Connect SAP Business One to ToppFive
Follow these steps to connect your SAP Business One system. This gives ToppFive's AI assistant direct access to your business data — customers, orders, inventory, invoices, and more.
Prerequisites
You'll need:
- SAP Business One version 9.3 or later (Service Layer is required)
- Administrator access to SAP B1 or a user with permissions to create Service Layer users
- The Service Layer must be running and accessible from the internet (or via VPN/tunnel if on-premises)
Verify the Service Layer is Running
SAP Business One's Service Layer is the REST API that ToppFive connects to. It's typically installed alongside your SAP B1 server.
Open a browser and navigate to your Service Layer URL. The default is:
https://your-server:50000/b1s/v1/If the Service Layer is running, you'll see a JSON response or an authentication prompt. If you get a connection error, contact your SAP administrator.
Port reference: HTTPS uses port 50000 by default. HTTP uses port 50001. We strongly recommend HTTPS.
Create a Dedicated User for ToppFive
We recommend creating a new SAP B1 user dedicated to ToppFive rather than using your personal admin account. This allows you to control permissions precisely and revoke access independently.
- In SAP Business One, go to Administration → Setup → General → Users
- Click Add to create a new user
- Set a descriptive username (e.g.
toppfive_api) and a strong password - Assign the appropriate Super User type or assign specific authorizations in step 3
Configure Permissions
The ToppFive user needs access to the following areas. If you're not using a Super User, configure authorizations under Administration → System Initialization → Authorizations → General Authorizations.
| Data Area | Read | Write |
|---|---|---|
| Business Partners (Customers & Vendors) | ✅ Required | ✅ For creating/updating |
| Sales Orders | ✅ Required | ✅ For creating orders |
| Purchase Orders | ✅ Required | ✅ For creating POs |
| Invoices (AR & AP) | ✅ Required | ⬚ Optional |
| Items (Inventory) | ✅ Required | ⬚ Optional |
| Inventory Transactions | ✅ Required | ⬚ Optional |
| Journal Entries | ✅ Required | ⬚ Optional |
| Chart of Accounts | ✅ Required | — |
| Payments (Incoming & Vendor) | ✅ Required | ⬚ Optional |
| Delivery Notes | ✅ Required | ⬚ Optional |
Write permissions are only needed if you want the AI assistant to create sales orders, purchase orders, or update records. You can start with read-only access and add write permissions later.
Enter Credentials in ToppFive
Go to the Integrations page and click Connect on the SAP Business One card. Enter the four pieces of information:
Service Layer URL
The base URL of your Service Layer installation
https://myserver.example.com:50000Company Database
The name of your SAP B1 company database
SBODemoUSUsername
The dedicated API user you created in step 2
toppfive_apiPassword
The password for the API user
••••••••ToppFive will test the connection by logging in to verify your credentials before saving them. Your credentials are stored securely and encrypted at rest.
Troubleshooting
Connection refused / timeout
The Service Layer may not be running, or it may not be accessible from the internet. Check that the service is started (SAP B1 Server Tools → Service Manager) and that your firewall allows inbound traffic on port 50000.
SSL certificate error
If your Service Layer uses a self-signed certificate, you may need to install a proper SSL certificate or use an HTTP tunnel. Contact your IT administrator for help with certificate setup.
Login failed (wrong credentials)
Double-check the Company Database name (it's case-sensitive), username, and password. You can verify them by logging in to the SAP B1 client application directly.
User locked out
After multiple failed login attempts, SAP B1 may lock the user. An administrator can unlock it under Administration → Setup → General → Users, or wait for the lockout period to expire.
On-premises server not accessible
If your SAP B1 server is on-premises behind a firewall, you'll need to expose the Service Layer port (50000) via a reverse proxy, VPN, or tunnel. Many customers use tools like Cloudflare Tunnel or ngrok for this.