Skip to Content
Technical Articles

B1 Service Layer with JavaScript – Handling B1 Objects without .Net (nor DI API)

Screen Shot 2014-11-24 at 20.27.05.png

Lots of new features and innovations are raising at SAP world and of course that our beloved SAP B1 is getting some of the juice. Since SAP Business One version for SAP HANA 9.1 (B1H 9.1) a new component of B1 Family has been released, the B1 Service Layer. With B1 Service Layer you can manipulate B1 objects on an open, fast, lightweight and standard approach. Break the chains of .Net and DI API!



SAP Business One Service Layer is a server based components build using OData. The Open Data Protocol enables the creation and consumption of REST APIs, which allow resources, identified using URLs and defined in a data model, to be published and edited by Web clients using simple HTTP messages.


In other words, now you can manipulate B1 Objects using our new REST API. It means that B1 is open to a lot more technologies such as JavaScript presented here. You can find more information about Service Layer in this video.


Code Explanation

I did a video presenting this application. Check it out:




What I am using:

Twitter BootStrap – As Front-End Framework

jQuery – JavaScript most popular library. Used on some UI controls but mainly on the REST calls to Service Layer


You can find the application code on GitHub

What do you need

This application contains 2 files:


index.html – The UI of the application.

sl.js – The intelligence of the app and where you will find the REST calls to Service Layer. This file must be saved on a folder named “js” (or you can change the reference on the index.html file)


** If your Service Layer is using a Self Signed SSL Certificate your browser probably will block the calls from this application. In this case, use your HANA Studio browser and all will be fine. I explain more on the video.


Test it yourself

There is no reason for us Solution Architects to create create those codes if you guys on the frontline do not use them! 😉


Test, enhance, modify it! Your feedbacks are always welcome!



Shai Berkenblit, B1 Product Manager, has found a way to have the SSL Certificate trusted by your broswer. That means you are not restricted to Eclipse browser to run this app if your connection certificate is Self Signed. So you can use Chrome to debug this app for example.

The details are here. Thanks a lot, Shai!


UPDATE – Ago/2015


Some of you guys run across problems when trying this app on XS Engine. That was due to the lack of support of Cross Origin Resource Sharing (a.k.a. CORS). Although it is installed on the same server as HANA, Service Layer is not built (yet) on top of XS Engine. So when accessing the application trough HANA and performing calls to SL you were interacting with 2 different domains and most browsers block that if the called domain is not explicitly accepting this kind of interaction.


So, the allow your SL to accept this kind of interaction. Starting with B1 Version 9.1 PL08. you can add the last two lines of the image to your Service Layer configuration file, restart SL and everything will work:


You can find the Details on this blog


UPDATE – Set/2015



Sample: How to consume Service Layer oData services from .NET via WCF




and don’t forget to follow me on Twitter: @Ralphive

You must be Logged on to comment or reply to a post.
  • Hi Ralph,

    Great! I managed to solve the SSL Trust Issue.

    However, there's another problem to get log in successfully.

    Whenever I tried to run, it loads for awhile and pops up, "Houston, we have a problem! Verify your server information."

    Checked the browser debugging tools. "XMLHttpRequest cannot load https://administrator:50000/b1s/v1/Login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 400."

    I've edited your sl.js to remove the following things:
    Commented out on this - complete : function( xhr, status ) { alert(error); }

    Hope to hear from you soon.

    Thank you.

  • Hi Ralph,

    well explained , thanks for sharing this !

    question : how can i upload the two files and from where i can download these ??


  • This is a very good feature, why it can NOT be available to MS SQL SAP B1?

    HANA is fast, but for most of the small companies there, SQL is cheaper and it can be as fast as HANA because there are not that much data.


    • Hi Frank,

      I agreed to what you said as well.

      However, I think the direction from SAP is to keep up with technology trends and with in-memory database being the latest cutting edge technology, I reckoned that B1 have to keep up with this "update", to stay ahead of the game.

      Yes, customers of SAP can still use MSSQL, but it will naturally phase out in time to come. If a company have foresights, I believe that they would make the change!

      And with this "middle-man" of ServiceLayer, it helps to bridge the gap between SAP B1 with HANA.



      • Thanks Jacob! You got the big picture.

        B1 is going HANA and there will be where all innovations and enhancements will be found. This is a huge opportunity for B1 Developers to start dealing with different and amazing technologies.

        Is up to partners stick with the past or move together with us! Glad some like you are on the right path!

        HANA or die! 😈

        • I agreed with you Ralph, In memory is the trend. But B1 is a product targeted to small business. Cost is also a concern from marketing purposes. I dont think B1 will phase out on MSSQL. But it will eventually evolve to two products like now, B1, and B1 Hana. And the difference might get bigger and bigger.

          But my point is HANA is not only product supporting in-memory, SQL 2014 is also starting to support, so technology trend is not the problem at all. XML is not that good any more, javascript and JSON is the new king. That's what i am talking about. That's why SAP is using it. All these should prevent SAP to copy the HANA implementation to SQL. Because on this issue, SQL has no difference with HANA.


          • Indeed in memory in the "trend". However who set it was SAP 5 years ago. We are leading this movement and that is another reason for not waste a lot of time with "legacy" technologies.

            Is not a matter of "yesterday we had XML, today we have JSON". We are not doing the same thing differently. We are doing different things.

            There is a whole shift in the way we have to build our Add-ons(now called extreme apps) and Service Layer is here to help on that.

            This week we've been in the B1 Summit Barcelona where HANA and was amazing to see what partners are doing (just like Jacob did in Bangkok in March). I suggest you take a look>>

            The strategy is HANA and Cloud. And with this two, we can reach every kind of customer.

  • Hi Ralph,

    I've forced the trusted ssl certificate and that works well. I started the browser with web security disabledAnd I'm not hosting the page on XS Engine. Still I've been getting this error when I try to login.

    XMLHttpRequest cannot load https://administrator:50000/b1s/v1/Login. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

    Any idea why? or, Anybody else happened to come across and fixed this issue??

    I'd highly appreciatte any help on this, I'm a bit frustrated

    • Hi Carlos,

      Since your are running the app locally, try to use a less modern browser (just like me on the video) or remove this code from the ajax calls on the JavaScript file:

      xhrFields: {
        withCredentials: true
  • Hi Ralph,

    Thanks for this post, it is very helpful. I was able get a complete listing of the objects that can be manipulated by doing a GET request at the root https://administrator:50000/b1s/v1/

    I don't see a way to POST an "Issue for Production" document, to update Item and Resource quantities against a Production order. Is there a way to do this? Or is this something that would have to be done via DI API?



    • Hi John! If you go to

      https://administrator:50000 (address + port) you will find the API reference with all the entities and operations you can perform.

      Keep in mind that if the object is not exposed in DI API it will rarely be in Service Layer (they share the same core, although SL implements multi thread capabilities.

      In your case you can achieve wat you want by using this entity (the same applies to DI API)

  • Hi Ralph ,

    How can I know Which entity of the Service Layer Hana is associate with a specific table in the database ?? For example I need to know which is the name of the HTTP GET method of the table ORTT.

    Thanks, I'll appreciate any help

  • Hi Ralph,

    I try your sample and have a problem.

    When I press a green button "Start now" and insert my data in the form, I always have a error-message.

    However, in REST client I have no problem with autorization.

    What could be the problem ?



    • With chrome/firefox. Right click on page > Inspect element.. Check the errors on the console to give you a hint.

      Normally, an authorization for the self signed  SSL certificate is not set (as shown on video)

      CORS not enabled on Service Layer (as last blog update)...

      Paste the error here, so I can help more precisely 😉

      • In log files of my ServiceLayer I have a ""POST /b1s/v1/Login HTTP/1.1" 200 .." - I understood that It is mean "200 OK"

        But In my browser I have a "Houston. We have a problem..."

        I tried to do something with my certificates - it does not help.

        I can't show my screens, sorry. I am not at work now.

        Do you know how I can solve it else?

  • Hola Ralph.

    Al intentar usar advanced rest client par hacer el Login se presenta el siguiente error:




    Espero puedas ayudarme. yo estuve en el Workshop de Colombia el año pasado.

  • Hi Ralph,

    I can login and take data from service layer using Chrome Advanced Rest.

    But when I try to retrieve data using PHP Curl I have a "Invalid Session Error"

    I try to send cookie B!SESSION and ROUTEID but it does not work

    My code is

    $login = $this->login_sap(); // login using curl actually return a session id





                return 0;



            $cadena_busqueda = $this->input->post('cadena_busqueda');


            $url = "\$orderby=ItemCode asc";




                $url .= " & \$filter=contains(ItemCode, '". $cadena_busqueda ."') or contains(ItemName, '". $cadena_busqueda ."')";



        $headers = array(

                'Accept: application/json',

                'Content-Type: application/json'




            $ch = curl_init($url);


            curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

            curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);

            curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

            curl_setopt($ch, CURLOPT_COOKIE, 'B1SESSION='.$login.'; ROUTEID=.node0');

            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);


            $output = curl_exec($ch);


            $result = json_decode($output);




    stdClass Object ( [error] => stdClass Object ( [code] => -1001 [message] => stdClass Object ( [lang] => en-us [value] => Invalid session. ) ) )

    Thanks in advance

  • Hi all,

    Is it possible to expose the service layer to an external address? I am developing an application for a client. The app will run on a different server, can I make calls to the service layer from another server? Lots of example I see are ran on localhost/same host as where SAP B1 is running.

  • Hi Ralph,

    I Tried to connect SAP HANA using service layer & found this error when try to login,

    I use HANA 102.5, SBO 9.2 PL 0, SLES 11 SP4

    I've tried reinstall DI API, no luck

    I've tried restart server layer b1s restart, no luck...

    what's causing this error ?


    • Hi Hendra, never seen that before. But the message seems clear. Did you updated the B1H environment and forgot to upgrade Service Layer? Run the B1 upgrader (linux package) again or try to reinstall the service layer.

      • Hi Ralph,

        Ok, I found out the issue, it's because I upgraded server tools to 9.2 PL 2, but the COMMONDB & SBO DB is not yet upgraded, so I run upgrade DB from windows...

        and now can connect successfully.

        Thanks & Regards,


  • Ralph,

    Three questions:

    1) How long will a session remain open or active? Do they eventually timeout and require a new login request? Is there a setting that controls this? I would like to have an application login and keep the session open indefinitely, to avoid expensive login requests.

    2) Is there any way to send a custom SQL query or call a view or something? I need to get specific data that requires JOINs across multiple tables. In the DI API there is a DoQuery function that returns a generic RecordSet. Is there any equivalent to this?

    3) Is this new Service Layer designed to replace DI Server / B1WS for HANA installs? I'm just a bit confused because I have read a lot about DI Server / B1WS. Wondering if they are going to be obsolete with this.



    • HI John,

      1) session timeout is 30 minutes per default. You can change that on the service layer configurations. Check the SL guide on partner edge for more details

      2) SL is aimed on the B1 objects. For queries you should use a Hana view to provide the results and a XSODATA or XSJS service to expose it

      3) this is a replacement for both DI API and DI server. This last one is jurassic old 🙂

  • Hi Ralph,

        1. I am able to login when I press  "Start Now" button. The message is "Yeah!! We are connected! Let's make some REST calls!

    2. But when I pressed any of the buttons e.g. "Get BP". I get the "Damm! Something bad happened..."

       What could be possibly wrong. I have already set "CorsEnable": true, and also "CorsAllowedOrigins": "*"

        Thank you in advance.

        Chong Chin

  • Dear Ralph,

    Kindly i have issue i enabled certification but i still have issue to connect on server and i am sure the information correct please can help me ???Untitled.png

    • I'm pretty sure your problem might be because of CORS. You need to press f12 on your browser to debug the requests and see if that is the case in the console tag. If it is in deed so then you need to check that you're using at least SAP B1H 9.1 PL08 and follow the guidelines posted on this blog entry to allow CORS

  • Hi All,

    I am kinda new to sap. Does anyone know if this feature is enabled by default? Or does it need a seperate installation like an add-on.

    Also, is this available for on-demand cloud sap hana or only for hosted solutions?


    • This is available on every SAP Business One on HANA installation.  Doesn't matter if on premise or cloud. It is the "new" (quite old now)  DI API

  • Hi,

    I am trying send a 4MB json on https://servername:50000/b1s/v1/Invoices but the service layer is replying this error
    XMLHttpRequest cannot load https://servername:50000/b1s/v1/Invoices. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8888' is therefore not allowed access. The response had HTTP status code 502.

    It's working If it's just a few lines of item rows. The 4MB is just one consolidated A/R Invoice.

    • Have you configured the CORS settings as mentioned in the end of the blog?

      if that is PL04, there is a know issue with CORS and Service Layer, please open a support ticket

  • /
  • Hi;
    I have a problem with service layer and javaScript. I am using your code and connect to the database, but when I make a query the first attempt it shows me the error: -1001 of invalid session and at the second attempt, it shows me the query correctly. If I try to perform another query, the first attempt shows the same error and if I throw the same query again, it shows me the query correctly, and so with all queries until the user is blocked.
    Any idea?


  • Hi, Ralph Oliveira I'm trying to create an entity ChartOfAccount, with UDF's, but it doesn't recognize UDF's, any idea about it?

    This is a reference about documentation, where I have to configure Opentype=true option:

    • Don't forget the "U_" before the UDF name. SL works with UDF as a normal attribute from that entity.


      It would help if you post here the details of the call you are trying to make.

      • Thanks for you reply, this is the request, I noticed that in metadata for ChartOfAccount there is not UDFs, these have been created through DIAPI, not with SAP Client, we also tried creating UDF through SL and restarted it but it didn't work. Any sugest?


  • Hi Ralph,


    We have followed your blog and able to run the application but while login getting CORS error. We have also added the CORS header in .xsaccess file.

    Please help!!

    "Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://XXXXXX:50000/b1s/v1/Login/Login. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)."


  • Hi Ralph,

    We have almost completed the development of SAP UI5 Application using Service Layer. There is one challenge we are facing is managing user sessions, if I am performing multiple login to our application (which is browser based application) from different browser tabs using SAP B1 username and Password service layer is allowing me to do so. Is there any method to control user login and restrict it for single session per login like we have in SAP B1 Fat Client.


  • Hi Ralph,

    I am looking for it a long time. How do you configure a IDE-like environment in VS for Service Layer development. I've seen in this post ( ) how the author recommends installing NodeJS plugin in VS as the syntax is close. But I could not replicate the same environment as seen in this image:

    What are the step to follow to achieve this. Hope you can help me.


    Thank you,

  • /
    • Thank you, link fixed.

      PS: I don;'t think this is much relevant now. You can also use http port 50001 if you are willing to compromise security.




  • Hi Ralph,

    Is it possible to call service layer inside a xsjs file to perform CRUD operations in B1? If so, do you have any example that explains how to do this?


  • Hi Ralph,

    In your example you have hardcoded "port = 50001;" in B1SL.xshttpdest file.

    However in a production scenario, I believe this should be mapped to port 50000 that is linked to the load balancer. So I tried to use "port = 50000;" but it does not work...

    Is my assumption correct? If so, how can I use the load balancer port in the same example?

    Manuel Dias



    • Hi Manuel,

      port 50001 is the http port, insecure but OK for dev purposes

      port 50000 is the httpS port, secure as long as you installed a valid certificate. If you have not, and kept the default Service Layer certificate, this port won't work. As the connection is  an insecure https and the browser will block it.

  • Hi Ralph.


    I have tried the files that you have shared in Github (SL + JS). I have published them on an Apache web server, when testing them through desktop browsers and mobiles with Android S.O, it works correctly; however, when testing the example with IOS device it stops working. On IOS devices, you only get the session and for subsequent requests it throws an error (loss of login credentials). I have checked the browser configuration of the mobile device to verify if it is not storing cookies, but I have all this enabled. Could you guide me about what could be happening?

    Thank you so much.

  • Hi Ralph,

    Item & BP Get is working properly.

    But when trying to Post bp or item.

    It gives me error in console:


    Invalid login credential

    Any idea?