Skip to Content
Author's profile photo Former Member

Using REST Web Services SDK to log into the BI Platform Server (JavaScript and C#)

This article provides a code walkthrough for logging into SAP BusinessObjects Business Intelligence platform through REST Web Services.  The code requires SAP BI platform 4.0 SP05 or later.

The SAP BI server authenticates users using a logon token.  Any time a REST method is sent to the server, a valid logon token must be sent within the header of that request.  Only after the server validates the logon token will it respond to any REST methods.

Generating a Logon Token

We post the following XML template:

XML Template

<attrs xmlns=”“>

<attr name=”userName” type=”string”>


<attr name=”password” type=”string”>


<attr name=”auth” type=”string” possibilities=”secEnterprise, secLDAP, secWinAD, secSAPR3″>



to the following URI:


http:// <Server IP>:<port>/biprws/logon/long/

JavaScript Implementation

In order to use AJAX to make the REST calls to the server, we must include the following JQuery libraries:

JQuery Libraries

<script src=”“></script>

<script src=”scripts/jquery.json2html-3.0.js” type=”text/javascript”></script>

  1. Now we will define what we need in the REST request.  We first set “headers” by setting the “type” of REST method to ‘POST’ and the “contentType” to either ‘application/xml’ or ‘application/json’ depending on the format we wish to use.
  2. Next, we set the request body to the XML/JSON template that includes our authentication information.  If all goes well, the server should return an XML string that contains the logon token. We must then parse through the XML data and retrieve the attribute named “logonToken”.
  3. Finally, we must clean the logonToken of the XML transliteration ‘&amp’ to ‘&’.  We will store this logon token in a string variable to be used later in future REST methods.

Javascript Function

function login(username,password) {

      $.ajax({url: server + ‘/biprws/logon/long’, type: ‘POST’, contentType: ‘application/xml’,

                dataType: ‘xml’,

                crossDomain: true,

data: ‘<attrs xmlns=”“><attr name=”cms” type=”string”>localhost</attr>’ +

         ‘<attr name=”userName” type=”string”>’+username+'</attr><attr name=”password” type=”string”>’+password+'</attr>’ +

         ‘<attr name=”auth” type=”string” possibilities=”secEnterprise,secLDAP,secWinAD”>secEnterprise</attr></attrs>’,

                         complete: function(xhr, status) {

                                if (status != ‘error’ && xhr.responseText) {

                                                 logonToken = “\””+tokenRE.exec(xhr.responseText)[1].replace(/&amp;/g, ‘&’)+”\””; }


                                error:function(xhr, textStatus, errorThrown) { console.log(“Error connecting to BOE server”);},

                                success:function(xhr, textStatus, errorThrown) { console.log(“Successfully logged on to BOE server”);},

                                beforeSend:function(xhr)  { xhr.setRequestHeader(“Access-Control-Allow-Origin”, “*”);}  



C# Implementation

We will need the following class libraries for our C# implementation:

C#  Libraries

using System.Net;

using System.Web;

using System.Xml;

using System.IO;

Although the C# implementation shares many similarities with Javascript, there are a few more caveats that need to be addressed.

First we must create the XMLdocument object that will hold the XML template containing the user name and password.  Next we create a byte array that will stream the output when we post our request.

XML Template

XmlDocument login = new XmlDocument();

login.LoadXml(“<attrs xmlns=’‘><attr name=’cms’ type=’string’>localhost</attr><attr name=’userName’ type=’string’>”+userName+“</attr><attr name=’password’ type=’string’>”+pw+“</attr><attr name=’auth’ type=’string’ possibilities=’secEnterprise,secLDAP,secWinAD’>secEnterprise</attr></attrs>”;);

byte[] dataByte = Encoding.Default.GetBytes(login.OuterXml);

Now that we have our XML template ready to go, we set up our “Request Headers”.  As you can see, we set the “Request.Method” to ‘POST’ as well as the “content type” to either ‘application/xml’ or ‘application/json’. Finally, we set the “ContentLength” to be the length of our XML array.

REST Request

HttpWebRequest POSTRequest = (HttpWebRequest)WebRequest.Create(server);

POSTRequest.Method = “POST”;

POSTRequest.ContentType = “application/xml”;

POSTRequest.Timeout = 5000;

POSTRequest.KeepAlive = false;

POSTRequest.ContentLength = dataByte.Length;

In order to send our XML array within the REST request body, we create a stream object and then write it to an XML array.


Stream POSTstream = POSTRequest.GetRequestStream();

POSTstream.Write(dataByte, 0, dataByte.Length);

Now we create an HttpWebResponse object which we use to store the response using the StreamReader class.  We then use methods to store the response into a string variable and clean up the XML template of transliterations by converting all “&amp” to “&”.

Server Response

HttpWebResponse POSTResponse = (HttpWebResponse)POSTRequest.GetResponse();

StreamReader reader = new StreamReader(POSTResponse.GetResponseStream(), Encoding.UTF8);

loginToken = reader.ReadToEnd().ToString();

string loginToken2 = loginToken.Replace(“&amp;”, “&”);

Finally, we parse through the XML data to retrieve our logon token within the attribute “attr” named “logonToken” and store that in our final logintoken variable.


using (XmlReader xreader = XmlReader.Create(new StringReader(loginToken)))



ltoken = “\”” + xreader.ReadElementContentAsString() + “\””;


The above code should be a turnkey key implementation for logging in to the BI platform server using REST Web Services. 

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Michael Howles
      Michael Howles

      Great primer post.  Thank you!

      Author's profile photo Former Member
      Former Member

      How we acheive the same when using SSO

      Author's profile photo Jan Froehlich
      Jan Froehlich

      Hi Brian,

      really great post on using the REST SDK.

      Additionally I'd would like to improve your Javascript example a bit, so it makes use of the easier JSON notation:


          url: server + "/biprws/logon/long",

          type: "POST",

          contentType: "application/json",

          crossDomain: true,

          headers:  {

              "Accept": "application/json"


          data: JSON.stringify({

              "userName": username,

              "password": password,

              "auth": "secEnterprise"


          success: function(inResponse) {

              console.log("Successfully logged on to BOE server");

              console.log("Token: " + inResponse.logonToken);


          error: function(xhr, textStatus, errorThrown) {

              console.log("Error connecting to BOE server");



      With that code, there is no need to parse XML or clean it up in some way.

      Maybe that is helpful for others too.


      Author's profile photo Former Member
      Former Member

      Thank you for this wonderful article.

      I have 1 question...I wonder if anyone can help me...?

      Is it possible to hide the login credentials?

      I need to distribute the html page with this javascript code.

      I do not want the users to find out the login details...

      Thank you...

      Author's profile photo Anthony MULLER
      Anthony MULLER

      Hello Hayden,

      To hide credentials, you can use other login way like "trusted authentication".

      Best regards,


      Author's profile photo Former Member
      Former Member

      Thank you Anthony...As I do not have back-end solution, I ended up writing Javascript code that would kind of hide the credentials...