Skip to content

Platform / Integrations

Connect once. Reach everywhere your work happens.

Modern ERPs, enterprise platforms, the legacy systems already in your landscape, plus the collaboration tools your team works in. Spaceflow connects through the protocols your stack already speaks. This page covers the surface in detail.

Book a demoSee the security model

One read-only connection on day one. First agent in production within a week.

Integration approach

Speaks the protocols your stack already runs on.

Spaceflow's integration layer is protocol-first. The shapes the enterprise landscape actually uses (SAP RFC and IDoc, REST and OData, SOAP, EDIFACT, on-premise gateways, MCP for AI agents) are spoken natively, with the cleanest available method chosen on every call.

Adding a system is a mapping exercise against its data dictionary, handled in a single working session with your team. Modern REST-based systems come online in days. Custom enterprise landscapes take weeks. The architecture is the same either way, and we give you a real timeline before any commitment.

  • REST and OData

    Most modern cloud ERPs and SaaS. NetSuite, Sage Intacct, Microsoft Dynamics 365 family, Acumatica, Odoo, and the rest.

    OAuth-based authentication. Typical first-system connection in days.

  • SAP RFC, BAPI, IDoc

    SAP S/4HANA and ECC. The protocol surface we have invested most deeply in.

    Read-only connection in week one. Write paths activate after the security review your team controls.

  • SOAP and WS-Security

    Oracle E-Business Suite, Oracle Fusion legacy, older Workday tenants, IBM CICS.

    WS-Security handled end-to-end. Sandbox session with your team sets the timeline before any commitment.

  • EDIFACT, ANSI X12, IDoc B2B

    Supplier-to-supplier exchanges that already power your existing supply chain.

    Partner agreements and envelopes handled. Acknowledgments routed into the audit chain.

  • ODBC, file pickup, batch

    Legacy estates that still run procurement. AS/400, mainframe, older Sage, Dynamics GP.

    Schedule-based or watcher-based pickup. Latency follows the cadence your team configures.

  • MCP

    Any AI agent runtime. Claude, GPT, Gemini, in-house models. Bring your stack, the tools surface as MCP.

    Native from day one. Same audit chain as every other call.

Where work happens

Beyond the system of record.

Procurement runs in inboxes, Slack threads, and shared docs as much as it runs in the ERP. Agents need to be in the same rooms. These integrations are read + write, scoped to the user the agent is acting for.

  • Email

    Outlook, Gmail, Microsoft Exchange

    Read inbox, parse attachments, draft replies, send under user identity.

  • Chat

    Slack, Microsoft Teams, Discord

    Read threads, post, react, mention, deliver approvals.

  • Issue tracking

    Linear, Jira, Asana, ClickUp, Monday, Notion

    Create, comment, transition status, link cross-system.

  • Documents

    SharePoint, Google Drive, Box, Dropbox, OneDrive

    Index contracts, RFPs, quotes. Read-only by default.

  • Calendar

    Google Calendar, Outlook Calendar

    Check availability before booking supplier calls. Post events.

  • Identity

    Okta, Microsoft Entra ID, Google Workspace, OneLogin, Auth0

    SSO, SCIM provisioning, group-based access mapping.

  • Procurement

    Coupa, SAP Ariba, Jaggaer, Ivalua, GEP, Zycus

    Coexist when these tools are in place. Ingest their data, push back our decisions.

  • Finance / AP

    Stampli, Tipalti, Bill.com, Coupa Pay, AvidXchange, MineralTree

    Push matched invoices downstream for payment.

  • Logistics

    Project44, FourKites, Flexport, ShipBob, FreightWaves

    Lead-time and route signal into the watch agent.

  • Data warehouses

    Snowflake, BigQuery, Databricks, Redshift

    Push aggregated procurement metrics for your BI layer.

How we connect

Seven ways into a system.

The right method depends on what your system supports and what your security team will sign off on. We default to the cleanest available, fall back gracefully, and tell you exactly what we're doing on every call.

REST + GraphQL

Modern SaaS. The default for anything built in the last decade.

OAuth2 client-credentials or PKCE, signed JWT, mTLS optional. We respect rate limits, retry with jitter, and idempotency-key everything we write.

SOAP, RFC, BAPI

SAP, Oracle E-Business, older Workday tenants, IBM CICS.

Native SAP-certified connector for RFC/BAPI. WS-Security for SOAP. We translate the verbose XML into typed MCP tools so agents see the clean shape.

IDoc, EDI, EDIFACT

Supplier-to-supplier B2B. Especially common in automotive, retail, and pharma supply chains.

Inbound and outbound. EDIFACT, ANSI X12, SAP IDoc. We handle the partner agreements, the envelope, and the acknowledgments.

Webhooks + event streams

Anything pushing events to you. Kafka, RabbitMQ, Pub/Sub, SQS, Azure Service Bus.

We subscribe, deduplicate, and route. Backpressure is handled at our edge so a noisy producer doesn't take down your downstream.

On-premise gateway

Air-gapped systems. Government, defense, regulated manufacturing.

A lightweight agent runs inside your network. It opens a single outbound mTLS tunnel to us. No inbound firewall rules required. Same audit chain as our cloud calls.

MCP (Model Context Protocol)

AI-native. Any agent runtime that speaks MCP.

Every Spaceflow tool is exposed as MCP. Bring Claude, GPT, Gemini, your own. The tools surface what the calling user is actually entitled to.

File pickup

Systems too old to API. CSV, fixed-width, XML over SFTP, S3, or on-prem network shares.

Schedule-based or event-based pickup. Parsed against your defined schema. Errors go to a queue with a human-readable diff.

Authentication

Identity is the integration.

We never operate as a faceless service account if the source system supports anything better. Every action carries the requesting human's identity all the way through. Your existing access rules do the gatekeeping. Your auditors stay happy.

  • OAuth 2.0 + OIDC

    The default for any modern system. We support all flows including device code and client credentials.

  • SAML 2.0

    SSO into the Spaceflow workspace. Group-based role mapping handled at the IdP.

  • mTLS

    On every transport that supports it. Pinned certificates on both ends for inter-tenant traffic.

  • Service accounts

    When unavoidable. Always scoped to a single integration, rotated automatically, logged separately.

  • SCIM 2.0

    User and group provisioning from your IdP. Joiners and leavers reflected in seconds.

  • Principal passthrough

    Every downstream call carries the requesting user's identity. Your existing access rules do the gatekeeping.

What “deep” actually means

Past the icon grid.

Most vendors mean “we can call your API” when they say integration. That's the easy part. The hard part is everything around the API.

We map your custom fields, your Z-tables, your append structures. We learn your master data so the agents stop hallucinating supplier names. We read your approval matrix from PFCG roles, your delegations, your spending limits, your company codes. We pick up the file naming conventions your supplier portal expects and the EDI partner agreements your buyers negotiated three years ago.

When something changes (a new plant comes online, a category gets re-org'd, a custom field gets added), the map updates without a re-implementation. The connection isn't static, and your team isn't in the loop for every schema change.

The flip side: we will tell you when your data is messy. Most ERPs have spots where the data quality is bad enough that an agent acting on it would do harm. We flag those during the connect, before any agent is allowed near them.

Want us to connect to your stack?

30-minute session. Bring the systems you actually use. We'll tell you what connects in week one, what takes longer, and what we'd skip.

Book a demoRead the security model