCardless post back into Intacct's cash receipts GL account without manual reconciliation.

How Sage Intacct works

Sage Intacct exposes vendors, AP invoices, AP payments, GL accounts, and dimensional attributes through a single XML gateway endpoint at https://api.intacct.com/ia/xml/xmlgw.phtml over HTTPS POST. Authentication uses session-based credentials: senderId, senderPassword, companyId, userId, and userPassword are exchanged in an initial call for a sessionid, which is cached for 50 minutes and automatically refreshed on next call. Intacct does not push webhooks, so all data flows are polling-driven or scheduler-triggered. HTTP 200 responses may contain application-level errors inside the XML body, which must be parsed for errormessage tags. Session isolation is keyed on senderId, companyId, and userId, and forbidden XML control characters must be stripped before entity reference escaping.

How GoCardless works

GoCardless is a bank debit payment processor exposing customers, customer bank accounts, mandates, payments, subscriptions, payouts, refunds, events, creditors, billing requests, and payout items through REST JSON API at https://api.gocardless.com (production) or https://api-sandbox.gocardless.com (sandbox), versioned via GoCardless-Version header. Authentication uses a bearer token in the Authorization header; OAuth 2.0 authorization-code flow is also supported for partner platforms. GoCardless pushes real-time events via webhook to a registered HTTPS endpoint with HMAC-SHA256 signature verification; webhook signatures must be computed as HMAC-SHA256(secret, raw_body) and compared to the Webhook-Signature header. Returning 200 on bad signature causes GoCardless to mark the endpoint healthy and stop retrying, so valid signatures must be verified before responding 2xx. Personal access tokens do not expire by default. Payouts are created automatically and are read-only. Amount fields are integers in smallest currency units.

What moves between them

The main flow is bidirectional. Sage Intacct AR invoices and credit notes flow to GoCardless as billing requests tied to customer records, keyed on Intacct customer ID. Customer bank accounts and payment mandates are created and updated in GoCardless and then verified back in Intacct for compliance. Payment and refund events from GoCardless are collected via webhook and posted back into Intacct's cash receipts or refund GL accounts, maintaining a dual audit trail in both systems.

How ml-connector handles it

ml-connector caches the Intacct session ID for the full 50-minute lifetime and refreshes it automatically on the next call if expired, avoiding per-operation session overhead. Every Intacct XML operation is serialized through the single gateway endpoint with a uniqueid flag in the control block for server-side deduplication on retries. GoCardless webhook events are received asynchronously at a registered endpoint, verified against the HMAC-SHA256 signature using the webhook secret, and only processed on valid signature match; invalid signatures return 401 immediately to halt retries. Intacct invoices are mapped to GoCardless billing requests by company and customer ID; payout events are correlated with Intacct vendor payment records by reference ID. Amount conversions are handled at field serialization time since Intacct amounts are decimals while GoCardless expects integers in pence or cents. Forbidden XML characters (C0 controls except tab, newline, carriage return) are stripped before escaping. HTTP 429 backoff is implemented with exponential retry.

A real-world example

A B2B SaaS company invoices customers monthly from Sage Intacct and previously collected payments manually via email and checks. The finance team now uses GoCardless for recurring bank debits, but had to manually match payments back to Intacct invoices at month-end, causing reconciliation delays. With Sage Intacct and GoCardless connected, each invoice automatically sets up a billing request in GoCardless, customer bank accounts and mandates are verified in Intacct on activation, and payment events post directly into Intacct's cash receipts, eliminating manual matching and enabling straight-through reconciliation.

What you can do

  • Push Sage Intacct AR invoices and credit notes to GoCardless as billing requests with automatic mandate collection.
  • Sync customer bank accounts and payment mandates between Intacct and GoCardless, with mandate status tracked in both systems.
  • Receive GoCardless payment and refund events via webhook and post them into Intacct's GL cash receipts and refund accounts.
  • Bridge Intacct's XML session authentication and GoCardless's bearer token and HMAC-SHA256 webhook signature verification.
  • Maintain a unified audit trail of invoices, mandates, payments, and refunds across both systems with deduplication and replay on error.

Questions

Which direction does data move between Sage Intacct and GoCardless?
Data flows bidirectionally. Sage Intacct AR invoices and credit notes flow to GoCardless as billing requests to trigger customer payment collection. Customer bank accounts and payment mandates are synchronized between the two systems. Payment and refund events from GoCardless post back into Intacct's GL cash receipts and refund accounts, maintaining a complete audit trail.
How does the integration handle Sage Intacct's session-based authentication and 50-minute expiry?
ml-connector caches the Intacct session ID for the full 50-minute lifetime and automatically refreshes it on the next call if it has expired. This eliminates per-operation session overhead and keeps the two systems in continuous sync without re-authentication delays.
Does GoCardless webhook verification add complexity to the setup?
No. ml-connector handles HMAC-SHA256 signature verification for every webhook event using the secret provided in GoCardless settings. Invalid signatures return 401 immediately to halt retries, and valid signatures are verified before the event is posted to Intacct, so setup is transparent and no special configuration is required on your end.

Related integrations

More Sage Intacct integrations

Sage Intacct and Adobe CommerceSage Intacct and ADPSage Intacct and AdyenSage Intacct and AirbaseSage Intacct and Amazon Seller CentralSage Intacct and AnaplanSage Intacct and SAP AribaSage Intacct and AsanaSage Intacct and AvalaraSage Intacct and AvidXchangeSage Intacct and BambooHRSage Intacct and Basware

Other systems that connect to GoCardless

Acumatica and GoCardlessDATEV and GoCardlessDeltek and GoCardlessMicrosoft Dynamics 365 Business Central and GoCardlessMicrosoft Dynamics 365 F&O and GoCardlessMicrosoft Dynamics GP and GoCardlessMicrosoft Dynamics NAV and GoCardlessEpicor Kinetic and GoCardlessExact Online and GoCardlessFreshBooks and GoCardlessIFS Cloud and GoCardlessInfor CloudSuite and GoCardless

Connect Sage Intacct and GoCardless

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started