Version: 1.0 Date: 2025-10-10 Status: Ready for Implementation Target Region: South Africa
This repository contains comprehensive documentation and a starter codebase for building a production-ready Sage Business Cloud Accounting integration for South African businesses.
| Document | Purpose | Lines | Status |
|---|---|---|---|
| SAGE_API_ANALYSIS.md | Complete Sage API v3.1 reference and analysis | 1,240 | β Complete |
| MVP_BLUEPRINT.md | Detailed implementation guide with code examples | 3,760 | β Complete |
| IMPLEMENTATION_CHECKLIST.md | Task-by-task checklist for tracking progress | 300 | β Complete |
| QUICK_START_GUIDE.md | Quick reference with practical code examples | 300 | β Complete |
Build an MVP that enables:
- OAuth 2.0 Authentication with Sage Business Cloud Accounting
- Multi-business Support for users with multiple Sage businesses
- Sales Invoice Management (create, preview, release)
- Contact Management (customers and suppliers)
- Audit Logging for compliance and traceability
- Incremental Sync for efficient data synchronization
- South African Localization (ZAR currency, 15% VAT, 30-day payment terms)
Backend:
- FastAPI (Python 3.10+)
- SQLModel + SQLite β PostgreSQL
- httpx for async HTTP
- OAuth 2.0 with automatic token refresh
Frontend:
- React 18 + Vite
- Modern JavaScript (ES6+)
- Responsive UI design
Integration:
- Sage Business Cloud Accounting API v3.1
- Base URL:
https://api.accounting.sage.com/v3.1 - OAuth:
https://www.sageone.com/oauth2/auth/central?filter=apiv3.1
- Start with:
MVP_BLUEPRINT.md- Executive Summary - Review: Implementation Roadmap (5 phases, 10-12 days)
- Track progress:
IMPLEMENTATION_CHECKLIST.md
- Start with:
SAGE_API_ANALYSIS.md- Understand the Sage API - Read:
MVP_BLUEPRINT.md- Complete implementation guide - Reference:
QUICK_START_GUIDE.md- Code examples - Track:
IMPLEMENTATION_CHECKLIST.md- Check off tasks
- Read:
MVP_BLUEPRINT.md- Deployment Strategy section - Review: Configuration Guide section
- Implement: Security Considerations section
- Python 3.10+
- Node.js 18+
- Sage Developer Account (https://developer.sage.com/)
- Sage Business Cloud Accounting trial (South Africa)
# 1. Clone repository
git clone <your-repo-url>
cd sage-agent-starter
# 2. Backend setup
cd backend
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install -e .
cp .env.example .env
# Edit .env with your Sage credentials
# 3. Frontend setup
cd ../frontend
npm install
# 4. Start development servers
# Terminal 1:
cd backend && uvicorn app.main:app --reload --port 8777
# Terminal 2:
cd frontend && npm run dev- Open http://localhost:8081
- Click "Connect Sage (OAuth)"
- Log in with your Sage trial account
- Select your business
- Start creating invoices!
Full setup guide: See MVP_BLUEPRINT.md - Configuration Guide section
Time: 2-3 days
Priority: CRITICAL
- Fix OAuth URLs (currently incorrect)
- Add token expiry tracking
- Implement automatic token refresh
- Handle 401 errors with retry logic
Why critical: Without this, authentication will fail completely.
Time: 2 days
Priority: CRITICAL
- Add business selection after OAuth
- Store business_id in database
- Include X-Business header in all API requests
Why critical: Sage API requires X-Business header for all requests.
Time: 2 days
Priority: HIGH
- Set ZAR as default currency
- Configure 15% VAT (ZA_STANDARD)
- Set 30-day payment terms
- Create invoice template with SA defaults
Why important: Ensures compliance with South African tax requirements.
Time: 2 days
Priority: HIGH
- Implement audit logging for all write operations
- Add preview/confirm pattern for invoice creation
- Store request/response data for compliance
Why important: Required for compliance and debugging.
Time: 2 days
Priority: MEDIUM
- Implement sync cursors
- Use
updated_or_created_sinceparameter - Add background sync option
Why important: Reduces API calls and improves performance.
Total Estimated Time: 10-12 days
- Basic FastAPI application structure
- SQLModel database models
- React frontend with Vite
- Basic OAuth flow skeleton
- SageV31Client with invoice/contact methods
- Settings management
-
OAuth URLs are incorrect (placeholder URLs)
- Current:
https://www.sage.com/oauth/authorizeβ - Correct:
https://www.sageone.com/oauth2/auth/central?filter=apiv3.1β
- Current:
-
No token refresh mechanism (tokens expire in 5 minutes)
- Will cause authentication failures after 5 minutes
-
X-Business header not implemented (commented out)
- All API requests will fail without this header
-
No business selection flow
- Users can't select which Sage business to use
-
No South African defaults
- No ZAR currency, no VAT configuration
- Audit logging implementation
- Preview/confirm pattern for operations
- Incremental sync mechanism
- Token encryption (security risk)
- Rate limiting
- Production deployment configuration
Full analysis: See MVP_BLUEPRINT.md - Current State Analysis section
-
Tokens stored in plaintext β
- Solution: Implement token encryption (see MVP_BLUEPRINT.md)
-
CORS allows all origins β
- Current:
allow_origins=["*"] - Solution: Restrict to specific domains
- Current:
-
No rate limiting β
- Solution: Implement rate limiter (see MVP_BLUEPRINT.md)
-
No input validation
β οΈ - Solution: Use Pydantic models (partially implemented)
Full security guide: See MVP_BLUEPRINT.md - Security Considerations section
# Backend
uvicorn app.main:app --reload --port 8777
# Frontend
npm run devdocker-compose up -d- Nginx reverse proxy
- systemd service
- PostgreSQL database
- SSL certificate (Let's Encrypt)
Full deployment guide: See MVP_BLUEPRINT.md - Deployment Strategy section
cd backend
pytest tests/ -vpytest tests/test_oauth_flow.py -v- OAuth flow works end-to-end
- Business selection works
- Invoice creation works
- Token refresh works (wait 5+ minutes)
- Audit logging works
Full testing guide: See MVP_BLUEPRINT.md - Testing Strategy section
- Developer Portal: https://developer.sage.com/
- API Documentation: https://developer.sage.com/accounting/reference/
- Support: https://developer.sage.com/support/
- API Reference:
SAGE_API_ANALYSIS.md - Implementation Guide:
MVP_BLUEPRINT.md - Task Checklist:
IMPLEMENTATION_CHECKLIST.md - Quick Reference:
QUICK_START_GUIDE.md
- All documentation created
- Phase 1-5 implemented
- All tests passing
- Security enhancements implemented
- Production deployment successful
- User can:
- Connect Sage account via OAuth
- Select business
- Create sales invoices with ZAR and 15% VAT
- Manage contacts
- View audit logs
- Sync data incrementally
-
Review Documentation
- Read
MVP_BLUEPRINT.mdthoroughly - Understand the 5-phase roadmap
- Review code examples
- Read
-
Set Up Development Environment
- Follow Configuration Guide in
MVP_BLUEPRINT.md - Register Sage Developer account
- Get Sage trial account (South Africa)
- Follow Configuration Guide in
-
Start Implementation
- Begin with Phase 1 (OAuth fixes) - CRITICAL
- Use
IMPLEMENTATION_CHECKLIST.mdto track progress - Test each phase before moving to next
-
Deploy to Staging
- Follow Deployment Strategy in
MVP_BLUEPRINT.md - Test with real Sage data
- Get user feedback
- Follow Deployment Strategy in
-
Deploy to Production
- Implement all security enhancements
- Set up monitoring and logging
- Go live!
[Your License Here]
[Your Team Here]
Last Updated: 2025-10-10
Document Version: 1.0
Project Status: Ready for Implementation
Need help? Start with MVP_BLUEPRINT.md - it has everything you need!