How do you add a specific License type to a REST web app integration

I have a custom web application I’m integrating with the REST Api we are running into issue where the application sometimes errors out because we reach our license cap. We specifically purchased a number or web service licenses to use for this web application, but I can’t seem to find any information that helps me get my footing on how to use specifically those web service licenses in my app. There seems to be a reasonable amount of info on how to integrate with c# and .net based web apps, but I am creating this using Express, and React. I was wondering if anyone could explain to me how I go about adding them. I have discerned from other similar posts that I need to send license and / or session info through the headers, but I can’t find anything on what specifically those pieces of data are labelled as or how to access that info from E10 REST into React or Express. Any help is appreciated. I did do a lot of research, but it’s always possible I missed a response right here on the forum that might help.

This may help, if you aren’t using .net though its just headers. though youwill first have to establish a session


Here’s a list of the different license guids


So then does this mean that all License values remain the same permanently? I use that GUID as a claimed license in my http headers after creating a session and I’m good to go? Sorry, I just want to make sure that I fully understand before trying to implement it.

Correct the guids are the same but you will need a new session every time a new user logs in
Which you manage via the SessionMod EndPOint

Excellent. Thank you for the assist. I’ve seen you on a few posts like this, and you always seem to have solid answers. I’ll post some code snippets of what it looks like here in a bit. Hopefully I can get this functional pretty quick. Doesn’t sound too hard

1 Like

Jose, this is all over my head, but an integration partner is asking for some more details on this, if you don’t mind. (Actually he just signed up: @Asitt_1)

First, what is meant by “a new user”? In this specific case (an eCommerce site), the integration is one Epicor user (the site) but of course we hope to have bazillions of customers on there at once. So is that one user or many?

Second, I’ll just put it plainly: why do you need a session per user?

I don’t doubt that you are right, but we are trying to wrap our heads around the details. I can do a REST call in Postman, for example, and include the License header of {"ClaimedLicense": "00000003-9439-4B30-A6F4-6D2FD4B9FD0F"} but no session ID and it seems to work just fine. The response is a session GUID of all zeroes.

I guess my question is, when do you need a session per user? What scenarios?

And what happens if you don’t include the session ID and there is a lot of traffic?

“new user” above means a different user I believe…

The session is tied to a user identity and it keeps things like the current company etc… Why do you need it? You don’t I suppose as long as you are ok with establishing a new session for every request.

Having a session is useful for many reasons and I believe the license type header requires one (or establishes one, to consume that license)

A small correction to @JasonMcD’s original question.
When we send parameter License: {“ClaimedLicense”: “00000003-9439-4B30-A6F4-6D2FD4B9FD0F”} without a session we get back License: {“Claimedlicense”:“00000003-9439-4B30-A6F4-6D2FD4B9FD0F”,“SessionID”:“00000000-0000-0000-0000-000000000000”}
The SessionID is all zeros. Not sure what this means?

The scenario “New User” is actually meant to address session concurrency.
There really is only one integration user in play here. It will be making a ton of requests likely simultaneously.
We need to know:

  1. Does this concurrent user request scenario require more than just a single license?
  2. Do we really need to first get the session so that we can add it in the License parameter even though we are already passing the authorization and x-api-key in the request header.


You don’t need to generate a session explicitly unless you want to but if you don’t Epicor will generate one for each call and automatically kill it after a bit I’ve seen this cause an issue where you run out of licenses if your numbers are tight.
Generating a Session and Re-Using it ensures that each REST Call doesn’t get a new license genrated.

1 Like