Which direction does data move between MYOB and GoCardless?

The main flow is from GoCardless into MYOB. Completed payments and mandate records move from GoCardless into MYOB as customer payments and contact metadata. Customer names, email addresses, and invoice references are synced bidirectionally so both systems stay aligned. Payouts remain read-only in GoCardless; ml-connector does not write financial entries back into the payment processor.

How does ml-connector handle MYOB's dual authentication requirement?

MYOB requires three credentials on every API call: an OAuth2 bearer token, an API Key, and a Base64-encoded company file username and password. ml-connector stores all three encrypted, refreshes the OAuth token before it expires, and includes the company file credentials in the x-myobapi-cftoken header on every request. Both are validated on each call; a bad company file token returns 401 and triggers a retry.

How does ml-connector verify GoCardless webhooks and handle payment matching?

GoCardless webhooks are verified with HMAC-SHA256 signature validation; if the signature is invalid, ml-connector returns HTTP 401 (not 200) so GoCardless will retry the webhook. Payment amounts are converted from GoCardless pence-and-cents integers to MYOB decimal format, and the payment record is matched to the customer invoice using the mandate and invoice metadata stored during the sync.

MYOBGoCardless

MYOB and GoCardless integration

MYOB holds your SME accounting; GoCardless handles recurring and one-off bank collections. When you use GoCardless to collect payments from your MYOB customers, you need both systems to agree on which mandates are active, which payments have landed, and which customers are set up for debit collection. ml-connector syncs MYOB customer contacts with GoCardless customers and mandates, and flows completed payments back into MYOB as customer payments matched to outstanding invoices.

How MYOB works

MYOB exposes customers, suppliers, invoices, payments, general ledger accounts, and line items through the MYOB Business API, a REST interface with OData v3 query parameters. Authentication requires three headers: an OAuth2 bearer token (20-minute lifetime, 1-week refresh), an API Key, and a Base64-encoded company file username and password. MYOB does not support webhooks, so changes are detected by polling with OData $filter on LastModified timestamps. Rate limits are 8 requests per second and 1 million requests per day.

How GoCardless works

GoCardless exposes customers, bank account mandates, payments, payouts, refunds, and subscription records through a REST JSON API. It supports both real-time webhooks (HMAC-SHA256 signature verification, up to 250 events per batch) and polling via GET /events. Bearer tokens in the Authorization header provide access; personal access tokens do not expire by default. Payouts are read-only and created automatically by GoCardless. Events provide the audit trail but cannot be created directly.

What moves between them

The primary flow runs from GoCardless into MYOB. After each payment collection, ml-connector reads the payment record from GoCardless, verifies the customer exists in MYOB as a contact, and creates a customer payment record in MYOB matched against the corresponding invoice. Mandate activations and cancellations in GoCardless are reflected as contact updates in MYOB. Reference data such as customer names and email addresses are synced bidirectionally so the two systems stay aligned. Payouts remain read-only in GoCardless; ml-connector does not write financial entries back into the payment processor.

How ml-connector handles it

ml-connector stores both credential sets encrypted: the MYOB OAuth token (refreshed before expiry), the company file username and password (sent in every call as an x-myobapi-cftoken header), and the GoCardless bearer token. It verifies every GoCardless webhook with HMAC-SHA256 signature validation before processing, rejecting bad signatures with HTTP 401 (not 200) so GoCardless retries. On the MYOB side, it polls using OData $filter on LastModified to detect new and changed customers and payments. Payment amounts are converted from GoCardless pence-and-cents integers to MYOB decimal format. Mandate records are tracked as MYOB contact metadata so payment matching knows which customers are enrolled in debit collection. MYOB's rate limit of 8 requests per second is respected with backoff; RowVersion fields are refreshed before every PATCH to avoid 409 conflicts.

A real-world example

A mid-sized Australian subscription SaaS company uses MYOB for accounting and GoCardless for recurring bank debits from paying customers. Before the integration, the finance team received payment notifications from GoCardless, manually looked up each invoice in MYOB, and recorded the payment by hand, a daily task prone to missed invoices and payment mismatches. With MYOB and GoCardless connected, each payment collection automatically creates a customer payment record in MYOB matched to the correct invoice, the subscription mandate status stays synchronized, and reconciliation becomes a simple tick-list rather than a manual hunt through two dashboards.

What you can do

Sync MYOB customers and contacts with GoCardless customers and mandate enrollment status.
Create MYOB customer payment records when GoCardless collects a payment, matched to the corresponding invoice.
Verify GoCardless webhooks with HMAC-SHA256 signature validation and retry on bad signatures.
Handle MYOB dual authentication (OAuth token plus company file credentials) and rate-limit backoff.
Poll MYOB for new invoices and payment changes using OData LastModified filters and maintain a full audit trail.

Questions

Which direction does data move between MYOB and GoCardless?: The main flow is from GoCardless into MYOB. Completed payments and mandate records move from GoCardless into MYOB as customer payments and contact metadata. Customer names, email addresses, and invoice references are synced bidirectionally so both systems stay aligned. Payouts remain read-only in GoCardless; ml-connector does not write financial entries back into the payment processor.
How does ml-connector handle MYOB's dual authentication requirement?: MYOB requires three credentials on every API call: an OAuth2 bearer token, an API Key, and a Base64-encoded company file username and password. ml-connector stores all three encrypted, refreshes the OAuth token before it expires, and includes the company file credentials in the x-myobapi-cftoken header on every request. Both are validated on each call; a bad company file token returns 401 and triggers a retry.
How does ml-connector verify GoCardless webhooks and handle payment matching?: GoCardless webhooks are verified with HMAC-SHA256 signature validation; if the signature is invalid, ml-connector returns HTTP 401 (not 200) so GoCardless will retry the webhook. Payment amounts are converted from GoCardless pence-and-cents integers to MYOB decimal format, and the payment record is matched to the customer invoice using the mandate and invoice metadata stored during the sync.

Connect MYOB and GoCardless

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started