Construct an XML request body containing a <control> block (with a unique controlid and a dtdversion of 3.0) and an authentication <login> block with your sender ID, sender password, company ID, user ID, and user password.
POST this XML to https://api.intacct.com/ia/xml/xmlgw.phtml with Content-Type: text/xml.
Parse the <response> to extract the <sessionid> value; this session token is reused for subsequent API calls within its validity window.
For subsequent requests, replace the <login> authentication block with a <sessionid> block containing the token, keeping the same endpoint and Content-Type.
To perform operations, add <operation> blocks with <content> containing the appropriate function element (e.g., <create>, <query>, <read>) and the object type and fields.
Parse the <result> element in the response; check <status> for 'success' or 'failure' and handle <errormessage> blocks accordingly.
Known gotchas
Sage Intacct uses XML for its API transport, not JSON; ensure your HTTP client sends valid XML and does not add a JSON Content-Type header.
The sender ID and sender password are different from the company user credentials; they are provisioned separately by Intacct for API partners/developers.
Session tokens have a limited lifespan and are not refreshable; your integration must re-authenticate and obtain a new session token when one expires.
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp