Rest API for Epicor Cloud

We are Epicor Cloud customers and looking to implement REST API to pull data from Epicor into my Visual Studio project(s). I am a newbie programmer and would like to know where to start. Any advice?

1 Like

All the info you could want is in the epicor help F1 search rest
However there is also this


learning… but where do I get my webappid and my native client app id?

are you using Azure AD logon? If not, you can use your name and password and basic authentication for start. If yes, those values are in you .sysconfig file.

ok, I declare myself stupid. Is there sample code somewhere for basic authentication like there is for Azure AD and TOken authentication?

@tkoch has code in this thread:

For SaaS users, you can also get your Azure IDs here:


not for multi tenant cloud users - this is not an option in my db

I found this sample C# file in the help docs and downloaded it thinking I could work away from it but it is totally entwined with this Azure AD authentication and I am not smart enough to modify it to work with our SaaS Multi Tenant Cloud system.

Like @Olga said, it’s also located in your local .sysconfig file.

So sorry to hear that you’re on MT… :sob:

Post some code and error messages and I’m sure the group can get you moving.

Mark W.

Here’s what I have from the sample file I downloaded:

How do I configure the below for our SaaS MT Cloud login auth?

And yes I’m sorry to be MT too but it’s one of those things in life…

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Globalization;
using System.Net.Http;
using Microsoft.IdentityModel.Clients.ActiveDirectory;

namespace Training2

class AzureADAuthREST
    //Settings to be adjusted according your Azure AD installation
    /// <summary>
    /// Directory ID - take it from Azure Active Directory properties
    /// </summary>
    private const string DirectoryID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXX XXXXX";
    /// <summary>
    /// Application ID of the Epicor Web application
    /// </summary>
    private const string WebAppID = "";
    /// <summary>
    /// Application ID of the Epicor native application
    /// </summary>
    private const string NativeClientAppID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX";
    /// <summary>
    /// Redirect URL specified for Epicor native application.
    /// </summary>
    private static readonly Uri redirectURL = new Uri("https://localhost");
    /// <summary>
    /// Azure AD logon URL, used for any tenancy.
    /// </summary>
    private const string aadInstance = "{0}";

    private static AuthenticationContext _authContext;
    /// <summary>
    /// Property to store authentication context for the Azure AD tokens
    /// </summary>
    private static AuthenticationContext AuthContext
            if (_authContext == null)
                var authority = string.Format(CultureInfo.InvariantCulture, aadInstance, DirectoryID);
                _authContext = new AuthenticationContext(authority);
            return _authContext;
    /// <summary>
    /// Get token for the user
    /// </summary>
    /// <returns>Access token for the WCF header</returns>
    public static string GetToken()
        if (string.IsNullOrEmpty(NativeClientAppID))
            throw new Exception("No settings specified in AzureADAuth");
        //Specify that dialog should be shown only if prompt for usercredentials is necessary
        var platformParameters = new PlatformParameters(PromptBehavior.Auto);
        //use AuthContext to get token. ADAL will internally handle token caching and refreshing
        AuthenticationResult result = AuthContext.AcquireTokenAsync(WebAppID, NativeClientAppID, RedirectURL, platformParameters).Result;
        //Return AccessToken, which should be sent to Epicor App Server as WCF header
        return result?.AccessToken;

/// <summary>
/// Handler to create authentication header on each server call.
/// </summary>
class AzureADTokenHeaderHandler : WebRequestHandler
    protected override Task<HttpResponseMessage> SendAsync(
    HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
        //Add bearer authorization header on each call.
        //It contains valid Azure Active Directory token
        request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", AzureADAuthREST.GetToken());
        return base.SendAsync(request, cancellationToken);


If you’re currently using Azure AD then open your .sysconfig file. For this line

    private const string DirectoryID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXX XXXXX";

enter this value from your sysconfig:

    <!--Azure AD tenantID - DirectoryID from Azure AD Properties -->
    <AzureADDirectoryID value="" />

For this line:

    private const string WebAppID = "";

Enter this value from your sysconfig:

    <!--Azure AD Web Application ID - Application ID of registered web application -->
    <AzureADWebAppID value="" />

For this line:

    private const string NativeClientAppID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX";

Enter this value from your sysconfig:

    <!--Azure AD Native Client Application ID - Application ID of registered native application -->
    <AzureADNativeClientAppID value="" />

And set your redirect URL to:

    <HomePageUrl value="" />

Give those a try and see what you get.

Mark W.

1 Like

Thise values are empty in my sysconfig. see (3.5 KB)

Then you do not have Azure AD set up for your instance. You’ll have to use basic authentication which is the code that Ted Koch shows in the previous post. Is there another sample in the documentation that uses basic authentication?

Yes, see below but where do I put this? Not in this class I assume…
This Basic Authentication code example specifies the User Name and Password in the call header. You can also
add optional call settings to specify the Company and Plant.
static HttpClient CreateClient()
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHead
ASCIIEncoding.ASCII.GetBytes(string.Format("{0}:{1}", “manager”, “Epicor123”)))
//header to set current company
ICallHeader hdr = new CallSettings(“EPIC06”, “MfgSys”, “”, “”);
client.DefaultRequestHeaders.Add(hdr.Name, JsonConvert.SerializeObj
return client;
To use this authentication code:
HttpClient client = CreateClient();
HttpResponseMessage response = client.GetAsync(ServiceUrl + “/Ice.Bo.ProcessTas

any help for me?

Hi Matthew,

It would help to know what you’re trying to accomplish from a business perspective and not a technological one.

The code shown is almost a full program as is. Add in the using statements and you’re good to go. I’m assuming you want a stand alone program but we don’t know where it’s going to run, how often, etc. So it’s hard to know what advice you’re looking for without more details.

Mark, sorry about the lack of clarification. I am building a quality control module outside of EPicor to meet our specific needs. What I am trying to do is scan a Lot number barcode from a tag created in Epicor Item Receipt. When the Lot number is entered my program goes back to epicor via the REST service and requests information on that lot (PartNum, Description…) and adds it to fields in my program.

you add headers to every REST call to the server. Where you put it is up to you.

It took time figuring this stuff out, but it was worth it in the long run. Epicor’s REST API is super powerful.

Take a look in the SaaSXXX.sysconfig file in the C:\Epicor\ERPDT\Client\config directory.

Look for:
"AppServerURL value=“

The ‘value’ is your app server that you can make REST calls against.

Browse to: https://AppServerUrl/api/help/v1/ to see the Rest V1 help. (use your E10 login as credentials)
Browse to: https://AppServerUrl/api/help/v2/ to see the Rest V2 help. (use your E10 login as credentials)

All of the API Help url’s have clickable examples to ‘try it out’. Poke around there.

A quick ‘proof of concept’ to see something useful is: https://AppServerUrl/api/v1/Ice.BO.AdminSessionSvc/List which will show you who’s logged into Epicor/active connections. (use your E10 login as credentials)

You can also make calls to BAQ’s an pull their output into Excel as Odata, and use Pivot tables to manipulate the data, which is really cool (to a geek/nerd like me… haha). Here’s a great video that explains how to do it:

If you can do something like that in Excel, you should be able to do it in Visual Studio.

Does your company have Azure AD Matthew? It would make the integration a little more streamline if you didn’t have to prompt for a username and password in your QC program which would also make it a bit more secure IHMO. If it were me, I’d create a BAQ with the Lot Number as a parameter and then return all of the information using the REST BAQSvc. One call gets it all. If you plan to update Epicor at a future date then you can look at Epicor Functions when you get to .500.