ml-connector
SAP S/4HANAGoCardless

SAP S/4HANA and GoCardless integration

SAP S/4HANA manages your customers, orders, and accounts receivable. GoCardless collects payments directly from your customers' bank accounts in 30+ countries. Connecting them keeps your AR data current in GoCardless, turns SAP invoices into debit mandates, and brings back payment and payout records for reconciliation. ml-connector handles the very different OData and REST interfaces on each side and moves the records on a schedule you define.

How SAP S/4HANA works

SAP S/4HANA exposes customers, supplier relationships, purchase orders, supplier invoices, GL accounts, cost centers, and journal entries through OData V2 and V4 REST APIs over HTTPS, with a base URL constructed from the tenant ID. System-to-system integration uses OAuth 2.0 Client Credentials, with tokens short-lived (typically 12 hours) and requiring refresh before expiry. Changes are tracked via LastChangeDateTime filters or delta tokens, and polling is the primary sync method since S/4HANA has no native webhooks; SAP Event Mesh enables real-time push where available. Read-only GL Account and Cost Center APIs are maintained in SAP only, and SAP admin must pre-configure a Communication System, User, and Arrangement before API access is available.

How GoCardless works

GoCardless is a REST JSON API payment processor serving 30+ countries, deployed at https://api.gocardless.com with a sandbox at https://api-sandbox.gocardless.com. Authentication uses a Bearer token directly from the merchant dashboard or OAuth 2.0 authorization-code flow for partner platforms. Real-time events are pushed via webhooks to a registered HTTPS endpoint with HMAC-SHA256 signature verification; events are mandatory to verify before accepting state changes, and returning 200 on a bad signature causes GoCardless to mark the endpoint healthy and stop retrying. Payouts are read-only and created automatically; amount fields are integers in the smallest currency unit (pence or cents). Webhook batching sends up to 250 events per POST request, and personal access tokens do not expire by default while OAuth tokens are permanent until revoked.

What moves between them

Customer and mandate data flow from SAP S/4HANA to GoCardless. SAP customers are synced to GoCardless customers, and mandates are created for each customer to authorize bank debit collection. SAP invoices can be mapped to GoCardless billing requests to trigger payment collection. Payment confirmations and payout records flow back from GoCardless to SAP for GL reconciliation and receipt tracking, with each payment tied to the original invoice. The integration polls SAP on a schedule you control and listens to GoCardless webhooks for real-time payment events.

How ml-connector handles it

ml-connector stores encrypted OAuth 2.0 credentials for both systems and handles token refresh on both sides, caching SAP tokens before expiry and exchanging fresh access tokens when GoCardless webhooks arrive. It reads SAP customers and payment terms via the OData A_Customer and A_SupplierInvoice entities, polls for new or changed records using LastChangeDateTime filters, and writes SAP customer bank account data to GoCardless as customer_bank_account records mapped from SAP customer fields. On the payment side, ml-connector verifies every GoCardless webhook with HMAC-SHA256 against the shared secret, accepts only verified payment and payout events, and posts confirmed payments back to SAP as journal entries or payment documents. GoCardless enforces amount fields as integers (pence or cents), so ml-connector converts SAP currency amounts to the smallest unit and round-trips them correctly. Rate limiting and transient failures are handled with exponential backoff, and a full audit log tracks every mandate created, every webhook received, and every payment posted.

A real-world example

A mid-market B2B distributor uses SAP S/4HANA for order-to-cash and general ledger, serving recurring customers in the UK and EU. Before the integration, sales staff manually entered approved customers into GoCardless and fought with duplicate mandates when customers changed bank details. Finance staff then manually matched GoCardless payment notifications to SAP invoices during AR reconciliation. With SAP S/4HANA and GoCardless connected, each new customer created in SAP automatically publishes a GoCardless mandate request, duplicate mandates are eliminated by matching on company name and country, and every payment confirmation flows directly into SAP as a receipted invoice line. Month-end AR close is faster because the payment data is already in SAP, and cash forecasting is more accurate because collected payouts are recorded immediately.

What you can do

  • Sync SAP S/4HANA customers to GoCardless as payees, with mandate setup for bank debit collection.
  • Map SAP invoices to GoCardless billing requests to trigger payment collection on a customer mandate.
  • Read payment confirmations and payout records from GoCardless webhooks and post them to SAP as journal entries or payment documents.
  • Verify GoCardless webhook signatures with HMAC-SHA256 and handle token refresh for OAuth 2.0 on both systems.
  • Track every mandate, payment, and payout in a full audit trail with automatic retry on transient failures.

Questions

Which direction does data move between SAP S/4HANA and GoCardless?
Customers and mandates flow from SAP to GoCardless to set up bank debit collection. Payment confirmations and payout records flow back from GoCardless to SAP for GL reconciliation. Reference data such as payment terms and customer bank details are synced in both directions to keep the systems aligned.
How does the integration handle OAuth 2.0 token refresh on both sides?
ml-connector caches OAuth tokens for SAP before they expire (typically 12 hours) and exchanges them before use. On the GoCardless side, personal access tokens do not expire by default, but OAuth tokens are permanent until explicitly revoked. Every API call carries a fresh token to prevent 401 failures.
What happens when GoCardless sends a webhook that fails signature verification?
ml-connector computes HMAC-SHA256(secret, raw_body) and compares the result to the Webhook-Signature header. If the signature does not match, the webhook is rejected and an error is logged; ml-connector never returns 200 on a bad signature, so GoCardless continues to retry the delivery until it succeeds.

Related integrations

More SAP S/4HANA integrations

SAP S/4HANA and Adobe CommerceSAP S/4HANA and ADPSAP S/4HANA and AdyenSAP S/4HANA and AirbaseSAP S/4HANA and Amazon Seller CentralSAP S/4HANA and AnaplanSAP S/4HANA and SAP AribaSAP S/4HANA and AsanaSAP S/4HANA and AvalaraSAP S/4HANA and AvidXchangeSAP S/4HANA and BambooHRSAP S/4HANA and Basware

Other systems that connect to GoCardless

Acumatica and GoCardlessDATEV and GoCardlessDeltek and GoCardlessMicrosoft Dynamics 365 Business Central and GoCardlessMicrosoft Dynamics 365 F&O and GoCardlessMicrosoft Dynamics GP and GoCardlessMicrosoft Dynamics NAV and GoCardlessEpicor Kinetic and GoCardlessExact Online and GoCardlessFreshBooks and GoCardlessIFS Cloud and GoCardlessInfor CloudSuite and GoCardless

Connect SAP S/4HANA and GoCardless

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started