Microsoft Dynamics 365 Finance - Tipalti

Integration Specification — Technical Reference

Microsoft Dynamics 365 Finance ↔ Tipalti

OAuth 2.0 (both platforms) Middleware-Orchestrated Bidirectional Sync

72 / 100

VIABLE

Health Score

Integration Viability Score — Proprietary Assessment

Microsoft Dynamics 365 Finance ↔ Tipalti

Auth Robustness22/25

Webhook / Event Support16/25

Rate Limit Generosity10/25

Documentation Quality24/25

VERDICTA robust but middleware-dependent integration connecting D365 Finance AP and vendor data to Tipalti's global payout engine via OAuth 2.0 on both sides, with event-driven IPN callbacks bridging payment status back to the ERP.

Table of Contents hide

1 Executive Summary

1.1 ⚡ Accelerate your integration roadmap

2 Logical Architecture & Data Flow

2.1 Architecture Component Breakdown

2.2 Authentication Architecture

2.3 Data Flow Diagram

3 Enterprise Use Cases

3.1 Use Case 1: Vendor Master Sync

3.2 Use Case 2: Invoice-Driven Payment Initiation

3.3 Use Case 3: Payment Status Writeback & GL Reconciliation

3.4 Use Case 4: Purchase Order Sync for Procurement Workflow

4 Standard API Field Mapping

5 Limitations & Rate Limits

5.1 D365 Finance Rate Limits

5.2 Tipalti Rate Limits

5.3 Critical Engineering Constraints

6 Official Documentation

Executive Summary

Integrating Microsoft Dynamics 365 Finance with Tipalti creates an end-to-end accounts payable automation pipeline: vendor master data and approved invoices originate in D365, are pushed via the Data Management Package REST API to a middleware orchestration layer, and are then submitted to Tipalti’s REST API for global payment execution, tax compliance, and payee onboarding. Payment status updates, reconciliation records, and IPN (Instant Payment Notification) callbacks flow back from Tipalti into D365 Finance, closing the AP loop without manual intervention. Both platforms authenticate via OAuth 2.0 client-credentials flows, making token lifecycle management the primary operational concern. Rate limits are partially undocumented on both sides, requiring vendor engagement before production sizing. The integration pattern is best served by a dedicated iPaaS layer (MuleSoft, Boomi, Celigo) handling transformation, retry, and idempotency between the two platforms’ differing data models.

⚡ Accelerate your integration roadmap

Stop wrestling with API rate limits, undocumented endpoints, and unreliable webhooks. Our engineering team designs and deploys resilient, enterprise-grade integration architectures in days. Prefer to build it in-house? Leverage our recommended middleware platform.

Request Architecture Review → Explore Recommended iPaaS

Logical Architecture & Data Flow

Architecture Component Breakdown

◈

D365 Finance Data Entities

Exposes vendor, invoice, and ledger data via the Data Management Package REST API and OData actions. Acts as the authoritative AP and vendor master source of truth.

◈

Microsoft Entra ID (OAuth 2.0)

Issues bearer tokens for D365 Finance API access using the Client Credentials Grant flow. Client IDs must be registered in the Microsoft Entra Applications list within D365 System Administration.

◈

iPaaS Middleware Layer

Orchestrates data transformation, field mapping, error handling, retry logic, and scheduling between D365 Finance and Tipalti. Recommended platforms: MuleSoft, Celigo, or Dell Boomi.

◈

Tipalti REST API

Accepts payee onboarding, invoice submission, and payment batch creation via resource-oriented JSON endpoints. Base URLs differ per environment: sandbox at api.sandbox.tipalti.com, production at api.tipalti.com.

◈

Tipalti IPN Service

Instant Payment Notification webhook-style callbacks that push payment status changes, payee updates, and system events back to a registered listener endpoint on the middleware layer in near-real-time.

◈

Azure Blob Storage (D365 DMF)

Intermediate staging storage used by the D365 Data Management Framework. The GetAzureWriteUrl API returns SAS-token-scoped URLs for secure package uploads prior to ImportFromPackage execution.

◈

Reconciliation & Error Handler

Uses D365 GetImportStagingErrorFileUrl and GenerateImportTargetErrorKeysFile APIs alongside Tipalti HTTP 429/5xx retry logic to detect, log, and re-queue failed records without data duplication.

Authentication Architecture

Microsoft Dynamics 365 Finance uses OAuth 2.0 with the Client Credentials Grant flow mediated by Microsoft Entra ID (formerly Azure Active Directory). The middleware application must be registered as an Entra application, and its client ID must be explicitly allow-listed under System Administration → Setup → Microsoft Entra Applications in D365 with appropriate security role mapping. Access tokens are bearer tokens passed in the Authorization header for all Data Management Package API calls against the /data/DataManagementDefinitionGroups/ OData action namespace.

Tipalti’s REST API also enforces OAuth 2.0 using the Client Credentials Grant flow. Token acquisition is performed via POST https://api.tipalti.com/oauth2/token with grant_type=client_credentials, client_id, and client_secret. The returned access_token is included as a bearer token in all subsequent API requests. For the Procurement REST API variant, an API token passed via the x-api-key header is used instead. The middleware must manage token refresh independently for both platforms, detecting 401 responses and re-acquiring tokens before retrying the originating request.

Data Flow Diagram

Enterprise Use Cases

Use Case 1: Vendor Master Sync

USE CASE 4.1
TRIGGER: New/Updated Vendor in D365
→ Payee Created/Updated in Tipalti

Automated Payee Onboarding from D365 Vendor Master

When a new vendor account is created or an existing vendor’s banking or contact details are modified in D365 Finance, the middleware polls the D365 Data Management API to export the VendTable and VendBankAccount data entities. The extracted package is transformed and submitted to Tipalti via POST /api/Payees, creating or updating the payee record including payment method, currency preferences, and contact information. This eliminates manual dual-entry and ensures Tipalti’s payee portal is always current before payment runs are initiated.

Use Case 2: Invoice-Driven Payment Initiation

USE CASE 4.2
TRIGGER: Invoice Approved in D365
→ Payment Batch Submitted to Tipalti

Approved AP Invoice to Tipalti Payment Batch

Once a vendor invoice reaches Approved status in D365 Finance, the middleware exports the VendInvoiceJour entity via the Data Management Package API using POST /data/DataManagementDefinitionGroups/Microsoft.Dynamics.DataEntities.ExportToPackage. The invoice amount, currency, due date, and vendor reference are mapped to a Tipalti payment instruction payload and submitted via POST /api/paymentBatches with individual paymentInstructions per line. Tipalti then handles FX conversion, payment method selection, and global disbursement according to the payee’s registered preferences.

Use Case 3: Payment Status Writeback & GL Reconciliation

USE CASE 4.3
TRIGGER: Tipalti IPN Payment Event
→ D365 Vendor Payment Journal Updated

Real-Time Payment Confirmation Writeback to D365

Tipalti’s IPN service fires a callback to the middleware’s registered listener endpoint whenever a payment transitions state (e.g., Submitted → Paid, or Paid → Returned). The middleware maps the IPN payload — including Tipalti’s internal payment ID, settlement date, and actual paid amount — to a D365 VendPaymJournalTrans update. The Data Management API’s ImportFromPackage or ImportFromPackageAsync action is invoked to post the reconciliation record back into D365, automatically marking the original invoice as settled and generating the appropriate GL entries without requiring manual bank statement imports.

Use Case 4: Purchase Order Sync for Procurement Workflow

USE CASE 4.4
TRIGGER: PO Approved in D365
→ Tipalti PO Record Created with External ID

Bidirectional Purchase Order Lifecycle Management

Approved purchase orders from D365’s PurchTable entity are exported via the Data Management API and pushed to Tipalti’s Procurement REST API via POST /purchase-orders (Update PO endpoint) with the D365 PO number mapped to Tipalti’s externalId field. This creates a persistent cross-system reference. Tipalti’s GET /purchase-orders?forceReadAll=false endpoint is then polled to retrieve POs lacking external IDs, enabling the middleware to assign D365 PO numbers to Tipalti-originated procurement requests and maintain a unified PO register across both systems. Maximum CSV upload file size for the employee/bulk endpoint is 10 MB and the provided upload URL expires after 60 seconds.

Standard API Field Mapping

⚠ Note: Field names reflect canonical API schema identifiers. All endpoints verified against official documentation.

Entity	D365 Finance Field	Method	Tipalti Field	Method	Type
Vendor / Payee	VendTable.AccountNum	GET	payeeId	POST	String
Vendor / Payee	VendTable.Name	GET	payeeName	POST	String
Vendor / Payee	VendTable.Email	GET	email	POST	String
Vendor / Payee	VendBankAccount.BankAccountId	GET	paymentMethod	POST	Enum
Invoice	VendInvoiceJour.InvoiceId	GET	refCode	POST	String
Invoice	VendInvoiceJour.InvoiceAmountMST	GET	amountSubmitted.amount	POST	Decimal
Invoice	VendInvoiceJour.CurrencyCode	GET	amountSubmitted.currency	POST	ISO 4217
Payment Status	VendPaymJournalTrans.PaymStatus	PATCH	paymentStatus (IPN payload)	WEBHOOK	Enum
Purchase Order	PurchTable.PurchId	GET	externalId	POST	String
Legal Entity	ImportFromPackage.legalEntityId	POST	payerId (multi-entity)	POST	String
Execution / Job	GetExecutionSummaryStatus.executionId	POST	paymentBatchId	GET	String / GUID

Limitations & Rate Limits

⚠ Risk Advisory: Validate all rate limits with vendor TAMs before production go-live.

D365 Finance Rate Limits

Constraint	Limit	Detail	Mitigation
Package API Throughput	DATA_UNAVAILABLE	No explicit per-minute or per-hour API call limits are published in the Data Management Package REST API documentation.	Implement exponential backoff; monitor Azure service health. Engage Microsoft TAM for LCS-hosted environment throttle thresholds.
Azure Blob SAS Token Expiry	Time-limited window	SAS tokens returned by GetAzureWriteUrl have a finite expiry window. Requests after expiry return an error.	Generate SAS token immediately before upload; do not cache tokens. Re-invoke GetAzureWriteUrl if upload is delayed.
ImportFromPackage Concurrency	DATA_UNAVAILABLE	Composite entity packages are restricted to one composite data entity per package per the official documentation.	Split composite entity packages; use ImportFromPackageAsync and poll GetExecutionSummaryStatus for job completion before submitting the next package.

Tipalti Rate Limits

Constraint	Limit	Detail	Mitigation
API Burst Throttle	HTTP 429 triggered	Tipalti explicitly documents that sending many requests in quick succession may result in HTTP 429 Too Many Requests responses to protect platform stability.	Implement exponential backoff with jitter on 429 responses. Batch payment instructions within a single paymentBatch payload rather than per-payment API calls.
Numeric Rate Limit	DATA_UNAVAILABLE	Tipalti’s developer documentation does not publish specific requests-per-minute or daily call limits for the REST API.	Contact Tipalti Implementation Manager or TAM to obtain production rate limit specifications before go-live.
Bulk Upload File Size	10 MB max	The Procurement bulk CSV employee upload endpoint enforces a 10 MB maximum file size limit.	Chunk large vendor/employee datasets into sub-10 MB files before invoking getUploadUrl. Validate file size client-side before upload attempt.
Upload URL Expiry	60 seconds	The URL returned by the getUploadUrl Procurement endpoint expires after 60 seconds; a new URL must be requested if the window is missed.	Begin upload immediately after URL acquisition; do not pre-fetch URLs. Monitor for upload failures and re-request URL on timeout.

Critical Engineering Constraints

▲
D365 Finance does not support native outbound webhooks from the Data Management Package API. All vendor and invoice change detection must rely on scheduled polling exports or D365 Business Events (if configured), introducing latency into the outbound data flow versus a true event-driven pattern.

▲
The D365 Data Management API is designed for file-based, package-oriented data exchange rather than granular record-level CRUD. This means high-frequency, low-latency transaction sync (e.g., per-invoice real-time posting) is architecturally misaligned with the DMF package model and should instead leverage D365 OData entities or custom services.

▲
Tipalti environments (Sandbox and Production) are completely isolated with no integration between them. All integration logic, OAuth client credentials, and IPN listener endpoints must be separately configured and tested in each environment. Migrating from sandbox to production requires full credential rotation and endpoint reconfiguration.

▲
Idempotency must be enforced at the middleware layer. Neither the D365 DMF package API nor Tipalti’s payment batch endpoint explicitly document native idempotency keys, creating risk of duplicate payment submissions on middleware retry. The middleware must track executionId from D365 and paymentBatchId from Tipalti in a persistent store to prevent double-payment scenarios.

▲
For D365 on-premises deployments, the base URL must append /namespaces/AXSF and authorization must route through Active Directory Federation Services (AD FS) rather than Microsoft Entra ID. This significantly increases infrastructure complexity and may require separate middleware connection profiles for cloud vs. on-premises D365 environments.

Official Documentation

D365 FINANCE
Data Management Package REST API — Official Microsoft Learn Documentation
VIEW DOCS →

D365 FINANCE
Recurring Integrations API — Alternative Scheduling-Based Integration Pattern
VIEW DOCS →

MICROSOFT ENTRA
OAuth 2.0 Authorization with Microsoft Entra ID — Token Acquisition Reference
VIEW DOCS →

TIPALTI
Tipalti Developer Hub — REST API Reference, Webhooks, and Sandbox Environment
VIEW DOCS →

TIPALTI
Tipalti Procurement REST API — Purchase Orders, Employees, and Bulk Upload Endpoints
VIEW DOCS →

TIPALTI
Tipalti SOAP & Legacy API Reference — Payee and Payer Administrative Operations
VIEW DOCS →