What’s Sage Intacct?

Sage Intacct is cloud financial management software for mid-market companies that need real multi-entity consolidation and dimensional reporting. It’s what you graduate to when NetSuite feels like overkill, but QuickBooks can’t handle your complex chart of accounts. CFOs love it because it does actual financial reporting without Excel gymnastics. You’re here because you need to pull financial data or push transactions programmatically. Here’s how to get API access.

Prerequisites

• Sage Intacct subscription with Web Services enabled

• Administrator role or API user permissions

• Know which API you need (Web Services or REST)

The Two APIs (Pick One)

Web Services API: The mature XML-based API with full feature coverage REST API: The new JSON-based API with limited but growing endpoints

Most integrations still use Web Services because REST doesn’t cover everything yet. Deal with it.

Method 1: Web Services API Setup

Step 1: Enable Web Services

Company → Admin → Subscriptions

Find Web Services. If it’s not enabled, contact your account manager. This costs extra money. Welcome to enterprise software.

Step 2: Create Web Services User

Company → Admin → Web Services Users → Add

Fill in:

• User ID: Something like api_user (you'll use this to authenticate)
• First name / Last name: Whatever helps you identify this account
• Email address: Use a shared mailbox, not someone who might quit
• User type: "Business"
• Admin privileges: Hell no, unless you want a security nightmare
• Status: Active

Set the password. Make it strong. This is financial data.

Step 3: Set User Permissions

Click on your new user → Subscriptions

Enable access to:

• The companies this user can access
• The modules they need (GL, AP, AR, etc.)
• The specific permissions per module

Don’t give “All” access unless you enjoy explaining data breaches.

Step 4: Get Your Credentials

You now have:

• Company ID: Found in Company → Setup → Company Information
• User ID: The one you just created
• User Password: The one you just set
• Sender ID: Your unique identifier (usually your company ID)
• Sender Password: Optional security layer (set in Company → Admin → Company Security)

Step 5: Find Your Location ID

Company → Setup → Locations

Note your Location ID. Some API calls need this. It’s usually a number like “100” or matches your entity structure.

Method 2: REST API Setup

Step 1: Same User Setup

Create a Web Services user (same as above). Sage Intacct REST API uses the same authentication.

Step 2: Get Your OAuth Credentials

Contact Sage Intacct support or your partner. Seriously. They haven’t automated this part yet.

They’ll provide:

• Client ID
• Client Secret
• Authorization endpoint URLs

This takes 2-3 business days. Plan accordingly.

Step 3: Implement OAuth Flow

Standard OAuth 2.0 authorization code flow. Nothing special here except their tokens expire in 1 hour and refresh tokens last 6 months.

You can read our Sage Intacct REST API guide here.

Session-Based Authentication (Web Services)

Every API session needs:

1. Create session with login credentials
2. Get session ID
3. Use session ID for subsequent calls
4. Sessions expire after inactivity (default: 30 minutes)

No permanent tokens. Every integration needs to handle session management.

Common Screwups to Avoid

1. Wrong Endpoint:

   • Production: https://api.intacct.com/ia/xml/xmlgw.phtml

   • Not your company URL. Always the same endpoint for everyone.

2. Entity Restrictions: Your API user might only see certain entities/locations. Check user permissions when you get empty responses.

3. Rate Limits: No published limits but hammer it too hard and you’ll get throttled. Space out bulk operations.

4. Session Timeout: Sessions die after 30 minutes of inactivity. Implement session refresh or catch the timeout errors.

5. Field Permissions: Just because the API user has module access doesn’t mean they can see all fields. Custom fields especially need explicit permissions.

Testing Your Connection

1. Use the company’s sandbox (if they bought one—many don’t)

2. Start with a simple read operation: List vendors or get company info

3. Check the response for <status>success</status>

4. If you get authentication errors, verify:

   • Company ID is correct

   • User has Web Services access

   • Password hasn’t expired

   • IP restrictions aren’t blocking you

Security That Matters

• Web Services users can’t log into the UI (that’s good)

• Set IP restrictions if you have static IPs

• Use entity restrictions to limit data access

• Enable session timeout controls

• Audit logs track everything—review them

What You Can’t Do

• Get real-time webhooks (poll or die)

• Bulk delete records (one at a time, slowly)

• Access certain system tables (they’re protected)

• Bypass approval workflows (they still trigger)

Stop expecting modern API features from enterprise accounting software. Work with what you’ve got.

That’s it. You have Sage Intacct API access. Now go build your integration.

Managing Sage Intacct API connectivity with Apideck's Vault

If you want to integrate with Sage Intacct and other accounting systems, managing API connections can be challenging. You can use Apideck to connect to accounting applications. Apideck's Vault allows for:

• Secure credential storage with automatic token refresh - No need to build token management infrastructure or handle OAuth flows manually.
• Pre-built authentication UI - Embedded Vault components handle credential input and OAuth authorization without custom UI development.
• Centralized connection monitoring - Track connection states, validate credentials, and manage multiple accounting platforms from a single dashboard.

And here's how you can easily connect and manage permissions for your API Access. Go to the platform, select Sage Intacct, and add the required credentials that you obtained. Save and then click on test-vault.

Add your credentials, then authenticate with Sage Intacct.