HansaManuals Home   >> Standard ERP   >> System Administrator and Technical Pages   >> System Administrator and Technical Pages  

Previous   Next               Entire Chapter in Printable Form               Search  

This text refers to program version 8.5  

REST API - Configuration

This page describes the configuration steps that you need to follow to allow third-party applications to connect to your database through the Standard ERP API. Please refer to the following pages for details about other aspects of the API:

• Introduction
  

• Configuration and Access
  

• Retrieving Data from a Standard ERP Database - GET Requests
  

• Writing Data into a Standard ERP database - POST and PATCH Requests
  

• Requests and Responses in JSON format

---

Configuration

To configure your third-party application to communicate with the Standard ERP REST API, follow these steps in Standard ERP:

1. In the Optional Features setting in the System module, select the Web Rest API option to enable the API.
   

   

   
   

2. Ensure you have specified a Web Port on the 'Web' card in the Program Mode register in the Technics module. While the Program Mode register is open and if you have obtained and configured an SSL/TLS Certificate as mentioned in step 4 below, select the Use HTTPS option and specify the location of the certificate and the private key. You can specify the HTTPS Port here or you can do this in MyStandard (under 'Change Server Data').
   

   

3. Also in the Technics module, use the Access to Functions from Web setting to list the IP Addresses from where API requests can be made. Use as many rows as you need, entering "api" as the Function in each one:
   

   

   As shown in the illustration, you can enter more than one IP Address in the Allowed IPs field, separated by commas.
   

   If you have obtained and configured an SSL/TLS Certificate as mentioned in step 4 below, set the SSL field to "yes". This will stop responses being given to requests made using http.
   

   If you will allow API requests to come from any IP Address, enter a single row in which the Allowed IPs field is empty.

Outside Standard ERP, carry out the following steps:

4. Obtain and configure an SSL/TLS Certificate to allow the third-party application to communicate with a Standard ERP server using HTTPS. Please refer to the Obtaining and Configuring an SSL/TLS Certificate page for details.
   

5. In the 'More' section of your MyStandard page, generate a Client ID and Client Secret for the third-party application. In effect this recognises the third-party application to be one that you have approved to communicate with your Standard ERP database. Copy the Client ID and Client Secret to the third-party application. Please refer to the Developer Credentials page for details.

The third-party application should support the OAuth2 standard for access authorisation. The previous steps will allow you to log in to the third-party application using your StandardID and password, and this will allow the third-party application to access the data in your Standard ERP database on your behalf.

It is strongly recommended that you use OAuth2 to authorise access, to help ensure data security. As an option you can use Basic HTTP Authentication as well or instead, but it is only recommended that you do so for testing, to check the format of the API responses. Basic HTTP Authentication is not in any way secure, as data and passwords will be sent in plain text and will also be recorded in logs. If you want to use this option, select the Allow Basic HTTP Authentication check box on the 'Options' card in the Optional Features setting (illustrated in step 1 above) and the Web Sessions over HTTP(bad security, for testing only) check box on the 'Unsupported' card. If you are testing in a database that you have not configured to use communication using HTTPS, then you only need select the Allow Basic HTTP Authentication option.

Access

You can grant API access to existing user accounts in your Standard ERP system, and/or you can create new user accounts for the purpose. To create a new user account, use the Person or Global User registers as described here.

To allow a user (i.e. a Person or Global User) to access the data in your Standard ERP database through the API (i.e. through a third-party application), assign that user to an Access Group in which you have granted Full access to the 'Rest API' action:

If your database has more than one Company, you should grant each user Full access to the 'Rest API' action in each Company that they will connect to through the API.

While in the Access Groups setting, note that users will have access to the same registers through the API that they would have access to in a Standard ERP client. For example, if a user's Access Group gives them access to the Invoice register but not the Transaction register, they will not have access to the Transaction register through the API. However, if a user's access to individual fields has been restricted in their Access Group, that user may have access to those fields through the API. For example, if a user has been denied access to the 'View Item's Cost Price' Action and so is not able to see the Cost Prices of Items in any record in a Standard ERP client, that user will be able to retrieve this information using the API and so you should consider whether the user should have access to the API.

---

The Standard ERP REST API:

• Introduction
  

• Configuration and Access
  

• Retrieving Data from a Standard ERP Database - GET Requests
  

• Writing Data into a Standard ERP database - POST and PATCH Requests
  

• Requests and Responses in JSON format

Go back to:

• Home page for Standard ERP manual

Previous   Next   Top            Entire Chapter in Printable Form