The API Requirement: What Your ERP Must Have
- Tayana Solutions
- 1 day ago
- 6 min read
The API Necessity
AI agents cannot function without ERP API access. Understanding what APIs are, why they're required, and whether your ERP has appropriate capabilities determines implementation feasibility.
Reality: Modern ERPs (2015+) typically have suitable APIs. Legacy systems may need work.
What an API Is
Application Programming Interface Explained
Simple explanation: A standardized way for software systems to exchange data
Analogy: API is like a restaurant menu. Menu provides standardized way to order (request) food, kitchen prepares and serves (responds). You don't need to know how kitchen works, just how to use menu.
For ERP: API provides standardized way for external systems (like AI agents) to request customer data, invoice data, etc. ERP responds with requested information in standard format.
Why Email/Manual Export Isn't Sufficient
Manual approach: Export data to Excel, send to implementation partner, they load into AI system
Problems:
Manual export every time data changes
No real-time access
Cannot write outcomes back to ERP automatically
Staff coordination burden continues
Why this defeats purpose: AI agents need automatic, real-time access to reduce manual coordination
API Types
REST API (Most Common)
Characteristics:
Modern, widely supported
Uses HTTPS (same as websites)
JSON or XML data format
Stateless (each request independent)
ERPs with REST API:
Acumatica (Contract-Based API)
NetSuite (SuiteTalk REST)
Dynamics 365 (Web API)
SAP Business One (Service Layer)
Sage Intacct (Web Services)
Suitability: Excellent for AI agent integration
SOAP API (Older Standard)
Characteristics:
Established, mature
XML-based
More structured than REST
Still widely supported
ERPs with SOAP API:
NetSuite (SuiteTalk SOAP)
Some Dynamics configurations
Older SAP versions
Suitability: Works fine for AI agent integration, just older technology
Database Direct Access (Not Preferred)
Characteristics:
SQL queries directly to database
No API layer
Requires database knowledge
More brittle (schema changes break integration)
When this is necessary:
Legacy ERPs with no API
Highly customized systems
ERP vendors who don't provide API
Suitability: Works but not ideal. More maintenance burden. Security concerns (broader access required).
Required API Capabilities
Read Access Requirements
Customer master data:
Customer ID
Name
Contact information (phone, email)
Account status
Payment terms
Credit limit
Transaction data:
Invoice numbers
Invoice amounts
Invoice dates
Due dates
Current balance
Payment history
Communication history:
Previous notes
Activity records
Tasks
Communications log
Write Access Requirements
Activity logging:
Create call records
Create email records
Log communication attempts
Notes:
Write conversation outcomes
Document commitments
Record next steps
Tasks:
Create follow-up tasks
Assign to appropriate staff
Set due dates
Status updates:
Mark exceptions as contacted
Update collection status
Flag for review
What AI Does NOT Need to Write
Never modifies:
Customer master data (name, address, etc.)
Invoice amounts or terms
Payment applications
Account balances
GL transactions
System configurations
Why this matters: Security concern reduced. AI cannot corrupt financial data. Changes limited to notes and activities.
Authentication Requirements
OAuth 2.0 (Preferred)
What it is: Modern authentication standard, secure token-based
How it works:
One-time authorization
Token generated for AI agent
Token used for all subsequent requests
Token can be revoked if needed
ERPs supporting OAuth:
Acumatica
Dynamics 365
NetSuite (OAuth 2.0 available)
Benefits:
Secure
Auditable
Revocable
Industry standard
API Key / Secret (Common)
What it is: Long random string used to authenticate
How it works:
API key generated in ERP
Key provided to AI agent
Key included with each request
Key validates authorization
ERPs supporting API keys:
Most modern ERPs offer this
Alternative to OAuth
Benefits:
Simple to implement
Secure if properly managed
Easy to rotate if compromised
Username/Password (Less Preferred)
What it is: Service account with username and password
How it works:
Create dedicated service account in ERP
Provide credentials to AI agent
Login for each request or session
Concerns:
Password management burden
Rotation complexity
Less secure than OAuth/API key
When acceptable:
Legacy systems with limited options
Temporary implementations
When OAuth/API key unavailable
API Performance Requirements
Rate Limits
What they are: Maximum number of API calls allowed per hour/day
Typical limits:
High tier: 10,000+ per day
Mid tier: 1,000-10,000 per day
Low tier: 100-1,000 per day
AI agent needs:
50-100 API calls per exception handled
For 80 exceptions monthly: 4,000-8,000 calls monthly
Requirement: 1,000+ daily rate limit
Most ERPs provide: Sufficient rate limits for mid-market AI usage
Response Time
What it is: How quickly API responds to requests
Requirements:
Average response: Under 2 seconds
Maximum response: Under 10 seconds
Why it matters: Voice conversations require responsive data access. Email-based can tolerate slower responses.
Most modern ERPs: Respond in under 1 second for standard queries
ERP-Specific API Assessment
Acumatica
API type: REST (Contract-Based API)
Authentication: OAuth 2.0
Documentation: Excellent
Readiness: 95% implementations ready out-of-box
Typical additions:
Custom fields for AI tracking (1 day)
Workflow for task routing (1 day)
Assessment: Excellent API, minimal preparation
NetSuite
API type: REST and SOAP (SuiteTalk)
Authentication: OAuth 2.0, token-based
Documentation: Comprehensive
Readiness: 85% implementations ready
Typical additions:
Custom fields (1-2 days)
Saved searches for exception identification (1 day)
Script deployment if complex logic needed (2-4 days)
Assessment: Strong API, minor configuration
Dynamics 365
API type: REST (Web API, OData)
Authentication: Azure AD OAuth
Documentation: Very good
Readiness: 85% implementations ready
Typical additions:
Custom fields/entities (1-2 days)
Security roles for service account (1 day)
Business rules if needed (1-2 days)
Assessment: Good API, standard Microsoft approach
SAP Business One
API type: Service Layer (REST-like)
Authentication: Session-based or OAuth
Documentation: Good
Readiness: 80% implementations ready
Typical additions:
User-defined fields (1-2 days)
Authorization setup (1 day)
Assessment: Capable API, some learning curve
Sage Intacct
API type: Web Services (XML-based)
Authentication: Sender ID and credentials
Documentation: Good
Readiness: 85% implementations ready
Typical additions:
Custom fields (1 day)
Web services user setup (1 day)
Assessment: Functional API, slightly older approach
Legacy or Custom ERP Challenges
No API Exists
Options:
Option 1: API Development
Build custom API layer
Cost: $15,000-$40,000
Timeline: 8-12 weeks
Ongoing maintenance required
Option 2: Database Direct Access
Read from database directly
Write via file import or stored procedures
Cost: $10,000-$25,000
Timeline: 4-8 weeks
Less flexible, more brittle
Option 3: ERP Upgrade
Upgrade to modern ERP with API
Cost: $200,000+ (full ERP upgrade cost)
Timeline: 12-24 months
Best long-term but high cost
Limited API Functionality
Scenario: API exists but cannot write notes/tasks back
Options:
Option 1: API Enhancement
Add write capability
Cost: $5,000-$15,000
Timeline: 2-4 weeks
Option 2: Workaround
AI documents outcomes in separate system
Staff manually updates ERP
Reduces but doesn't eliminate manual work
Pre-Implementation API Assessment
Assessment Checklist
1. Does API exist?
[ ] REST API available
[ ] SOAP API available
[ ] Database direct access possible
[ ] No programmatic access (problem)
2. What can API read?
[ ] Customer master data
[ ] Invoice/transaction data
[ ] Payment history
[ ] Notes and activities
3. What can API write?
[ ] Activity records (calls, emails)
[ ] Notes/comments
[ ] Tasks
[ ] Status fields
4. Authentication available?
[ ] OAuth 2.0
[ ] API key/secret
[ ] Service account username/password
5. Performance adequate?
[ ] Rate limit > 1,000 daily
[ ] Response time < 2 seconds average
6. Documentation exists?
[ ] API documentation available
[ ] Code examples provided
[ ] Support channel exists
Assessment Timeline
Standard modern ERP:
Assessment: 1-2 hours
Result: Ready to proceed
Custom or legacy ERP:
Assessment: 4-8 hours (may require vendor/consultant involvement)
Result: Identify gaps and remediation needed
The Reality
AI agents require ERP API for automated data access and outcome writing. Modern ERPs (Acumatica, NetSuite, Dynamics, SAP Business One, Sage Intacct) have suitable REST or SOAP APIs with OAuth authentication.
Required capabilities:
Read access (customer master, transactions, payment history, notes);
Write access (activities, notes, tasks, status updates).
Never writes: Customer master changes, transaction modifications, GL entries.
Authentication options: OAuth 2.0 (preferred, most secure), API keys (common, acceptable), Username/password (less preferred but works).
Performance needs: 1,000+ daily rate limit, under 2 second response time. Most modern ERPs exceed these requirements.
ERP-specific readiness: Acumatica 95% ready, NetSuite 85% ready with minor config, Dynamics 365 85% ready, SAP Business One 80% ready, Sage Intacct 85% ready.
Legacy ERP challenges: No API requires development $15K-$40K or database direct access $10K-$25K. Limited API requires enhancement $5K-$15K or workarounds.
Pre-implementation assessment: 1-2 hours for modern ERPs identifies readiness. 4-8 hours for custom/legacy identifies gaps and remediation.
Standard modern ERPs ready out-of-box. Legacy systems may need investment before AI implementation feasible.
About the Author: This content is published by ERP AI Agent.
Published: January 2025 | Reading Time: 7 minutes
Comments