Rest with Bearer Tokens - ClientId and Client Secret ?'s

datadaddy · June 13, 2025, 5:47pm

If someone has a desire to use Bearer token to access Epicor Rest API’s,
the Ice.Lib.TokenService.GetAccessToken call takes:

{
  "clientId": "00000000-0000-0000-0000-000000000000",
  "clientSecret": "string",
  "scope": "string"
}

where do I find or generate these values ?
what are the intended values for scope ?

Thanks

Randy · June 13, 2025, 5:48pm

I believe it’s a GET on Ice.Lib.TokenServiceSvc BO

Correction: It’s a POST to that service.

datadaddy · June 13, 2025, 5:57pm

Indeed that works, thanks !

datadaddy · June 16, 2025, 5:40pm

Hmmm, not quite working,

So what I did was use the Epicor REST API Help website and called that method,
and then used it in Postman to make a test call

The return from the TokenService call did show a Bearer token value in the curl section, but not in the response.

And if I try the TokenService in Postman, I only get this as the response

I’ve not taken the time to program it in a function, but wondering why it does not work in Postman

Randy · June 16, 2025, 6:00pm

Try using the bearer from the curl and testing it in Postman

datadaddy · June 16, 2025, 6:04pm

Yes, I did that and it worked, but I want to get the Bearer token using postman and when I call the TokenService in postman it’s not returned

klincecum · June 16, 2025, 6:09pm

GetAccessToken I believe.

datadaddy · June 16, 2025, 6:12pm

Yeah, that was what I tried originally (see first entry above), but it wants a clientId and client secret, not sure where those come from

klincecum · June 16, 2025, 6:14pm

I’m on my phone.

@Olga , @josecgomez

josecgomez · June 16, 2025, 6:18pm

It’s not a Get method you’ll have to use post

curl --location --request POST 'https://YourEpicor.Com/EpicorLive10/TokenResource.svc/' \
--header 'username: YourEpicorUserName' \
--header 'password: YourEpicorPassword' \
--header 'Accept: application/json'

This will responde with

{
    "AccessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiO_SNIP_CAUSE_H4K3RZ",
    "ExpiresIn": 28800,
    "TokenType": "Bearer"
}

datadaddy · June 16, 2025, 6:33pm

strangley, I get a 404 not found

it was tripping on a 401 unathorized at first, adding the API key got past that

I know my path to my epicor instance is correct as I am using it in other calls

headers look correct from curl

I’m Saas, does that matter ?

josecgomez · June 16, 2025, 6:39pm

No it doesn’t matter, are you willing to share the URLs?

josecgomez · June 16, 2025, 6:53pm

It’s here

https://server/instance/TokenResource.svc

datadaddy · June 16, 2025, 6:54pm

Awesome, that did it, thanks !!!

jbooker · June 16, 2025, 7:47pm

this works too without clientid & secret

Then you must still send APIKey headers on subsequent requests even with Bearer Token.