SAP, Salesforce, Oracle—One Codebase: How Custom Flutter Bridges Legacy Silos

Enterprise organisations run 3–7 core systems simultaneously — SAP for ERP and finance, Salesforce for CRM and sales, Oracle for database and supply chain — each operating independently with separate user interfaces, data models, and access patterns. Employees toggle between applications, manually transferring data, creating duplicate entries, and working with inconsistent information.

Custom Flutter development offers a transformative solution: a single codebase delivering unified mobile and web interfaces that bridge these legacy silos. Rather than replacing enterprise systems, Flutter acts as an intelligent presentation and integration layer — connecting to each system's APIs while providing a consistent, performant user experience across iOS, Android, and web platforms.

Design robust connectivity between Flutter and legacy backends:

• API Gateway Pattern: Deploy an API gateway (Kong, AWS API Gateway, or Apigee) as a single entry point that routes Flutter requests to appropriate backend systems. The gateway handles authentication, rate limiting, request transformation, and API versioning — shielding the Flutter app from individual system complexities and enabling backend changes without app updates.
• SAP Connectivity: Connect to SAP through SAP Cloud Platform APIs using OData services for structured data access, SAP Business Technology Platform (BTP) for cloud-native extensions, and RFC/BAPI calls through middleware for legacy SAP ECC access. Flutter's HTTP package and Dio library handle OData pagination, batch requests, and delta token-based synchronisation efficiently.
• Salesforce Integration: Use Salesforce REST API for real-time CRUD operations, Bulk API 2.0 for large data synchronisation, and Streaming API (CometD) for real-time event notifications. Implement Salesforce Connected App with OAuth 2.0 for secure authentication — Flutter's flutter_appauth package handles the OAuth flow including token refresh.
• Oracle Connectivity: Access Oracle databases through Oracle REST Data Services (ORDS) for RESTful endpoints, Oracle Cloud Infrastructure (OCI) APIs for cloud services, and Oracle Integration Cloud for pre-built adapter patterns. For on-premise Oracle databases, deploy a lightweight middleware layer that exposes database operations as REST APIs.
• BFF Pattern (Backend for Frontend): Build a dedicated backend service that aggregates data from SAP, Salesforce, and Oracle into Flutter-optimised response shapes. The BFF handles join operations, data transformation, and caching — reducing Flutter app complexity and minimising mobile network calls.

Build a coherent data model spanning multiple enterprise sources:

• Repository Pattern: Abstract each backend system behind repository interfaces — SAPRepository, SalesforceRepository, OracleRepository — that expose domain-specific methods returning unified domain models. The Flutter app works with Customer, Order, and Product models regardless of which backend owns the data, enabling clean separation of presentation and integration logic.
• State Management with Riverpod: Use Riverpod providers to manage enterprise data state — AsyncNotifierProvider for API-driven data fetching, StreamProvider for real-time updates from Salesforce Streaming API, and StateNotifierProvider for complex business logic. Riverpod's dependency injection naturally handles provider composition across data sources.
• Offline-First Architecture: Implement local caching with Hive or Isar databases for offline access to critical enterprise data. Queue mutations when offline using drift (SQLite) with synchronisation logic that resolves conflicts when connectivity resumes. Priority-based sync ensures critical updates (order submissions, customer data changes) synchronise first.
• Data Conflict Resolution: When the same entity exists in multiple systems (Customer in both Salesforce and SAP), implement mastering rules — display Salesforce data for contact information and SAP data for financial details. Handle update conflicts with last-write-wins, field-level merge, or user-prompted resolution depending on business criticality.
• Cross-System Identity: Maintain mapping tables linking Salesforce Record IDs to SAP Business Partner numbers to Oracle Customer IDs. Use a unified identifier strategy in the Flutter app — either a composite key or a master data management (MDM) system-generated global ID.

Leverage Flutter platform channels for enterprise-specific native capabilities:

• Method Channels: Call native platform code for enterprise features not available in Dart — SAP Fiori Client SDK on iOS/Android for SSO integration, device-specific biometric authentication for secure access, and platform-native file handling for document management workflows. Define clear channel contracts with Pigeon code generation for type-safe native communication.
• Event Channels: Stream real-time data from native SDKs — push notifications from enterprise messaging systems, barcode/QR code scanning for warehouse and inventory operations, and NFC reading for asset tracking in manufacturing environments. Event channels maintain persistent connections for continuous data flow.
• Background Processing: Implement background data synchronisation using WorkManager (Android) and BGTaskScheduler (iOS) through platform channels. Schedule periodic sync with enterprise backends, process offline queue items, and refresh authentication tokens — all without requiring the Flutter app to be in the foreground.
• Enterprise SDK Integration: Wrap enterprise mobile SDKs as Flutter plugins — SAP Mobile Services for push registration and app configuration, Salesforce Mobile SDK for offline data encryption, and Oracle Mobile Hub for API orchestration. Create clean Dart interfaces that hide platform-specific SDK complexities.
• FFI (Foreign Function Interface): For high-performance scenarios like data encryption, complex calculations, or legacy C/C++ library integration, use dart:ffi to call compiled native code directly from Dart without the overhead of platform channel serialisation.

Protect sensitive enterprise data across the mobile integration layer:

• Multi-System Authentication: Implement SSO using SAML 2.0 or OpenID Connect that authenticates users across SAP, Salesforce, and Oracle simultaneously. Use Flutter's flutter_appauth for OAuth 2.0 flows with PKCE (Proof Key for Code Exchange) — store tokens securely in iOS Keychain and Android Keystore via flutter_secure_storage. Implement token refresh chains that maintain sessions across all connected systems.
• Data Encryption: Encrypt sensitive enterprise data at rest using AES-256 with keys managed in secure enclaves (iOS Secure Enclave, Android StrongBox). Enforce TLS 1.3 for all API communications. Apply field-level encryption for highly sensitive data (financial figures, personal information) that remains encrypted even in local caches.
• Certificate Pinning: Pin SSL certificates for all enterprise API endpoints to prevent man-in-the-middle attacks. Use SHA-256 certificate fingerprint pinning through the http_certificate_pinning package. Implement certificate rotation strategies that update pins through remote configuration without app updates.
• GDPR and Data Residency: Ensure enterprise data processing respects regional data protection regulations. Implement data minimisation — fetch only required fields from each system. Support right-to-erasure by maintaining deletion capability across all cached data stores. Log data access for audit compliance.
• Mobile Device Management (MDM): Integrate with enterprise MDM solutions (Microsoft Intune, VMware Workspace ONE) for device compliance checking, remote wipe capability, and app distribution. Enforce security policies — minimum OS versions, jailbreak/root detection, and screen capture prevention for sensitive screens.

Deliver native-quality performance with multi-system data:

• Lazy Loading and Pagination: Load enterprise data on-demand using cursor-based pagination — critical when displaying large SAP material catalogues, Salesforce opportunity lists, or Oracle transaction histories. Implement infinite scroll with SliverList.builder that fetches pages as users scroll, keeping memory usage constant regardless of dataset size.
• Caching Strategy: Implement multi-tier caching — in-memory LRU cache for frequently accessed reference data (product catalogues, exchange rates), persistent cache in Hive/Isar for offline access, and HTTP response caching with ETags for API efficiency. Set TTL values per data source based on update frequency — SAP master data (24h), Salesforce CRM data (15min), Oracle real-time metrics (no cache).
• Network Optimisation: Batch API requests to minimise round trips — combine SAP, Salesforce, and Oracle calls into parallel Future.wait() executions. Use GraphQL where available to fetch exactly needed fields. Implement request deduplication and cancellation for search-as-you-type scenarios across multiple backends.
• Widget Performance: Use const constructors throughout enterprise dashboards with complex widget trees. Implement RepaintBoundary around independently updating sections (real-time KPI tiles, notification badges). Profile with Flutter DevTools to identify jank in data-heavy list views and complex charts.
• App Size Management: Enterprise apps can grow large with multiple SDK integrations — use deferred loading (dart:mirrors alternatives with code splitting) to load enterprise modules on-demand. Apply tree shaking aggressively, use SVG instead of PNG for enterprise icons, and compress bundled assets.

Validate integration correctness across enterprise system boundaries:

• Integration Testing: Write integration tests that verify end-to-end data flow from Flutter UI through API gateway to mock enterprise backends. Use Mockito to mock repository implementations during unit tests, and WireMock to simulate SAP OData, Salesforce REST, and Oracle ORDS responses during integration tests with realistic response shapes and error scenarios.
• Golden Tests: Capture pixel-perfect screenshots of enterprise dashboards, data tables, and charts as golden images. Verify that multi-source data renders consistently across platforms and screen sizes. Automate golden test comparison in CI to catch visual regressions from data model changes or widget updates.
• End-to-End Testing: Use Patrol or integration_test package for full E2E scenarios — login through SSO, navigate to customer dashboard, verify data from SAP and Salesforce displays correctly, submit an order that triggers SAP workflow, and confirm status update propagates back. Run against staging environments with representative data.
• Enterprise App Distribution: Deploy through enterprise app stores (Apple Business Manager, Google Managed Play) for controlled distribution. Implement staged rollouts — pilot with power users, expand to departments, then organisation-wide. Use CodePush-equivalent solutions (Shorebird) for instant updates that bypass app store review for critical fixes.
• Monitoring and Analytics: Instrument with Sentry for crash reporting and Firebase Analytics for usage tracking. Monitor API performance per backend (SAP response times, Salesforce API consumption, Oracle query latency) to identify integration bottlenecks. Set up alerts for authentication failures and data synchronisation errors.

Custom Flutter development transforms fragmented enterprise experiences into unified, performant cross-platform applications. Key principles for success:

• API-first architecture — design clean integration boundaries with gateway and BFF patterns.
• Unified data models — abstract multi-system complexity behind repository interfaces.
• Offline-first design — field workers and mobile users need reliable access regardless of connectivity.
• Enterprise-grade security — SSO, certificate pinning, encryption, and MDM integration are non-negotiable.

MetaDesign Solutions provides expert Flutter enterprise integration services — from architecture design and API gateway implementation through SAP/Salesforce/Oracle connector development, offline-first data layer engineering, enterprise security configuration, MDM integration, and ongoing managed services for cross-platform enterprise applications.