ml-connector
XeroTipalti

Xero and Tipalti integration

Xero runs your accounting. Tipalti runs your supplier payments and invoice approval. Connecting them keeps your supplier master data, purchase commitments, and payment activity in step across both systems. Supplier contacts created in Xero flow into Tipalti as payees so invoices match against current vendor terms. Purchase orders flow from Xero into Tipalti's matching engine to catch duplicate or off-contract invoices before they leave for payment. Payment approvals and completion notifications flow back to Xero as manual journals so your cash account and expense recognition stay current without re-keying.

How Xero works

Xero exposes contacts, invoices, purchase orders, payments, accounts, and manual journals through a REST Accounting API at https://api.xero.com/api.xro/2.0/. Calls require OAuth2 bearer tokens (30-minute expiry) and a Xero-tenant-id header to route to the correct organization. The API supports webhooks for contact, invoice, purchase order, and payment events with CREATE and UPDATE triggers, though webhook payloads contain metadata only and require a follow-up GET to fetch the full record. Deleted records are not returned by default. Polling can also use If-Modified-Since headers for delta sync. The API enforces a rate limit of 5 concurrent calls, 60 per minute per tenant, and 5000 per day per tenant.

How Tipalti works

Tipalti exposes payees, invoices, purchase orders, payments, GL accounts, tax codes, and payment batches through both SOAP (https://api.tipalti.com/v14/) and REST (https://triggers.approve.com) APIs. SOAP calls are authenticated with HMAC-SHA256 signatures derived from the payer name and API key. REST calls use OAuth2 client credentials or static x-api-key headers. The platform sends IPN (Instant Payment Notifications) webhooks when payee details change, invoices are received, payments are submitted or completed, or compliance documents are requested, with signatures verified by HMAC-SHA256. A single IPN endpoint per payer receives all event types. OFAC compliance checks run server-side and cannot be simulated in the sandbox.

What moves between them

The main flow is Xero into Tipalti and back. Xero contacts (suppliers) are synced to Tipalti as payees each time a contact is created or updated, ensuring the payee master stays current. Xero purchase orders flow to Tipalti after contact sync is complete, so the matching engine can validate incoming invoices against live POs. Tipalti payment completion and approval state changes trigger IPN events which ml-connector fetches in full and posts back to Xero as manual journals, allocating payment amounts to the correct GL accounts and cost centers. The cadence is real-time on webhook events (Xero creates a contact or PO, Tipalti sends a payment IPN) with 15-minute polling fallback for any missed events.

How ml-connector handles it

ml-connector stores Xero's OAuth2 credentials and tenant ID, refreshing the bearer token when a call returns 401. Tipalti credentials include the payer name and API key for SOAP HMAC signing and REST OAuth2 client ID/secret. When a Xero webhook fires (contact or purchase order created/updated), ml-connector fetches the full record from Xero to capture all fields (contact address, tax ID, payment terms; PO line items, amount, status), then posts to Tipalti via the appropriate SOAP or REST endpoint. Contact syncs precede PO syncs so every PO references a payee already present in Tipalti. When Tipalti fires an IPN webhook (payment_submitted, completed, payment_cancelled), ml-connector verifies the HMAC-SHA256 signature using Tipalti's webhook secret, fetches full payment details from Tipalti, and creates a manual journal in Xero mapped to the correct GL account based on the invoice category or cost center from Tipalti. Rate limits are respected with backoff and retry: Xero's 60-per-minute limit triggers per-tenant queuing; Tipalti's SOAP/REST split means calls to each API family are isolated. Every record carries full audit trail including the source transaction ID, timestamp, and direction.

A real-world example

A mid-sized manufacturing distributor buys components from 200+ global suppliers and sells assembled products to industrial customers. Before the integration, the procurement team manually entered new suppliers into a spreadsheet, emailed it to accounts payable, and AP staff re-entered each supplier into Tipalti by hand. Purchase order numbers were tracked in Xero but not linked to Tipalti, so when an invoice arrived for a PO, AP had to search spreadsheets or email to find the commitment amount and delivery schedule. Payment approvals in Tipalti were not reflected in Xero until the accounting team exported a list and posted manual entries days later. With Xero and Tipalti connected, new suppliers entered in Xero appear in Tipalti within minutes, every purchase order flows to Tipalti's invoice matching workflow automatically, and payment approvals post to Xero the moment they are issued. Supplier reconciliation, PO matching, and cash forecasting now move at system speed instead of email speed.

What you can do

  • Sync Xero contacts as Tipalti payees in real-time via webhook events, keeping supplier master data current in both systems.
  • Push Xero purchase orders to Tipalti for invoice matching and duplicate detection before payment processing.
  • Map Tipalti payment completion and approval events back to Xero as manual journals allocated to the correct GL accounts.
  • Verify Tipalti IPN signatures with HMAC-SHA256 and handle both SOAP and REST API families with separate auth schemes.
  • Respect Xero tenant isolation, OAuth2 token refresh, rate limits, and Tipalti's single-endpoint webhook model with automatic retry and full audit trail.

Questions

Which direction does data move between Xero and Tipalti?
Contacts and purchase orders flow from Xero to Tipalti so that supplier master data and purchase commitments are current in Tipalti's invoice matching and approval workflows. Payment completion and approval state changes flow back from Tipalti to Xero as manual journals, so the cash and expense accounts stay in sync with payment activity. Reference data such as GL accounts and cost centers are mapped in both directions.
How does ml-connector handle Tipalti's SOAP and REST API families?
Tipalti offers SOAP and REST endpoints with different auth schemes (HMAC-SHA256 for SOAP, OAuth2 or x-api-key for REST). ml-connector determines the correct endpoint and auth method based on the operation: payee and invoice operations typically use SOAP, while payment queries may use REST. Credentials for both families are stored encrypted and selected per call.
What happens if a Xero webhook misses or a Tipalti IPN fails to post?
ml-connector polls both systems on a 15-minute cadence as a fallback, so any missed contacts, purchase orders, or payment events are captured by the next polling run. Every record carries a timestamp and source transaction ID so duplicates are detected and skipped. Failed journal posts to Xero are retried with exponential backoff and surfaced in the audit log for manual review.

Related integrations

More Xero integrations

Xero and Adobe CommerceXero and ADPXero and AdyenXero and AirbaseXero and Amazon Seller CentralXero and AnaplanXero and SAP AribaXero and AsanaXero and AvalaraXero and AvidXchangeXero and BambooHRXero and Basware

Other systems that connect to Tipalti

Acumatica and TipaltiDATEV and TipaltiDeltek and TipaltiMicrosoft Dynamics 365 Business Central and TipaltiMicrosoft Dynamics 365 F&O and TipaltiMicrosoft Dynamics GP and TipaltiMicrosoft Dynamics NAV and TipaltiEpicor Kinetic and TipaltiExact Online and TipaltiFreshBooks and TipaltiIFS Cloud and TipaltiInfor CloudSuite and Tipalti

Connect Xero and Tipalti

Free to use. Add your credentials, ping your real systems, and see if we fit.

Get started