We are trying some external rest calls and it was going really well.
I tested it with a little javascript function that required the user to enter their Epicor credentials. This works.
So our developer prototypes an application using this and its all good.
But now its time to do this for real and they want a general login that we access securely and fill in so that users do not have to enter their epicor login credentials.
I create a user, verify that it can log into Epicor and try it on my little JS page before I hand the credentials over to the developer and I get a 403 invalid login even when I paste the credentials that are working to log into Epicor itself.
I give the user web access, several security groups, even security manager temporarily and no dice.
I tried an API key with a scope of just a BAQ that the prototype application will call and nada. Is there something that I need to set up for a user to be able to remotely connect?
The below HTML page will return data to the consoles and I can extract what I need with JS code.
It just seems odd that the generic user can’t use Rest
(That user can be logged into Epicor with the credentials and it can run that BAQ)
Am I missing something really basic in the user setup?
I included the JS - it was a fun way to access a BAQ
<!DOCTYPE html>
<html>
<head>
<title>Peak Processing - Epicor REST Javascript Test</title>
<IMG SRC= "PeakLogo.jpg"><BR><BR>
</head>
<body>
<input type="text" id="myUserID" placeholder="UserID">
<input type="password" id="myPassword" placeholder="Password" type="password">
<button onclick="getEpicorData()">Submit</button>
<script>
async function getEpicorData(baqID, companyID = 'YourCompanyID') {
const url = "https://**ourserver**.epicorsaas.com/SaaS508/api/v1/BaqSvc/VendorListReactPOProject?Company='**ourcompanynumber'"
const myUserID = document.getElementById("myUserID").value;
const myPassword = document.getElementById("myPassword").value;
const loginString = myUserID + ":" + myPassword;
try {
const response = await fetch(url, {
method: 'GET',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
'Authorization': 'Basic ' + btoa(loginString)
}
});
if (!response.ok) {
var errorline = `HTTP error! status: ${response.status} `;
if (response.status = '401')
{
errorline += ' - Invalid Login';
}
alert(errorline);
throw new Error(`HTTP error! status: ${response.status}`);
}
return data;
} catch (error) {
console.error('Error fetching Epicor data:', error);
throw error;
}
}
** Adding a API key to the mix just gave a login error, even if I used my credentials as the basic authorization part of the string
The BAQ itself just returns a list of our vendors
This is the way