This might be a dumb question, but how would I go about exposing the Epicor API to a completely external set of code?
For instance, the REST API works great when calling it from somewhere inside the network where it can “see” the API, so long as the URL is correct.
The goal is to be able to call the API from third party systems outside of the network, such as from our customer facing website and from our partner companies systems.
I’m not sure how to go about “exposing” the API outside of the network. Perhaps this is documented, but any help would be much appreciated to get me going in the right direction!
Open and Map port 443 external through your firewall to your appserver’s 443
Youll also need a certificate (you can get a free one from let’s Encrypt)
Another option is to set a proxy server up and have it service requests from your external systems. Now you can only accept requests from your proxy instead of sending all 443 requests to your Epicor app server. This also gives you the flexibility to you to create your own interface that works with the third parties and gives a layer of separation from ERP changes.
Food for thought,
Because of our hosted environment, it sounds like having a proxy server setup for this will be the best method of exposing the API externally. If you have experience with this, would you mind sharing the machine requirements for such a server?
Shared hosting or dedicated host?
Scott Forysth has a series of good, concise videos on IIS that are a good read on different tricks with IIS.
(Get the Forsyth on IIS, Not choreography)
Below is the reverse proxy behavior mentioned. The rest of his stuff are good intros as well. Not super deep but a good intro to a bunch of topics. I like the intro + concise format. If you need more, you are armed to ask more questions.
It’s in a public cloud environment, so there are apparently some intricacies around exposing outside of their network.
Something like an AWS or AZURE, or rented space with your own server in a datacenter?
Do you have access to your servers firewall rules and iis if so you are set, if not you will need to work with your vendor. You’re forwarding access to nothing more than a regular website, no vendor should have an issue with assisting that.
It’s essentially resources allocated from a cloud in a datacenter. The cloud network itself it controlled by the datacenter. I do not believe we have access to the firewall rules, and I’ve reach out to the vendor with these same questions and it sounds like they know what to do. It sounds like we will set up a DMZ.
I have very little knowledge of networking, so this is all kind of greek to me.
I’d say you are on the right path, work with them and you should get where you need to go.
Hi Aaron, Did you get this all setup and working?
Hey Neil, yes definitely got this working.
We are hosted in a datacenter so we had to work with them on getting this set up, but in our case, we utilized a load balancer in a DMZ to route HTTPS traffic to the application server(s) within the environment. The load balancer has a whitelist of allowed IP addresses.