Sage 200 - Changes to Sage ID FAQ

Following the developer/partner communication which is available here, this FAQ has been produced to provide clarity for questions you may have. 

If your query is not answered here, please consult our Common Queries and Frequently Asked Questions article.

What is happening?

Sage ID is transforming. Sage is undergoing a transformation to a new system which is an underpin for our future identity strategy. Sage ID will support new standards such as JWT and Open ID and will replace our current Sage ID offering. The latest version of Sage ID is not backward compatible with the existing in market version of Sage ID and therefore any applications that use this technology need to be upgraded.

We previously advised that upgrades to Sage 200 needed to be completed by partners by 31st August. We regret to inform you that due to issues beyond our control, any customers using the API need to apply a remastered version of Sage 200 or Sage 200 2020 R1 before 31st July 2020.

In addition to this any applications using our Sage 200 API will need to be upgraded before 19the February 2021 to prevent disruption to their service.

We've now made the relevant documentation and sample applications available to support our developer community, this will assist you in making the necessary changes. You can find out more our Guide to Sage ID Changes, see here.

If you have any questions, please contact Technical Support or the Developer Services team.

Business Partners

What do partners need to do?

Any partner with customers using the API will need to apply a remastered version of Sage 200 or Sage 200 2020 R1 before 31st July 2020. In addition, they will need to work with the developer to ensure this is upgraded before 19th February 2021.

What’s the difference between Sage ID, Native API (AAD) and API Service (externally facing web server)?

Sage ID is the method used to authenticate your API request.

The Native API uses Microsoft Azure Active Directory tunnelling to securely pass external requests to your Sage 200 server and removes the necessity for any additional hardware, such as an externally facing web server.

The API Service uses an externally web facing server to allow external requests to be made to the Sage 200 server. This involves a standalone web server used as the point of communication between your Sage 200 server and the Sage API.

 NOTE: Although a connection via an externally web facing web server will still work, this connection method is no longer maintained and is not recommended for new sites.

Will the API & Sage ID fields remain within the Sage 200 Admin panel?

The fields within System Administration will stay the same. The Azure ID field is populated automatically by the user who installs the Native API Tunnel connection.

The Sage ID field will still be used to authenticate and return API information from your site.

Which versions of Sage 200 use the new Sage ID method?

• Sage 200 2016 RM
• Sage 200 2017 Summer RM
• Sage 200 2018 Summer RM
• Sage 200 2020 R1

Additional Business Partner Resources

Further information on setting up the Native API for Sage 200 Professional can be found here.

Steps for setting up the API for Sage 200 Standard Online can be found here.

Developers

What do developers need to do?

Applications using our Sage 200 API will need to be upgraded before 19th February 2021 to minimise disruption to your customers.

I have already registered my application and received my client credentials; do I need to re-register for a new set of credentials?

Yes. As the new version of Sage ID is not backward compatible with the existing in market version of Sage ID you will need request new client credentials and update your application.

Who do I contact to re-register?

Please complete our Sage 200 API Credentials Request Form to request your new Sage 200 API client credentials.

NOTE: Please complete multiple instances of the form if you require more than one set of credentials i.e. Development / Production or Public (Desktop) / Confidential (Web).

Do I need request separate credentials for Sage 200 Standard Online and Professional?

No. Unlike our previous authentication method, demonstration and production clients can be used for Sage 200 Standard Online and Professional.

When should I ask for my new client credentials?

You are now able to request new client credentials, see our Guide to Sage ID Changes for further information. We suggest requesting credentials, and updating your application, as soon as possible as these changes must be applied prior to 19th February 2021.

What is the maximum value I can set the client credentials refresh token expiry to?

The new Sage ID authentication method supports a maximum refresh token expiry of 90 days.

Can I change the maximum expiry time of my client credentials’ access token?

Unlike our previous authentication method, which allowed client specific access token expiry times to be set to a maximum of 60 minutes, the new authentication method replaces this with a universal access token expiry time of 8 hours.

What is the difference between Development and Production client credentials?

Development credentials are intended to allow to you to develop, and test, your Sage 200 API application. To protect our service, we have limited the number of requests from development credentials to 20 per minute.

Production credentials are to be deployed in live production environments and should not be used testing or development purposes. These credentials are limited to approximately 6000 requests per minute. It is therefore suggested that developers who deploy their application on multiple heavy usage sites request multiple client credentials and monitor where these have been deployed.

Additional Developer Resources

Endpoint documentation, including sample application and client library, can be found here.

Knowledge base articles produced by Developer services for the Sage 200 API can be found here, including our Common Queries and Frequently Asked Questions article.

Our guide to querying the Sage 200 API using Postman has been updated to reflect the new authentication method and can be found here.