What’s Sage Intacct?

Sage Intacct is cloud financial management software for mid-market companies that need real multi-entity consolidation and dimensional reporting. It’s what you graduate to when NetSuite feels like overkill, but QuickBooks can’t handle your complex chart of accounts. CFOs love it because it does actual financial reporting without Excel gymnastics. You’re here because you need to pull financial data or push transactions programmatically. Here’s how to get API access.

Note: Sage Intacct doesn't use traditional API keys. The Web Services API uses session-based authentication with User ID and Password, while the REST API uses OAuth 2.0. This guide covers obtaining the necessary credentials for both.

Prerequisites

Sage Intacct subscription with Web Services enabled
Administrator role or API user permissions
Know which API you need (Web Services or REST)

The Two APIs (Pick One)

Web Services API: The mature XML-based API with full feature coverage REST API: The new JSON-based API with limited but growing endpoints

Most integrations still use Web Services because REST doesn’t cover everything yet. Deal with it.

Method 1: Web Services API Setup

Step 1: Enable Web Services

Company → Admin → Subscriptions

Find Web Services. If it’s not enabled, contact your account manager. This costs extra money. Welcome to enterprise software.

Step 2: Create Web Services User

Company → Admin → Web Services Users → Add

Fill in:

User ID: Something like api_user (you'll use this to authenticate)
First name / Last name: Whatever helps you identify this account
Email address: Use a shared mailbox, not someone who might quit
User type: "Business"
Admin privileges: Hell no, unless you want a security nightmare
Status: Active

Set the password. Make it strong. This is financial data.

Step 3: Set User Permissions

Click on your new user → Subscriptions

Enable access to:

The companies this user can access
The modules they need (GL, AP, AR, etc.)
The specific permissions per module

Don’t give “All” access unless you enjoy explaining data breaches.

Step 4: Get Your Credentials

You now have:

Company ID: Found in Company → Setup → Company Information
User ID: The one you just created
User Password: The one you just set
Sender ID: Your unique identifier (usually your company ID)
Sender Password: Optional security layer (set in Company → Admin → Company Security)

Step 5: Find Your Location ID

Company → Setup → Locations

Note your Location ID. Some API calls need this. It’s usually a number like “100” or matches your entity structure.

Method 2: REST API Setup

Step 1: Same User Setup

Create a Web Services user (same as above). Sage Intacct REST API uses the same authentication.

Step 2: Get Your OAuth Credentials

Contact Sage Intacct support or your partner. Seriously. They haven’t automated this part yet.

They’ll provide:

Client ID
Client Secret
Authorization endpoint URLs

This takes 2-3 business days. Plan accordingly.

Step 3: Implement OAuth Flow

Standard OAuth 2.0 authorization code flow. Nothing special here except their tokens expire in 1 hour and refresh tokens last 6 months.

You can read our Sage Intacct REST API guide here.

Session-Based Authentication (Web Services)

Every API session needs:

Create session with login credentials
Get session ID
Use session ID for subsequent calls
Sessions expire after inactivity (default: 30 minutes)

No permanent tokens. Every integration needs to handle session management.

Common Screwups to Avoid

Wrong Endpoint:
- Production: https://api.intacct.com/ia/xml/xmlgw.phtml
- Not your company URL. Always the same endpoint for everyone.
Entity Restrictions: Your API user might only see certain entities/locations. Check user permissions when you get empty responses.
Rate Limits: No published limits but hammer it too hard and you’ll get throttled. Space out bulk operations.
Session Timeout: Sessions die after 30 minutes of inactivity. Implement session refresh or catch the timeout errors.
Field Permissions: Just because the API user has module access doesn’t mean they can see all fields. Custom fields especially need explicit permissions.

Testing Your Connection

Use the company’s sandbox (if they bought one—many don’t)
Start with a simple read operation: List vendors or get company info
Check the response for <status>success</status>
If you get authentication errors, verify:
- Company ID is correct
- User has Web Services access
- Password hasn’t expired
- IP restrictions aren’t blocking you

Security That Matters

Web Services users can’t log into the UI (that’s good)
Set IP restrictions if you have static IPs
Use entity restrictions to limit data access
Enable session timeout controls
Audit logs track everything—review them

What You Can’t Do

Get real-time webhooks (poll or die)
Bulk delete records (one at a time, slowly)
Access certain system tables (they’re protected)
Bypass approval workflows (they still trigger)

Stop expecting modern API features from enterprise accounting software. Work with what you’ve got.

That’s it. You have Sage Intacct API access. Now go build your integration.

Managing Sage Intacct API connectivity with Apideck's Vault

If you want to integrate with Sage Intacct and other accounting systems, managing API connections can be challenging. You can use Apideck to connect to accounting applications. Apideck's Vault allows for:

Secure credential storage with automatic token refresh - No need to build token management infrastructure or handle OAuth flows manually.
Pre-built authentication UI - Embedded Vault components handle credential input and OAuth authorization without custom UI development.
Centralized connection monitoring - Track connection states, validate credentials, and manage multiple accounting platforms from a single dashboard.

And here's how you can easily connect and manage permissions for your API Access. Go to the platform, select Sage Intacct, and add the required credentials that you obtained. Save and then click on test-vault.

Screenshot 2025-11-19 at 18.30.19@2x