We use excel to build out some KPI and reporting to display in our environment but I seem to have a lot of authentication issues for the majority of my epicor users. All my users have access to BAQ’s they are able to run the BAQ’s in epicor that I am using for the report but when attempting to use their credentials for the ODATA call in excel they get the following error. This error typically also results in the users being locked out of their epicor accounts. Has anyone else seen this before?
I have been advised not to use regular user credentials for odata. Instead, I setup a user account just for odata access. If you have to let other users in, make sure you have turned on “Allow Multiple Sessions” in User Account and Security Maintenance. Note, that your seats or licenses may get used up faster than you expect this way because if a user has the client open that is one seat, and as soon as they use their creds to make an odata call that is another seat. Why would you possibly want to let your users make odata calls?
Excuse me if this is a dumb question but why would you not let regular users use their credentials for odata? Just for the licensing issue? We are doing this for reporting and dashboards built in excel. The excel sheets call data from BAQ’s built for the dashboards or reports.
Access scope constrained accounts are really convenient for REST API things. I have a whole mess of user accounts that are linked to access scopes, buttoned down to the absolute minimum access they need for where I’ve used them.
If someone emails a data-connected workbook somewhere they shouldn’t, it’s easy to kill the API token and reset the user account credentials.
That’s something to think about as well - if you provide user credentials at that connection, they’re stored in the connection text. You could technically use the Epicor basic auth string which is hashed, but it’s not hashed in a secure way. Not to mention that a standard user updating their password would break a static data connection.
Hi Nate, are you sure that an odata call uses a license seat? I’ve just started to experiment using the method you describe with a single user account for the various spreadsheets and webpages I put together and the account doesn’t show in the user tracker or under active users in company config. I’m really hoping it stays that way and isn’t counting the user in some other way against the license. I’m not updating anything yet, just pulling and filtering BAQs.
Honestly, no I am not! But I always assumed that any calls to the database would require a seat. 
This was my larger concern and why I opted for an access scope assigned to a specific odata user.
I believe it is taken and released as soon as the data is retrieved. There have been times when our licenses are fully used and I have had users who couldn’t run reports.
Can confirm! I’ve been running a Trello integration going on three years now. Every once in a while I’ll find a 400: Maximum users exceeded from the Epicor side in the logs. Less often then I was expecting, though.
And from what I’ve been able to observe, discrete REST connections do return their license as close to as soon as they’re done with it as makes any difference. I do kind of wonder if they consume a license at all or only check for an available license at connection time, but not enough to spend time answering that question.
Same here.
Yes, and uses one during the call, which may be fast, or may take a lot of time, depending on what are you calling exactly.