Search HansaManuals.com HansaManuals Home >> Standard ERP >> System Administrator and Technical Pages >> System Administrator and Technical Pages Eelmine Järgmine Prindi kogu peatükk Otsi Juhend HansaWorld Enterprise'i versioonile 8.5 REST API - Configuration This page describes the configuration steps that you need to follow to allow third-party applications to connect to your database through the Standard ERP API. Please refer to the following pages for details about other aspects of the API:
ConfigurationTo configure your third-party application to communicate with the Standard ERP REST API, follow these steps in Standard ERP:
It is strongly recommended that you use OAuth2 to authorise access, to help ensure data security. As an option you can use Basic HTTP Authentication as well or instead, but it is only recommended that you do so for testing, to check the format of the API responses. Basic HTTP Authentication is not in any way secure, as data and passwords will be sent in plain text and will also be recorded in logs. If you want to use this option, select the Allow Basic HTTP Authentication check box on the 'Options' card in the Optional Features setting (illustrated in step 1 above) and the Web Sessions over HTTP(bad security, for testing only) check box on the 'Unsupported' card. If you are testing in a database that you have not configured to use communication using HTTPS, then you only need select the Allow Basic HTTP Authentication option. To allow a user (i.e. a Person or Global User) to access the data in your Standard ERP database through the API (i.e. through a third-party application), assign that user to an Access Group in which you have granted Full access to the 'Rest API' action: While in the Access Groups setting, note that users will have access to the same registers through the API that they would have access to in a Standard ERP client. For example, if a user's Access Group gives them access to the Invoice register but not the Transaction register, they will not have access to the Transaction register through the API. However, if a user's access to individual fields has been restricted in their Access Group, that user may have access to those fields through the API. For example, if a user has been denied access to the 'View Item's Cost Price' Action and so is not able to see the Cost Prices of Items in any record in a Standard ERP client, that user will be able to retrieve this information using the API and so you should consider whether the user should have access to the API. --- The Standard ERP REST API:
|