Newbie questions on Epicor REST Services / APIs

Just looking to get some pointers on how external software can communicate with Epicor. I have heard of REST services but how can you tell it’s installed/up & running?

Also, are there any other options for having external software talk to Epicor? We are on site and not hosted?


It’s running by default in all current versions of ERP. You can access it with /AP/v1. Help is at /api/help/v1/. v2 is running at /v2 and uses API keys.

Thanks @chaddb. I think I’ve found it. Odd thing when trying to browse to the URL it’s asking for a user name and password. Does IIS control that or are there settings in Epicor?

IIS. You will need to enable Windows Auth on the site. Or login with non-sso credentials.

It uses the credentials for that particular appserver. So if you’re using username, password then it asks for the Epicor username and password. If you are connecting to a Windows Auth appserver, then you’ll provide your AD credentials. And if you connect to an AzAD appserver, then you’ll get prompted for your Azure AD credentials.

You probably don’t want to let outsiders get into your local network. It REALLY depends on what you mean when you ask, “how external software can communicate with Epicor”. Read-Only? Customers? Suppliers? Or, heaven-forbid, a two-way sync?


Thanks both @chaddb and @Mark_Wonsil

I am involved in generating a proposal from a new vendor and now I understand Rest Services my next question is how are you going to get the data? I am hoping the vendor has an established process that does not require opening access to the server remotely. Hopefully there will be a small software service that will be on our network and push the data out.

Hi Matt,

You’ve got two options… You can two a site to site VPN with Azure and create a reverse proxy back to your app server which will allow secure access through to the API side. You will need a valid SSL certificate for external access e.g DigiCert or LetsEncrypt.

I wouldn’t open ports to your app server as this may cause a whole world of pain if this is compromised. You can then create API Keys which you would give to your vendor tell them to point to the azure site with the key and they would be able to post and get from your internal epicor API.

Second option would be an application proxy to azure which will generate a secure URL which you can then pass to any vendours and controll their access by API Keys and Access Scopes within epicor.

You can do this for a dev server as well. :slight_smile:


thanks @aarong. I wasn’t aware of the API Keys feature so that’s useful.



1 Like