Getting Started with P21 Extensibility¶

Epicor Prophet 21 (P21) exposes a rich set of extension points that allow developers to integrate external systems, automate business processes, and customize application behavior. This guide introduces the three pillars of P21 extensibility and walks you through the minimum setup required to make your first API call.

The Three Pillars of P21 Extensibility¶

P21 extensibility is organized around three distinct areas. Understanding which pillar applies to your use case is the first step toward building effective solutions.

1. APIs¶

P21 exposes several HTTP-based APIs that allow external programs — integrations, scripts, scheduled jobs, portals — to read and write data, trigger business logic, and manage sessions. The APIs range from simple REST/OData endpoints to window-level automation that mirrors what a human user would do inside the P21 client.

There are five API families:

Not sure which API to use? See the Which API Should I Use? decision guide.

2. Business Rules¶

P21 Business Rules are server-side scripts written in VBScript or .NET that execute in response to P21 application events — field changes, saves, deletions, and more. They run inside the P21 application server and have direct access to the session context, making them the right tool for enforcing data validation, auto-populating fields, triggering workflows, and blocking invalid operations.

Business Rules do not require an external HTTP call — they are configured inside P21 and fire automatically.

See the Business Rules section for authoring and event reference documentation.

3. Forms and UI Customization¶

P21's Forms extensibility (Dynachange) allows developers to modify the layout and behavior of existing P21 windows — adding fields, hiding controls, changing tab order, and injecting custom panels. Forms customizations are applied declaratively or via embedded scripts and do not require changes to the P21 application binaries.

See the Forms section for Dynachange and UI customization documentation.

Prerequisites¶

Before making your first API call, ensure you have the following in place.

Access Requirements¶

• A running P21 application server — You need the hostname or IP address of a P21 instance (development, staging, or production). API calls are made over HTTPS.
• A P21 user account — All API operations are authenticated. You need a username and password for session-based APIs, or an SDK token for the Entity/Data Services APIs.
• Appropriate P21 security roles — The P21 user account must have permission to access the data and operations you intend to call. Security is enforced server-side regardless of the API used.

Development Tools¶

• .NET SDK (6.0 or later recommended) — Most P21 integration work is done in C#. The HttpClient class in .NET is the primary tool for making API calls.
• A REST client for exploration — Postman or Bruno are useful for exploring P21 endpoints interactively before writing code.
• Access to the P21 WADL/API browser — The P21 server exposes its available endpoints at the /info/ endpoint of Common Services. This is your primary API reference.

SDK Credentials (Entity API and Data Services)¶

The Entity API and Data Services API use Bearer token authentication rather than Basic auth + session. The token is obtained through the P21 SDK and is tied to a specific user account. Contact your P21 administrator or implementation team to obtain SDK credentials if you are using these APIs.

Server URL Structure¶

P21 exposes two distinct URL roots depending on which API family you are using.

UI-Based APIs (Common Services, Interactive, Transaction)¶

https://{your-server}/uiserver0/ui/

These APIs operate through the P21 UI service layer. They require a session to be established first, and all subsequent calls must include the session token.

REST APIs (Entity API, Data Services)¶

https://{your-server}/api/

These APIs use stateless Bearer token authentication and follow standard REST/OData conventions.

Quick Start: Your First API Call¶

The fastest path to a working API call uses the Common Services session endpoint. This five-step process applies to any of the UI-based APIs.

Step 1: Identify Your Server URL¶

https://p21-dev.yourcompany.com/uiserver0/ui

Step 2: Create a Session¶

Send a POST request to /common/v1/sessions/ with Basic authentication (username:password encoded in Base64) and a minimal session parameters body.

POST https://{your-server}/uiserver0/ui/common/v1/sessions/
Authorization: Basic {base64(username:password)}
Content-Type: application/json
Accept: application/json

{
  "SessionType": "User",
  "WorkstationID": "API-QuickStart"
}

Step 3: Extract the Session Token¶

The response will include a session token (typically in the response body or a response header). Store this token — every subsequent call requires it.

Step 4: Make an API Call¶

Include the session token in your request headers:

GET https://{your-server}/uiserver0/ui/common/v1/sessions/state
X-SessionToken: {your-session-token}
Accept: application/json

Step 5: Close the Session¶

When you are done, always close the session:

DELETE https://{your-server}/uiserver0/ui/common/v1/sessions/
X-SessionToken: {your-session-token}

Explore the Available Endpoints¶

Once you have a session, you can query the Common Services info endpoint to see all available service endpoints on the server:

GET https://{your-server}/uiserver0/ui/common/v1/info/
X-SessionToken: {your-session-token}

This returns a list of all registered endpoints — useful for discovering what is available on a given P21 installation.

Next Steps¶

• Authentication — Full session and token authentication reference
• Which API Should I Use? — Decision guide for choosing the right API
• API Overview — All APIs with base URLs and conventions
• Common Services Reference — Session management API detail
• Data Services Reference — OData querying reference