General Description

The second version of the Standard ERP Rest API is used to read and write data in Standard ERP database via HTTP or HTTPS.

Compared to the First Version

  • Read values from any register or block in the database including customised registers and blocks.
  • Expanded options to filter and sort records.
  • Retrieve changes since a previous API call.
  • Improved security features.
  • Ability to write data to your Standard ERP database.
  • Ability to change existing records.
  • Fetch only wanted fields, making the response smaller.


  • In the System module, Optional Features setting, tick the Web Rest API checkbox to enable the API.
  • In the Technics module, Program Mode register, make sure you have specified a Web Port. If you need connections to be made over HTTPS, specify the locations of the certificates and tick the Use HTTPS option. Set the HTTPS port in MyStandard.
  • Also in the Technics module, use the Access to Functions from Web setting to list the IP addresses from where API requests will be accepted. Enter “api” as the Function and list the IP addresses in the Allowed IPs column. You can enter several IP addresses in one row, separated by commas. If you need requests to be made over HTTPS only, set the SSL column to “yes”. No API requests will be accepted if this setting is empty.


In the Access Groups setting, give the user full access to the ‘Rest API’ action.

The API uses the access rights for the user. The user must be able to navigate to and open the register in a normal client and must thus have access to both a module the register is in, and the register itself. For registers that do not appear in any module a customisation to make them appear in some module is needed.

Examples of such registers are RHistVc and MailVc.

If the user has been restricted in viewing some fields in a register, for example with the “View Item’s Cost Price” access, they can still retrieve this field via the API and should thus not have access to the API. This is the same as for exports.

The user should authenticate with OAuth (details at the end of this document).

Basic Use

Requests specify the company and resource to read, in the most basic format:

  • is the web or IP address of the server and the https or web port in the format IP address:port.
  • "api" is a mandatory hardcoded string.
  • "1" is the company code from the companies setting (1st column).
  • "IVVc" is the name of the register.

This will fetch all invoices in company 1.

To retrieve information from a block such as Base Currencies, you similarly use:

Use the Import/Export Format report in the Technics module to obtain a list of Vc and Block codes for each register and setting.

Data Format

The same data format is used in the request and in the returned data and is hardcoded.

  • The decimal point is "." (period)
  • There is no thousand separator
  • Dates are in ISO format YYYY-MM-DD


The actual parameter values used for results such as key and range used, version of the server etc. are returned as attributes of the data tag.


The sort parameter will sort the retrieved records on the specified field. The name of the index that was used will be returned in the result. Only one field can be sorted on, and only if there is a suitable index, if there is no suitable index the request will fail. The field name is case sensitive.



Requires the use of the sort parameter.

The range parameter will only retrieve records where the sorted-on field is inside the specified range. The range is inclusive (values matching the start and end values are inside the range). The first and last value of the range are separated with the ":" (colon character). Open ranges where only the 1st or last value is specified are allowed, and will return all records before or after the specified value. If only a singular value is specified (no colon) only records matching that value will be retrieved.

Example 1:
will return invoices with customers from 10101 to 10104.

Example 2:
will return invoices with customers from 10104 until the last customer.

Example 3:
will return invoices only for customer 10104.

The range parameter is fast to use because it uses an index.


The fields parameter specifies which fields are to be retrieved. The fields are specified comma separated. If the parameter is not present all fields are retrieved. If a field in the matrix and a field in the header has the same name, both will be retrieved. If no field in the matrix are retrieved then the matrix itself (number of rows etc.) will not be present in the result.

Will return all invoices listing only the No., OK flag, Customer Name, Customer Number, Invoice Date, Transaction Date and, from each row, the Item Number and Tags/Objects.


The data can be filtered using the filter parameter. It is specified like this:
Filter is significantly slower than range, as it will not use an index and scans all records. If you use a range the filter will only scan the records in the range, so try to use the most selective condition possible in the range and all other conditions in filters.

  • There can only be one filter per field.
  • There can be multiple filters on different fields.
  • Filters can handle ranges of values, with the same syntax as range, including open ranges.
  • Filters work only on header fields.
  • Filtering on list fields such as Objects is done by the whole string. A filter.Objects=AB will not match “AB,D10101”.

Will retrieve invoices with total sums between 100 and 1000 for customers in the range 10100 to 10200.

Offset and limit

If the result is larger than the api user can handle in one request, the result can be retrieved in smaller pieces.

The offset will skip the specified number of records before producing output and the limit will restrict the number of records retrieved.


Will retrieve the 15 first invoices in 3 separate requests.

Offset and limit works together with all other parameters.


Returns all records that were updated after a given sequence number. 

The sequence number is returned in each request and can be saved for later use with updates_after.



Returns all record that were deleted after a given sequence number. 

The sequence number is returned in each request and can be saved for later use with deletes_after


Writing Data to Standard ERP

Functionally RecordNew will be called, then each set command will be called in order with its respective window actions (e.g. to fill customer’s name and payment terms). Finally the record will be inserted calling the same record actions and record checks as if a user did it from a client.

There is no limit to the number of set commands you can issue, they can be either in the URL or in post data. Only fields with non-default (non blank) data will be returned.

Note the “url” parameter that uniquely identifies the created record. If you have more than one field in the main key these fields will be separated by ‘/’. If the main key contains special characters they will be url encoded.

If a user would receive messages when entering the data manually in a client, the same messages will be included in the response in the following format:
<message description='message_text'></message>

In case of error while inserting/updating a record, the following will be returned:
<error code='error_code' description='error description' row='row_no' field='field_name'></error>


To create new records you POST to the registers. Use the set_field and set_row_field parameters as follows:

  • set_field will send a value to a header field.
  • set_row_field will send a value to a row field. The parameter should include the row number (row numbers begin at 0).

curl -X POST 'http://SJ:@'

The reply will be in this format:

				<data  register="IVVc" sequence="9693" url="/api/1/IVVc/10000014" systemversion=""
						<Addr0>Against All Odds Trading Co</Addr0>
							<row rownumber="0">
							</row rownumber="0">

This will create a new invoice for customer 001, adding one row with item 10101 and quantity 3.

If you need to send special or non-alphanumeric characters when testing, use ASCII encoding.

curl -X POST 'http://SJ:@'

This will create a new contact with Code 301 and Name Test & Co.

Alternatively, use the following syntax:
curl -X POST --data-urlencode "set_field.Name=Test & Co" 'http://SJ:@'


To change an existing record you PATCH the url given in the POST command. The ‘set’ commands have the same syntax and functionality as with POST.

curl -X PATCH 'http://SJ:@'

The reply will be in the same format as POST:

				<data  register="IVVc" sequence="9729" url="/api/1/IVVc/10000014" systemversion="">
							<row rownumber="0">
							</row rownumber="0">

This will change the quantity in the first row of Invoice 10000014 to 100.

If you need to PATCH a record in a register in which the main index has more than one key segment, separate the key segments using /. An example is DelAddrVc (Delivery Addresses), where the main index contains two key segments: Del. Code and Customer.

curl -X PATCH ' port/api/1/DelAddrVc/1/001?set_field.Comment=TestName'

This will change the Comment in the Delivery Address record in which the Del. Code is 1 and the Customer is 001.

As mentioned above, if the data contains / or other special characters (e.g. if the Del. Code in a Delivery Address is 001/1), use ASCII encoding for those characters:
curl -X PATCH ' port/api/1/DelAddrVc/001%2F1/001?set_field.Comment=TestName'

Requests and Responses in JSON format

If you need requests and/or responses to be in JSON format, you will need to include an instruction to this effect in the header of the request. For example, the header of a GET request requiring a response in JSON format should contain "-H "Accept: application/json"":

curl -X GET -H "Accept: application/json" ' port/api/1/IVVc'

You can use parameters in the way described on pages 2 and 3 above to refine GET requests. For example:

curl -X GET -H "Accept: application/json" ' port/api/1/IVVc?sort=CustCode'

POST and PATCH requests in which the request is in JSON format should contain "-H "Content-Type: application/json"" in their headers. In this example PATCH request, the request is in JSON format and a JSON response is required:

curl -X PATCH \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"data":{"IVVc":[{"Addr1":"New Address Line 1","Addr2":"New Address Line 2"}]}}' \
' port/api/1/IVVc/10000014'

This will change the first two lines of the Invoice Address in Invoice 10000014 to "New Address Line 1" and "New Address Line 2" (the Addr1 and Addr2 fields in IVVc). With POST only, you can create more than one record with the same request:

curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"data":{"ObjVc":[{"Code":"TEST1","Comment":"Test 1","OTCode":"PERS"},{"Code":"TEST2","Comment":"Test 2","OTCode":"PERS"}]}}' \
' port/api/1/ObjVc?fields=Code,Comment,OTCode'

This will create two Objects TEST1 and TEST2 belonging to the "PERS" Object Type, and the response will only display the Code, Comment and Object Types of those new Objects. The following example will create a Quotation with two rows. Note that row numbers begin at 0:

curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{"data":{"QTVc":[{"CustCode":"005","PayDeal":"30","Addr0":"Agent - Polani Travel","QTDate":"2022-04-27","QuoteClass":"V","CurncyCode":"GBP","ToRateB1":"","FrRate":"", "ToRateB2":"","BaseRate1":"0.8952","BaseRate2":"1","Sum1":"42.00","Sum3":"8.40","Sum4":"50.40", "ExportFlag":"0","rows":[{"@rownumber":"0","ArtCode":"10101","Spec":"Transistor Radio","SalesAcc":"100","VATCode":"1","Objects":"AUDIO","Price":"25.00","Quant":"1.000","Sum":"25.00"},{"@rownumber":"1","ArtCode":"10104","Spec":"Loudspeakers","SalesAcc":"100","VATCode":"1", "Objects":"AUDIO","Price":"17.00","Quant":"1.000","Sum":"17.00"}]}]}}' \

Note that if you use set_field and set_row_fields in a POST request, all window actions and all record actions will be carried out. But if you submit a POST request in JSON format, only the record actions will be carried out. This means for example that when sending a Customer Number to a new Invoice, information such as the Customer Name, Payment Term and Price List will not be brought in to the Invoice so you will need to include this information in the request. The record validation check on saving will be carried out so a record will not be saved if there is a problem, and the relevant error message will be included in the JSON response.

OAuth Authentication

To set up a 3rd party application to use OAuth with REST API, the following steps need to be made:

  • Step 1: Set up new Developer Credentials in the MyStandard portal for your StandardID. To do that, go to MyStandard >> More >> Developer Credentials and add a new record.
  • Step 2: In the new record >> Allowed Redirects specify the URL that StandardID will be redirecting after a user logs in with their StandardID and Password (a callback URL).
  • From the 3rd party application, whenever something triggers the Authorisation, it needs to redirect to: with the following GET parameters:
    - client_id = Client ID from Developer Credentials in MyStandard
    - redirect_uri = Your application URL that will handle the callback from the StandardID server after logging in
    - access_type = must be "offline"
    - response_type = must be "code"
  • Step 3: After redirecting user to the URL generated in step 3, the user will have to log in using their StandardID and Password.
  • Step 4: If the log-in is successful, StandardID will redirect the user to the specified redirect_uri with GET parameter:
    - code = Authorisation Code
  • Step 5: Next, the redirect_uri should handle the exchange of Authorisation Code to OAuth Token.
    Application has to make a call to with the following POST parameters:
    - client_id = Client ID from Developer Credentials in MyStandard
    - client_secret = Client Secret from Developer Credentials in MyStandard
    - redirect_uri = Application's URL that will handle the callback from StandardID that will contain the token
    - code = Authorisation Code received in step 4
    - grant_type = must be "authorization_code"
  • Step 6: If the request is successful, StandardID will redirect the user to the redirect_uri with the JSON response that looks as follows:
    					"access_token": [access token],
    					"token_type": "bearer",
    					"expires_in": 3600,
    					"refresh_token": [refresh token]
  • Step 7: If the request is not successful, StandardID will redirect the user to the redirect_uri with GET parameter:
    - error = server_error
  • Step 8: Each next API request must have the access token specified in the header of the request:
    Authorization: Bearer [access_token]

If you would like to test the OAuth, you can use Google's Developers Playground as one of the tools.
To configure:

  • Step 1: Configure Developer Credentials for your Standard ID in MyStandard. Allowed Redirects should be:
  • Step 2: Go to:
  • Step 3: Configure the settings as follows:
    - OAuth flow = Server-side
    - OAuth endpoints = Custom
    - Authorization endpoint =
    - Token endpoint =
    - Access Token Location = Authorization Header w/ Bearer prefix
    - OAuth Client ID = Client ID from Developer Credentials in MyStandard
    - OAuth Client Secret = Client Secret from Developer Credentials in MyStandard
  • Step 4: After configuring this, enter anything in the Step 1 Select & Authorize APIs >> Input your own scopes and press Authorize APIs
  • Step 5: You should be redirected to Standard ID login page, so perform the login
  • Step 6: You will be brought back to Step 2, with Authorization Code filled in. Press Exchange authorization code for tokens
  • Step 7: Then you will be brought to Step 3, from which you can make API GET, POST, PATCH requests with OAuth to Standard ERP

More Info

For more information about Rest API please visit our online manuals: REST API manual