Which direction does data flow between SAP S/4HANA and Slack?

Data flows from SAP S/4HANA into Slack. ml-connector polls purchase orders, supplier invoices, GL accounts, and cost centers from SAP OData APIs and posts them as messages to Slack channels on your schedule. Slack is read-only in this integration; no data is written back to SAP.

How does ml-connector handle SAP's tenant-specific URLs and token endpoints?

SAP does not publish a universal base URL or token endpoint. ml-connector requires you to copy both the OData base URL and the token endpoint URL from your SAP Communication Arrangement configuration and provide them during setup. The token endpoint varies by tenant, so it cannot be constructed manually. ml-connector validates the URL and caches the OAuth token until it expires, then requests a fresh token before the next poll cycle.

Why does Slack webhook signature verification matter?

Slack requires all webhook events to be verified using the X-Slack-Signature header with an HMAC-SHA256 hash of the request body and timestamp. ml-connector performs constant-time comparison of the signature to prevent replay and injection attacks. It also enforces the 5-minute timestamp window so old requests are rejected even if the signature is valid.

SAP S/4HANASlack

SAP S/4HANA and Slack integration

SAP S/4HANA stores your procurement, finance, and supply chain data. Slack is where your team coordinates. Connecting them brings ERP events into your team workflow: when a supplier invoice arrives, a purchase order is approved, or a cost center is adjusted, your teams see the update in Slack instantly, without logging into SAP. ml-connector handles the authentication on both sides and keeps the messages flowing on your schedule.

How SAP S/4HANA works

SAP S/4HANA is available in Cloud Public, Cloud Private, or On-Premise deployment modes and exposes suppliers, customers, purchase orders, supplier invoices, GL accounts, cost centers, and journal entries through OData V2 and OData V4 REST APIs. Authentication uses OAuth 2.0 Client Credentials, with tokens typically valid for 12 hours and issued after SAP creates a Communication Arrangement per tenant. The base URL is tenant-specific and must be copied from the Communication Arrangement; token endpoints vary by customer instance and cannot be constructed manually. SAP S/4HANA has no native webhooks for cloud connectors, so data is read by polling with filter conditions on LastChangeDateTime or delta tokens for initial syncs. On-Premise deployments require an additional sap-client query parameter.

How Slack works

Slack exposes workspace data including users, channels, messages, and team information through REST APIs at https://slack.com/api/ with methods following the family.action pattern. Authentication uses OAuth 2.0 Authorization Code flow, resulting in non-expiring bot tokens prefixed xoxb- that are passed via the Authorization header. Slack supports both incoming webhooks and the Events API, which delivers real-time workspace activity to a registered HTTPS endpoint via HTTP POST. All webhook events require signature verification using HMAC-SHA256 with the X-Slack-Signature header, and requests must be verified to not be older than 5 minutes. Slack retries failed webhook deliveries up to 3 times with exponential backoff and expects a response within 3 seconds.

What moves between them

The integration polls SAP S/4HANA at a schedule you define, typically daily or on-demand. Key records such as supplier invoices, purchase orders, and GL account changes are read from OData APIs and transformed into Slack message payloads. Messages are posted to one or more Slack channels you configure, with records grouped by procurement event type or cost center. The integration never writes back to SAP S/4HANA, only reads and pushes to Slack.

How ml-connector handles it

ml-connector stores both OAuth credential sets encrypted: the SAP Communication Arrangement client ID and secret, and the Slack bot token. It refreshes the SAP token before expiry by checking the remaining lifetime and requesting a new token if needed; Slack tokens are non-expiring so no refresh loop is required. On each poll cycle, it filters SAP purchase orders, invoices, and GL items by LastChangeDateTime, transforms the OData payloads into a readable format, and batches them into Slack post requests. For each post, it constructs a channel ID, a message block with the transaction details, and sends it to Slack via the conversations.list and chat.postMessage methods. Slack rate limits chat.postMessage to 1 per second per channel, so ml-connector queues posts and respects the limit with backoff. Webhook signatures are verified on any inbound events using constant-time HMAC-SHA256 comparison against the X-Slack-Signature header. Every record carries a timestamp and full audit trail so webhook events can be replayed if a downstream call fails.

A real-world example

A mid-market manufacturing company runs SAP S/4HANA for procurement and GL accounting and uses Slack for supply chain coordination. Before the integration, procurement events were invisible to the operations team unless they logged into SAP or received an email digest. New supplier invoices would arrive without notification, and cost center changes were discovered late. With SAP S/4HANA and Slack connected, each new supplier invoice and purchase order flows into a Slack channel within minutes of entry in SAP, tagged with the vendor name and cost center. The procurement team sees events in real time, can discuss issues in thread, and month-end reconciliation starts with a full record of all GL postings already available in Slack for review.

What you can do

Poll SAP S/4HANA OData APIs for supplier invoices, purchase orders, GL accounts, and cost centers on a schedule you control.
Post formatted messages to Slack channels whenever SAP procurement or finance events occur, with full transaction details.
Authenticate to SAP using tenant-specific OAuth 2.0 and handle token refresh before expiry.
Verify all incoming Slack webhook signatures using HMAC-SHA256 and enforce the 5-minute timestamp window.
Maintain an audit trail of every record polled from SAP and every message posted to Slack, with replay capability on failure.

Questions

Which direction does data flow between SAP S/4HANA and Slack?: Data flows from SAP S/4HANA into Slack. ml-connector polls purchase orders, supplier invoices, GL accounts, and cost centers from SAP OData APIs and posts them as messages to Slack channels on your schedule. Slack is read-only in this integration; no data is written back to SAP.
How does ml-connector handle SAP's tenant-specific URLs and token endpoints?: SAP does not publish a universal base URL or token endpoint. ml-connector requires you to copy both the OData base URL and the token endpoint URL from your SAP Communication Arrangement configuration and provide them during setup. The token endpoint varies by tenant, so it cannot be constructed manually. ml-connector validates the URL and caches the OAuth token until it expires, then requests a fresh token before the next poll cycle.
Why does Slack webhook signature verification matter?: Slack requires all webhook events to be verified using the X-Slack-Signature header with an HMAC-SHA256 hash of the request body and timestamp. ml-connector performs constant-time comparison of the signature to prevent replay and injection attacks. It also enforces the 5-minute timestamp window so old requests are rejected even if the signature is valid.

Connect SAP S/4HANA and Slack

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started