ml-connector
Sage X3ADP

Sage X3 and ADP integration

Sage X3 runs manufacturing, procurement, and finance for mid-market operations. ADP runs payroll and HR. Connecting the two keeps your workforce and your general ledger synchronized. New hires and terminations in ADP align with Sage X3 departments and cost centers, and the labor cost journals ADP produces after each payroll cycle post into Sage X3's general ledger without manual re-entry. ml-connector bridges the two different authentication models and moves data on a schedule tied to your payroll calendar.

How Sage X3 works

Sage X3 is an on-premise and cloud ERP covering finance, procurement, inventory, manufacturing, and project management. It exposes suppliers, customers, purchase orders, sales invoices, products, GL accounts, and GL entries through REST (api1) and GraphQL (Xtrem) APIs. Sage X3 authenticates with OAuth 2.0 client credentials via Connected Application for GraphQL, or HTTP Basic Authentication for REST api1. The server URL, port, and application folder are customer-specific, and access tokens expire in 5 minutes while refresh tokens are valid 30 days. Sage X3 does not support outbound webhooks, so records are read by polling using updatedDate and modifiedDateTime fields to detect changes since the last poll.

How ADP works

ADP provides payroll, HR, and workforce management via ADP API Central, a paid REST/JSON add-on with base URL at https://api.adp.com/ (production) or https://api.uat-adp.com/ (sandbox). ADP exposes workers, payroll processing, pay distributions, pay statements, general ledger documents, cost centers, and work assignments. Every request requires OAuth 2.0 with Mutual TLS, including a mandatory client certificate and private key; the TLS handshake fails without the certificate. Client certificates expire and must be re-issued before expiry. ADP rate limits are per-node at 75-195 calls per minute depending on tier, returning HTTP 429 when exceeded. ADP also supports webhooks for worker.hire, worker.terminate, worker.rehire, and worker.legal-name.change events with retries at 1-minute intervals for 10 attempts, then 6-hour intervals for 10 attempts. GL documents from payroll are read-only.

What moves between them

The main flow runs from ADP into Sage X3. After each payroll run, ml-connector reads ADP's general ledger documents and posts the labor cost journals into Sage X3's general ledger, mapped to matching GL accounts and cost centers. Worker records flow the same direction so Sage X3 headcount reflects ADP hires, terminations, and rehires. Cost centers and departments are aligned in both directions so payroll allocations land on valid Sage X3 dimensions. GL postings are read-only in ADP, so ml-connector never writes financial entries back to payroll.

How ml-connector handles it

ml-connector stores both credential sets encrypted and presents the ADP client certificate at the TLS layer on every request, refreshing the ADP OAuth 2.0 bearer token when a call returns 401. On the Sage X3 side, it accepts the full customer-specific server URL, port, and X3 folder name, and validates entity paths against that instance. Because Sage X3 cloud and on-premise are pull-only with no webhook support, ml-connector polls on a schedule tied to your payroll calendar, reading from ADP using updatedDate and modifiedDateTime fields to detect changes since the last poll. Cost centers and departments are mapped first, so every payroll journal line references a GL account and cost center that already exists in Sage X3. ADP rate limits return HTTP 429 per gateway node, so ml-connector backs off and retries. It tracks the ADP certificate expiry so renewal does not cause an outage. Access tokens from Sage X3 expire in 5 minutes; ml-connector refreshes them before expiry. Every record carries a full audit trail and can be replayed if a downstream call fails.

A real-world example

A mid-sized discrete manufacturer runs Sage X3 on-premise for production, procurement, and finance, and uses ADP Workforce Now for payroll across three plants. Before the integration, the finance team exported payroll registers from ADP after each pay run and manually entered labor totals into Sage X3, then spent days during month-end close reconciling differences between HR headcount and the labor GL accounts. With Sage X3 and ADP connected, each payroll run's GL document flows into Sage X3 automatically, allocated to the cost center for each plant. Worker changes keep the two systems in agreement. Month-end close starts with labor accounts already reconciled, and the manual re-keying step is eliminated.

What you can do

  • Post ADP payroll GL documents into Sage X3's general ledger after each pay run, allocated to the correct cost centers.
  • Keep Sage X3 headcount aligned with ADP hires, terminations, and rehires.
  • Map ADP cost centers and departments to Sage X3 GL dimensions so payroll lands on valid accounts.
  • Authenticate ADP with OAuth 2.0 and the required mutual TLS client certificate, and Sage X3 with its customer-specific OAuth 2.0 credentials.
  • Poll on a schedule tied to your payroll calendar, with retries on rate limits and a full audit trail on every record.

Questions

Which direction does data move between Sage X3 and ADP?
The main flow is ADP into Sage X3. Payroll GL documents and worker records move from ADP into Sage X3, while cost centers and departments are aligned in both directions. ADP general ledger documents are read-only, so ml-connector does not write financial entries back into payroll.
Does ADP's mutual TLS certificate requirement need special setup?
Yes. ADP requires a client certificate at the TLS layer on every request in addition to OAuth 2.0 credentials. ml-connector stores the certificate encrypted, presents it on each request, and tracks its expiry so a renewal is handled before it causes an outage.
How does ml-connector handle Sage X3's lack of webhooks and customer-specific URLs?
ml-connector accepts the full Sage X3 server URL, port, and X3 folder name for each customer, since Sage X3 publishes no shared base address. Because Sage X3 is pull-only with no webhook support, ml-connector polls on a schedule tied to your payroll calendar, using updatedDate and modifiedDateTime fields to detect changes since the last poll.

Related integrations

More Sage X3 integrations

Sage X3 and Adobe CommerceSage X3 and AdyenSage X3 and AirbaseSage X3 and Amazon Seller CentralSage X3 and AnaplanSage X3 and SAP AribaSage X3 and AsanaSage X3 and AvalaraSage X3 and AvidXchangeSage X3 and BambooHRSage X3 and BaswareSage X3 and BigCommerce

Other systems that connect to ADP

Acumatica and ADPDATEV and ADPDeltek and ADPMicrosoft Dynamics 365 Business Central and ADPMicrosoft Dynamics 365 F&O and ADPMicrosoft Dynamics GP and ADPMicrosoft Dynamics NAV and ADPEpicor Kinetic and ADPExact Online and ADPFreshBooks and ADPIFS Cloud and ADPInfor CloudSuite and ADP

Connect Sage X3 and ADP

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started