SPN Costpoint Integration, Pre Start Tracker

Decision on record: SPN will create a new dedicated WSAPI account for the bank integration and switch only that account to JWT immediately. The existing webservices@spnsolutions.net account stays on password authentication until all other integrations are verified, and in all cases before July 30, 2026. This is the recommended path from Charles Cruz and the build guide.

Blocker halts the build if missing Daryl you do this Deltek needs Charles Claude I can help Done already resolved

1.1 Costpoint and Deltek

Authentication is certificate based JWT in a WS-Security UsernameToken envelope, not OAuth Bearer and not Basic Auth.

Reply to Deltek Case 260528-001152 BlockerClaude
Acknowledge Charles Cruz's June 5 message, confirm self service certificate based migration, ask status move to in progress. Draft is ready in the project folder for you to send.
Confirm WSAPI base URL Done
https://SPNSOLUTIONS-cp.deltekenterprise.com/cpweb/webservices/cpwwsgenericmoduleWS?WSDL
Confirm User ID and System Name Done
User ID API, System SPNSOLUTIONS. WS-Security username API__SPNSOLUTIONS, two underscores between.
Capture company database identifier Daryl
Likely SPN. Confirm with Charles or in Costpoint Manage Companies.
Company DB identifier
Capture current fiscal year and period Daryl
Required to build valid journal entry payloads. Update monthly thereafter.
Fiscal year / current period
Confirm webservices account permissions intact Daryl
Charles confirmed permissions carry forward unchanged after the JWT toggle. Verify before cutover.
Identify dedicated journal code for automated entries Daryl
Recommended AUTO. If unavailable, identify the appropriate cash journal code with the Costpoint admin.
Journal code
Decide dual auth strategy Done
New dedicated WSAPI account, switched to JWT immediately. Existing account stays on password until others verified.

1.2 SimpleFIN Bridge

SimpleFIN aggregates all five institutions through one API. Roughly 1.50 dollars per connected account per year.

Create SimpleFIN Bridge account BlockerDaryl
Sign up at bridge.simplefin.org using an SPN business email address.
Subscribe for at least 5 connected accounts Daryl
Roughly 7.50 dollars per year for five accounts. Add more if you have multiple Fidelity logins.
Link Chase business account Daryl
Link American Express business account Daryl
Link Navy Federal Credit Union account Daryl
Link Old Dominion National Bank account Daryl
Link all Fidelity business accounts Daryl
Each separate Fidelity login counts as one institution. Confirm count and account types.
Number of Fidelity logins
Generate Setup Token from SimpleFIN dashboard Daryl
One time use. Exchanged for a permanent Access URL during first deployment. Store it securely, do not paste it here.

1.3 Microsoft Azure

All Azure services run within their permanent free tiers at this volume.

Confirm Azure subscription under existing M365 tenant BlockerDaryl
If none exists, create one. Pay as you go is fine, no upfront commitment.
Confirm Contributor role on the subscription Daryl
Required to create resource groups and resources.
Plan resource group rg-spn-bankintegration Daryl
Region East US recommended for lowest latency. Creation happens in Phase 3.
Confirm Azure Free Account credits available Daryl
200 dollar credit and 12 months free services help during build. Useful, not required.

1.4 Local Development Environment

Everything needed on your workstation to build and test before deploying to Azure.

Install Python 3.11 Daryl
From python.org. Confirm with python --version.
Install Visual Studio Code Daryl
Install Azure Functions Core Tools v4 Daryl
npm install -g azure-functions-core-tools@4 --unsafe-perm true
Install Azure CLI Daryl
From learn.microsoft.com/cli/azure. Confirm with az --version.
Install VS Code Azure Functions extension Daryl
Confirm OpenSSL or WSL available Daryl
Needed to generate the RSA 2048 keypair. Generate the keypair on your workstation only. The private key never leaves SPN.
Create private GitHub or Azure DevOps repository Daryl
For source control. GitHub Free is sufficient.

1.5 SPN Chart of Accounts

The mapping engine needs real GL accounts and project codes. Anything it cannot classify with confidence goes to the review queue, not to a posted entry.

Identify cash GL accounts for each institution Daryl
Account numbers for Chase, AmEx, Navy Federal, ODNB, and each Fidelity account.
Cash GL accounts (Chase, AmEx, NavyFed, ODNB, Fidelity)
Identify expense GL accounts for common categories Daryl
Office supplies, cloud services, telecommunications, travel, lodging, recruiting, payroll services, fuel, and gov fees at minimum.
Identify investment related GL accounts Daryl
Investment principal, dividend income, interest income, investment fees, and capital gains and losses for Fidelity activity.
Identify project and overhead code structure Daryl
Default project code mapping for Overhead, G and A, Cash transfers, and Project specific allocations.
Identify suspense account for unmatched transactions Daryl
Holding account for transactions the mapping engine cannot classify. Flagged for manual review.
Suspense account number