Xpensio is an end-to-end enterprise expense management platform designed to fully digitize paper-based expense processes in corporate organizations. Employees can submit expense claims from receipt photos taken on their smartphones within seconds, while managers can approve or reject requests with a single tap via the web or mobile interface.
The platform consists of three tightly integrated components: a web application (Next.js), iOS and Android mobile apps (Flutter), and a corporate API (NestJS). All components are managed within a single monorepo and released on the same version cycle. Multi-tenant architecture ensures complete data isolation between organizations — no data from one tenant can ever leak to another.
The AI-powered OCR engine chains Gemini 2.5 Flash, GPT-4o Vision, and Tesseract.js in order of priority to automatically extract 10 fields from receipt images — including date, amount, currency, vendor name, VAT amount, and exchange rate. This dramatically reduces manual data entry, saving time and improving data accuracy across the entire approval chain.
For enterprise clients, full SAP ECC and SAP S/4HANA integration is available. Under the Enterprise Plan, Xpensio's technical team takes complete ownership of all SAP-side work including ABAP development, RFC connections, and FI-GL posting configuration — minimizing the burden on client IT teams. For other ERP systems, REST API adapters are provided with full documentation, with the client's technical team responsible for connector implementation.
Xpensio is built on a flexible, dynamic role structure. The five roles below represent the default configuration; however, when the organization's HR or LDAP system is integrated, user roles, department hierarchy, manager chains, and employee data are updated automatically. The company's organizational structure is reflected in Xpensio in real time.
Dynamic Structure: Xpensio automatically synchronizes with organizational data from Azure Active Directory, LDAP, SAP HCM, or SAP S/4HANA. The employee's manager, grade, and department are read from the HR system to dynamically construct the approval chain. When an employee moves into a hierarchical position within the organization, their role is updated automatically.
| Role | Description | Key Permissions | Restrictions |
|---|---|---|---|
| EMPLOYEE | Standard staff member | Create expenses, upload receipts, view own expenses | Cannot view others' expenses |
| MANAGER | Team manager | Approve or reject team expenses, view team reports | Cannot perform finance operations |
| FINANCE | Finance / accounting | Review all approved expenses, send to ERP, Excel export | Cannot modify system configuration |
| ADMIN | Organization administrator | User management, role assignment, company config, all reports | Cannot manage other organizations |
| SUPERUSER | Platform operator | View all organizations (read-only), system diagnostics | Cannot modify organization data |
Critical: Every user can only see and modify data belonging to their own organization (orgId). This rule is enforced at the JWT token level for all roles including SUPERUSER. Cross-organization access is blocked at the API layer preventing all IDOR attacks.
The MANAGER role can appear at multiple levels of the approval chain depending on the organizational hierarchy. For each employee, the approval chain is automatically built from HR/LDAP data:
| Approval Level | Approver | When Does It Activate? | Source |
|---|---|---|---|
| 1st Approver | Direct Manager (MANAGER) | Always — the employee's assigned manager | HR/LDAP or manual assignment |
| 2nd Approver | Upper Manager (UPPER_MANAGER) | Automatically activated when amount exceeds the employee's grade limit | HR/LDAP hierarchy (skip-level manager) |
| 3rd Approver | CFO / Senior Management (ADMIN) | Automatically activated when amount exceeds 50,000 TRY | Organization's ADMIN user |
| 4th Approver | Finance Team (FINANCE) | Always — final step, ERP submission happens at this stage | User with FINANCE role |
Auto-Configuration with HR Integration: When the organization's LDAP, Azure AD, SAP HCM, or SAP S/4HANA system is connected, employees' managers, grade information, and department hierarchies are automatically synchronized. A nightly auto-sync at 01:00 reflects organizational changes (promotions, transfers, new hires) into Xpensio and updates approval chains accordingly.
Import hundreds of users simultaneously via an Excel (.xlsx) file. Imported users are automatically flagged to change their password on first login.
Each user can be assigned a role (EMPLOYEE/MANAGER/FINANCE) and an expense-limit grade (A/B/C/D). Changes take effect immediately.
Admin can initiate password reset for any user. A secure SHA-256 link is sent via email, valid for 1 hour. All active sessions are terminated on password change.
Departing employees can be deactivated without deletion. Inactive accounts cannot log in, but all historical data is preserved for audit purposes.
Xpensio provides a dynamic approval chain built automatically from the organizational hierarchy. When an expense is submitted, the approval steps are automatically generated based on the employee's manager chain and the expense amount. If an HR/LDAP integration is active, the chain is pulled directly from the organizational structure; otherwise, managers manually assigned by the admin are used.
The employee creates an expense record. Receipt photos are uploaded and OCR data is automatically populated. The expense can be edited or deleted until submitted. All draft expenses appear in the employee's "My Expenses" list.
When the employee clicks "Submit for Approval," the status changes to SUBMITTED. An instant email and push notification is sent to the assigned manager. The employee can no longer edit the expense from this point.
The expense enters the assigned manager's approval queue. The manager can approve or reject via web or mobile app. On rejection, the reason is communicated to the employee.
If the expense amount exceeds the employee's grade limit, an upper manager (skip-level manager) approval step is automatically triggered after the direct manager's approval. The upper manager is determined from the HR/LDAP hierarchy or admin assignment. This step can be configured according to the organization's approval policy.
If the expense amount is 50,000 TRY or above, it is automatically routed to CFO approval (the user with the ADMIN role) after previous approvals. Standard expenses skip this stage and proceed directly to finance.
After all manager approvals, the expense enters the finance/accounting team's review queue. Finance users verify documents, check accounting codes, and make the final ERP submission decision. Status moves to FINANCE_APPROVED.
After finance approval, if ERP integration is active, the expense is automatically forwarded to the ERP system (SAP, Oracle, Netsis, etc.) and transitions to ERP_SENT. The document number returned from ERP is stored on the Xpensio record. The employee receives an approval email and push notification.
If a rejection decision is made at any approval stage, the expense moves to REJECTED status. The employee receives an email and push notification with the rejection reason and explanation. Rejected expenses can be edited and resubmitted by the employee.
| Current Status | Allowed Actions | Authorized Roles | Next Status |
|---|---|---|---|
| DRAFT | Edit, Delete, Submit | EMPLOYEE (owner) | SUBMITTED |
| SUBMITTED | Route to manager (system) | System auto | PENDING_MANAGER |
| PENDING_MANAGER | Approve, Reject | MANAGER (assigned) | PENDING_CFO or PENDING_FINANCE |
| PENDING_CFO | Approve, Reject | ADMIN (CFO), FINANCE | PENDING_FINANCE or REJECTED |
| PENDING_FINANCE | Approve, Reject, Send to ERP | FINANCE, ADMIN | APPROVED, ERP_SENT, or REJECTED |
| APPROVED / ERP_SENT | View, Excel Export | FINANCE, ADMIN | Unchanged (terminal state) |
| REJECTED | Edit, Resubmit | EMPLOYEE (owner) | SUBMITTED (fresh cycle) |
Xpensio's AI-powered OCR engine operates with a three-layer failover architecture. Each layer activates when the previous one fails, ensuring maximum extraction success rates across all receipt types and quality levels.
| # | Field Name | Description | Example Value |
|---|---|---|---|
| 1 | Date | Receipt / invoice date | 15.03.2026 |
| 2 | Total Amount | Total payment including tax | 1,250.00 |
| 3 | Currency | ISO 4217 currency code | TRY, EUR, USD |
| 4 | Vendor Name | Merchant / business name | ABC Technology Ltd. |
| 5 | VAT Amount | Calculated tax amount | 200.20 |
| 6 | VAT Rate | Applied tax percentage | 20%, 10%, 8%, 1%, 0% |
| 7 | Expense Category | AI-classified expense type | Travel, Accommodation, Meals |
| 8 | Exchange Rate | Rate for foreign currency receipts | 1 EUR = 38.50 TRY |
| 9 | Invoice Number | Document reference number | INV-2026-00145 |
| 10 | Description | Short expense description | Istanbul-Ankara flight ticket |
Five VAT rates are supported — covering Turkish tax regulations as well as international deployments. Each organization can configure country-specific VAT rates. The OCR engine automatically detects the VAT percentage from the receipt and maps it to the correct code; legacy 18% rate is mapped to V4 (20%) for backward compatibility.
| VAT Code | Rate | Applicable Categories |
|---|---|---|
V0 |
0% | VAT-exempt transactions, exports, healthcare, education |
V1 |
1% | Basic foodstuffs, newspapers, books, water |
V2 |
8% | Certain goods and services (legacy rate; may still appear on receipts) |
V3 |
10% | Accommodation, restaurant services, certain food products |
V4 |
20% | General services, software, consulting, telecommunications (incl. legacy 18%) |
Invoice Number Lock: Once OCR populates the invoice/receipt number field, it is locked for editing. Users cannot modify this value — preserving data integrity across the entire approval chain.
For fuel, parking, and vehicle maintenance expenses, employees can attach a vehicle plate number to their expense record. This enables vehicle-level cost analysis and automatic classification of fleet-related expenses.
An optional "Vehicle Plate" field is available in the expense form on both web and mobile applications. The employee enters the plate manually; automatic OCR reading from receipts is planned for a future release.
Finance and Admin users can filter the expense list by vehicle plate to view all expenditures associated with a specific vehicle in one view.
The exported Excel file includes a "Vehicle Plate" column, enabling accounting teams to generate per-vehicle cost reports directly from the spreadsheet.
In SAP integration, the vehicle plate is mapped to the corresponding SAP field and included in the FI-GL posting record, enabling vehicle cost tracking within SAP as well.
Users with Finance or Admin roles can export all expense data to Excel format (.xlsx) with a single click. The export operation enforces strict organizational data isolation, ensuring only the authorized user's organization data is included.
A green "Excel" button on the Expenses and Reports pages exports data with all active view filters applied. The file downloads automatically to the browser.
Tapping the download icon in the AppBar initiates the export. The share_plus integration allows the file to be shared directly to email, Slack, or other apps.
| Column | Content | Format |
|---|---|---|
| ID | Unique expense identifier | Numeric |
| Date | Expense date | DD.MM.YYYY |
| Employee | Full name | Text |
| Category | Expense category | Text |
| Amount | Expense amount | Numeric (2 decimal) |
| Currency | ISO 4217 code | Text |
| VAT Amount | Calculated tax amount | Numeric |
| Vehicle Plate | Vehicle plate if applicable | Text |
| Status | Approval status | Text |
| Description | Expense description | Text |
| Approved By | Last approver name | Text |
| ERP Company Code | SAP BUKRS value | Text |
Xpensio incorporates multiple layers of fraud prevention to protect organizations from duplicate claims, manipulated receipts, and expense policy violations.
Every uploaded receipt image is hashed with SHA-256 before storage. If the same image is submitted again — by the same or different employee — the system automatically detects and flags the duplicate.
Each receipt is analyzed by Gemini AI for signs of manipulation, forgery, or inconsistency. A fraud score (0-100) is calculated; scores of 75 or above trigger an automatic alert to the finance team.
After the OCR engine populates the invoice/receipt number, the field is locked. No user — including the submitting employee — can alter this value, ensuring document authenticity.
The multi-stage workflow itself serves as a fraud deterrent: every expense passes through manager, optional CFO, and finance review before approval, creating multiple independent checkpoints.
| Score Range | Risk Level | System Action |
|---|---|---|
| 0 – 30 | Low Risk | Normal processing — no action required |
| 31 – 74 | Medium Risk | Score displayed to finance reviewer for awareness |
| 75 – 100 | High Risk | Automatic alert to Finance & Admin — manual review required |
Xpensio's comprehensive user management module gives organization administrators (ADMIN) complete control over the user lifecycle. All operations are strictly isolated by orgId.
Create new users by entering name, email, role, and grade. A welcome email is sent automatically; the user is required to change their password on first login.
Hundreds of users can be imported via a single .xlsx file, where each row represents a user. All imported users are created with mustChangePassword=true.
An existing user's role, grade, assigned manager, or active status can be updated instantly via PATCH endpoint. Changes take effect immediately.
Admin can initiate password reset for any user. A secure link containing a SHA-256 token is emailed to the user, valid for 1 hour.
Users can self-serve password reset requests. A secure link is sent via email verification — no admin involvement required.
Users can change their password by confirming their current password. On successful change, all active sessions are immediately invalidated for security.
| Grade | Description | Typical Usage |
|---|---|---|
| A | Senior executive | CEO, director — highest expense limit |
| B | Mid-level manager | Department head — moderate expense limit |
| C | Senior employee | Senior specialist — standard expense limit |
| D | Standard employee | New hire, intern — lower expense limit |
Xpensio is built on an ERP-agnostic integration architecture. Our core mission is to seamlessly integrate expense management with whatever ERP or HR system your organization uses. Alongside our deep SAP expertise, we provide integration endpoints for Oracle, Microsoft Dynamics, Logo, Netsis, and other enterprise systems.
RFC, OData, BAPI protocols. Automatic FI-GL posting, ABAP development. Under the Enterprise Plan, Xpensio's team takes full ownership of all technical integration.
REST API adapter. Ready-made endpoints for expense transfer with Oracle Financials. Technical integration is completed with guidance provided to the client team.
REST connector for D365 Finance & Operations integration. Azure AD identity management integration is also included.
Custom REST API adapters for local ERP systems. Native accounting integration with Logo Tiger, Netsis Enterprise, and Mikro.
Xpensio can integrate with the following HR and identity systems to automatically synchronize users and organizational structure:
| System | Integration Type | What Gets Synchronized |
|---|---|---|
| Azure Active Directory / Microsoft 365 | Microsoft Graph API | Users, departments, manager hierarchy, groups |
| LDAP / On-Premise Active Directory | LDAP protocol (ldaps://) | Users, OU structure, manager relationships |
| SAP HCM (Human Resources) | SAP RFC / OData | Personnel, grade, position, department, manager chain, company codes |
| SAP S/4HANA Cloud HR | SAP BTP / OData v4 | Employee data, org hierarchy, cost centers |
| SAP S/4HANA On-Premise HR | SAP RFC | PERNR, ORGEH, PLANS, manager email fields |
Automatic Organization Updates: When an HR system is integrated, user additions/removals, department changes, manager assignments, and grade updates are automatically synchronized every night at 01:00. No manual intervention required. Approval chains are dynamically built from the organizational structure.
SAP ECC and SAP S/4HANA integration is fully provided by Xpensio's technical team under the Enterprise Plan. The client's IT team is not required to perform any SAP-side development or configuration.
| Feature | SAP Enterprise Plan | Other ERP Systems |
|---|---|---|
| Integration Type | SAP RFC / OData / BAPI | REST API adapter (system-specific) |
| Technical Ownership | Xpensio team takes full ownership | Xpensio API + technical guidance; connector side handled by client team |
| ABAP Development | Provided by Xpensio | Not applicable |
| FI-GL Posting | Automatic, fully configured | ERP-compatible transfer format prepared |
| Company Code (BUKRS / CompanyCode) | Managed from Xpensio interface | Client configuration, mapped into Xpensio |
| Test Environment | Xpensio provides test SAP system | Client provides |
| Support Level | Full 24/7 support with SLA | Technical guidance + comprehensive API documentation |
| Go-live Timeline | 2–4 weeks | Depends on client integration speed |
Expense is approved by a Finance user in PENDING_FINANCE stage. All documents must be verified and an ERP Company Code must be assigned.
Xpensio backend invokes the relevant ERP adapter. Expense data is transformed into the format expected by the target ERP system.
For SAP, the ZCL_EXPENSE.POST_EXPENSE ABAP function module is called. An FI-GL accounting document is created and a SAP document number is returned.
When SAP confirms the posting, the expense automatically transitions to ERP_SENT status. The SAP document number is stored on the Xpensio record for full traceability.
Important Note: For ERP integration, each expense must be associated with an ERP Company Code (BUKRS in SAP, company code in other ERP systems) corresponding to the relevant company. This configuration is managed by the ADMIN user in Xpensio's organization settings. If HR integration is active, company codes are automatically synchronized.
Xpensio is designed with a multi-layered security architecture that meets enterprise security standards. Independent security controls are applied at each layer, ensuring no single point of failure can compromise the entire system.
Every API request is authenticated with a signed JWT token. The token payload contains sub, email, role, and orgId. All active tokens are invalidated when a user changes their password.
Every user can only access data belonging to their own organization (orgId). This rule is automatically enforced on all API endpoints. IDOR attacks are prevented at the framework level.
Every uploaded receipt image is hashed with SHA-256. If the same receipt is submitted a second time, it is automatically detected. Gemini AI performs additional fraud analysis on each image.
Each endpoint explicitly defines permitted roles. The guard layer blocks insufficient-privilege requests with a 403 error. Role elevation can only be performed by ADMIN.
After OCR populates the invoice/receipt number, the field is locked permanently. Users cannot modify this value, preserving document integrity throughout the workflow.
Authentication is required every time the application is opened. Invalid or expired tokens trigger automatic redirection to the login screen — no cached session bypass.
Passwords are hashed with bcrypt before storage. Plain text passwords are never stored in the database. Reset tokens are SHA-256 hashed and expire after 1 hour.
Rate limiting is applied on all auth endpoints to protect against brute force and DDoS attacks. Suspicious activity patterns result in temporary IP blocking.
Xpensio sends both email and mobile push notifications at critical points in the expense workflow, ensuring all stakeholders are informed in real time without needing to check the application manually.
| Event | Recipient | Channel | Content |
|---|---|---|---|
| Expense submitted for approval | Assigned Manager | Email + Push | Expense name, amount, employee name, link |
| Expense approved by manager | Employee | Email + Push | Expense name, amount, approval date |
| Expense rejected | Employee | Email + Push | Expense name, rejection reason, explanation |
| 50K+ TRY expense in CFO queue | CFO (ADMIN) | Email + Push | High-value expense alert with details |
| Expense sent to ERP | Employee + Finance | SAP document number, date, confirmation | |
| New user created | New User | Welcome message, temporary credentials, login link | |
| Password reset request | User | SHA-256 secure link, 1-hour expiry |
Xpensio offers two pricing plans designed for organizations of different sizes. All plans are billed on a per-user, per-month basis. The Enterprise plan includes special pricing and priority support for large-scale organizations.
Price Advantage: The Enterprise plan is 40% cheaper than the Standard plan. For a 100-user company, the annual difference: (€10 - €6) × 100 × 12 = €4,800 annual savings while receiving enhanced SAP integration and 24/7 support.
| Service | Description | Pricing |
|---|---|---|
| Setup & Onboarding | Initial setup, data migration, team training | Varies by plan (contact us) |
| SAP Integration Project | Included in Enterprise; custom SAP configurations | Included in Enterprise Plan |
| Custom Development | Client-specific feature development | Project-based (quote) |
| Additional Storage | When receipt archiving limit is exceeded | Contact us |
Xpensio is built on a modern, scalable technology stack. All components use open-source technologies, and the production environment is managed on Hetzner VPS with Docker Compose.
Port 3001 | REST API | JWT Auth | Prisma ORM
Prisma migrations | Multi-tenant schema | ACID compliant
Port 3000 | Vercel deploy | Zustand state | Tailwind CSS
iOS + Android | Firebase Push | share_plus | open_filex
Google AI | Fallback: GPT-4o | Fallback: Tesseract.js
FCM push | Nodemailer email | HTML templates
SAP RFC+OData | Azure AD | LDAP | SAP HCM | REST API adapter layer
89.167.115.209 | Docker Compose | Nginx reverse proxy
Server-side Excel generation | .xlsx format | Unicode support
| Component | URL | Platform |
|---|---|---|
| Web Application | https://app.xpensioapp.com |
Vercel |
| API (Backend) | https://api.xpensioapp.com |
Hetzner VPS + Docker |
| Marketing Site | https://xpensioapp.com |
Vercel |
| iOS App | App Store (coming soon) | Apple TestFlight |
| Android App | Google Play (coming soon) | Closed Testing |
All three application components (backend, web, mobile) are managed in a single Git repository with shared type definitions and synchronized release cycles.
Backend services run in Docker containers with Docker Compose orchestration. Each service (API, database, cache) is isolated with defined resource limits.
Backend deployments are performed with rolling restart via Docker Compose, minimizing service interruption for active users.
Schema changes are managed with Prisma Migrate, versioned alongside application code. Migrations run automatically on deployment.
For the Standard plan, setup is typically completed within 1–3 business days. User data can be bulk-imported via Excel. SAP Enterprise integration typically takes 2–4 weeks, depending on the complexity of your existing SAP environment. Xpensio's technical team manages the entire SAP-side process.
Both SAP ECC (ERP Central Component) and SAP S/4HANA are fully supported. Integration is implemented via SAP RFC and OData protocols. All required ABAP developments are provided by Xpensio's technical team under the Enterprise Plan — no client SAP development work is needed.
With Gemini 2.5 Flash as the primary engine, over 95% field extraction accuracy is achieved on clear receipt images. For low-quality images or handwritten receipts, GPT-4o Vision or Tesseract.js activates as fallback. Users can always edit OCR results and manually fill unrecognized fields.
All data is transmitted over encrypted connections (TLS 1.3). Passwords are hashed with bcrypt — never stored in plain text. Each organization's data is technically fully isolated from others. GDPR/data protection compliance documentation, privacy policy, and cookie consent implementation are in active development.
iOS 14+ and Android 8.0+ are supported. Built with Flutter, the app delivers native performance on both platforms. The Android app is currently in Google Play closed testing; the iOS app is in App Store review.
Xpensio provides Excel-based bulk user import. Prepare a .xlsx file with columns for first name, last name, email, role, and grade — then import all users in a single operation. Imported users are prompted to set their own password on first login.
Yes — REST API access and Swagger/OpenAPI documentation is provided for all plans. Enterprise customers receive a dedicated technical contact and custom integration support. Webhook support is also available for event-driven integrations.
Before cancelling, all expense data can be exported in Excel or PDF format. The data delivery process is completed within 30 business days of the cancellation request. Your data is then securely deleted, and a deletion certificate is provided to your organization.