PHP Service Layer Example Part 1

SAP Business One provides a REST Service Layer API which can be used to consume data and services. In this article, I explain how to use PHP to communicate with the Service Layer. Before getting started, ensure that you have the PHP CURL library installed and configured. If you are unfamiliar with the Service Layer, you should read my previous article Introduction To SAP Business One Service Layer.


Like many API's the Service Layer requires authentication using a SAP user account. A successful login, will return a JSON string that contains a session id and the response header will contain a ROUTEID in the cookie header. Both the session id and the ROUTEID should be used in subsequent requests. Listing 1 below shows how to initiate the authentication process.

Listing 1

// Host name
$host = "";

// Port
$port = 50000;

// Login credentials
$params = [
    "UserName" => "",
    "Password" => "",
    "CompanyDB" => "",

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $host . ":" . $port . "/b1s/v1/Login");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($params));

$response = curl_exec($curl);

Notice that the request is made to "/b1s/v1/Login". This is the authentication URI, which requires a SAP user login credential and the database to connect to. Post data should be JSON encoded as seen on line 20.

Related Post

A simple and easy to use PHP library for SAP Business One Service Layer API. Read More

If the request is authorized, a JSON response similar to Listing 2 below is returned.

Listing 2

   "odata.metadata" : "host:port/b1s/v1/$metadata#B1Sessions/@Element",
   "SessionId" : "0dacaec2-f5fa-11e7-8000-002655851f48",
   "Version" : "920200",
   "SessionTimeout" : 30

The JSON response above contains the SessionId property, which is required in subsequent requests along with the ROUTEID. The ROUTEID is not returned in the JSON response. It is set in the response Cookie header. Using some basic string manipulation, the ROUTEID can be extracted from the response Cookie header as shown in Listing 3 below.

Listing 3


$routeId = "";

curl_setopt($curl, CURLOPT_HEADERFUNCTION, function($curl, $string) use (&$routeId){
    $len = strlen($string);

    if(substr($string, 0, 10) == "Set-Cookie"){
        preg_match("/ROUTEID=(.+);/", $string, $match);

        if(count($match) == 2){ 
            $routeId = $match[1];
    return $len;


echo $routeId;

The curl CURLOPT_HEADERFUNCTION constant is used to provide a callback function that is called for each header in the response. This callback function is used to determine if the header is Set-Cookie and if it is, then extract the value for the ROUTEID cookie using the preg_match function. It is also worth mentioning that the SessionId returned as part of the JSON response is also sent as a cookie header. You can extract both the SessionId and ROUTEID from the response Cookies. Note; that the cookie name for SessionId in the response header is B1SESSION and not SessionId.

In part 2, PHP Service Layer Example Part 2, I explain how to use the SessionId and ROUTEID to get a list of business partners.

If you prefer to use a library rather than write your own code, checkout php-sapb1.




SAP Business One