datadaddy: did you resolve the ‘problem getting baq metadata error’? I am running into it also
No, I had to give up, was hoping for more ideas from the experts here
I believe the BaqGetDataTable method was originally implemented in V1 but I don’t think it has been updated since. I can take a look at it we pivoted pretty hard into Generic calls that can be manipulated by you instead of us giving you pre-determined output (like a data table) because the generic output is generally more useful and flexible.
You can generate your own table from the BAQ Results.
I think I have tracked down my problem: our epicor installation uses windows authentication so I don’t have usernames and passwords for epicor itself. Is there a way to utilize windows authentication using EpicorRestAPI?
Yeah, I think Jose does it here:
Regular windows SSO cannot be easily used with Rest calls of any kind. If you are using Azure AD you can generate an Azure Token with your Azure Credentials but regular Windows SSO is not really possible with REST.
2 Likes
@jason_van_clark Are you wanting to access the API under the user context whereby permissions to the REST is determined by the user making the call? Why not just create a single Epicor API key and use that for all REST calls?
1 Like
Thanks for clarifying.
I have an API Key, but I am not sure how to do what you are suggesting. I do not have any permissions set on my BAQ but I am not sure if there are any other security settings on our epicor installation that would require user authentication.
Would I just leave the username and password variables blank when trying to use EpicorRest?
No you would either populate these or use a token instead there is no way to do “Windows Auth” with REST
1 Like
You could just setup a user specifically for the API (eg. api_user) in Epicor that isn’t bound to the domain or SSO and use that in your EpicorREST calls:
…and depending on how your app is setup, allow multiple sessions:
…then bind to your EpicorREST instance…
EpicorAPILibrary.AppPoolHost = XXX;
EpicorAPILibrary.AppPoolInstance = YYY;
EpicorAPILibrary.UserName = AAA;
EpicorAPILibrary.Password = BBB;
EpicorAPILibrary.CompanyID = CCC;
EpicorAPILibrary.UseWebServicesLicence = true;
EpicorAPILibrary.UseSessions = true;
EpicorRest.IgnoreCertErrors = false;
1 Like
that’s a good idea but I don’t think my DBA is up for it. I’m going to look into the Azure tokens
Jeff is describing Basic Auth. These are the authentication types allowed in REST calls (everywhere, not just Epicor):
Best practice for Basic auth is to not use it but if you do then don’t store the username and password but grab it from a secrets manager.
Yes, that 
… I did make an assumption that your app is private/internal using https, which ours is.
This may not be applicable to Epicor Rest Helper (I’m not sure if RestSharp supports it) but Windows/NTLM Authentication is possible with new HttpClient(new HttpClientHandler { UseDefaultCredentials = true }).
I have written my own client library for use at our company and this is one of its authentication options.
How would this work? REST is by definition Stateless all it sends are headers so I’m not sure how NTLM Authentication would work without some other middleware that generates a token or a session or something that would prove who you are.
Currently the Epicor SSO just looks at %Environment.User% and compares it to the SSO UserID setup in User File and if they match presto!
Do you have any info as to how this works for a REST call it doesn’t compute…
Honestly I can’t tell you the inner workings, all I know is that I’ve been using it since 2019 
As long as the Epicor app server has Windows authentication as one of its bindings and your user account is set up with Domain and OSUser fields configured, it works great.
You can use NTLM auth in Postman to test it out, it works just as well.
Looks like RestSharp does support NTLM authentication, so maybe this library could make use of it.
I know Windows auth probably won’t last much longer in Epicor, but it’s still our authentication method for the ‘smart client’. We use Azure AD for Kinetic web.
Thanks I’ll poke around Microsoft doesn’t recommend this approach so seems a bit dated but if its an easy implementation maybe we can add it.
1 Like