Every REST call to the SAP Business One Service Layer must carry a company-scoped authentication token. Hechizo SAP Intercompany uses HTTP Basic Authentication with a custom payload structure required by the SAP B1 Service Layer: instead of a simpleDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/FCS-Consultores/hechizo-SAP-intercompany/llms.txt
Use this file to discover all available pages before exploring further.
username:password pair, the credentials are a Base64-encoded string that encodes a JSON object (containing UserName and CompanyDB) concatenated with the password, separated by a colon. A separate token is generated for each of the ten company databases at application startup, so every sync method can address its target company directly without a login round-trip.
Token construction
Tokens are built by the private static methodCrearToken(string _DB) in Conexion.cs. The method reads UserSL and PassSL from [ConexionHanaProd] in config.ini, resolves the database name for the requested company, serialises the credential object as JSON, and then Base64-encodes the combination:
Authorization HTTP header on every POST/PATCH/GET request to the Service Layer.
Required config.ini keys
Two keys in[ConexionHanaProd] control authentication for all ten companies:
| Key | Description |
|---|---|
UserSL | The SAP Business One application user name. The same user must exist and be active in every company database listed in [ConexionHanaProd]. |
PassSL | The password for UserSL. Stored in plaintext; see the security note in config.ini Reference. |
CrearToken:
config.ini, LeerINI returns an empty string rather than null, so the ?? throw guard does not fire in practice — _user and _pass will be empty strings, and the resulting token will be malformed. The sync methods will then receive HTTP 401 responses from the Service Layer and silently skip that company.
Token inventory
All ten tokens are declared aspublic static string fields in Conexion and initialised at class-load time. The table below lists each field, the CrearToken argument passed (which maps to the Consultar_* method called internally), and the company it authenticates against.
| Static field | CrearToken argument | Company | Production DB |
|---|---|---|---|
token_hechizo | "BD_Hechizo" | Hechizo (hub) | 10071_HECHIZO_DEP |
token_sur | "BD_sur" | Deportes Sur | 10071_DEPORTES_SUR |
token_omdo | "BD_omdo" | OMDO | 10071_OMDO |
token_nedn | "BD_nedn" | NEDN | 10071_NEDN |
token_hogarn | "BD_hogar" | Hogar Ideal | 10071_HOGAR_IDEAL |
token_flores | "BD_flores" | Flores Deportes | 10071_FLORES_DEP |
token_vital | "BD_vital" | Encanto Vital | 10071_ENC_VITAL |
token_emde | "BD_emde" | EMDE | 10071_EMDE |
token_central | "BD_central" | Ave Central | 10071_AVECENTRAL |
token_desampa | "BD_desampa" | Desamparados | 10071_3_102_956112 |
Conexion.cs:
Passing tokens to sync methods
Each sync method accepts the destination database name and its token as a paired argument. Every branch company is iterated inProgram.cs with this pattern:
Intercompany.cs, the token is attached to the HTTP request by EnviaSapPorBasicAuth, the shared helper that handles all Service Layer calls:
bdDestino string is used for the cross-schema HANA query (to detect missing records) while Tokendestino authenticates the subsequent Service Layer POST.
SSL/TLS configuration
Protocol negotiation
Before making Service Layer calls, the application configures
ServicePointManager to allow the broadest possible TLS compatibility:Because
RemoteSSLTLSCertificateValidate accepts all certificates, the application is vulnerable to man-in-the-middle attacks if the network path to the Service Layer is not fully trusted. In production deployments, replace this callback with proper certificate validation, or ensure the Service Layer endpoint (hana-007.fcscr-cloud.net:50000) uses a certificate from a trusted CA and restrict the application to TLS 1.2 or higher only.ODBC connection string for direct HANA queries
In addition to Service Layer REST calls, the application connects directly to SAP HANA via ODBC to run cross-schema SQL queries (to identify master-data gaps). The connection string is assembled at startup from[ConexionHanaProd] keys:
Conexion.strCon and reused for every OdbcConnection throughout the process lifetime. The HANA SYSTEM user provides cross-schema read access to all company databases registered under [ConexionHanaProd].