Odata integrations with SAP Business One

Nicolai Pedersen

Posted on 29/10/2025 11:23:49

Reply

Hi Adrian

The B1 custom authentication protocol is not supported as of now.

According to docs as I can read them, oauth should also be supported in later versions: https://help.sap.com/doc/64cff8d4a2f041fb8cc6c2d5fe42a86c/10.0_FP_2305/en-US/2d099edcd3644a85ae328eab6e9167f6.pdf

As I read it starting with SAP Business One 10.0 FP 2305, the Service Layer can integrate with identity providers that support OpenID Connect (which rides on top of OAuth 2).

You configure B1’s SLD (System Landscape Directory) and Service Layer to delegate authentication to an external IdP such as Azure AD, Okta, or an on-premises SAML/OIDC server.
Once configured, the Service Layer exposes a standard OAuth 2 flow.
You obtain a Bearer token (JWT) from the IdP and include it in your requests:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR...
The token replaces the need for the /Login call and cookies.
The Service Layer validates the token and maps it to an SAP B1 user.
This works for OData as well as the standard Service Layer REST API.

Adrian Ursu

Posted on 29/10/2025 12:04:44

Reply

Hi Nicolai,

That's interesting. I will see if I can make it work. I may probably need support from the SAP partner.

Thank you,
Adrian

Nicolai Pedersen

Posted on 29/10/2025 21:08:08

Reply

You might also be able to create a custom endpoint auth for Dynamicweb that understands Sap B1:

This is our endpoint auth for basic authentication - one for B1 would work similar.

using System;
using System.Net;
using System.Net.Http;
using Dynamicweb.Core;
using Dynamicweb.Extensibility.AddIns;
using Dynamicweb.Security.SystemTools;

namespace Dynamicweb.DataIntegration.EndpointManagement.AuthenticationAddIns;

[AddInName("Basic")]
[AddInLabel("Basic")]
[AddInDescription("Basic")]
public class BasicEndpointAuthenticationAddIn : BaseEndpointAuthenticationAddIn
{
    [AddInParameter("Username")]
    [AddInParameterEditor(typeof(Extensibility.Editors.TextParameterEditor), "")]
    public string? UserName { get; set; }

    [EncryptParameter]
    [SensitiveData]
    [AddInParameter("Password")]
    [AddInParameterEditor(typeof(Extensibility.Editors.TextParameterEditor), "password=true")]
    public string? Password { get; set; }

    [Obsolete("Do not use.")]
    public override EndpointAuthenticationType AuthenticationType => EndpointAuthenticationType.Basic;

    public override string? ValidateParameters()
    {
        return null;
    }

    public override void PrepareClient(Uri uri, HttpClient client, HttpClientHandler clientHandler, Endpoint endpoint)
    {
        Ensure.NotNull(clientHandler, "clientHandler");
        NetworkCredential credential = new NetworkCredential
        {
            UserName = UserName,
            Password = !string.IsNullOrEmpty(Password) && (endpoint?.Authentication?.Encrypted ?? false) ? Crypto.Decrypt(Password) : Password,
        };

        CredentialCache credentialCache = new CredentialCache
        {
            { uri, "Basic", credential }
        };

        clientHandler.Credentials = credentialCache;
    }
}

It would look something like this for Sap Business one (Totally untested)...

[AddInName("SAP Business One Service Layer")]
[AddInLabel("SAP B1 Service Layer")]
[AddInDescription("Authenticates using SAP B1 Service Layer Login endpoint")]
public class SapB1ServiceLayerAuthenticationAddIn : BaseEndpointAuthenticationAddIn
{
    [AddInParameter("Company DB")]
    [AddInParameterEditor(typeof(Extensibility.Editors.TextParameterEditor), "")]
    public string? CompanyDB { get; set; }

    [AddInParameter("Username")]
    [AddInParameterEditor(typeof(Extensibility.Editors.TextParameterEditor), "")]
    public string? UserName { get; set; }

    [EncryptParameter]
    [SensitiveData]
    [AddInParameter("Password")]
    [AddInParameterEditor(typeof(Extensibility.Editors.TextParameterEditor), "password=true")]
    public string? Password { get; set; }

    [Obsolete("Do not use.")]
    public override EndpointAuthenticationType AuthenticationType => EndpointAuthenticationType.None;

    public override string? ValidateParameters()
        => string.IsNullOrEmpty(UserName) || string.IsNullOrEmpty(Password) || string.IsNullOrEmpty(CompanyDB)
            ? "All fields are required." : null;

    public override void PrepareClient(Uri uri, HttpClient client, HttpClientHandler handler, Endpoint endpoint)
    {
        var loginUri = new Uri(uri, "/b1s/v2/Login");
        var body = new { CompanyDB, UserName, Password };
        var loginJson = System.Text.Json.JsonSerializer.Serialize(body);
        var request = new HttpRequestMessage(HttpMethod.Post, loginUri)
        {
            Content = new StringContent(loginJson, System.Text.Encoding.UTF8, "application/json")
        };

        var response = client.Send(request);
        if (!response.IsSuccessStatusCode)
            throw new Exception($"SAP B1 login failed: {response.StatusCode}");

        // Capture cookies from login response
        if (response.Headers.TryGetValues("Set-Cookie", out var cookies))
        {
            var cookieContainer = new CookieContainer();
            foreach (var cookie in cookies)
                cookieContainer.SetCookies(uri, cookie);
            handler.CookieContainer = cookieContainer;
        }
    }
}

Adrian Ursu

Posted on 30/10/2025 13:06:51

Reply

Great!

Thank you very much!

Adrian

Developer forum

Odata integrations with SAP Business One

Replies