ml-connector
XeroSAP Ariba

Xero and SAP Ariba integration

Xero runs your accounting. SAP Ariba runs procurement and supplier management. Connecting the two brings approved procurement activity into the books without re-keying. Purchase orders and approved supplier invoice headers from SAP Ariba become purchase orders and accounts payable bills in Xero, and supplier records stay aligned across both systems. ml-connector handles the very different APIs on each side and moves the data on a schedule you control.

How Xero works

Xero exposes contacts, invoices and bills, purchase orders, payments, chart of accounts, and tracking categories through the Xero Accounting REST API at api.xero.com over HTTPS. Each call uses an OAuth 2.0 Bearer access token plus a Xero-tenant-id header that targets one organization. Access tokens last 30 minutes and are refreshed automatically with a refresh token. List endpoints use page-based paging at 100 records per page, and an If-Modified-Since header fetches only records changed after a timestamp. Xero can also push webhooks for contacts and invoices, but the payload carries only an id and event type, so a follow-up GET is needed for the full record.

How SAP Ariba works

SAP Ariba exposes procurement data mostly through async reporting jobs rather than simple CRUD endpoints. For purchase orders and supplier invoice headers, ml-connector submits an Operational Reporting job filtered by an updated-date window, polls until it completes, then downloads paginated results using a pageToken cursor. The Supplier Data API returns supplier profiles and registration status synchronously and can also update supplier status. Every REST call carries two credentials at once, an OAuth 2.0 client-credentials Bearer token and a static apiKey header, with the realm passed as a query parameter. SAP Ariba provides no general outbound webhook from the Open APIs, so this integration is poll-based.

What moves between them

The main flow runs from SAP Ariba into Xero. ml-connector reads approved purchase orders and supplier invoice headers from Ariba reporting jobs and creates matching purchase orders and accounts payable bills, written as ACCPAY invoices, in Xero against the correct account codes. Supplier master data flows the same direction so Xero contacts marked as suppliers reflect Ariba suppliers and their registration status. Where the Supplier Data API permits it, updated supplier or qualification status can be written back to Ariba. The cadence is a scheduled poll tied to your procurement and close calendar, since Ariba does not push events to your endpoint.

How ml-connector handles it

ml-connector stores both credential sets encrypted. For SAP Ariba it sends the client-credentials Bearer token and the apiKey header on every call, appends the realm as a query parameter, and refreshes the token before its one-hour expiry. For Xero it sends the Bearer token and the Xero-tenant-id header, and refreshes the 30-minute access token automatically. Because Ariba bulk reads are async, ml-connector submits a reporting job for a bounded updated-date window, polls for completion, and downloads paginated results by pageToken; reporting jobs allow at most a one-year window, so an initial backfill is split into annual chunks. Ariba suppliers map to Xero contacts and Ariba accounting codes on PO and invoice lines map to Xero account codes, so each created bill posts to a valid account; an unmapped code holds the record for review rather than guessing. Ariba writes for purchase orders and invoices go through cXML, not the REST Open APIs, so ml-connector treats Ariba procurement documents as read-only and creates the corresponding records in Xero instead. A cursor stores the last successful updated-date so reruns do not duplicate. Xero create calls reuse the Xero record id as the dedup anchor, since Xero has no idempotency-key header, and Ariba rate limits surface in the X-RateLimit-Remaining-minute response header so the poll backs off before hitting a 429. Every record carries a full audit trail and can be replayed if a downstream call fails.

A real-world example

A mid-sized services firm of around 300 staff runs SAP Ariba for procurement and supplier onboarding and keeps its books in Xero. Before the integration, the finance team waited for procurement to email approved invoice details, then keyed each supplier bill into Xero by hand and re-typed new supplier records, which slowed approvals and left supplier lists out of step between the two systems. With Xero and SAP Ariba connected, approved invoice headers and purchase orders flow into Xero as bills and purchase orders mapped to the right accounts, and supplier records stay aligned. The accounts payable queue fills itself, and month-end close starts with procurement and the ledger already in agreement.

What you can do

  • Create accounts payable bills in Xero from approved SAP Ariba supplier invoice headers, mapped to the correct account codes.
  • Bring approved SAP Ariba purchase orders into Xero as purchase orders for matching and reporting.
  • Keep Xero supplier contacts aligned with SAP Ariba supplier master data and registration status.
  • Bridge SAP Ariba client-credentials token, apiKey, and realm with Xero's tenant-scoped OAuth tokens.
  • Run Ariba submit-poll-download reporting jobs on a schedule, with retries and a full audit trail on every record.

Questions

Which direction does data move between Xero and SAP Ariba?
The main flow is SAP Ariba into Xero. Approved purchase orders, supplier invoice headers, and supplier records move from Ariba into Xero, where invoices become accounts payable bills. Supplier or qualification status can be written back to Ariba through the Supplier Data API, but procurement documents in Ariba are treated as read-only because Ariba accepts purchase order and invoice writes through cXML rather than the REST Open APIs.
Does SAP Ariba support webhooks, or does the sync poll for changes?
The SAP Ariba Open APIs do not provide a general outbound webhook, so this integration is poll-based. ml-connector submits an Operational Reporting job filtered by an updated-date window, polls until it finishes, then downloads paginated results and stores a high-water-mark timestamp. Reporting jobs allow at most a one-year window, so an initial backfill is split into annual chunks.
How are the two different authentication models handled?
SAP Ariba requires an OAuth 2.0 client-credentials Bearer token and a static apiKey header on every call, with the realm passed as a query parameter, and the token expires after one hour. Xero uses an OAuth 2.0 Bearer access token plus a Xero-tenant-id header, with the 30-minute access token refreshed automatically from a refresh token. ml-connector stores both credential sets encrypted and refreshes each token before it expires.

Related integrations

More Xero integrations

Xero and Adobe CommerceXero and ADPXero and AdyenXero and AirbaseXero and Amazon Seller CentralXero and AnaplanXero and AsanaXero and AvalaraXero and AvidXchangeXero and BambooHRXero and BaswareXero and BigCommerce

Other systems that connect to SAP Ariba

Acumatica and SAP AribaDATEV and SAP AribaDeltek and SAP AribaMicrosoft Dynamics 365 Business Central and SAP AribaMicrosoft Dynamics 365 F&O and SAP AribaMicrosoft Dynamics GP and SAP AribaMicrosoft Dynamics NAV and SAP AribaEpicor Kinetic and SAP AribaExact Online and SAP AribaFreshBooks and SAP AribaIFS Cloud and SAP AribaInfor CloudSuite and SAP Ariba

Connect Xero and SAP Ariba

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started