The Undocumented API Integration — Legacy ERP Meets Modern Payments
The Challenge
An enterprise client had operated on a custom ERP system since the late 1990s — customer accounts, invoicing, contract management, payment history, and reporting all lived in it. The system worked. The problem was what surrounded it. Modern payment processors required REST API calls the ERP couldn't make. Every payment was processed manually: generate invoice in the ERP, export to a spreadsheet, re-enter into a payment portal, reconcile back. Four people spent 40% of their working week on this process. The cost, factoring in labour, was running to $30,000 per month. Every vendor they approached proposed either a full ERP replacement or a payment module bolted into the legacy codebase — neither of which solved the problem cleanly or economically.
Our Solution
SOLUTION:
The ERP did not need to be replaced. It did not need to be rebuilt. It needed a bridge — a layer that could speak to Stripe on one side and to the ERP on the other, without either system needing to know the other existed.
Before we could build that bridge, we had to understand what we were bridging from. The ERP had no documentation. The original developers were long gone. The database used a proprietary format layered on top of an older access layer that required specific tooling to read. The assessment took four days — four days of reading, reverse-engineering, and mapping, until we understood exactly how the ERP stored customer records, invoices, and payment history, and exactly what a Stripe integration would need to read and write.
What we built
We built a three-component architecture designed so that neither the ERP nor Stripe needed any modification.
The first component was a Stripe integration layer — a dedicated ASP.NET Core service that owned all communication with Stripe. It created customers, generated payment intents, processed webhooks, and handled refunds and disputes. It maintained its own data model, built around Stripe's concepts. It knew nothing about the ERP.
The second component was a synchronisation service — a background process that monitored both systems simultaneously. When a new invoice appeared in the ERP, the synchronisation service detected it and created a corresponding Stripe payment intent. When Stripe confirmed a payment, the synchronisation service wrote the payment record back into the ERP in exactly the format the ERP expected — as if a human operator had entered it by hand, except instant and without error.
The third component was a reconciliation dashboard — a simple web interface showing the real-time state of all payments, any synchronisation errors flagged for human review, and daily reconciliation summaries. It replaced the spreadsheet entirely.
PCI compliance as a side effect
Because the ERP never touches card data — all payment processing flows through Stripe's tokenised systems via the integration layer — the ERP itself falls outside PCI DSS scope. The client achieved PCI compliance without a single change to the ERP. This was not something they had asked for. It was a consequence of designing the architecture correctly.
Parallel running and validation
Before the manual process was retired, both systems ran simultaneously for four weeks. Every payment processed manually was cross-checked against the automated system. Discrepancies were investigated and resolved. The automated system went live only when it had matched the manual process exactly, transaction by transaction, across a full billing cycle.
The outcome
The first fully automated payment cycle ran without errors. The four-person manual payment team was redeployed to work that required human judgment rather than data entry.
The client reported $2,000,000 in annual transactions now processed automatically, with $300,000 in annual labour cost savings. The ERP continues to run unchanged. The Stripe integration has required no maintenance since deployment, because it was built to match the ERP's actual data patterns — not an idealised version of them.
The system still runs today.